Tidal References
Tidal References Cluster
Authors
| Authors and/or Contributors |
|---|
| Tidal Cyber |
D3Secutrity CTI Feeds
Banerd, W. (2019, April 30). 10 of the Best Open Source Threat Intelligence Feeds. Retrieved October 20, 2020.
Internal MISP references
UUID 088f2cbd-cce1-477f-9ffb-319477d74b69 which can be used as unique global reference for D3Secutrity CTI Feeds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-04-30T00:00:00Z |
| source | MITRE |
| title | 10 of the Best Open Source Threat Intelligence Feeds |
Linux Logs
Marcel. (2018, April 19). 12 Critical Linux Log Files You Must be Monitoring. Retrieved March 29, 2020.
Internal MISP references
UUID aa25e385-802c-4f04-81bb-bb7d1a7599ec which can be used as unique global reference for Linux Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-29T00:00:00Z |
| date_published | 2018-04-19T00:00:00Z |
| source | MITRE |
| title | 12 Critical Linux Log Files You Must be Monitoring |
Netspi PowerShell Execution Policy Bypass
Sutherland, S. (2014, September 9). 15 Ways to Bypass the PowerShell Execution Policy. Retrieved July 23, 2015.
Internal MISP references
UUID 0ee90db4-f21c-4c68-bd35-aa6c5edd3b4e which can be used as unique global reference for Netspi PowerShell Execution Policy Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-07-23T00:00:00Z |
| date_published | 2014-09-09T00:00:00Z |
| source | MITRE |
| title | 15 Ways to Bypass the PowerShell Execution Policy |
Mandiant-leaks
DANIEL KAPELLMANN ZAFRA, COREY HIDELBRANDT, NATHAN BRUBAKER, KEITH LUNDEN. (2022, January 31). 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information. Retrieved August 18, 2023.
Internal MISP references
UUID aecc3ffb-c524-5ad9-b621-7228f53e27c3 which can be used as unique global reference for Mandiant-leaks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2022-01-31T00:00:00Z |
| source | MITRE |
| title | 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information |
Trustwave BlackByte 2021
Rodel Mendrez & Lloyd Macrohon. (2021, October 15). BlackByte Ransomware – Pt. 1 In-depth Analysis. Retrieved December 16, 2024.
Internal MISP references
UUID ab94e4f7-7976-5ef8-acf9-99beb6182fa9 which can be used as unique global reference for Trustwave BlackByte 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-16T00:00:00Z |
| source | MITRE |
| title | 1 In-depth Analysis |
Tilbury Windows Credentials
Chad Tilbury. (2017, August 8). 1Windows Credentials: Attack, Mitigation, Defense. Retrieved February 21, 2020.
Internal MISP references
UUID 2ddae0c9-910c-4c1a-b524-de3a58dbba13 which can be used as unique global reference for Tilbury Windows Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2017-08-08T00:00:00Z |
| source | MITRE |
| title | 1Windows Credentials: Attack, Mitigation, Defense |
CWE top 25
Christey, S., Brown, M., Kirby, D., Martin, B., Paller, A.. (2011, September 13). 2011 CWE/SANS Top 25 Most Dangerous Software Errors. Retrieved April 10, 2019.
Internal MISP references
UUID d8ee8b1f-c18d-48f3-9758-6860cd31c3e3 which can be used as unique global reference for CWE top 25 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-10T00:00:00Z |
| date_published | 2011-09-13T00:00:00Z |
| source | MITRE |
| title | 2011 CWE/SANS Top 25 Most Dangerous Software Errors |
CrowdStrike 2015 Global Threat Report
CrowdStrike Intelligence. (2016). 2015 Global Threat Report. Retrieved April 11, 2018.
Internal MISP references
UUID 50d467da-286b-45f3-8d5a-e9d8632f7bf1 which can be used as unique global reference for CrowdStrike 2015 Global Threat Report in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2016-01-01T00:00:00Z |
| source | MITRE |
| title | 2015 Global Threat Report |
Prolific OSX Malware History
Bit9 + Carbon Black Threat Research Team. (2015). 2015: The Most Prolific Year in History for OS X Malware. Retrieved July 8, 2017.
Internal MISP references
UUID 74b0f1a9-5822-4dcf-9a92-9a6df0b4db1e which can be used as unique global reference for Prolific OSX Malware History in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-08T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | 2015: The Most Prolific Year in History for OS X Malware |
CERN Windigo June 2019
CERN. (2019, June 4). 2019/06/04 Advisory: Windigo attacks. Retrieved February 10, 2021.
Internal MISP references
UUID e9f1289f-a32e-441c-8787-cb32a26216d1 which can be used as unique global reference for CERN Windigo June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-10T00:00:00Z |
| date_published | 2019-06-04T00:00:00Z |
| source | MITRE |
| title | 2019/06/04 Advisory: Windigo attacks |
CrowdStrike GTR 2019
CrowdStrike. (2019, January). 2019 Global Threat Report. Retrieved June 10, 2020.
Internal MISP references
UUID d6aa917e-baee-4379-8e69-a04b9aa5192a which can be used as unique global reference for CrowdStrike GTR 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2019-01-01T00:00:00Z |
| source | MITRE |
| title | 2019 Global Threat Report |
Crowdstrike GTR2020 Mar 2020
Crowdstrike. (2020, March 2). 2020 Global Threat Report. Retrieved December 11, 2020.
Internal MISP references
UUID a2325ace-e5a1-458d-80c1-5037bd7fa727 which can be used as unique global reference for Crowdstrike GTR2020 Mar 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-11T00:00:00Z |
| date_published | 2020-03-02T00:00:00Z |
| source | MITRE |
| title | 2020 Global Threat Report |
RecordedFuture 2021 Ad Infra
Insikt Group. (2022, January 18). 2021 Adversary Infrastructure Report. Retrieved March 25, 2022.
Internal MISP references
UUID d509e6f2-c317-4483-a51e-ad15a78a12c0 which can be used as unique global reference for RecordedFuture 2021 Ad Infra in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-01-18T00:00:00Z |
| source | MITRE |
| title | 2021 Adversary Infrastructure Report |
Dragos YIR 2021
Dragos. (2022). 2021 ICS Cybersecurity Year in Review. Retrieved November 21, 2024.
Internal MISP references
UUID 9a9a85b5-756e-5767-a134-021158bd3876 which can be used as unique global reference for Dragos YIR 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-21T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | 2021 ICS Cybersecurity Year in Review |
Red Canary 2021 Threat Detection Report March 2021
Red Canary. (2021, March 31). 2021 Threat Detection Report. Retrieved August 31, 2021.
Internal MISP references
UUID 83b906fc-ac2a-4f49-b87e-31f046e95fb7 which can be used as unique global reference for Red Canary 2021 Threat Detection Report March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-31T00:00:00Z |
| date_published | 2021-03-31T00:00:00Z |
| source | MITRE |
| title | 2021 Threat Detection Report |
ACSC BlackCat Apr 2022
Australian Cyber Security Centre. (2022, April 14). 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat). Retrieved December 20, 2022.
Internal MISP references
UUID 3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d which can be used as unique global reference for ACSC BlackCat Apr 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-12-20T00:00:00Z |
| date_published | 2022-04-14T00:00:00Z |
| source | MITRE |
| title | 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat) |
Crowdstrike HuntReport 2022
CrowdStrike. (2023). 2022 Falcon OverWatch Threat Hunting Report. Retrieved May 20, 2024.
Internal MISP references
UUID cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0 which can be used as unique global reference for Crowdstrike HuntReport 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-20T00:00:00Z |
| date_published | 2023-01-01T00:00:00Z |
| source | MITRE |
| title | 2022 Falcon OverWatch Threat Hunting Report |
Internet crime report 2022
IC3. (2022). 2022 Internet Crime Report. Retrieved August 18, 2023.
Internal MISP references
UUID ef30c4eb-3da3-5c7b-a304-188acd2f7ebc which can be used as unique global reference for Internet crime report 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | 2022 Internet Crime Report |
RC PowerShell
Red Canary. (n.d.). 2022 Threat Detection Report: PowerShell. Retrieved March 17, 2023.
Internal MISP references
UUID 0f154aa6-8c9d-5bfc-a3c4-5f3e1420f55f which can be used as unique global reference for RC PowerShell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| source | MITRE |
| title | 2022 Threat Detection Report: PowerShell |
ASD Royal Ransomware January 24 2023
Australian Signals Directorate. (2023, January 24). 2023-01: ASD's ACSC Ransomware Profile - Royal. Retrieved June 28, 2024.
Internal MISP references
UUID 514b704c-8668-4b61-8411-5b682e3b8471 which can be used as unique global reference for ASD Royal Ransomware January 24 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-28T00:00:00Z |
| date_published | 2023-01-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | 2023-01: ASD's ACSC Ransomware Profile - Royal |
Palo Alto Latrodectus Activity June 2024
Unit 42. (2024, June 25). 2024-06-25-IOCs-from-Latrodectus-activity. Retrieved September 13, 2024.
Internal MISP references
UUID 00f32246-e19b-5b20-b5c1-27b75c6667ca which can be used as unique global reference for Palo Alto Latrodectus Activity June 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-13T00:00:00Z |
| date_published | 2024-06-25T00:00:00Z |
| source | MITRE |
| title | 2024-06-25-IOCs-from-Latrodectus-activity |
CYJAX 2024 Year in Review January 29 2025
Jovana Macakanja. (2025, January 29). 2024 Year in Review: ransomware groups, hacktivists, and IABs targeting the Middle East. Retrieved April 9, 2025.
Internal MISP references
UUID f22b8c2c-6307-420d-9aac-7da4f054bd1f which can be used as unique global reference for CYJAX 2024 Year in Review January 29 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-09T00:00:00Z |
| date_published | 2025-01-29T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | 2024 Year in Review: ransomware groups, hacktivists, and IABs targeting the Middle East |
20 macOS Common Tools and Techniques
Phil Stokes. (2021, February 16). 20 Common Tools & Techniques Used by macOS Threat Actors & Malware. Retrieved August 23, 2021.
Internal MISP references
UUID 3ee99ff4-daf4-4776-9d94-f7cf193c2b0c which can be used as unique global reference for 20 macOS Common Tools and Techniques in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-23T00:00:00Z |
| date_published | 2021-02-16T00:00:00Z |
| source | MITRE |
| title | 20 Common Tools & Techniques Used by macOS Threat Actors & Malware |
Microsoft GPP Key
Microsoft. (n.d.). 2.2.1.1.4 Password Encryption. Retrieved April 11, 2018.
Internal MISP references
UUID 24d8847b-d5de-4513-a55f-62c805dfa1dc which can be used as unique global reference for Microsoft GPP Key in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| source | MITRE |
| title | 2.2.1.1.4 Password Encryption |
Microsoft _VBA_PROJECT Stream
Microsoft. (2020, February 19). 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information. Retrieved September 18, 2020.
Internal MISP references
UUID 70c75ee4-4ba4-4124-8001-0fadb49a5ac6 which can be used as unique global reference for Microsoft _VBA_PROJECT Stream in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-18T00:00:00Z |
| date_published | 2020-02-19T00:00:00Z |
| source | MITRE |
| title | 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information |
Microsoft Learn
Microsoft. (2021, April 6). 2.5 ExtraData. Retrieved September 30, 2022.
Internal MISP references
UUID 73ba4e07-cfbd-4b23-b52a-1ebbd7cc0fe4 which can be used as unique global reference for Microsoft Learn in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2021-04-06T00:00:00Z |
| source | MITRE |
| title | 2.5 ExtraData |
Hybrid Analysis Icacls2 May 2018
Hybrid Analysis. (2018, May 30). 2a8efbfadd798f6111340f7c1c956bee.dll. Retrieved August 19, 2018.
Internal MISP references
UUID 5d33fcb4-0f01-4b88-b1ee-dad6dcc867f4 which can be used as unique global reference for Hybrid Analysis Icacls2 May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-19T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | 2a8efbfadd798f6111340f7c1c956bee.dll |
Bleeping Computer 2easy 2021
Bill Toulas. (2021, December 21). 2easy now a significant dark web marketplace for stolen data. Retrieved October 7, 2024.
Internal MISP references
UUID 23ebd169-3ac6-5074-a238-a8e7d96f48ab which can be used as unique global reference for Bleeping Computer 2easy 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-07T00:00:00Z |
| date_published | 2021-12-21T00:00:00Z |
| source | MITRE |
| title | 2easy now a significant dark web marketplace for stolen data |
Microsoft Wow6432Node 2018
Microsoft. (2018, May 31). 32-bit and 64-bit Application Data in the Registry. Retrieved August 3, 2020.
Internal MISP references
UUID cbc14af8-f0d9-46c9-ae2c-d93d706ac84e which can be used as unique global reference for Microsoft Wow6432Node 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-03T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | 32-bit and 64-bit Application Data in the Registry |
DOJ-DPRK Heist
Department of Justice. (2021). 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe. Retrieved August 18, 2023.
Internal MISP references
UUID c50d2a5b-1d44-5f18-aaff-4be9f6d3f3ac which can be used as unique global reference for DOJ-DPRK Heist in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe |
ITWorld Hard Disk Health Dec 2014
Pinola, M. (2014, December 14). 3 tools to check your hard drive's health and make sure it's not already dying on you. Retrieved October 2, 2018.
Internal MISP references
UUID e48fab76-7e38-420e-b69b-709f37bde847 which can be used as unique global reference for ITWorld Hard Disk Health Dec 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-02T00:00:00Z |
| date_published | 2014-12-14T00:00:00Z |
| source | MITRE |
| title | 3 tools to check your hard drive's health and make sure it's not already dying on you |
Microsoft 4657 APR 2017
Miroshnikov, A. & Hall, J. (2017, April 18). 4657(S): A registry value was modified. Retrieved August 9, 2018.
Internal MISP references
UUID ee681893-edd6-46c7-bb11-38fc24eef899 which can be used as unique global reference for Microsoft 4657 APR 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-09T00:00:00Z |
| date_published | 2017-04-18T00:00:00Z |
| source | MITRE |
| title | 4657(S): A registry value was modified |
Microsoft 4697 APR 2017
Miroshnikov, A. & Hall, J. (2017, April 18). 4697(S): A service was installed in the system. Retrieved August 7, 2018.
Internal MISP references
UUID 17473dc7-39cd-4c90-85cb-05d4c1364fff which can be used as unique global reference for Microsoft 4697 APR 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-07T00:00:00Z |
| date_published | 2017-04-18T00:00:00Z |
| source | MITRE |
| title | 4697(S): A service was installed in the system |
Microsoft User Creation Event
Lich, B., Miroshnikov, A. (2017, April 5). 4720(S): A user account was created. Retrieved June 30, 2017.
Internal MISP references
UUID 01e2068b-83bc-4479-8fc9-dfaafdbf272b which can be used as unique global reference for Microsoft User Creation Event in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-30T00:00:00Z |
| date_published | 2017-04-05T00:00:00Z |
| source | MITRE |
| title | 4720(S): A user account was created |
Microsoft User Modified Event
Lich, B., Miroshnikov, A. (2017, April 5). 4738(S): A user account was changed. Retrieved June 30, 2017.
Internal MISP references
UUID fb4164f9-1e03-43f1-8143-179c9f08dff2 which can be used as unique global reference for Microsoft User Modified Event in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-30T00:00:00Z |
| date_published | 2017-04-05T00:00:00Z |
| source | MITRE |
| title | 4738(S): A user account was changed |
Microsoft 4768 TGT 2017
Microsoft. (2017, April 19). 4768(S, F): A Kerberos authentication ticket (TGT) was requested. Retrieved August 24, 2020.
Internal MISP references
UUID 19237af4-e535-4059-a8a9-63280cdf4722 which can be used as unique global reference for Microsoft 4768 TGT 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-24T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | 4768(S, F): A Kerberos authentication ticket (TGT) was requested |
HIPAA Journal S3 Breach, 2017
HIPAA Journal. (2017, October 11). 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket. Retrieved October 4, 2019.
Internal MISP references
UUID b0fbf593-4aeb-4167-814b-ed3d4479ded0 which can be used as unique global reference for HIPAA Journal S3 Breach, 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2017-10-11T00:00:00Z |
| source | MITRE |
| title | 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket |
Slack Security Risks
Michael Osakwe. (2020, November 18). 4 SaaS and Slack Security Risks to Consider. Retrieved March 17, 2023.
Internal MISP references
UUID 4332430a-0dec-5942-88ce-21f6d02cc9a9 which can be used as unique global reference for Slack Security Risks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2020-11-18T00:00:00Z |
| source | MITRE |
| title | 4 SaaS and Slack Security Risks to Consider |
Hijack DLLs CrowdStrike
falcon.overwatch.team. (2022, December 30). 4 Ways Adversaries Hijack DLLs — and How CrowdStrike Falcon OverWatch Fights Back. Retrieved January 30, 2025.
Internal MISP references
UUID a8032fa1-4034-5c4d-84fc-3d068d2ee10f which can be used as unique global reference for Hijack DLLs CrowdStrike in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-30T00:00:00Z |
| date_published | 2022-12-30T00:00:00Z |
| source | MITRE |
| title | 4 Ways Adversaries Hijack DLLs — and How CrowdStrike Falcon OverWatch Fights Back |
PurpleSec Data Loss Prevention
Michael Swanagan. (2020, October 24). 7 Data Loss Prevention Best Practices & Strategies. Retrieved August 30, 2021.
Internal MISP references
UUID b7d786db-c50e-4d1f-947e-205e8eefa2da which can be used as unique global reference for PurpleSec Data Loss Prevention in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-30T00:00:00Z |
| date_published | 2020-10-24T00:00:00Z |
| source | MITRE |
| title | 7 Data Loss Prevention Best Practices & Strategies |
7zip Homepage
I. Pavlov. (2019). 7-Zip. Retrieved February 20, 2020.
Internal MISP references
UUID fc1396d2-1ffd-4fd9-ba60-3f6e0a9dfffb which can be used as unique global reference for 7zip Homepage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-20T00:00:00Z |
| date_published | 2019-01-01T00:00:00Z |
| source | MITRE |
| title | 7-Zip |
VMWare 8Base June 28 2023
Deborah Snyder, Fae Carlisle, Dana Behling, Bria Beathley. (2023, June 28). 8Base Ransomware: A Heavy Hitting Player. Retrieved August 4, 2023.
Internal MISP references
UUID 573e9520-6181-4535-9ed3-2338688a8e9f which can be used as unique global reference for VMWare 8Base June 28 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| date_published | 2023-06-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | 8Base Ransomware: A Heavy Hitting Player |
Acronis 8Base July 17 2023
Acronis Security Team. (2023, July 17). 8Base ransomware stays unseen for a year. Retrieved August 4, 2023.
Internal MISP references
UUID c9822477-1578-4068-9882-41e4d6eaee3f which can be used as unique global reference for Acronis 8Base July 17 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| date_published | 2023-07-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | 8Base ransomware stays unseen for a year |
MicroFocus 9002 Aug 2016
Petrovsky, O. (2016, August 30). “9002 RAT” -- a second building on the left. Retrieved February 20, 2018.
Internal MISP references
UUID a4d6bdd1-e70c-491b-a569-72708095c809 which can be used as unique global reference for MicroFocus 9002 Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-20T00:00:00Z |
| date_published | 2016-08-30T00:00:00Z |
| source | MITRE |
| title | “9002 RAT” -- a second building on the left |
CISA AA21-200A APT40 July 2021
CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.
Internal MISP references
UUID 3a2dbd8b-54e3-406a-b77c-b6fae5541b6d which can be used as unique global reference for CISA AA21-200A APT40 July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-12T00:00:00Z |
| date_published | 2021-07-19T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department |
CISA Iran Albanian Attacks September 2022
CISA. (2022, September 23). AA22-264A Iranian State Actors Conduct Cyber Operations Against the Government of Albania. Retrieved August 6, 2024.
Internal MISP references
UUID c5d37bde-52bc-525a-b25a-e097f77a924a which can be used as unique global reference for CISA Iran Albanian Attacks September 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-06T00:00:00Z |
| date_published | 2022-09-23T00:00:00Z |
| source | MITRE |
| title | AA22-264A Iranian State Actors Conduct Cyber Operations Against the Government of Albania |
AADInternals
Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 1, 2022.
Internal MISP references
UUID d6faadde-690d-44d1-b1aa-0991a5374604 which can be used as unique global reference for AADInternals in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-01T00:00:00Z |
| date_published | 2018-10-25T00:00:00Z |
| source | MITRE |
| title | AADInternals |
AADInternals Documentation
Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 18, 2022.
Internal MISP references
UUID 320231a1-4dbe-4eaa-b14d-48de738ba697 which can be used as unique global reference for AADInternals Documentation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-18T00:00:00Z |
| date_published | 2018-10-25T00:00:00Z |
| source | MITRE |
| title | AADInternals Documentation |
AADInternals Github
Dr. Nestori Syynimaa. (2021, December 13). AADInternals. Retrieved February 1, 2022.
Internal MISP references
UUID 643d3947-c0ec-47c4-bb58-5e546084433c which can be used as unique global reference for AADInternals Github in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-01T00:00:00Z |
| date_published | 2021-12-13T00:00:00Z |
| source | MITRE |
| title | AADInternals Github |
Gigamon BADHATCH Jul 2019
Savelesky, K., et al. (2019, July 23). ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling. Retrieved September 8, 2021.
Internal MISP references
UUID 69a45479-e982-58ee-9e2d-caaf825f0ad4 which can be used as unique global reference for Gigamon BADHATCH Jul 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-08T00:00:00Z |
| date_published | 2019-07-23T00:00:00Z |
| source | MITRE |
| title | ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling |
bad_luck_blackcat
Kaspersky Global Research & Analysis Team (GReAT). (2022). A Bad Luck BlackCat. Retrieved May 5, 2022.
Internal MISP references
UUID 0d1e9635-b7b6-454b-9482-b1fc7d33bfff which can be used as unique global reference for bad_luck_blackcat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-05T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | A Bad Luck BlackCat |
Cybereason Bazar July 2020
Cybereason Nocturnus. (2020, July 16). A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES. Retrieved November 18, 2020.
Internal MISP references
UUID 8819875a-5139-4dae-94c8-e7cc9f847580 which can be used as unique global reference for Cybereason Bazar July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-18T00:00:00Z |
| date_published | 2020-07-16T00:00:00Z |
| source | MITRE |
| title | A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES |
Red Canary Hospital Thwarted Ryuk October 2020
Brian Donohue, Katie Nickels, Paul Michaud, Adina Bodkins, Taylor Chapman, Tony Lambert, Jeff Felling, Kyle Rainey, Mike Haag, Matt Graeber, Aaron Didier.. (2020, October 29). A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak. Retrieved October 30, 2020.
Internal MISP references
UUID ae5d4c47-54c9-4f7b-9357-88036c524217 which can be used as unique global reference for Red Canary Hospital Thwarted Ryuk October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-30T00:00:00Z |
| date_published | 2020-10-29T00:00:00Z |
| source | MITRE |
| title | A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak |
CyberCX Anonymous Sudan June 19 2023
CyberCX Intelligence. (2023, June 19). A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations. Retrieved October 10, 2023.
Internal MISP references
UUID 68ded9b7-3042-44e0-8bf7-cdba2174a3d8 which can be used as unique global reference for CyberCX Anonymous Sudan June 19 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-06-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations |
Netskope Cloud Phishing
Ashwin Vamshi. (2020, August 12). A Big Catch: Cloud Phishing from Google App Engine and Azure App Service. Retrieved August 18, 2022.
Internal MISP references
UUID 25d46bc1-4c05-48d3-95f0-aa3ee1100bf9 which can be used as unique global reference for Netskope Cloud Phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-18T00:00:00Z |
| date_published | 2020-08-12T00:00:00Z |
| source | MITRE |
| title | A Big Catch: Cloud Phishing from Google App Engine and Azure App Service |
Elastic Abnormal Process ID or Lock File Created
Elastic. (n.d.). Abnormal Process ID or Lock File Created. Retrieved September 19, 2024.
Internal MISP references
UUID 99091ea0-35b3-590d-bd6c-0cc20b6be8f9 which can be used as unique global reference for Elastic Abnormal Process ID or Lock File Created in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-19T00:00:00Z |
| source | MITRE |
| title | Abnormal Process ID or Lock File Created |
Microsoft O365 Admin Roles
Ako-Adjei, K., Dickhaus, M., Baumgartner, P., Faigel, D., et. al.. (2019, October 8). About admin roles. Retrieved October 18, 2019.
Internal MISP references
UUID 8014a0cc-f793-4d9a-a2cc-ef9e9c5a826a which can be used as unique global reference for Microsoft O365 Admin Roles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-18T00:00:00Z |
| date_published | 2019-10-08T00:00:00Z |
| source | MITRE |
| title | About admin roles |
Microsoft Atom Table
Microsoft. (n.d.). About Atom Tables. Retrieved December 8, 2017.
Internal MISP references
UUID a22636c8-8e39-4583-93ef-f0b7f0a218d8 which can be used as unique global reference for Microsoft Atom Table in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-08T00:00:00Z |
| source | MITRE |
| title | About Atom Tables |
Microsoft About BITS
Microsoft. (2019, July 12). About BITS. Retrieved March 16, 2020.
Internal MISP references
UUID 8d6d47d1-a6ea-4673-8ade-ba61bfeef084 which can be used as unique global reference for Microsoft About BITS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-16T00:00:00Z |
| date_published | 2019-07-12T00:00:00Z |
| source | MITRE |
| title | About BITS |
Microsoft About Event Tracing 2018
Microsoft. (2018, May 30). About Event Tracing. Retrieved June 7, 2019.
Internal MISP references
UUID 689d944f-ad66-4908-91fb-bb1ecdafe8d9 which can be used as unique global reference for Microsoft About Event Tracing 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-07T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | About Event Tracing |
Microsoft PowerShell Command History
Microsoft. (2020, May 13). About History. Retrieved September 4, 2020.
Internal MISP references
UUID 6c873fb4-db43-4bad-b5e4-a7d45cbe796f which can be used as unique global reference for Microsoft PowerShell Command History in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-04T00:00:00Z |
| date_published | 2020-05-13T00:00:00Z |
| source | MITRE |
| title | About History |
Microsoft List View Controls
Microsoft. (2021, May 25). About List-View Controls. Retrieved January 4, 2022.
Internal MISP references
UUID 7d6c6ba6-cda6-4f27-bfc8-af5b759305ed which can be used as unique global reference for Microsoft List View Controls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-04T00:00:00Z |
| date_published | 2021-05-25T00:00:00Z |
| source | MITRE |
| title | About List-View Controls |
Microsoft PowerShell Logging
Microsoft. (2020, March 30). about_Logging_Windows. Retrieved September 28, 2021.
Internal MISP references
UUID 81c94686-741d-45d7-90f3-0c7979374e87 which can be used as unique global reference for Microsoft PowerShell Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2020-03-30T00:00:00Z |
| source | MITRE |
| title | about_Logging_Windows |
Apple About Mac Scripting 2016
Apple. (2016, June 13). About Mac Scripting. Retrieved April 14, 2021.
Internal MISP references
UUID d2f32ac1-9b5b-408d-a7ab-d92dd9efe0ed which can be used as unique global reference for Apple About Mac Scripting 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| date_published | 2016-06-13T00:00:00Z |
| source | MITRE |
| title | About Mac Scripting |
PowerShell About 2019
Wheeler, S. et al.. (2019, May 1). About PowerShell.exe. Retrieved October 11, 2019.
Internal MISP references
UUID 2c504602-4f5d-47fc-9780-e1e5041a0b3a which can be used as unique global reference for PowerShell About 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2019-05-01T00:00:00Z |
| source | MITRE |
| title | About PowerShell.exe |
Microsoft PowerShellB64
Microsoft. (2023, February 8). about_PowerShell_exe: EncodedCommand. Retrieved March 17, 2023.
Internal MISP references
UUID 7e50721c-c6d5-5449-8326-529da4cf5465 which can be used as unique global reference for Microsoft PowerShellB64 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2023-02-08T00:00:00Z |
| source | MITRE |
| title | about_PowerShell_exe: EncodedCommand |
Microsoft Profiles
Microsoft. (2021, September 27). about_Profiles. Retrieved February 4, 2022.
Internal MISP references
UUID b25ab0bf-c28b-4747-b075-30bcdfbc0e35 which can be used as unique global reference for Microsoft Profiles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-04T00:00:00Z |
| date_published | 2021-09-27T00:00:00Z |
| source | MITRE |
| title | about_Profiles |
Microsoft About Profiles
Microsoft. (2017, November 29). About Profiles. Retrieved June 14, 2019.
Internal MISP references
UUID 1da63665-7a96-4bc3-9606-a3575b913819 which can be used as unique global reference for Microsoft About Profiles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-14T00:00:00Z |
| date_published | 2017-11-29T00:00:00Z |
| source | MITRE |
| title | About Profiles |
Microsoft Remote Desktop Services
Microsoft. (2019, August 23). About Remote Desktop Services. Retrieved March 28, 2022.
Internal MISP references
UUID a981e013-f839-46e9-9c8a-128c4897f77a which can be used as unique global reference for Microsoft Remote Desktop Services in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-28T00:00:00Z |
| date_published | 2019-08-23T00:00:00Z |
| source | MITRE |
| title | About Remote Desktop Services |
systemsetup mac time
Apple Support. (n.d.). About systemsetup in Remote Desktop. Retrieved March 27, 2024.
Internal MISP references
UUID a85bd111-a2ca-5e66-b90e-f52ff780fc5c which can be used as unique global reference for systemsetup mac time in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-27T00:00:00Z |
| source | MITRE |
| title | About systemsetup in Remote Desktop |
MSDN Clipboard
Microsoft. (n.d.). About the Clipboard. Retrieved March 29, 2016.
Internal MISP references
UUID 2c1b2d58-a5dc-4aee-8bdb-129a81c10408 which can be used as unique global reference for MSDN Clipboard in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-29T00:00:00Z |
| source | MITRE |
| title | About the Clipboard |
Microsoft HTML Help Executable Program
Microsoft. (n.d.). About the HTML Help Executable Program. Retrieved October 3, 2018.
Internal MISP references
UUID 1af226cc-bb93-43c8-972e-367482c5d487 which can be used as unique global reference for Microsoft HTML Help Executable Program in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| source | MITRE |
| title | About the HTML Help Executable Program |
OffSec November 2 2019
OffSec Team. (2019, November 2). About the Metasploit Meterpreter - Metasploit Unleashed. Retrieved June 9, 2025.
Internal MISP references
UUID ed06c5db-b7b7-4004-ba9d-9051acf80d2c which can be used as unique global reference for OffSec November 2 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-09T00:00:00Z |
| date_published | 2019-11-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | About the Metasploit Meterpreter - Metasploit Unleashed |
About UEFI
UEFI Forum. (n.d.). About UEFI Forum. Retrieved January 5, 2016.
Internal MISP references
UUID 2e6fe82c-d90f-42b6-8247-397ab8823c7c which can be used as unique global reference for About UEFI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-05T00:00:00Z |
| source | MITRE |
| title | About UEFI Forum |
Microsoft Window Classes
Microsoft. (n.d.). About Window Classes. Retrieved December 16, 2017.
Internal MISP references
UUID cc620fcd-1f4a-4670-84b5-3f12c9b85053 which can be used as unique global reference for Microsoft Window Classes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-16T00:00:00Z |
| source | MITRE |
| title | About Window Classes |
Picus Sodinokibi January 2020
Ozarslan, S. (2020, January 15). A Brief History of Sodinokibi. Retrieved August 5, 2020.
Internal MISP references
UUID 2e9c2206-a04e-4278-9492-830cc9347ff9 which can be used as unique global reference for Picus Sodinokibi January 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-05T00:00:00Z |
| date_published | 2020-01-15T00:00:00Z |
| source | MITRE |
| title | A Brief History of Sodinokibi |
Application Bundle Manipulation Brandon Dalton
Brandon Dalton. (2022, August 9). A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation. Retrieved September 27, 2022.
Internal MISP references
UUID 2a8fd573-6ab0-403b-b813-88d9d3edab36 which can be used as unique global reference for Application Bundle Manipulation Brandon Dalton in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-27T00:00:00Z |
| date_published | 2022-08-09T00:00:00Z |
| source | MITRE |
| title | A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation |
Halcyon AWS Ransomware 2025
Halcyon RISE Team. (2025, January 13). Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C. Retrieved March 18, 2025.
Internal MISP references
UUID e72192d5-eed6-57f5-8dfc-49c57da04bd6 which can be used as unique global reference for Halcyon AWS Ransomware 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-18T00:00:00Z |
| date_published | 2025-01-13T00:00:00Z |
| source | MITRE |
| title | Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C |
NCC Group Chimera January 2021
Jansen, W . (2021, January 12). Abusing cloud services to fly under the radar. Retrieved September 12, 2024.
Internal MISP references
UUID 70c217c3-83a2-40f2-8f47-b68d8bd4cdf0 which can be used as unique global reference for NCC Group Chimera January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2021-01-12T00:00:00Z |
| source | MITRE |
| title | Abusing cloud services to fly under the radar |
Electron 2
Trend Micro. (2023, June 6). Abusing Electronbased applications in targeted attacks. Retrieved March 7, 2024.
Internal MISP references
UUID 0be977fd-7b7e-5ddb-aa0c-def81b97b2a5 which can be used as unique global reference for Electron 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-07T00:00:00Z |
| date_published | 2023-06-06T00:00:00Z |
| source | MITRE |
| title | Abusing Electronbased applications in targeted attacks |
Harmj0y Abusing GPO Permissions
Schroeder, W. (2016, March 17). Abusing GPO Permissions. Retrieved September 23, 2024.
Internal MISP references
UUID 18cc9426-9b51-46fa-9106-99688385ebe4 which can be used as unique global reference for Harmj0y Abusing GPO Permissions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-23T00:00:00Z |
| date_published | 2016-03-17T00:00:00Z |
| source | MITRE |
| title | Abusing GPO Permissions |
on security kerberos linux
Boal, Calum. (2020, January 28). Abusing Kerberos From Linux - An Overview of Available Tools. Retrieved September 17, 2024.
Internal MISP references
UUID 7d0870a0-db94-5213-a1b7-fc3c6557dcc0 which can be used as unique global reference for on security kerberos linux in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-17T00:00:00Z |
| date_published | 2020-01-28T00:00:00Z |
| source | MITRE |
| title | Abusing Kerberos From Linux - An Overview of Available Tools |
Retwin Directory Share Pivot
Routin, D. (2017, November 13). Abusing network shares for efficient lateral movements and privesc (DirSharePivot). Retrieved April 12, 2018.
Internal MISP references
UUID 027c5274-6b61-447a-9058-edb844f112dd which can be used as unique global reference for Retwin Directory Share Pivot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-12T00:00:00Z |
| date_published | 2017-11-13T00:00:00Z |
| source | MITRE |
| title | Abusing network shares for efficient lateral movements and privesc (DirSharePivot) |
BOHOPS Abusing the COM Registry
BOHOPS. (2018, August 18). Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques. Retrieved August 10, 2020.
Internal MISP references
UUID 3b5c0e62-7ac9-42e1-b2dd-8f2e0739b9d7 which can be used as unique global reference for BOHOPS Abusing the COM Registry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-10T00:00:00Z |
| date_published | 2018-08-18T00:00:00Z |
| source | MITRE |
| title | Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques |
abusing_com_reg
bohops. (2018, August 18). ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES. Retrieved September 20, 2021.
Internal MISP references
UUID 7f0f223f-09b1-4f8f-b6f1-1044e2ac7066 which can be used as unique global reference for abusing_com_reg in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2018-08-18T00:00:00Z |
| source | MITRE |
| title | ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES |
Rhino Security Labs AWS VPC Traffic Mirroring
Spencer Gietzen. (2019, September 17). Abusing VPC Traffic Mirroring in AWS. Retrieved March 17, 2022.
Internal MISP references
UUID 09cac813-862c-47c8-a47f-154c5436afbb which can be used as unique global reference for Rhino Security Labs AWS VPC Traffic Mirroring in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-17T00:00:00Z |
| date_published | 2019-09-17T00:00:00Z |
| source | MITRE |
| title | Abusing VPC Traffic Mirroring in AWS |
Narrator Accessibility Abuse
Comi, G. (2019, October 19). Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence. Retrieved April 28, 2020.
Internal MISP references
UUID fc889ba3-79a5-445a-81ea-dfe81c1cc542 which can be used as unique global reference for Narrator Accessibility Abuse in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-28T00:00:00Z |
| date_published | 2019-10-19T00:00:00Z |
| source | MITRE |
| title | Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence |
Intezer ACBackdoor
Sanmillan, I. (2019, November 18). ACBackdoor: Analysis of a New Multiplatform Backdoor. Retrieved October 4, 2021.
Internal MISP references
UUID e6cb833f-cf18-498b-a233-848853423412 which can be used as unique global reference for Intezer ACBackdoor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2019-11-18T00:00:00Z |
| source | MITRE |
| title | ACBackdoor: Analysis of a New Multiplatform Backdoor |
AccCheckConsole.exe - LOLBAS Project
LOLBAS. (2022, January 2). AccCheckConsole.exe. Retrieved December 4, 2023.
Internal MISP references
UUID de5523bd-e735-4751-84e9-a1be1d2980ec which can be used as unique global reference for AccCheckConsole.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AccCheckConsole.exe |
CyberScoop APT28 Nov 2018
Shoorbajee, Z. (2018, November 29). Accenture: Russian hackers using Brexit talks to disguise phishing lures. Retrieved July 16, 2019.
Internal MISP references
UUID ef8f0990-b2da-4538-8b02-7401dc5a4120 which can be used as unique global reference for CyberScoop APT28 Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-16T00:00:00Z |
| date_published | 2018-11-29T00:00:00Z |
| source | MITRE |
| title | Accenture: Russian hackers using Brexit talks to disguise phishing lures |
Microsoft Azure Kubernetes Service Service Accounts
Microsoft Azure. (2023, April 28). Access and identity options for Azure Kubernetes Service (AKS). Retrieved July 14, 2023.
Internal MISP references
UUID bf374b41-b2a3-5c07-bf84-9ea0e1a9e6c5 which can be used as unique global reference for Microsoft Azure Kubernetes Service Service Accounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-14T00:00:00Z |
| date_published | 2023-04-28T00:00:00Z |
| source | MITRE |
| title | Access and identity options for Azure Kubernetes Service (AKS) |
CrowdStrike Access Brokers
CrowdStrike Intelligence Team. (2022, February 23). Access Brokers: Who Are the Targets, and What Are They Worth?. Retrieved March 10, 2023.
Internal MISP references
UUID 0f772693-e09d-5c82-85c2-77f5fee39ef0 which can be used as unique global reference for CrowdStrike Access Brokers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-10T00:00:00Z |
| date_published | 2022-02-23T00:00:00Z |
| source | MITRE |
| title | Access Brokers: Who Are the Targets, and What Are They Worth? |
Microsoft Access Control Lists May 2018
M. Satran, M. Jacobs. (2018, May 30). Access Control Lists. Retrieved February 4, 2020.
Internal MISP references
UUID 2aeda95a-7741-4a74-a5a4-29a9e7a89451 which can be used as unique global reference for Microsoft Access Control Lists May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-04T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Access Control Lists |
Auth0 Access Tokens
Auth0. (n.d.). Access Tokens. Retrieved September 29, 2021.
Internal MISP references
UUID 43e8e178-a0da-44d8-be1b-853307e0d4ae which can be used as unique global reference for Auth0 Access Tokens in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| source | MITRE |
| title | Access Tokens |
BSidesSLC 2020 - LNK Elastic
French, D., Filar, B.. (2020, March 21). A Chain Is No Stronger Than Its Weakest LNK. Retrieved November 30, 2020.
Internal MISP references
UUID 4c2ede51-33f6-4d09-9186-43b023b079c0 which can be used as unique global reference for BSidesSLC 2020 - LNK Elastic in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-30T00:00:00Z |
| date_published | 2020-03-21T00:00:00Z |
| source | MITRE |
| title | A Chain Is No Stronger Than Its Weakest LNK |
Mythic SpecterOps
Thomas, C. (2020, August 13). A Change of Mythic Proportions. Retrieved March 25, 2022.
Internal MISP references
UUID 98d4453e-2e80-422a-ac8c-47f650f46e3c which can be used as unique global reference for Mythic SpecterOps in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2020-08-13T00:00:00Z |
| source | MITRE |
| title | A Change of Mythic Proportions |
FireEye Chinese Espionage October 2019
Nalani Fraser, Kelli Vanderlee. (2019, October 10). Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions. Retrieved November 17, 2024.
Internal MISP references
UUID d37c069c-7fb8-44e1-8377-da97e8bbcf67 which can be used as unique global reference for FireEye Chinese Espionage October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2019-10-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions |
Unit42 AcidBox June 2020
Reichel, D. and Idrizovic, E. (2020, June 17). AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations. Retrieved March 16, 2021.
Internal MISP references
UUID f3f2eca0-fda3-451e-bf13-aacb14668e48 which can be used as unique global reference for Unit42 AcidBox June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-16T00:00:00Z |
| date_published | 2020-06-17T00:00:00Z |
| source | MITRE |
| title | AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations |
SentinelOne AcidPour 2024
Juan Andrés Guerrero-Saade & Tom Hegel. (2024, March 21). AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine. Retrieved November 25, 2024.
Internal MISP references
UUID f6009712-7c94-5daf-82b4-c269454d6b1e which can be used as unique global reference for SentinelOne AcidPour 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-25T00:00:00Z |
| date_published | 2024-03-21T00:00:00Z |
| source | MITRE |
| title | AcidPour |
AcidRain JAGS 2022
Juan Andres Guerrero-Saade and Max van Amerongen, SentinelOne. (2022, March 31). AcidRain | A Modem Wiper Rains Down on Europe. Retrieved March 25, 2024.
Internal MISP references
UUID bd4a7b2e-a387-5e1b-9d9e-52464a8e25c9 which can be used as unique global reference for AcidRain JAGS 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-25T00:00:00Z |
| date_published | 2022-03-31T00:00:00Z |
| source | MITRE |
| title | AcidRain |
acroread package compromised Arch Linux Mail 8JUL2018
Eli Schwartz. (2018, June 8). acroread package compromised. Retrieved April 23, 2019.
Internal MISP references
UUID 99245022-2130-404d-bf7a-095d84a515cd which can be used as unique global reference for acroread package compromised Arch Linux Mail 8JUL2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-06-08T00:00:00Z |
| source | MITRE |
| title | acroread package compromised |
Microsoft Actinium February 2022
Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.
Internal MISP references
UUID 5ab658db-7f71-4213-8146-e22da54160b3 which can be used as unique global reference for Microsoft Actinium February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-18T00:00:00Z |
| date_published | 2022-02-04T00:00:00Z |
| source | MITRE |
| title | ACTINIUM targets Ukrainian organizations |
Wikipedia Active Directory
Wikipedia. (2018, March 10). Active Directory. Retrieved April 11, 2018.
Internal MISP references
UUID 924e1186-57e5-43db-94ab-29afa3fdaa7b which can be used as unique global reference for Wikipedia Active Directory in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-03-10T00:00:00Z |
| source | MITRE |
| title | Active Directory |
Microsoft AD Accounts
Microsoft. (2019, August 23). Active Directory Accounts. Retrieved March 13, 2020.
Internal MISP references
UUID df734659-2441-487a-991d-59064c61b771 which can be used as unique global reference for Microsoft AD Accounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2019-08-23T00:00:00Z |
| source | MITRE |
| title | Active Directory Accounts |
Microsoft AD Admin Tier Model
Microsoft. (2019, February 14). Active Directory administrative tier model. Retrieved February 21, 2020.
Internal MISP references
UUID 3afba81a-3b1d-41ec-938e-24f055698d52 which can be used as unique global reference for Microsoft AD Admin Tier Model in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2019-02-14T00:00:00Z |
| source | MITRE |
| title | Active Directory administrative tier model |
Microsoft AD CS Overview
Microsoft. (2016, August 31). Active Directory Certificate Services Overview. Retrieved August 2, 2022.
Internal MISP references
UUID f1b2526a-1bf6-4954-a9b3-a5e008761ceb which can be used as unique global reference for Microsoft AD CS Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Active Directory Certificate Services Overview |
Microsoft Get-ADUser
Microsoft. (n.d.). Active Directory Cmdlets - Get-ADUser. Retrieved November 30, 2017.
Internal MISP references
UUID b68ac85e-a007-4a72-9185-2877e9184fad which can be used as unique global reference for Microsoft Get-ADUser in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Active Directory Cmdlets - Get-ADUser |
Active Directory Enumeration with LDIFDE
Microsoft. (2023, June 26). Active Directory Enumeration with LDIFDE. Retrieved July 11, 2023.
Internal MISP references
UUID 51e6623a-4448-4244-8c81-4eab102e5926 which can be used as unique global reference for Active Directory Enumeration with LDIFDE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-11T00:00:00Z |
| date_published | 2023-06-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Active Directory Enumeration with LDIFDE |
Microsoft SID-History Attribute
Microsoft. (n.d.). Active Directory Schema - SID-History attribute. Retrieved November 30, 2017.
Internal MISP references
UUID 32150673-5593-4a2c-9872-aaa96a21aa5c which can be used as unique global reference for Microsoft SID-History Attribute in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Active Directory Schema - SID-History attribute |
Volexity Ivanti Zero-Day Exploitation January 2024
Meltzer, M. et al. (2024, January 10). Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN. Retrieved February 27, 2024.
Internal MISP references
UUID 93eda380-ea21-59e0-97e8-5bec1f9a0e71 which can be used as unique global reference for Volexity Ivanti Zero-Day Exploitation January 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-27T00:00:00Z |
| date_published | 2024-01-10T00:00:00Z |
| source | MITRE |
| title | Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN |
ActiveMalwareEnergy
Dan Goodin. (2014, June 30). Active malware operation let attackers sabotage US energy industry. Retrieved March 9, 2017.
Internal MISP references
UUID f2ef73c6-5d4c-423e-a3f5-194cba121eb1 which can be used as unique global reference for ActiveMalwareEnergy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-09T00:00:00Z |
| date_published | 2014-06-30T00:00:00Z |
| source | MITRE |
| title | Active malware operation let attackers sabotage US energy industry |
Klein Active Setup 2010
Klein, H. (2010, April 22). Active Setup Explained. Retrieved December 18, 2020.
Internal MISP references
UUID cbdd6290-1dda-48af-a101-fb3db6581276 which can be used as unique global reference for Klein Active Setup 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2010-04-22T00:00:00Z |
| source | MITRE |
| title | Active Setup Explained |
Dark Vortex Brute Ratel C4
Dark Vortex. (n.d.). A Customized Command and Control Center for Red Team and Adversary Simulation. Retrieved February 7, 2023.
Internal MISP references
UUID 47992cb5-df11-56c2-b266-6f58d75f8315 which can be used as unique global reference for Dark Vortex Brute Ratel C4 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-07T00:00:00Z |
| source | MITRE |
| title | A Customized Command and Control Center for Red Team and Adversary Simulation |
Juniper Networks ESXi Backdoor 2022
Asher Langton. (2022, December 9). A Custom Python Backdoor for VMWare ESXi Servers. Retrieved March 26, 2025.
Internal MISP references
UUID cb45718e-4cbb-5595-a406-f56def24325e which can be used as unique global reference for Juniper Networks ESXi Backdoor 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2022-12-09T00:00:00Z |
| source | MITRE |
| title | A Custom Python Backdoor for VMWare ESXi Servers |
ad_blocker_with_miner
Kuzmenko, A.. (2021, March 10). Ad blocker with miner included. Retrieved October 28, 2021.
Internal MISP references
UUID 8e30f71e-80b8-4662-bc95-bf3cf7cfcf40 which can be used as unique global reference for ad_blocker_with_miner in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-28T00:00:00Z |
| date_published | 2021-03-10T00:00:00Z |
| source | MITRE |
| title | Ad blocker with miner included |
Broadcom ESXi Firewall
Broadcom. (2025, March 24). Add Allowed IP Addresses for an ESXi Host by Using the VMware Host Client. Retrieved March 26, 2025.
Internal MISP references
UUID 1c4b7af4-36a2-54da-b7b0-d16292368568 which can be used as unique global reference for Broadcom ESXi Firewall in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2025-03-24T00:00:00Z |
| source | MITRE |
| title | Add Allowed IP Addresses for an ESXi Host by Using the VMware Host Client |
Microsoft Support O365 Add Another Admin, October 2019
Microsoft. (n.d.). Add Another Admin. Retrieved October 18, 2019.
Internal MISP references
UUID c31cfc48-289e-42aa-8046-b41261fdeb96 which can be used as unique global reference for Microsoft Support O365 Add Another Admin, October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-18T00:00:00Z |
| source | MITRE |
| title | Add Another Admin |
Amazon AWS IMDS V2
MacCarthaigh, C. (2019, November 19). Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service. Retrieved October 14, 2020.
Internal MISP references
UUID f252eb18-86e9-4ed0-b9da-2c81f12a6e13 which can be used as unique global reference for Amazon AWS IMDS V2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-14T00:00:00Z |
| date_published | 2019-11-19T00:00:00Z |
| source | MITRE |
| title | Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service |
Adding Login Items
Apple. (2016, September 13). Adding Login Items. Retrieved July 11, 2017.
Internal MISP references
UUID 5ab3e243-37a6-46f1-b28f-6846ecdef0ae which can be used as unique global reference for Adding Login Items in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-11T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | Adding Login Items |
MRWLabs Office Persistence Add-ins
Knowles, W. (2017, April 21). Add-In Opportunities for Office Persistence. Retrieved November 17, 2024.
Internal MISP references
UUID a5b6ab63-0e6f-4789-a017-ceab1719ed85 which can be used as unique global reference for MRWLabs Office Persistence Add-ins in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2017-04-21T00:00:00Z |
| source | MITRE |
| title | Add-In Opportunities for Office Persistence |
AddinUtil.exe - LOLBAS Project
LOLBAS. (2023, October 5). AddinUtil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 91af546d-0a56-4c17-b292-6257943a8aba which can be used as unique global reference for AddinUtil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-10-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AddinUtil.exe |
NTT Security Holdings May 8 2025
NTT Security Holdings. (2025, May 8). Additional Features of OtterCookie Malware Used by WaterPlum . Retrieved May 23, 2025.
Internal MISP references
UUID e42d25ec-c31d-41e4-8d86-d46a7bccd0c8 which can be used as unique global reference for NTT Security Holdings May 8 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-23T00:00:00Z |
| date_published | 2025-05-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Additional Features of OtterCookie Malware Used by WaterPlum |
Microsoft - Add-MailboxPermission
Microsoft. (n.d.). Add-Mailbox Permission. Retrieved September 13, 2019.
Internal MISP references
UUID b8d40efb-c78d-47dd-9d83-e5a31af73691 which can be used as unique global reference for Microsoft - Add-MailboxPermission in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-13T00:00:00Z |
| source | MITRE |
| title | Add-Mailbox Permission |
AddMonitor
Microsoft. (n.d.). AddMonitor function. Retrieved November 12, 2014.
Internal MISP references
UUID 8c1a719e-6ca1-4b41-966d-ddb87c849fe0 which can be used as unique global reference for AddMonitor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| source | MITRE |
| title | AddMonitor function |
Microsoft Azure AD Users
Microsoft. (2019, November 11). Add or delete users using Azure Active Directory. Retrieved January 30, 2020.
Internal MISP references
UUID b69468a2-693e-4bd0-8dc1-ccfd7d5630c0 which can be used as unique global reference for Microsoft Azure AD Users in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-30T00:00:00Z |
| date_published | 2019-11-11T00:00:00Z |
| source | MITRE |
| title | Add or delete users using Azure Active Directory |
Microsoft Office Add-ins
Microsoft. (n.d.). Add or remove add-ins. Retrieved July 3, 2017.
Internal MISP references
UUID 99b20e30-76a8-4108-84ae-daf92058b44b which can be used as unique global reference for Microsoft Office Add-ins in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| source | MITRE |
| title | Add or remove add-ins |
Microsoft AddPrintProcessor May 2018
Microsoft. (2018, May 31). AddPrintProcessor function. Retrieved October 5, 2020.
Internal MISP references
UUID 12c7160b-c93c-44cd-b108-68d4823aec8c which can be used as unique global reference for Microsoft AddPrintProcessor May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-05T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | AddPrintProcessor function |
RFC1918
IETF Network Working Group. (1996, February). Address Allocation for Private Internets. Retrieved October 20, 2020.
Internal MISP references
UUID f2cdf62e-cb9b-4a48-99a2-d46e7d9e7a9e which can be used as unique global reference for RFC1918 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 1996-02-01T00:00:00Z |
| source | MITRE |
| title | Address Allocation for Private Internets |
Microsoft Exchange Address Lists
Microsoft. (2020, February 7). Address lists in Exchange Server. Retrieved March 26, 2020.
Internal MISP references
UUID 138ec24a-4361-4ce0-b78e-508c11db397c which can be used as unique global reference for Microsoft Exchange Address Lists in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-26T00:00:00Z |
| date_published | 2020-02-07T00:00:00Z |
| source | MITRE |
| title | Address lists in Exchange Server |
Microsoft AD DS Getting Started
Foulds, I. et al. (2018, August 7). AD DS Getting Started. Retrieved September 23, 2021.
Internal MISP references
UUID 82d01c77-571b-4f33-a286-878f325462ae which can be used as unique global reference for Microsoft AD DS Getting Started in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2018-08-07T00:00:00Z |
| source | MITRE |
| title | AD DS Getting Started |
Akamai DGA Mitigation
Liu, H. and Yuzifovich, Y. (2018, January 9). A Death Match of Domain Generation Algorithms. Retrieved February 18, 2019.
Internal MISP references
UUID 5b14cdf6-261a-4d7e-acb4-74e7fafa9467 which can be used as unique global reference for Akamai DGA Mitigation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2018-01-09T00:00:00Z |
| source | MITRE |
| title | A Death Match of Domain Generation Algorithms |
Keychain Decryption Passware
Yana Gourenko. (n.d.). A Deep Dive into Apple Keychain Decryption. Retrieved April 13, 2022.
Internal MISP references
UUID 6a426ab4-5b0b-46d4-9dfe-e2587f69e111 which can be used as unique global reference for Keychain Decryption Passware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-13T00:00:00Z |
| source | MITRE |
| title | A Deep Dive into Apple Keychain Decryption |
Trend Micro Deep Dive Into Defacement
Marco Balduzzi, Ryan Flores, Lion Gu, Federico Maggi, Vincenzo Ciancaglini, Roel Reyes, Akira Urano. (n.d.). A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks. Retrieved April 19, 2019.
Internal MISP references
UUID 4886418b-3a2e-4f12-b91e-3bb2a8134112 which can be used as unique global reference for Trend Micro Deep Dive Into Defacement in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| source | MITRE |
| title | A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks |
Talos Lokibot Jan 2021
Muhammad, I., Unterbrink, H.. (2021, January 6). A Deep Dive into Lokibot Infection Chain. Retrieved August 31, 2021.
Internal MISP references
UUID 3baba4e6-0cf5-45eb-8abb-6c389743af89 which can be used as unique global reference for Talos Lokibot Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-31T00:00:00Z |
| date_published | 2021-01-06T00:00:00Z |
| source | MITRE |
| title | A Deep Dive into Lokibot Infection Chain |
Malwarebytes Saint Bot April 2021
Hasherezade. (2021, April 6). A deep dive into Saint Bot, a new downloader. Retrieved June 9, 2022.
Internal MISP references
UUID 3a1faa47-7bd3-453f-9b7a-bb17efb8bb3c which can be used as unique global reference for Malwarebytes Saint Bot April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-09T00:00:00Z |
| date_published | 2021-04-06T00:00:00Z |
| source | MITRE |
| title | A deep dive into Saint Bot, a new downloader |
SecurityScorecard CredoMap September 2022
Vlad Pasca. (2022, September 27). A Deep Dive Into the APT28’s stealer called CredoMap. Retrieved December 5, 2023.
Internal MISP references
UUID 3e683efc-4712-4397-8d55-4354ff7ad9f0 which can be used as unique global reference for SecurityScorecard CredoMap September 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-05T00:00:00Z |
| date_published | 2022-09-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | A Deep Dive Into the APT28’s stealer called CredoMap |
Krebs DNS Hijack 2019
Brian Krebs. (2019, February 18). A Deep Dive on the Recent Widespread DNS Hijacking Attacks. Retrieved February 14, 2022.
Internal MISP references
UUID 9bdc618d-ff55-4ac8-8967-6039c6c24cb1 which can be used as unique global reference for Krebs DNS Hijack 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-14T00:00:00Z |
| date_published | 2019-02-18T00:00:00Z |
| source | MITRE |
| title | A Deep Dive on the Recent Widespread DNS Hijacking Attacks |
Trend Micro Earth Baku August 9 2024
Ted Lee, Theo Chen. (2024, August 9). A Dive into Earth Baku’s Latest Campaign. Retrieved January 31, 2025.
Internal MISP references
UUID fad563ac-c7b2-4611-8924-e56c65aee309 which can be used as unique global reference for Trend Micro Earth Baku August 9 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-31T00:00:00Z |
| date_published | 2024-08-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | A Dive into Earth Baku’s Latest Campaign |
Reaqta MuddyWater November 2017
Reaqta. (2017, November 22). A dive into MuddyWater APT targeting Middle-East. Retrieved May 18, 2020.
Internal MISP references
UUID ecd28ccf-edb6-478d-a8f1-da630df42127 which can be used as unique global reference for Reaqta MuddyWater November 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-18T00:00:00Z |
| date_published | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | A dive into MuddyWater APT targeting Middle-East |
ESET Turla PowerShell May 2019
Faou, M. and Dumont R.. (2019, May 29). A dive into Turla PowerShell usage. Retrieved June 14, 2019.
Internal MISP references
UUID 68c0f34b-691a-4847-8d49-f18b7f4e5188 which can be used as unique global reference for ESET Turla PowerShell May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-14T00:00:00Z |
| date_published | 2019-05-29T00:00:00Z |
| source | MITRE |
| title | A dive into Turla PowerShell usage |
Kubernetes Admission Controllers
Kubernetes. (n.d.). Admission Controllers Reference. Retrieved March 8, 2023.
Internal MISP references
UUID ea035e41-159b-5f12-96fc-0638eace9fd2 which can be used as unique global reference for Kubernetes Admission Controllers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| source | MITRE |
| title | Admission Controllers Reference |
Krebs Adobe
Brian Krebs. (2013, October 3). Adobe To Announce Source Code, Customer Data Breach. Retrieved May 17, 2021.
Internal MISP references
UUID bc2b0b89-e00d-4beb-bf27-fe81d8c826a4 which can be used as unique global reference for Krebs Adobe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-17T00:00:00Z |
| date_published | 2013-10-03T00:00:00Z |
| source | MITRE |
| title | Adobe To Announce Source Code, Customer Data Breach |
Github AD-Pentest-Script
Twi1ight. (2015, July 11). AD-Pentest-Script - wmiexec.vbs. Retrieved June 29, 2017.
Internal MISP references
UUID 45a5f6c2-b52e-4518-a10e-19797e6fdcc3 which can be used as unique global reference for Github AD-Pentest-Script in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-29T00:00:00Z |
| date_published | 2015-07-11T00:00:00Z |
| source | MITRE |
| title | AD-Pentest-Script - wmiexec.vbs |
adplus.exe - LOLBAS Project
LOLBAS. (2021, September 1). adplus.exe. Retrieved December 4, 2023.
Internal MISP references
UUID d407ca0a-7ace-4dc5-947d-69a1e5a1d459 which can be used as unique global reference for adplus.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | adplus.exe |
Microsoft ADV170021 Dec 2017
Microsoft. (2017, December 12). ADV170021 - Microsoft Office Defense in Depth Update. Retrieved February 3, 2018.
Internal MISP references
UUID ce960e76-848f-440d-9843-54773f7b11cf which can be used as unique global reference for Microsoft ADV170021 Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-03T00:00:00Z |
| date_published | 2017-12-12T00:00:00Z |
| source | MITRE |
| title | ADV170021 - Microsoft Office Defense in Depth Update |
CISA AA20-352A 2021
CISA. (2021, April 15). Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. Retrieved August 30, 2024.
Internal MISP references
UUID 1e68b9ef-0aee-5d69-be72-3bc4d5cfa6b9 which can be used as unique global reference for CISA AA20-352A 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-30T00:00:00Z |
| date_published | 2021-04-15T00:00:00Z |
| source | MITRE |
| title | Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations |
FireEye APT Groups
FireEye. (n.d.). Advanced Persistent Threat Groups. Retrieved August 3, 2018.
Internal MISP references
UUID 5b6b909d-870a-4d14-85ec-6aa14e598740 which can be used as unique global reference for FireEye APT Groups in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-03T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Advanced Persistent Threat Groups |
Mandiant APT Groups List
Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved September 14, 2023.
Internal MISP references
UUID c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97 which can be used as unique global reference for Mandiant APT Groups List in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Advanced Persistent Threats (APTs) |
Mandiant Advanced Persistent Threats
Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved February 14, 2024.
Internal MISP references
UUID 2d16615b-09fc-5925-8f59-6d20f334d236 which can be used as unique global reference for Mandiant Advanced Persistent Threats in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-14T00:00:00Z |
| source | MITRE |
| title | Advanced Persistent Threats (APTs) |
Advanced_sec_audit_policy_settings
Simpson, D. et al. (2017, April 19). Advanced security audit policy settings. Retrieved September 14, 2021.
Internal MISP references
UUID 9aef57b1-1a2e-4833-815e-887616cc0570 which can be used as unique global reference for Advanced_sec_audit_policy_settings in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | Advanced security audit policy settings |
Adversaries Hijack DLLs
CrowdStrike, Falcon OverWatch Team. (2022, December 30). Retrieved October 19, 2023.
Internal MISP references
UUID 01836e53-4316-51a7-852c-01e585212276 which can be used as unique global reference for Adversaries Hijack DLLs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-19T00:00:00Z |
| source | MITRE |
| title | Adversaries Hijack DLLs |
CrowdStrike Richochet Chollima September 2021
CrowdStrike. (2021, September 30). Adversary Profile - Ricochet Chollima. Retrieved September 30, 2021.
Internal MISP references
UUID 69a23467-c55c-43a3-951d-c208e6ead6f7 which can be used as unique global reference for CrowdStrike Richochet Chollima September 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-30T00:00:00Z |
| date_published | 2021-09-30T00:00:00Z |
| source | MITRE |
| title | Adversary Profile - Ricochet Chollima |
Elastic - Hunting for Persistence Part 1
French, D., Murphy, B. (2020, March 24). Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1). Retrieved December 21, 2020.
Internal MISP references
UUID bd9406d3-c3e3-4737-97a1-a4bc997c88cd which can be used as unique global reference for Elastic - Hunting for Persistence Part 1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| date_published | 2020-03-24T00:00:00Z |
| source | MITRE |
| title | Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1) |
NCSC APT29 July 2020
National Cyber Security Centre. (2020, July 16). Advisory: APT29 targets COVID-19 vaccine development. Retrieved September 29, 2020.
Internal MISP references
UUID 28da86a6-4ca1-4bb4-a401-d4aa469c0034 which can be used as unique global reference for NCSC APT29 July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-29T00:00:00Z |
| date_published | 2020-07-16T00:00:00Z |
| source | MITRE |
| title | Advisory: APT29 targets COVID-19 vaccine development |
Mnemonic misuse visual studio
Mnemonic. (n.d.). Advisory: Misuse of Visual Studio Code for traffic tunnelling. Retrieved March 30, 2025.
Internal MISP references
UUID bb6113ea-7cef-5294-8ad8-6ab07d236416 which can be used as unique global reference for Mnemonic misuse visual studio in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-30T00:00:00Z |
| source | MITRE |
| title | Advisory: Misuse of Visual Studio Code for traffic tunnelling |
Advpack.dll - LOLBAS Project
LOLBAS. (2018, May 25). Advpack.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 837ccb3c-316d-4d96-8a33-b5df40870aba which can be used as unique global reference for Advpack.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Advpack.dll |
Kaspersky Adwind Feb 2016
Kamluk, V. & Gostev, A. (2016, February). Adwind - A Cross-Platform RAT. Retrieved April 23, 2019.
Internal MISP references
UUID 69fd8de4-81bc-4165-b77d-c5fc72cfa699 which can be used as unique global reference for Kaspersky Adwind Feb 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2016-02-01T00:00:00Z |
| source | MITRE |
| title | Adwind - A Cross-Platform RAT |
BroadcomSW August 12 2021
Threat Hunter Team Symantec. (2021, August 12). Affiliates Unlocked Gangs Switch Between Different Ransomware Families. Retrieved December 19, 2024.
Internal MISP references
UUID 652dba37-f030-48ef-ade2-308780a63445 which can be used as unique global reference for BroadcomSW August 12 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2021-08-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Affiliates Unlocked Gangs Switch Between Different Ransomware Families |
Bitdefender Trickbot VNC module Whitepaper 2021
Radu Tudorica. (2021, July 12). A Fresh Look at Trickbot’s Ever-Improving VNC Module. Retrieved September 28, 2021.
Internal MISP references
UUID ee2709d7-2b33-48ac-8e90-a2770d469d80 which can be used as unique global reference for Bitdefender Trickbot VNC module Whitepaper 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2021-07-12T00:00:00Z |
| source | MITRE |
| title | A Fresh Look at Trickbot’s Ever-Improving VNC Module |
Mac Backdoors are back
Dan Goodin. (2016, July 6). After hiatus, in-the-wild Mac backdoors are suddenly back. Retrieved July 8, 2017.
Internal MISP references
UUID c37f00dc-ee53-4be1-9046-0a28bdc5649a which can be used as unique global reference for Mac Backdoors are back in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-08T00:00:00Z |
| date_published | 2016-07-06T00:00:00Z |
| source | MITRE |
| title | After hiatus, in-the-wild Mac backdoors are suddenly back |
SentinelOne January 30 2023
SentinelOne. (2023, January 30). Agenda (Qilin). Retrieved June 7, 2024.
Internal MISP references
UUID 290e84bc-7dae-46ec-81de-78c94b98e45b which can be used as unique global reference for SentinelOne January 30 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-07T00:00:00Z |
| date_published | 2023-01-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Agenda (Qilin) |
Trend Micro March 26 2024
Arianne Dela Cruz; Raymart Yambot; Raighen Sanchez; Darrel Tristan Virtusio Read time. (2024, March 26). Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script. Retrieved April 5, 2024.
Internal MISP references
UUID d5634b8e-420a-4721-a3d2-19d9f36697f4 which can be used as unique global reference for Trend Micro March 26 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-05T00:00:00Z |
| date_published | 2024-03-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script |
Kaspersky MSSQL Aug 2019
Plakhov, A., Sitchikhin, D. (2019, August 22). Agent 1433: remote attack on Microsoft SQL Server. Retrieved September 4, 2019.
Internal MISP references
UUID 569a6be3-7a10-4aa4-be26-a62ed562a4ce which can be used as unique global reference for Kaspersky MSSQL Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-04T00:00:00Z |
| date_published | 2019-08-22T00:00:00Z |
| source | MITRE |
| title | Agent 1433: remote attack on Microsoft SQL Server |
Securelist Agent.btz
Gostev, A.. (2014, March 12). Agent.btz: a Source of Inspiration?. Retrieved April 8, 2016.
Internal MISP references
UUID 3b876c56-1d18-49e3-9a96-5cee4af7ab72 which can be used as unique global reference for Securelist Agent.btz in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-08T00:00:00Z |
| date_published | 2014-03-12T00:00:00Z |
| source | MITRE |
| title | Agent.btz: a Source of Inspiration? |
ThreatExpert Agent.btz
Shevchenko, S.. (2008, November 30). Agent.btz - A Threat That Hit Pentagon. Retrieved April 8, 2016.
Internal MISP references
UUID b710c404-b02e-444c-9388-9a5e751971d2 which can be used as unique global reference for ThreatExpert Agent.btz in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-08T00:00:00Z |
| date_published | 2008-11-30T00:00:00Z |
| source | MITRE |
| title | Agent.btz - A Threat That Hit Pentagon |
AgentExecutor.exe - LOLBAS Project
LOLBAS. (2020, July 23). AgentExecutor.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 633d7f25-df9d-4619-9aa9-92d1d9d225d7 which can be used as unique global reference for AgentExecutor.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-07-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AgentExecutor.exe |
SentinelLabs Agent Tesla Aug 2020
Walter, J. (2020, August 10). Agent Tesla | Old RAT Uses New Tricks to Stay on Top. Retrieved December 11, 2020.
Internal MISP references
UUID 5f712e3f-5a9d-4af3-b846-a61dc1d59b3a which can be used as unique global reference for SentinelLabs Agent Tesla Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-11T00:00:00Z |
| date_published | 2020-08-10T00:00:00Z |
| source | MITRE |
| title | Agent Tesla |
LogPoint Agent Tesla March 23 2023
Anish Bogati. (2023, March 23). AgentTesla's Capabilities: A Review and Detection Strategies. Retrieved May 7, 2023.
Internal MISP references
UUID 28bfb97b-4b58-408a-bef9-9081f6ddedb8 which can be used as unique global reference for LogPoint Agent Tesla March 23 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2023-03-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AgentTesla's Capabilities: A Review and Detection Strategies |
Sekoia.io Blog September 9 2024
Sekoia TDR; Felix Aimé; Pierre-Antoine D; Charles M. (2024, September 9). A glimpse into the Quad7 operators' next moves and associated botnets. Retrieved September 11, 2024.
Internal MISP references
UUID eb4a1888-3b04-449b-9738-d96ae26adfee which can be used as unique global reference for Sekoia.io Blog September 9 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-11T00:00:00Z |
| date_published | 2024-09-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | A glimpse into the Quad7 operators' next moves and associated botnets |
ATT Sidewinder January 2021
Hegel, T. (2021, January 13). A Global Perspective of the SideWinder APT. Retrieved January 27, 2021.
Internal MISP references
UUID d6644f88-d727-4f62-897a-bfa18f86380d which can be used as unique global reference for ATT Sidewinder January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-27T00:00:00Z |
| date_published | 2021-01-13T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | A Global Perspective of the SideWinder APT |
Unit42 Agrius 2023
Or Chechik, Tom Fakterman, Daniel Frank & Assaf Dahan. (2023, November 6). Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors. Retrieved May 22, 2024.
Internal MISP references
UUID 70fb43bd-f8e1-56a5-a0e9-884e85f16b10 which can be used as unique global reference for Unit42 Agrius 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-22T00:00:00Z |
| date_published | 2023-11-06T00:00:00Z |
| source | MITRE |
| title | Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors |
CheckPoint Agrius 2023
Marc Salinas Fernandez & Jiri Vinopal. (2023, May 23). AGRIUS DEPLOYS MONEYBIRD IN TARGETED ATTACKS AGAINST ISRAELI ORGANIZATIONS. Retrieved May 21, 2024.
Internal MISP references
UUID b3034b5d-1fe5-5677-a2e8-9329141875d4 which can be used as unique global reference for CheckPoint Agrius 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-21T00:00:00Z |
| date_published | 2023-05-23T00:00:00Z |
| source | MITRE |
| title | AGRIUS DEPLOYS MONEYBIRD IN TARGETED ATTACKS AGAINST ISRAELI ORGANIZATIONS |
Harmj0y Domain Trusts
Schroeder, W. (2017, October 30). A Guide to Attacking Domain Trusts. Retrieved February 14, 2019.
Internal MISP references
UUID 23a9ef6c-9f71-47bb-929f-9a92f24553eb which can be used as unique global reference for Harmj0y Domain Trusts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-14T00:00:00Z |
| date_published | 2017-10-30T00:00:00Z |
| source | MITRE |
| title | A Guide to Attacking Domain Trusts |
airwalk backdoor unix systems
airwalk. (2023, January 1). A guide to backdooring Unix systems. Retrieved May 31, 2023.
Internal MISP references
UUID 3f3bca4a-68fa-5d4a-b86f-36f82345ff36 which can be used as unique global reference for airwalk backdoor unix systems in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-31T00:00:00Z |
| date_published | 2023-01-01T00:00:00Z |
| source | MITRE |
| title | A guide to backdooring Unix systems |
Wired Lockergoga 2019
Greenberg, A. (2019, March 25). A Guide to LockerGoga, the Ransomware Crippling Industrial Firms. Retrieved July 17, 2019.
Internal MISP references
UUID de12f263-f76d-4b63-beb8-b210f7a8310d which can be used as unique global reference for Wired Lockergoga 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-17T00:00:00Z |
| date_published | 2019-03-25T00:00:00Z |
| source | MITRE |
| title | A Guide to LockerGoga, the Ransomware Crippling Industrial Firms |
ZDNET Selling Data
Cimpanu, C. (2020, May 9). A hacker group is selling more than 73 million user records on the dark web. Retrieved October 20, 2020.
Internal MISP references
UUID 61d00ae2-5494-4c6c-8860-6826e701ade8 which can be used as unique global reference for ZDNET Selling Data in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-05-09T00:00:00Z |
| source | MITRE |
| title | A hacker group is selling more than 73 million user records on the dark web |
ESET Zebrocy May 2019
ESET Research. (2019, May 22). A journey to Zebrocy land. Retrieved June 20, 2019.
Internal MISP references
UUID f8b837fb-e46c-4153-8e86-dc4b909b393a which can be used as unique global reference for ESET Zebrocy May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-20T00:00:00Z |
| date_published | 2019-05-22T00:00:00Z |
| source | MITRE |
| title | A journey to Zebrocy land |
Kersten Akira 2023
Max Kersten & Alexandre Mundo. (2023, November 29). Akira Ransomware. Retrieved April 4, 2024.
Internal MISP references
UUID df191993-a2cb-5d26-960c-11d1c6d3d73b which can be used as unique global reference for Kersten Akira 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-04T00:00:00Z |
| date_published | 2023-11-29T00:00:00Z |
| source | MITRE |
| title | Akira Ransomware |
Akira Ransomware Analysis August 2023
SEQBOSS. (2023, August 10). AKIRA RANSOMWARE ANALYSIS. Retrieved April 3, 2024.
Internal MISP references
UUID b34d6a98-158e-4fe7-8fcd-79554c07631a which can be used as unique global reference for Akira Ransomware Analysis August 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-03T00:00:00Z |
| date_published | 2023-08-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AKIRA RANSOMWARE ANALYSIS |
Cisco Akira Ransomware OCT 2024
Nutland, J. and Szeliga, M. (2024, October 21). Akira ransomware continues to evolve. Retrieved December 10, 2024.
Internal MISP references
UUID fa57d7ae-c0d2-58cd-8a91-a242f7348d60 which can be used as unique global reference for Cisco Akira Ransomware OCT 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-10T00:00:00Z |
| date_published | 2024-10-21T00:00:00Z |
| source | MITRE |
| title | Akira ransomware continues to evolve |
Cyble September 21 2023
Cybleinc. (2023, September 21). Akira Ransomware Extends Reach To Linux Platform - Cyble. Retrieved December 9, 2024.
Internal MISP references
UUID c9a58515-f911-4328-9237-daccd88711a5 which can be used as unique global reference for Cyble September 21 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-09T00:00:00Z |
| date_published | 2023-09-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Akira Ransomware Extends Reach To Linux Platform - Cyble |
Sophos Akira May 9 2023
Paul Jaramillo. (2023, May 9). Akira Ransomware is “bringin’ 1988 back”. Retrieved February 27, 2024.
Internal MISP references
UUID 1343b052-b158-4dad-9ed4-9dbb7bb778dd which can be used as unique global reference for Sophos Akira May 9 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-27T00:00:00Z |
| date_published | 2023-05-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Akira Ransomware is “bringin’ 1988 back” |
BlackBerry Akira July 11 2024
BlackBerry Research and Intelligence Team. (2024, July 11). Akira Ransomware Targets the LATAM Airline Industry. Retrieved September 16, 2024.
Internal MISP references
UUID 59a1bd0f-a907-4918-90e1-d163bf84f927 which can be used as unique global reference for BlackBerry Akira July 11 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-16T00:00:00Z |
| date_published | 2024-07-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Akira Ransomware Targets the LATAM Airline Industry |
Microsoft AKS Azure AD 2023
Microsoft. (2023, February 27). AKS-managed Azure Active Directory integration. Retrieved March 8, 2023.
Internal MISP references
UUID 809db259-3557-5597-9d1a-7c00cc10b89c which can be used as unique global reference for Microsoft AKS Azure AD 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2023-02-27T00:00:00Z |
| source | MITRE |
| title | AKS-managed Azure Active Directory integration |
Okta DPoP 2023
Venkat Viswanathan. (2023, June 13). A leap forward in token security: Okta adds support for DPoP. Retrieved January 2, 2024.
Internal MISP references
UUID d792ede9-6ff6-5fae-a045-fd8b57abd3d3 which can be used as unique global reference for Okta DPoP 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-02T00:00:00Z |
| date_published | 2023-06-13T00:00:00Z |
| source | MITRE |
| title | A leap forward in token security: Okta adds support for DPoP |
US-CERT SamSam 2018
US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.
Internal MISP references
UUID b9d14fea-2330-4eed-892c-b4e05a35d273 which can be used as unique global reference for US-CERT SamSam 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-15T00:00:00Z |
| date_published | 2018-12-03T00:00:00Z |
| source | MITRE |
| title | Alert (AA18-337A): SamSam Ransomware |
CISA MSS Sep 2020
CISA. (2020, September 14). Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity. Retrieved October 1, 2020.
Internal MISP references
UUID ffe613e3-b528-42bf-81d5-4d8de38b3457 which can be used as unique global reference for CISA MSS Sep 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-01T00:00:00Z |
| date_published | 2020-09-14T00:00:00Z |
| source | MITRE |
| title | Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity |
CISA Lokibot September 2020
DHS/CISA. (2020, September 22). Alert (AA20-266A) LokiBot Malware . Retrieved September 15, 2021.
Internal MISP references
UUID df979f7b-6de8-4029-ae47-700f29157db0 which can be used as unique global reference for CISA Lokibot September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-15T00:00:00Z |
| date_published | 2020-09-22T00:00:00Z |
| source | MITRE |
| title | Alert (AA20-266A) LokiBot Malware |
CISA_AA21_200B
CISA. (2021, August 20). Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs. Retrieved June 21, 2022.
Internal MISP references
UUID 633c6045-8990-58ae-85f0-00139aa9a091 which can be used as unique global reference for CISA_AA21_200B in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-21T00:00:00Z |
| date_published | 2021-08-20T00:00:00Z |
| source | MITRE |
| title | Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs |
cisa_malware_orgs_ukraine
CISA. (2022, April 28). Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine. Retrieved July 29, 2022.
Internal MISP references
UUID ebe89b36-f87f-4e09-8030-a1328c0b8683 which can be used as unique global reference for cisa_malware_orgs_ukraine in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-29T00:00:00Z |
| date_published | 2022-04-28T00:00:00Z |
| source | MITRE |
| title | Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine |
US-CERT Ransomware 2016
US-CERT. (2016, March 31). Alert (TA16-091A): Ransomware and Recent Variants. Retrieved March 15, 2019.
Internal MISP references
UUID 866484fa-836d-4c5b-bbad-3594ef60599c which can be used as unique global reference for US-CERT Ransomware 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-15T00:00:00Z |
| date_published | 2016-03-31T00:00:00Z |
| source | MITRE |
| title | Alert (TA16-091A): Ransomware and Recent Variants |
US-CERT WannaCry 2017
US-CERT. (2017, May 12). Alert (TA17-132A): Indicators Associated With WannaCry Ransomware. Retrieved March 25, 2019.
Internal MISP references
UUID 349b8e9d-7172-4d01-b150-f0371d038b7e which can be used as unique global reference for US-CERT WannaCry 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2017-05-12T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-132A): Indicators Associated With WannaCry Ransomware |
US-CERT HIDDEN COBRA June 2017
US-CERT. (2017, June 13). Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure. Retrieved July 13, 2017.
Internal MISP references
UUID 8e57cea3-ee37-4507-bb56-7445050ec8ca which can be used as unique global reference for US-CERT HIDDEN COBRA June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-13T00:00:00Z |
| date_published | 2017-06-13T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure |
US-CERT NotPetya 2017
US-CERT. (2017, July 1). Alert (TA17-181A): Petya Ransomware. Retrieved March 15, 2019.
Internal MISP references
UUID 6a009850-834b-4178-9028-2745921b6743 which can be used as unique global reference for US-CERT NotPetya 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-15T00:00:00Z |
| date_published | 2017-07-01T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-181A): Petya Ransomware |
US-CERT APT Energy Oct 2017
US-CERT. (2017, October 20). Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved November 2, 2017.
Internal MISP references
UUID e34ddf0a-a112-4557-ac09-1ff540241a89 which can be used as unique global reference for US-CERT APT Energy Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-02T00:00:00Z |
| date_published | 2017-10-20T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors |
US-CERT FALLCHILL Nov 2017
US-CERT. (2017, November 22). Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL. Retrieved December 7, 2017.
Internal MISP references
UUID 045e03f9-af83-4442-b69e-b80f68e570ac which can be used as unique global reference for US-CERT FALLCHILL Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-07T00:00:00Z |
| date_published | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL |
US-CERT Volgmer Nov 2017
US-CERT. (2017, November 22). Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer. Retrieved December 7, 2017.
Internal MISP references
UUID c48c7ac0-8d55-4b62-9606-a9ce420459b6 which can be used as unique global reference for US-CERT Volgmer Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-07T00:00:00Z |
| date_published | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer |
US-CERT TA18-074A
US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018.
Internal MISP references
UUID 94e87a92-bf80-43e2-a3ab-cd7d4895f2fc which can be used as unique global reference for US-CERT TA18-074A in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-06T00:00:00Z |
| date_published | 2018-03-16T00:00:00Z |
| source | MITRE |
| title | Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors |
US-CERT-TA18-106A
US-CERT. (2018, April 20). Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.
Internal MISP references
UUID 1fe55557-94af-4697-a675-884701f70f2a which can be used as unique global reference for US-CERT-TA18-106A in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2018-04-20T00:00:00Z |
| source | MITRE |
| title | Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices |
US-CERT Emotet Jul 2018
US-CERT. (2018, July 20). Alert (TA18-201A) Emotet Malware. Retrieved March 25, 2019.
Internal MISP references
UUID 0043043a-4741-41c2-a6f2-f88d5caa8b7a which can be used as unique global reference for US-CERT Emotet Jul 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2018-07-20T00:00:00Z |
| source | MITRE |
| title | Alert (TA18-201A) Emotet Malware |
Sysdig LLMJacking 2024
LLMjacking: Stolen Cloud Credentials Used in New AI Attack. (2024, May 6). Alessandro Brucato. Retrieved September 25, 2024.
Internal MISP references
UUID 20d3128e-0900-5373-97f0-fcf26fc86271 which can be used as unique global reference for Sysdig LLMJacking 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-25T00:00:00Z |
| date_published | 2024-05-06T00:00:00Z |
| source | MITRE |
| title | Alessandro Brucato |
Alexa-dns
Scanning Alexa's Top 1M for AXFR. (2015, March 29). Retrieved June 5, 2024.
Internal MISP references
UUID 154a5d86-4478-5cf5-ac39-19ac7581a440 which can be used as unique global reference for Alexa-dns in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-05T00:00:00Z |
| source | MITRE |
| title | Alexa-dns |
AlKhaser Debug
Noteworthy. (2019, January 6). Al-Khaser. Retrieved April 1, 2022.
Internal MISP references
UUID d9773aaf-e3ec-4ce3-b5c8-1ca3c4751622 which can be used as unique global reference for AlKhaser Debug in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2019-01-06T00:00:00Z |
| source | MITRE |
| title | Al-Khaser |
Broadcom ESXi SSH
Broadcom. (2024, December 12). Allowing SSH access to VMware vSphere ESXi/ESX hosts with public/private key authentication. Retrieved March 26, 2025.
Internal MISP references
UUID 94715020-4c94-52cf-ba41-aad30c2b51b9 which can be used as unique global reference for Broadcom ESXi SSH in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2024-12-12T00:00:00Z |
| source | MITRE |
| title | Allowing SSH access to VMware vSphere ESXi/ESX hosts with public/private key authentication |
Microsoft RDP Logons
Microsoft. (2017, April 9). Allow log on through Remote Desktop Services. Retrieved August 5, 2024.
Internal MISP references
UUID 2b460644-dc33-5cf4-a80a-8509d9f7e152 which can be used as unique global reference for Microsoft RDP Logons in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-05T00:00:00Z |
| date_published | 2017-04-09T00:00:00Z |
| source | MITRE |
| title | Allow log on through Remote Desktop Services |
NetSPI ClickOnce
Ryan Gandrud. (2015, March 23). All You Need Is One – A ClickOnce Love Story. Retrieved September 9, 2024.
Internal MISP references
UUID be17ae41-52d0-51bd-b48f-5c1d3c5c8dc1 which can be used as unique global reference for NetSPI ClickOnce in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-09T00:00:00Z |
| date_published | 2015-03-23T00:00:00Z |
| source | MITRE |
| title | All You Need Is One – A ClickOnce Love Story |
Fysbis Palo Alto Analysis
Bryan Lee and Rob Downs. (2016, February 12). A Look Into Fysbis: Sofacy’s Linux Backdoor. Retrieved September 10, 2017.
Internal MISP references
UUID 3e527ad6-6b56-473d-8178-e1c3c14f2311 which can be used as unique global reference for Fysbis Palo Alto Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-10T00:00:00Z |
| date_published | 2016-02-12T00:00:00Z |
| source | MITRE |
| title | A Look Into Fysbis: Sofacy’s Linux Backdoor |
Medium KONNI Jan 2020
Karmi, D. (2020, January 4). A Look Into Konni 2019 Campaign. Retrieved April 28, 2020.
Internal MISP references
UUID e117a6ac-eaa2-4494-b4ae-2d9ae52c3251 which can be used as unique global reference for Medium KONNI Jan 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-28T00:00:00Z |
| date_published | 2020-01-04T00:00:00Z |
| source | MITRE |
| title | A Look Into Konni 2019 Campaign |
Unit 42 Palo Alto Ransomware in Public Clouds 2022
Jay Chen. (2022, May 16). A Look Into Public Clouds From the Ransomware Actor's Perspective. Retrieved March 21, 2023.
Internal MISP references
UUID cc6c2b69-ca51-513e-9666-a03be2ea5fcd which can be used as unique global reference for Unit 42 Palo Alto Ransomware in Public Clouds 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-21T00:00:00Z |
| date_published | 2022-05-16T00:00:00Z |
| source | MITRE |
| title | A Look Into Public Clouds From the Ransomware Actor's Perspective |
Cyber Centre ALPHV/BlackCat July 25 2023
Canadian Centre for Cyber Security. (2023, July 25). ALPHV/BlackCat Ransomware Targeting of Canadian Industries. Retrieved September 13, 2023.
Internal MISP references
UUID 610c8f22-1a96-42d2-934d-8467d136eed2 which can be used as unique global reference for Cyber Centre ALPHV/BlackCat July 25 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-13T00:00:00Z |
| date_published | 2023-07-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ALPHV/BlackCat Ransomware Targeting of Canadian Industries |
Mandiant ALPHV Affiliate April 3 2023
Jason Deyalsingh, Nick Smith, Eduardo Mattos, Tyler Mclellan. (2023, April 3). ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access. Retrieved March 5, 2024.
Internal MISP references
UUID b8375832-f6a9-4617-a2ac-d23aacbf2bfe which can be used as unique global reference for Mandiant ALPHV Affiliate April 3 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-05T00:00:00Z |
| date_published | 2023-04-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access |
Microsoft ADS Mar 2014
Marlin, J. (2013, March 24). Alternate Data Streams in NTFS. Retrieved March 21, 2018.
Internal MISP references
UUID eae434ff-97c0-4a82-9f80-215e515befae which can be used as unique global reference for Microsoft ADS Mar 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-21T00:00:00Z |
| date_published | 2013-03-24T00:00:00Z |
| source | MITRE |
| title | Alternate Data Streams in NTFS |
XPNSec PPID Nov 2017
Chester, A. (2017, November 20). Alternative methods of becoming SYSTEM. Retrieved June 4, 2019.
Internal MISP references
UUID 0dbf093e-4b54-4972-b048-2a6411037da4 which can be used as unique global reference for XPNSec PPID Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2017-11-20T00:00:00Z |
| source | MITRE |
| title | Alternative methods of becoming SYSTEM |
Microsoft AlwaysInstallElevated 2018
Microsoft. (2018, May 31). AlwaysInstallElevated. Retrieved December 14, 2020.
Internal MISP references
UUID 19026f4c-ad65-435e-8c0e-a8ccc9895348 which can be used as unique global reference for Microsoft AlwaysInstallElevated 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-14T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | AlwaysInstallElevated |
ASEC BLOG July 21 2022
Sanseo. (2022, July 21). Amadey Bot Being Distributed Through SmokeLoader - ASEC BLOG. Retrieved May 15, 2023.
Internal MISP references
UUID e320cc74-005a-46db-8a04-6ec487df327f which can be used as unique global reference for ASEC BLOG July 21 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-15T00:00:00Z |
| date_published | 2022-07-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Amadey Bot Being Distributed Through SmokeLoader - ASEC BLOG |
Amazon Snapshots
Amazon. (n.d.). Amazon EBS snapshots. Retrieved October 13, 2021.
Internal MISP references
UUID 3961a653-b53c-4ba4-9ea6-709e1d1bdb55 which can be used as unique global reference for Amazon Snapshots in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Amazon EBS snapshots |
Amazon AMI
Amazon. (n.d.). Amazon Machine Images (AMI). Retrieved October 13, 2021.
Internal MISP references
UUID bc9ecf45-2a20-47df-a634-064237e5f126 which can be used as unique global reference for Amazon AMI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Amazon Machine Images (AMI) |
Amazon S3
Amazon. (n.d.). Amazon S3. Retrieved October 13, 2021.
Internal MISP references
UUID 7fecbd5d-626f-496a-a72f-5f166c78c204 which can be used as unique global reference for Amazon S3 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Amazon S3 |
Trend Micro S3 Exposed PII, 2017
Trend Micro. (2017, November 6). A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia. Retrieved October 4, 2019.
Internal MISP references
UUID 1ba37b48-1219-4f87-af36-9bdd8d6265ca which can be used as unique global reference for Trend Micro S3 Exposed PII, 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2017-11-06T00:00:00Z |
| source | MITRE |
| title | A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia |
Recorded Future Beacon Certificates
Insikt Group. (2019, June 18). A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers. Retrieved September 16, 2024.
Internal MISP references
UUID 792ca8a7-c9b2-4e7f-8562-e1ccb60a402a which can be used as unique global reference for Recorded Future Beacon Certificates in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-16T00:00:00Z |
| date_published | 2019-06-18T00:00:00Z |
| source | MITRE |
| title | A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers |
TrendMicro ESXI Ransomware
Junestherry Dela Cruz. (2022, January 24). Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant. Retrieved March 26, 2025.
Internal MISP references
UUID f765970e-96d5-5cee-acc1-dc730bae53a7 which can be used as unique global reference for TrendMicro ESXI Ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2022-01-24T00:00:00Z |
| source | MITRE |
| title | Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant |
Botnet Scan
Dainotti, A. et al. (2012). Analysis of a “/0” Stealth Scan from a Botnet. Retrieved October 20, 2020.
Internal MISP references
UUID ca09941c-fcc8-460b-8b02-d1608a7d3813 which can be used as unique global reference for Botnet Scan in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2012-01-01T00:00:00Z |
| source | MITRE |
| title | Analysis of a “/0” Stealth Scan from a Botnet |
Trend Micro Ngrok September 2020
Borja, A. Camba, A. et al (2020, September 14). Analysis of a Convoluted Attack Chain Involving Ngrok. Retrieved September 15, 2020.
Internal MISP references
UUID e7b57e64-3532-4b98-9fa5-b832e6fcd53a which can be used as unique global reference for Trend Micro Ngrok September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-15T00:00:00Z |
| source | MITRE |
| title | Analysis of a Convoluted Attack Chain Involving Ngrok |
CIRCL PlugX March 2013
Computer Incident Response Center Luxembourg. (2013, March 29). Analysis of a PlugX variant. Retrieved November 5, 2018.
Internal MISP references
UUID 8ab89236-6994-43a3-906c-383e294f65d1 which can be used as unique global reference for CIRCL PlugX March 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2013-03-29T00:00:00Z |
| source | MITRE |
| title | Analysis of a PlugX variant |
Apple Unified Log Analysis Remote Login and Screen Sharing
Sarah Edwards. (2020, April 30). Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins. Retrieved August 19, 2021.
Internal MISP references
UUID a2169171-8e4a-4faa-811c-98b6204a5a57 which can be used as unique global reference for Apple Unified Log Analysis Remote Login and Screen Sharing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-19T00:00:00Z |
| date_published | 2020-04-30T00:00:00Z |
| source | MITRE |
| title | Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins |
Medium S2W WhisperGate January 2022
S2W. (2022, January 18). Analysis of Destructive Malware (WhisperGate) targeting Ukraine. Retrieved March 14, 2022.
Internal MISP references
UUID 06cf7197-244a-431b-a288-4c2bbd431ad5 which can be used as unique global reference for Medium S2W WhisperGate January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-14T00:00:00Z |
| date_published | 2022-01-18T00:00:00Z |
| source | MITRE |
| title | Analysis of Destructive Malware (WhisperGate) targeting Ukraine |
Analysis of FG-IR-22-369
Guillaume Lovet and Alex Kong. (2023, March 9). Analysis of FG-IR-22-369. Retrieved May 15, 2023.
Internal MISP references
UUID f12b141e-6bb2-5563-9665-5756fec2d5e7 which can be used as unique global reference for Analysis of FG-IR-22-369 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-15T00:00:00Z |
| date_published | 2023-03-09T00:00:00Z |
| source | MITRE |
| title | Analysis of FG-IR-22-369 |
CloudSEK ESXiArgs 2023
Mehardeep Singh Sawhney. (2023, February 9). Analysis of Files Used in ESXiArgs Ransomware Attack Against VMware ESXi Servers. Retrieved March 26, 2025.
Internal MISP references
UUID 3faa7879-4305-522f-a47e-1e01d323ecbd which can be used as unique global reference for CloudSEK ESXiArgs 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2023-02-09T00:00:00Z |
| source | MITRE |
| title | Analysis of Files Used in ESXiArgs Ransomware Attack Against VMware ESXi Servers |
Graeber 2014
Graeber, M. (2014, October). Analysis of Malicious Security Support Provider DLLs. Retrieved March 1, 2017.
Internal MISP references
UUID f2f9a6bf-b4d9-461e-b961-0610ea72faf0 which can be used as unique global reference for Graeber 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2014-10-01T00:00:00Z |
| source | MITRE |
| title | Analysis of Malicious Security Support Provider DLLs |
Fortinet Agent Tesla April 2018
Zhang, X. (2018, April 05). Analysis of New Agent Tesla Spyware Variant. Retrieved November 5, 2018.
Internal MISP references
UUID 86a65be7-0f70-4755-b526-a26b92eabaa2 which can be used as unique global reference for Fortinet Agent Tesla April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2018-04-05T00:00:00Z |
| source | MITRE |
| title | Analysis of New Agent Tesla Spyware Variant |
Antiy CERT Ramsay April 2020
Antiy CERT. (2020, April 20). Analysis of Ramsay components of Darkhotel's infiltration and isolation network. Retrieved March 24, 2021.
Internal MISP references
UUID 280636da-fa21-472c-947c-651a628ea2cd which can be used as unique global reference for Antiy CERT Ramsay April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| date_published | 2020-04-20T00:00:00Z |
| source | MITRE |
| title | Analysis of Ramsay components of Darkhotel's infiltration and isolation network |
Storm-0558 techniques for unauthorized email access
Microsoft Threat Intelligence. (2023, July 14). Analysis of Storm-0558 techniques for unauthorized email access. Retrieved September 18, 2023.
Internal MISP references
UUID 74fd79a9-09f7-5149-a457-687a1e2989de which can be used as unique global reference for Storm-0558 techniques for unauthorized email access in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-18T00:00:00Z |
| date_published | 2023-07-14T00:00:00Z |
| source | MITRE |
| title | Analysis of Storm-0558 techniques for unauthorized email access |
Microsoft Security Blog July 14 2023
Microsoft Threat Intelligence. (2023, July 14). Analysis of Storm-0558 techniques for unauthorized email access . Retrieved February 25, 2024.
Internal MISP references
UUID a9cf756b-8157-4cc4-bdab-b10f320487df which can be used as unique global reference for Microsoft Security Blog July 14 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-25T00:00:00Z |
| date_published | 2023-07-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Analysis of Storm-0558 techniques for unauthorized email access |
ESET Telebots July 2017
Cherepanov, A.. (2017, July 4). Analysis of TeleBots’ cunning backdoor . Retrieved June 11, 2020.
Internal MISP references
UUID 5d62c323-6626-4aad-8bf2-0d988e436f3d which can be used as unique global reference for ESET Telebots July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-11T00:00:00Z |
| date_published | 2017-07-04T00:00:00Z |
| source | MITRE |
| title | Analysis of TeleBots’ cunning backdoor |
EST Kimsuky SmokeScreen April 2019
ESTSecurity. (2019, April 17). Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그]. Retrieved September 29, 2021.
Internal MISP references
UUID 15213a3c-1e9f-47fa-9864-8ef2707c7fb6 which can be used as unique global reference for EST Kimsuky SmokeScreen April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2019-04-17T00:00:00Z |
| source | MITRE |
| title | Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그] |
Ukraine15 - EISAC - 201603
Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems. (2016, March 18). Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case. Retrieved March 27, 2018.
Internal MISP references
UUID 8adc6d36-3aa0-5d7b-8bb3-23f4426be8a6 which can be used as unique global reference for Ukraine15 - EISAC - 201603 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-27T00:00:00Z |
| date_published | 2016-03-18T00:00:00Z |
| source | MITRE |
| title | Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case |
CSIRT MON January 22 2022
CSIRT MON. (2022, January 22). ANALYSIS OF THE CYBERATTACK ON UKRAINIAN GOVERNMENT RESOURCES. Retrieved February 12, 2025.
Internal MISP references
UUID 638a1ce3-3118-482e-b1ec-75a76c2cb37b which can be used as unique global reference for CSIRT MON January 22 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-12T00:00:00Z |
| date_published | 2022-01-22T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ANALYSIS OF THE CYBERATTACK ON UKRAINIAN GOVERNMENT RESOURCES |
Check Point Havij Analysis
Ganani, M. (2015, May 14). Analysis of the Havij SQL Injection tool. Retrieved March 19, 2018.
Internal MISP references
UUID 2e00a539-acbe-4462-a30f-43da4e8b9c4f which can be used as unique global reference for Check Point Havij Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2015-05-14T00:00:00Z |
| source | MITRE |
| title | Analysis of the Havij SQL Injection tool |
ESET Emotet Dec 2018
Perez, D.. (2018, December 28). Analysis of the latest Emotet propagation campaign. Retrieved April 16, 2019.
Internal MISP references
UUID 3fab9e25-e83e-4c90-ae32-dcd0c30757f8 which can be used as unique global reference for ESET Emotet Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2018-12-28T00:00:00Z |
| source | MITRE |
| title | Analysis of the latest Emotet propagation campaign |
Rewterz Sidewinder COVID-19 June 2020
Rewterz. (2020, June 22). Analysis on Sidewinder APT Group – COVID-19. Retrieved January 29, 2021.
Internal MISP references
UUID cdd779f1-30c2-40be-a500-332920f0e21c which can be used as unique global reference for Rewterz Sidewinder COVID-19 June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-29T00:00:00Z |
| date_published | 2020-06-22T00:00:00Z |
| source | MITRE |
| title | Analysis on Sidewinder APT Group – COVID-19 |
CISA AR18-352A Quasar RAT December 2018
CISA. (2018, December 18). Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool. Retrieved August 1, 2022.
Internal MISP references
UUID a109e42d-604f-4885-ada3-5d6895addc96 which can be used as unique global reference for CISA AR18-352A Quasar RAT December 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-01T00:00:00Z |
| date_published | 2018-12-18T00:00:00Z |
| source | MITRE |
| title | Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool |
CISA AR21-126A FIVEHANDS May 2021
CISA. (2021, May 6). Analysis Report (AR21-126A) FiveHands Ransomware. Retrieved June 7, 2021.
Internal MISP references
UUID f98604dd-2881-4024-8e43-6f5f48c6c9fa which can be used as unique global reference for CISA AR21-126A FIVEHANDS May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-07T00:00:00Z |
| date_published | 2021-05-06T00:00:00Z |
| source | MITRE |
| title | Analysis Report (AR21-126A) FiveHands Ransomware |
JoeSecurity Egregor 2020
Joe Security. (n.d.). Analysis Report fasm.dll. Retrieved November 17, 2024.
Internal MISP references
UUID d403e610-fa83-4c17-842f-223063864009 which can be used as unique global reference for JoeSecurity Egregor 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| source | MITRE |
| title | Analysis Report fasm.dll |
GDATA Zeus Panda June 2017
Ebach, L. (2017, June 22). Analysis Results of Zeus.Variant.Panda. Retrieved November 5, 2018.
Internal MISP references
UUID 2d9a6957-5645-4863-968b-4a3c8736564b which can be used as unique global reference for GDATA Zeus Panda June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE |
| title | Analysis Results of Zeus.Variant.Panda |
jstnk9.github.io June 01 2022
jstnk9.github.io. (2022, June 1). Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage. Retrieved May 7, 2023.
Internal MISP references
UUID 4e7f573d-f8cc-4538-9f8d-b945f037e46f which can be used as unique global reference for jstnk9.github.io June 01 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2022-06-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Analyzing AsyncRAT distributed in Colombia |
Analyzing CS Dec 2020
Maynier, E. (2020, December 20). Analyzing Cobalt Strike for Fun and Profit. Retrieved October 12, 2021.
Internal MISP references
UUID f2cb06bc-66d5-4c60-a2a4-74e5a0c23bee which can be used as unique global reference for Analyzing CS Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2020-12-20T00:00:00Z |
| source | MITRE |
| title | Analyzing Cobalt Strike for Fun and Profit |
Objective_See 1 4 2024
Objective_See. (2024, January 4). Analyzing DPRK's SpectralBlur. Retrieved March 8, 2024.
Internal MISP references
UUID c96535be-4859-4ae3-9ba0-d482f1195863 which can be used as unique global reference for Objective_See 1 4 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-08T00:00:00Z |
| date_published | 2024-01-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Analyzing DPRK's SpectralBlur |
Fortinet Blog February 4 2025
Axelle Apvrille. (2025, February 4). Analyzing ELFSshdinjector.A!tr with a Human and Artificial Analyst . Retrieved February 10, 2025.
Internal MISP references
UUID 11e51dbf-b982-462c-b19e-f8c48a66ca70 which can be used as unique global reference for Fortinet Blog February 4 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-10T00:00:00Z |
| date_published | 2025-02-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Analyzing ELFSshdinjector.A!tr with a Human and Artificial Analyst |
Microsoft Security Blog 4 22 2024
Microsoft Threat Intelligence. (2024, April 22). Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials . Retrieved April 22, 2024.
Internal MISP references
UUID 050ff793-d81d-499f-a136-905e76bce321 which can be used as unique global reference for Microsoft Security Blog 4 22 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-22T00:00:00Z |
| date_published | 2024-04-22T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials |
Uperesia Malicious Office Documents
Felix. (2016, September). Analyzing Malicious Office Documents. Retrieved April 11, 2018.
Internal MISP references
UUID f6ffb916-ac14-44d1-8566-26bafa06e77b which can be used as unique global reference for Uperesia Malicious Office Documents in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2016-09-01T00:00:00Z |
| source | MITRE |
| title | Analyzing Malicious Office Documents |
Unit42 OilRig Nov 2018
Falcone, R., Wilhoit, K.. (2018, November 16). Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery. Retrieved April 23, 2019.
Internal MISP references
UUID 9bc09d8a-d890-473b-a8cf-ea319fcc3462 which can be used as unique global reference for Unit42 OilRig Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-11-16T00:00:00Z |
| source | MITRE |
| title | Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery |
McAfee GhostSecret
Sherstobitoff, R., Malhotra, A. (2018, April 24). Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide. Retrieved May 16, 2018.
Internal MISP references
UUID d1cd4f5b-253c-4833-8905-49fb58e7c016 which can be used as unique global reference for McAfee GhostSecret in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-16T00:00:00Z |
| date_published | 2018-04-24T00:00:00Z |
| source | MITRE |
| title | Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide |
McAfee-GhostSecret-fixurl
Ryan Sherstobitoff. (2018, April 24). Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide. Retrieved August 15, 2024.
Internal MISP references
UUID 8c88bc0d-102a-59ff-99e7-0d8a789c08a0 which can be used as unique global reference for McAfee-GhostSecret-fixurl in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-15T00:00:00Z |
| date_published | 2018-04-24T00:00:00Z |
| source | MITRE |
| title | Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide |
Microsoft Analyzing Solorigate Dec 2020
MSTIC. (2020, December 18). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers . Retrieved January 5, 2021.
Internal MISP references
UUID 8ad72d46-ba2c-426f-bb0d-eb47723c8e11 which can be used as unique global reference for Microsoft Analyzing Solorigate Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-05T00:00:00Z |
| date_published | 2020-12-18T00:00:00Z |
| source | MITRE |
| title | Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers |
Pincus Emotet 2020
Süleyman Özarslan, PhD; Pincus Security Inc.. (2020, July 14). An Analysis of Emotet Malware: PowerShell Unobfuscation. Retrieved November 25, 2024.
Internal MISP references
UUID 597459cf-6d62-50ef-91ed-37c74f1ae656 which can be used as unique global reference for Pincus Emotet 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-25T00:00:00Z |
| date_published | 2020-07-14T00:00:00Z |
| source | MITRE |
| title | An Analysis of Emotet Malware: PowerShell Unobfuscation |
Lastline PlugX Analysis
Vasilenko, R. (2013, December 17). An Analysis of PlugX Malware. Retrieved November 24, 2015.
Internal MISP references
UUID 9f7fa262-cede-4f47-94ca-1534c65c86e2 which can be used as unique global reference for Lastline PlugX Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-11-24T00:00:00Z |
| date_published | 2013-12-17T00:00:00Z |
| source | MITRE |
| title | An Analysis of PlugX Malware |
TrendMicro Sandworm October 2014
Wu, W. (2014, October 14). An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm”. Retrieved June 18, 2020.
Internal MISP references
UUID 84f289ce-c7b9-4f67-b6cc-bd058e5e6bcb which can be used as unique global reference for TrendMicro Sandworm October 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-18T00:00:00Z |
| date_published | 2014-10-14T00:00:00Z |
| source | MITRE |
| title | An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm” |
Dragos Crashoverride 2018
Joe Slowik. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved December 18, 2020.
Internal MISP references
UUID d14442d5-2557-4a92-9a29-b15a20752f56 which can be used as unique global reference for Dragos Crashoverride 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2018-10-12T00:00:00Z |
| source | MITRE |
| title | Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE |
Anatomy of an hVNC Attack
Keshet, Lior. Kessem, Limor. (2017, January 25). Anatomy of an hVNC Attack. Retrieved November 28, 2023.
Internal MISP references
UUID 293c5d41-cd23-5da5-9d2b-754b626bc22a which can be used as unique global reference for Anatomy of an hVNC Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-28T00:00:00Z |
| date_published | 2017-01-25T00:00:00Z |
| source | MITRE |
| title | Anatomy of an hVNC Attack |
Syscall 2014
Drysdale, D. (2014, July 16). Anatomy of a system call, part 2. Retrieved June 16, 2020.
Internal MISP references
UUID 4e8fe849-ab1a-4c51-b5eb-16fcd10e8bd0 which can be used as unique global reference for Syscall 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-16T00:00:00Z |
| date_published | 2014-07-16T00:00:00Z |
| source | MITRE |
| title | Anatomy of a system call, part 2 |
SCADAfence_ransomware
Shaked, O. (2020, January 20). Anatomy of a Targeted Ransomware Attack. Retrieved June 18, 2022.
Internal MISP references
UUID 24c80db5-37a7-46ee-b232-f3c3ffb10f0a which can be used as unique global reference for SCADAfence_ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-18T00:00:00Z |
| date_published | 2020-01-20T00:00:00Z |
| source | MITRE |
| title | Anatomy of a Targeted Ransomware Attack |
ESET IIS Malware 2021
Hromcová, Z., Cherepanov, A. (2021). Anatomy of Native IIS Malware. Retrieved September 9, 2021.
Internal MISP references
UUID d9c6e55b-39b7-4097-8ab2-8b87421ce2f4 which can be used as unique global reference for ESET IIS Malware 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-09T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | Anatomy of Native IIS Malware |
Medium Anchor DNS July 2020
Grange, W. (2020, July 13). Anchor_dns malware goes cross platform. Retrieved September 10, 2020.
Internal MISP references
UUID de246d53-385f-44be-bf0f-25a76442b835 which can be used as unique global reference for Medium Anchor DNS July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-10T00:00:00Z |
| date_published | 2020-07-13T00:00:00Z |
| source | MITRE |
| title | Anchor_dns malware goes cross platform |
NSA Joint Advisory SVR SolarWinds April 2021
NSA, FBI, DHS. (2021, April 15). Russian SVR Targets U.S. and Allied Networks. Retrieved April 16, 2021.
Internal MISP references
UUID 43d9c469-1d54-454b-ba67-74e7f1de9c10 which can be used as unique global reference for NSA Joint Advisory SVR SolarWinds April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-16T00:00:00Z |
| source | MITRE |
| title | and Allied Networks |
Kaspersky Andariel Ransomware June 2021
Park, S. (2021, June 15). Andariel evolves to target South Korea with ransomware. Retrieved September 29, 2021.
Internal MISP references
UUID f4efbcb5-494c-40e0-8734-5df1b92ec39c which can be used as unique global reference for Kaspersky Andariel Ransomware June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2021-06-15T00:00:00Z |
| source | MITRE |
| title | Andariel evolves to target South Korea with ransomware |
CISA GRU29155 2024
US Cybersecurity & Infrastructure Security Agency et al. (2024, September 5). Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. Retrieved September 6, 2024.
Internal MISP references
UUID c4dba764-d864-59bf-a80d-f1263bc904e4 which can be used as unique global reference for CISA GRU29155 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-06T00:00:00Z |
| source | MITRE |
| title | and Global Critical Infrastructure |
Sophos X-Ops C-23
Pankaj Kohli. (2021, November 23). Android APT spyware, targeting Middle East victims, enhances evasiveness. Retrieved October 30, 2023.
Internal MISP references
UUID 305c201b-ccc6-4e28-a1cb-97ca697bb214 which can be used as unique global reference for Sophos X-Ops C-23 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-30T00:00:00Z |
| date_published | 2021-11-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Android APT spyware, targeting Middle East victims, enhances evasiveness |
Google XLoader 2017
Nart Villeneuve, Randi Eitzman, Sandor Nemes & Tyler Dean, Google Cloud. (2017, October 5). Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea. Retrieved March 11, 2025.
Internal MISP references
UUID 30849319-b664-5257-9634-b3f9de1bc793 which can be used as unique global reference for Google XLoader 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-11T00:00:00Z |
| source | MITRE |
| title | and South Korea |
RFC826 ARP
Plummer, D. (1982, November). An Ethernet Address Resolution Protocol. Retrieved October 15, 2020.
Internal MISP references
UUID 8eef2b68-f932-4cba-8646-bff9a7848532 which can be used as unique global reference for RFC826 ARP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| date_published | 1982-11-01T00:00:00Z |
| source | MITRE |
| title | An Ethernet Address Resolution Protocol |
HP SVCReady Jun 2022
Schlapfer, Patrick. (2022, June 6). A New Loader Gets Ready. Retrieved December 13, 2022.
Internal MISP references
UUID 48d5ec83-f1b9-595c-bb9a-d6d5cc513a41 which can be used as unique global reference for HP SVCReady Jun 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-12-13T00:00:00Z |
| date_published | 2022-06-06T00:00:00Z |
| source | MITRE |
| title | A New Loader Gets Ready |
SecureList Fileless
Legezo, D. (2022, May 4). A new secret stash for “fileless” malware. Retrieved March 23, 2023.
Internal MISP references
UUID 03eb080d-0b83-5cbb-9317-c50b35996c9b which can be used as unique global reference for SecureList Fileless in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-23T00:00:00Z |
| date_published | 2022-05-04T00:00:00Z |
| source | MITRE |
| title | A new secret stash for “fileless” malware |
ESET Ebury Feb 2014
M.Léveillé, M.. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved April 19, 2019.
Internal MISP references
UUID eb6d4f77-ac63-4cb8-8487-20f9e709334b which can be used as unique global reference for ESET Ebury Feb 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| date_published | 2014-02-21T00:00:00Z |
| source | MITRE |
| title | An In-depth Analysis of Linux/Ebury |
Welivesecurity Ebury SSH
M.Léveillé, M. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved January 8, 2018.
Internal MISP references
UUID 39384c7a-3032-4b45-a5eb-8ebe7de22aa2 which can be used as unique global reference for Welivesecurity Ebury SSH in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-08T00:00:00Z |
| date_published | 2014-02-21T00:00:00Z |
| source | MITRE |
| title | An In-depth Analysis of Linux/Ebury |
Avertium Black Basta June 2022
Avertium. (2022, June 1). AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE. Retrieved March 7, 2023.
Internal MISP references
UUID 31c2ef62-2852-5418-9d52-2479a3a619d0 which can be used as unique global reference for Avertium Black Basta June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-06-01T00:00:00Z |
| source | MITRE |
| title | AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE |
Myers 2007
Myers, M., and Youndt, S. (2007). An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits. Retrieved November 13, 2014.
Internal MISP references
UUID 689dfe75-9c06-4438-86fa-5fbbb09f0fe7 which can be used as unique global reference for Myers 2007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-13T00:00:00Z |
| date_published | 2007-01-01T00:00:00Z |
| source | MITRE |
| title | An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits |
Linux Services Run Levels
The Linux Foundation. (2006, January 11). An introduction to services, runlevels, and rc.d scripts. Retrieved September 28, 2021.
Internal MISP references
UUID 091aa85d-7d30-4800-9b2d-97f96d257798 which can be used as unique global reference for Linux Services Run Levels in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2006-01-11T00:00:00Z |
| source | MITRE |
| title | An introduction to services, runlevels, and rc.d scripts |
Trend Micro BlackCat April 18 2022
Lucas Silva, Leandro Froes. (2022, April 18). An Investigation of the BlackCat Ransomware via Trend Micro Vision One. Retrieved February 20, 2025.
Internal MISP references
UUID a04d89b1-3334-4d96-8c45-bb88f396e036 which can be used as unique global reference for Trend Micro BlackCat April 18 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-20T00:00:00Z |
| date_published | 2022-04-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | An Investigation of the BlackCat Ransomware via Trend Micro Vision One |
Anomali Pirate Panda April 2020
Moore, S. et al. (2020, April 30). Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center. Retrieved May 19, 2020.
Internal MISP references
UUID f1d28b91-a529-439d-9548-c597baa245d4 which can be used as unique global reference for Anomali Pirate Panda April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-19T00:00:00Z |
| date_published | 2020-04-30T00:00:00Z |
| source | MITRE |
| title | Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center |
AnonGhost Team Profile
ADL. (2015, July 6). AnonGhost Team. Retrieved October 10, 2023.
Internal MISP references
UUID f868f5fa-df66-435f-8b32-d58e4785e46c which can be used as unique global reference for AnonGhost Team Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2015-07-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AnonGhost Team |
AnonHBGary
Bright, P. (2011, February 15). Anonymous speaks: the inside story of the HBGary hack. Retrieved March 9, 2017.
Internal MISP references
UUID 19ab02ea-883f-441c-bebf-4be64855374a which can be used as unique global reference for AnonHBGary in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-09T00:00:00Z |
| date_published | 2011-02-15T00:00:00Z |
| source | MITRE |
| title | Anonymous speaks: the inside story of the HBGary hack |
Fortinet Metamorfo Feb 2020
Zhang, X. (2020, February 4). Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries. Retrieved July 30, 2020.
Internal MISP references
UUID e89e3825-85df-45cf-b309-e449afed0288 which can be used as unique global reference for Fortinet Metamorfo Feb 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-30T00:00:00Z |
| date_published | 2020-02-04T00:00:00Z |
| source | MITRE |
| title | Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries |
MuddyWater TrendMicro June 2018
Villanueva, M., Co, M. (2018, June 14). Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor. Retrieved July 3, 2018.
Internal MISP references
UUID b2c415e4-edbe-47fe-9820-b968114f81f0 which can be used as unique global reference for MuddyWater TrendMicro June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2018-06-14T00:00:00Z |
| source | MITRE |
| title | Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor |
AlienVault Sykipot 2011
Blasco, J. (2011, December 12). Another Sykipot sample likely targeting US federal agencies. Retrieved March 28, 2016.
Internal MISP references
UUID 800363c1-60df-47e7-8ded-c0f4b6e758f4 which can be used as unique global reference for AlienVault Sykipot 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-28T00:00:00Z |
| date_published | 2011-12-12T00:00:00Z |
| source | MITRE |
| title | Another Sykipot sample likely targeting US federal agencies |
RiskIQ Newegg September 2018
Klijnsma, Y. (2018, September 19). Another Victim of the Magecart Assault Emerges: Newegg. Retrieved September 9, 2020.
Internal MISP references
UUID 095a705f-810b-4c4f-90ce-016117a5b4b6 which can be used as unique global reference for RiskIQ Newegg September 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-09T00:00:00Z |
| date_published | 2018-09-19T00:00:00Z |
| source | MITRE |
| title | Another Victim of the Magecart Assault Emerges: Newegg |
Dell WMI Persistence
Dell SecureWorks Counter Threat Unit™ (CTU) Research Team. (2016, March 28). A Novel WMI Persistence Implementation. Retrieved March 30, 2016.
Internal MISP references
UUID a88dd548-ac8f-4297-9e23-de2643294846 which can be used as unique global reference for Dell WMI Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-30T00:00:00Z |
| date_published | 2016-03-28T00:00:00Z |
| source | MITRE |
| title | A Novel WMI Persistence Implementation |
iDefense Rootkit Overview
Chuvakin, A. (2003, February). An Overview of Rootkits. Retrieved April 6, 2018.
Internal MISP references
UUID c1aef861-9e31-42e6-a2eb-5151b056762b which can be used as unique global reference for iDefense Rootkit Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2003-02-01T00:00:00Z |
| source | MITRE |
| title | An Overview of Rootkits |
Trend Micro Rhysida August 09 2023
Trend Micro Research. (2023, August 9). An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector. Retrieved August 11, 2023.
Internal MISP references
UUID 71704a3a-cf48-4764-af4e-8d2096bf5012 which can be used as unique global reference for Trend Micro Rhysida August 09 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-11T00:00:00Z |
| date_published | 2023-08-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector |
Mandiant Ukraine Cyber Threats January 2022
Hultquist, J. (2022, January 20). Anticipating Cyber Threats as the Ukraine Crisis Escalates. Retrieved January 24, 2022.
Internal MISP references
UUID 6f53117f-2e94-4981-be61-c3da4b783ce2 which can be used as unique global reference for Mandiant Ukraine Cyber Threats January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-24T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| source | MITRE |
| title | Anticipating Cyber Threats as the Ukraine Crisis Escalates |
Apriorit
Apriorit. (2024, June 4). Anti Debugging Protection Techniques with Examples. Retrieved March 4, 2025.
Internal MISP references
UUID e4806ab9-c5cf-5249-a521-1ee4ca392520 which can be used as unique global reference for Apriorit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-04T00:00:00Z |
| date_published | 2024-06-04T00:00:00Z |
| source | MITRE |
| title | Anti Debugging Protection Techniques with Examples |
Microsoft AMSI
Microsoft. (2019, April 19). Antimalware Scan Interface (AMSI). Retrieved September 28, 2021.
Internal MISP references
UUID 32a4b7b5-8560-4600-aba9-15a6342b4dc3 which can be used as unique global reference for Microsoft AMSI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2019-04-19T00:00:00Z |
| source | MITRE |
| title | Antimalware Scan Interface (AMSI) |
Microsoft Anti Spoofing
Microsoft. (2020, October 13). Anti-spoofing protection in EOP. Retrieved October 19, 2020.
Internal MISP references
UUID b3ac28ac-3f98-40fd-b1da-2461a9e3ffca which can be used as unique global reference for Microsoft Anti Spoofing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2020-10-13T00:00:00Z |
| source | MITRE |
| title | Anti-spoofing protection in EOP |
Trend Micro - United States June 13 2025
Maristel Policarpio; Sarah Pearl Camiling; Sophia Nilette Robles Read time. (2025, June 13). Anubis A Closer Look at an Emerging Ransomware with Built-in Wiper. Retrieved June 20, 2025.
Internal MISP references
UUID 3a4ea2fc-b423-4514-95f6-5bff4afff82f which can be used as unique global reference for Trend Micro - United States June 13 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-20T12:00:00Z |
| date_published | 2025-06-13T12:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Anubis A Closer Look at an Emerging Ransomware with Built-in Wiper |
Kelacyber February 25 2025
KELA Cyber Team; Ben Kapon. (2025, February 25). Anubis A New Ransomware Threat . Retrieved June 20, 2025.
Internal MISP references
UUID 321f34fb-b80b-4bd3-bceb-e51b6214b883 which can be used as unique global reference for Kelacyber February 25 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-20T12:00:00Z |
| date_published | 2025-02-25T12:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Anubis A New Ransomware Threat |
Fox-It Anunak Feb 2015
Prins, R. (2015, February 16). Anunak (aka Carbanak) Update. Retrieved January 20, 2017.
Internal MISP references
UUID d74a8d0b-887a-40b9-bd43-366764157990 which can be used as unique global reference for Fox-It Anunak Feb 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-01-20T00:00:00Z |
| date_published | 2015-02-16T00:00:00Z |
| source | MITRE |
| title | Anunak (aka Carbanak) Update |
Group-IB Anunak
Group-IB and Fox-IT. (2014, December). Anunak: APT against financial institutions. Retrieved April 20, 2016.
Internal MISP references
UUID fd254ecc-a076-4b9f-97f2-acb73c6a1695 which can be used as unique global reference for Group-IB Anunak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| date_published | 2014-12-01T00:00:00Z |
| source | MITRE |
| title | Anunak: APT against financial institutions |
Google TAG Ukraine Threat Landscape March 2022
Huntley, S. (2022, March 7). An update on the threat landscape. Retrieved March 16, 2022.
Internal MISP references
UUID a6070f95-fbee-472e-a737-a8adbedbb4f8 which can be used as unique global reference for Google TAG Ukraine Threat Landscape March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-16T00:00:00Z |
| date_published | 2022-03-07T00:00:00Z |
| source | MITRE |
| title | An update on the threat landscape |
Zairon Hooking Dec 2006
Felici, M. (2006, December 6). Any application-defined hook procedure on my machine?. Retrieved December 12, 2017.
Internal MISP references
UUID e816127a-04e4-4145-a784-50b1215612f2 which can be used as unique global reference for Zairon Hooking Dec 2006 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2006-12-06T00:00:00Z |
| source | MITRE |
| title | Any application-defined hook procedure on my machine? |
SentinelOne Aoqin Dragon June 2022
Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.
Internal MISP references
UUID b4e792e0-b1fa-4639-98b1-233aaec53594 which can be used as unique global reference for SentinelOne Aoqin Dragon June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| date_published | 2022-06-09T00:00:00Z |
| source | MITRE |
| title | Aoqin Dragon |
Apache Server 2018
Apache. (n.d.). Apache HTTP Server Version 2.4 Documentation - Web Site Content. Retrieved July 27, 2018.
Internal MISP references
UUID 46f62435-bfb3-44b6-8c79-54af584cc35f which can be used as unique global reference for Apache Server 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-27T00:00:00Z |
| source | MITRE |
| title | Apache HTTP Server Version 2.4 Documentation - Web Site Content |
Secureworks BRONZEUNION Feb 2019
Counter Threat Unit Research Team. (2019, February 27). A Peek into BRONZE UNION’s Toolbox. Retrieved September 24, 2019.
Internal MISP references
UUID 691df278-fd7d-4b73-a22c-227bc7641dec which can be used as unique global reference for Secureworks BRONZEUNION Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-24T00:00:00Z |
| date_published | 2019-02-27T00:00:00Z |
| source | MITRE |
| title | A Peek into BRONZE UNION’s Toolbox |
Cyble July 14 2022
Cybleinc. (2022, July 14). ApolloRat Evasive Malware Compiled Using Nuitka - Cyble. Retrieved December 19, 2024.
Internal MISP references
UUID f23b79ca-2108-4096-8fc9-a2d6e9029f06 which can be used as unique global reference for Cyble July 14 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2022-07-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ApolloRat Evasive Malware Compiled Using Nuitka - Cyble |
AppArmor official
AppArmor. (2017, October 19). AppArmor Security Project Wiki. Retrieved December 20, 2017.
Internal MISP references
UUID 12df02e3-bbdd-4682-9662-1810402ad918 which can be used as unique global reference for AppArmor official in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-10-19T00:00:00Z |
| source | MITRE |
| title | AppArmor Security Project Wiki |
AppCert.exe - LOLBAS Project
LOLBAS. (2024, March 6). AppCert.exe. Retrieved May 19, 2025.
Internal MISP references
UUID bc17c39a-5865-4c1e-b60e-06005a7302c9 which can be used as unique global reference for AppCert.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-19T00:00:00Z |
| date_published | 2024-03-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AppCert.exe |
PenTestLabs AppDomainManagerInject
Administrator. (2020, May 26). APPDOMAINMANAGER INJECTION AND DETECTION. Retrieved March 28, 2024.
Internal MISP references
UUID f681fd40-5bfc-50c6-a654-f9a128af5ff1 which can be used as unique global reference for PenTestLabs AppDomainManagerInject in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-28T00:00:00Z |
| date_published | 2020-05-26T00:00:00Z |
| source | MITRE |
| title | APPDOMAINMANAGER INJECTION AND DETECTION |
Rapid7 AppDomain Manager Injection
Spagnola, N. (2023, May 5). AppDomain Manager Injection: New Techniques For Red Teams. Retrieved March 29, 2024.
Internal MISP references
UUID 881f8d23-908f-58cf-904d-5ef7b959eb39 which can be used as unique global reference for Rapid7 AppDomain Manager Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-29T00:00:00Z |
| date_published | 2023-05-05T00:00:00Z |
| source | MITRE |
| title | AppDomain Manager Injection: New Techniques For Red Teams |
Mandiant APT1 Appendix
Mandiant. (n.d.). Appendix C (Digital) - The Malware Arsenal. Retrieved July 18, 2016.
Internal MISP references
UUID 1f31c09c-6a93-4142-8333-154138c1d70a which can be used as unique global reference for Mandiant APT1 Appendix in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-18T00:00:00Z |
| source | MITRE |
| title | Appendix C (Digital) - The Malware Arsenal |
AppInit Secure Boot
Microsoft. (n.d.). AppInit DLLs and Secure Boot. Retrieved July 15, 2015.
Internal MISP references
UUID 2b951be3-5105-4665-972f-7809c057fd3f which can be used as unique global reference for AppInit Secure Boot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-07-15T00:00:00Z |
| source | MITRE |
| title | AppInit DLLs and Secure Boot |
AppInstaller.exe - LOLBAS Project
LOLBAS. (2020, December 2). AppInstaller.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9a777e7c-e76c-465c-8b45-67503e715f7e which can be used as unique global reference for AppInstaller.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-12-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AppInstaller.exe |
objectivesee osx.shlayer apple approved 2020
Patrick Wardle. (2020, August 30). Apple Approved Malware malicious code ...now notarized!? #2020. Retrieved September 13, 2021.
Internal MISP references
UUID a2127d3d-c320-4637-a85c-16e20c2654f6 which can be used as unique global reference for objectivesee osx.shlayer apple approved 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2020-08-30T00:00:00Z |
| source | MITRE |
| title | Apple Approved Malware malicious code ...now notarized!? #2020 |
AppleDocs AuthorizationExecuteWithPrivileges
Apple. (n.d.). Apple Developer Documentation - AuthorizationExecuteWithPrivileges. Retrieved August 8, 2019.
Internal MISP references
UUID 7b8875e8-5b93-4d49-a12b-2683bab2ba6e which can be used as unique global reference for AppleDocs AuthorizationExecuteWithPrivileges in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-08T00:00:00Z |
| source | MITRE |
| title | Apple Developer Documentation - AuthorizationExecuteWithPrivileges |
AppleDocs Scheduling Timed Jobs
Apple. (n.d.). Retrieved July 17, 2017.
Internal MISP references
UUID 66dd8a7d-521f-4610-b478-52d748185ad3 which can be used as unique global reference for AppleDocs Scheduling Timed Jobs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-17T00:00:00Z |
| source | MITRE |
| title | AppleDocs Scheduling Timed Jobs |
CISA AppleJeus Feb 2021
Cybersecurity and Infrastructure Security Agency. (2021, February 21). AppleJeus: Analysis of North Korea’s Cryptocurrency Malware. Retrieved March 1, 2021.
Internal MISP references
UUID 6873e14d-eba4-4e3c-9ccf-cec1d760f0be which can be used as unique global reference for CISA AppleJeus Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-01T00:00:00Z |
| date_published | 2021-02-21T00:00:00Z |
| source | MITRE |
| title | AppleJeus: Analysis of North Korea’s Cryptocurrency Malware |
Apple Remote Desktop Admin Guide 3.3
Apple. (n.d.). Apple Remote Desktop Administrator Guide Version 3.3. Retrieved October 5, 2021.
Internal MISP references
UUID c57c2bba-a398-4e68-b2a7-fddcf0740b61 which can be used as unique global reference for Apple Remote Desktop Admin Guide 3.3 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| source | MITRE |
| title | Apple Remote Desktop Administrator Guide Version 3.3 |
applescript signing
Steven Sande. (2013, December 23). AppleScript and Automator gain new features in OS X Mavericks. Retrieved September 21, 2018.
Internal MISP references
UUID dd76c7ab-c3df-4f34-aaf0-684b56499065 which can be used as unique global reference for applescript signing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-21T00:00:00Z |
| date_published | 2013-12-23T00:00:00Z |
| source | MITRE |
| title | AppleScript and Automator gain new features in OS X Mavericks |
Microsoft Entra ID Service Principals
Microsoft. (2023, December 15). Application and service principal objects in Microsoft Entra ID. Retrieved February 28, 2024.
Internal MISP references
UUID 2a20c574-3e69-5da6-887e-68e34cee7562 which can be used as unique global reference for Microsoft Entra ID Service Principals in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-28T00:00:00Z |
| date_published | 2023-12-15T00:00:00Z |
| source | MITRE |
| title | Application and service principal objects in Microsoft Entra ID |
Microsoft App Domains
Microsoft. (2021, September 15). Application domains. Retrieved March 28, 2024.
Internal MISP references
UUID 268e7ade-c0a8-5859-8b16-6fa8aa3b0cb7 which can be used as unique global reference for Microsoft App Domains in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-28T00:00:00Z |
| date_published | 2021-09-15T00:00:00Z |
| source | MITRE |
| title | Application domains |
Microsoft Application Lockdown
Corio, C., & Sayana, D. P.. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.
Internal MISP references
UUID 5dab4466-0871-486a-84ad-0e648b2e937d which can be used as unique global reference for Microsoft Application Lockdown in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-18T00:00:00Z |
| date_published | 2008-06-01T00:00:00Z |
| source | MITRE |
| title | Application Lockdown with Software Restriction Policies |
Corio 2008
Corio, C., & Sayana, D. P. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.
Internal MISP references
UUID cae409ca-1c77-45df-88cd-c0998ac724ec which can be used as unique global reference for Corio 2008 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-18T00:00:00Z |
| date_published | 2008-06-01T00:00:00Z |
| source | MITRE |
| title | Application Lockdown with Software Restriction Policies |
SANS Application Whitelisting
Beechey, J.. (2014, November 18). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.
Internal MISP references
UUID a333f45f-1760-443a-9208-f3682ea32f67 which can be used as unique global reference for SANS Application Whitelisting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-18T00:00:00Z |
| date_published | 2014-11-18T00:00:00Z |
| source | MITRE |
| title | Application Whitelisting: Panacea or Propaganda? |
Beechey 2010
Beechey, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.
Internal MISP references
UUID 4994e065-c6e4-4b41-8ae3-d72023135429 which can be used as unique global reference for Beechey 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-18T00:00:00Z |
| date_published | 2010-12-01T00:00:00Z |
| source | MITRE |
| title | Application Whitelisting: Panacea or Propaganda? |
NSA MS AppLocker
NSA Information Assurance Directorate. (2014, August). Application Whitelisting Using Microsoft AppLocker. Retrieved March 31, 2016.
Internal MISP references
UUID 0db5c3ea-5392-4fd3-9f1d-9fa69aba4259 which can be used as unique global reference for NSA MS AppLocker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-31T00:00:00Z |
| date_published | 2014-08-01T00:00:00Z |
| source | MITRE |
| title | Application Whitelisting Using Microsoft AppLocker |
Penetration Testing Lab MSXSL July 2017
netbiosX. (2017, July 6). AppLocker Bypass – MSXSL. Retrieved July 3, 2018.
Internal MISP references
UUID 2f1adf20-a4b8-48c1-861f-0a44271765d7 which can be used as unique global reference for Penetration Testing Lab MSXSL July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2017-07-06T00:00:00Z |
| source | MITRE |
| title | AppLocker Bypass – MSXSL |
Burke/CISA ClickOnce Paper
William J. Burke IV. (n.d.). Appref-ms Abuse for Code Execution & C2. Retrieved September 9, 2024.
Internal MISP references
UUID 1bb14130-f819-5666-ab57-8f96fd4e7b05 which can be used as unique global reference for Burke/CISA ClickOnce Paper in MISP communities and other software using the MISP galaxy
External references
- https://i.blackhat.com/USA-19/Wednesday/us-19-Burke-ClickOnce-And-Youre-In-When-Appref-Ms-Abuse-Is-Operating-As-Intended-wp.pdf?_gl=11jv89bf_gcl_auNjAyMzkzMjc3LjE3MjQ4MDk4OTQ._gaMTk5OTA3ODkwMC4xNzI0ODA5ODk0_ga_K4JK67TFYV*MTcyNDgwOTg5NC4xLjEuMTcyNDgwOTk1Ny4wLjAuMA..&_ga=2.256219723.1512103758.1724809895-1999078900.1724809894 - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-09T00:00:00Z |
| source | MITRE |
| title | Appref-ms Abuse for Code Execution & C2 |
Microsoft Requests for Azure AD Roles in Privileged Identity Management
Microsoft. (2023, January 30). Approve or deny requests for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.
Internal MISP references
UUID 1495effe-16a6-5b4e-9b50-1d1f7db48fa7 which can be used as unique global reference for Microsoft Requests for Azure AD Roles in Privileged Identity Management in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2023-01-30T00:00:00Z |
| source | MITRE |
| title | Approve or deny requests for Azure AD roles in Privileged Identity Management |
Apple App Security Overview
Apple Inc. (2021, February 18). App security overview. Retrieved October 12, 2021.
Internal MISP references
UUID 3b1e9a5d-7940-43b5-bc11-3112c0762740 which can be used as unique global reference for Apple App Security Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2021-02-18T00:00:00Z |
| source | MITRE |
| title | App security overview |
Tripwire AppUNBlocker
Smith, T. (2016, October 27). AppUNBlocker: Bypassing AppLocker. Retrieved December 19, 2017.
Internal MISP references
UUID 2afb9a5f-c023-49df-90d1-e0ffb6d192f3 which can be used as unique global reference for Tripwire AppUNBlocker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| date_published | 2016-10-27T00:00:00Z |
| source | MITRE |
| title | AppUNBlocker: Bypassing AppLocker |
Appvlp.exe - LOLBAS Project
LOLBAS. (2018, May 25). Appvlp.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b0afe3e8-9f1d-4295-8811-8dfbe993c337 which can be used as unique global reference for Appvlp.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Appvlp.exe |
BlackHat Atkinson Winchester Token Manipulation
Atkinson, J., Winchester, R. (2017, December 7). A Process is No One: Hunting for Token Manipulation. Retrieved December 21, 2017.
Internal MISP references
UUID 2eaee06d-529d-4fe0-9ca3-c62419f47a90 which can be used as unique global reference for BlackHat Atkinson Winchester Token Manipulation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2017-12-07T00:00:00Z |
| source | MITRE |
| title | A Process is No One: Hunting for Token Manipulation |
FireEye APT10 April 2017
FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.
Internal MISP references
UUID 2d494df8-83e3-45d2-b798-4c3bcf55f675 which can be used as unique global reference for FireEye APT10 April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-29T00:00:00Z |
| date_published | 2017-04-06T00:00:00Z |
| source | MITRE |
| title | APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat |
Securelist APT10 March 2021
GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.
Internal MISP references
UUID 90450a1e-59c3-491f-b842-2cf81023fc9e which can be used as unique global reference for Securelist APT10 March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-17T00:00:00Z |
| date_published | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign |
FireEye APT10 Sept 2018
Matsuda, A., Muhammad I. (2018, September 13). APT10 Targeting Japanese Corporations Using Updated TTPs. Retrieved September 17, 2018.
Internal MISP references
UUID 5f122a27-2137-4016-a482-d04106187594 which can be used as unique global reference for FireEye APT10 Sept 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-17T00:00:00Z |
| date_published | 2018-09-13T00:00:00Z |
| source | MITRE |
| title | APT10 Targeting Japanese Corporations Using Updated TTPs |
NCC Group APT15 Alive and Strong
Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.
Internal MISP references
UUID 02a50445-de06-40ab-9ea4-da5c37e066cd which can be used as unique global reference for NCC Group APT15 Alive and Strong in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-04T00:00:00Z |
| date_published | 2018-03-10T00:00:00Z |
| source | MITRE |
| title | APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS |
Mandiant APT1
Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
Internal MISP references
UUID 865eba93-cf6a-4e41-bc09-de9b0b3c2669 which can be used as unique global reference for Mandiant APT1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-18T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT1 Exposing One of China’s Cyber Espionage Units |
Profero APT27 December 2020
Global Threat Center, Intelligence Team. (2020, December). APT27 Turns to Ransomware. Retrieved November 12, 2021.
Internal MISP references
UUID 0290ea31-f817-471e-85ae-c3855c63f5c3 which can be used as unique global reference for Profero APT27 December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-12T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | APT27 Turns to Ransomware |
FireEye APT28 January 2017
FireEye iSIGHT Intelligence. (2017, January 11). APT28: At the Center of the Storm. Retrieved November 17, 2024.
Internal MISP references
UUID 61d80b8f-5bdb-41e6-b59a-d2d996392873 which can be used as unique global reference for FireEye APT28 January 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2017-01-11T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT28: At the Center of the Storm |
FireEye APT28
FireEye. (2015). APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?. Retrieved August 19, 2015.
Internal MISP references
UUID c423b2b2-25a3-4a8d-b89a-83ab07c0cd20 which can be used as unique global reference for FireEye APT28 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-08-19T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS? |
U.S. CISA APT28 Cisco Routers April 18 2023
Cybersecurity and Infrastructure Security Agency. (2023, April 18). APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers. Retrieved August 23, 2023.
Internal MISP references
UUID c532a6fc-b27f-4240-a071-3eaa866bce89 which can be used as unique global reference for U.S. CISA APT28 Cisco Routers April 18 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-23T00:00:00Z |
| date_published | 2023-04-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers |
Symantec APT28 Oct 2018
Symantec Security Response. (2018, October 04). APT28: New Espionage Operations Target Military and Government Organizations. Retrieved November 14, 2018.
Internal MISP references
UUID 777bc94a-6c21-4f8c-9efa-a1cf52ececc0 which can be used as unique global reference for Symantec APT28 Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-14T00:00:00Z |
| date_published | 2018-10-04T00:00:00Z |
| source | MITRE |
| title | APT28: New Espionage Operations Target Military and Government Organizations |
FireEye APT28 Hospitality Aug 2017
Smith, L. and Read, B.. (2017, August 11). APT28 Targets Hospitality Sector, Presents Threat to Travelers. Retrieved November 17, 2024.
Internal MISP references
UUID 7887dc90-3f05-411a-81ea-b86aa392104b which can be used as unique global reference for FireEye APT28 Hospitality Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2017-08-11T00:00:00Z |
| source | MITRE |
| title | APT28 Targets Hospitality Sector, Presents Threat to Travelers |
Bitdefender APT28 Dec 2015
Bitdefender. (2015, December). APT28 Under the Scope. Retrieved February 23, 2017.
Internal MISP references
UUID 3dd67aae-7feb-4b07-a985-ccadc1b16f1d which can be used as unique global reference for Bitdefender APT28 Dec 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-23T00:00:00Z |
| date_published | 2015-12-01T00:00:00Z |
| source | MITRE |
| title | APT28 Under the Scope |
FireEye APT29 Domain Fronting
Dunwoody, M. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved March 27, 2017.
Internal MISP references
UUID 3e013b07-deaf-4387-acd7-2d0565d196a9 which can be used as unique global reference for FireEye APT29 Domain Fronting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-27T00:00:00Z |
| date_published | 2017-03-27T00:00:00Z |
| source | MITRE |
| title | APT29 Domain Fronting With TOR |
FireEye APT29 Domain Fronting With TOR March 2017
Matthew Dunwoody. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved November 20, 2017.
Internal MISP references
UUID 1d919991-bc87-41bf-9e58-edf1b3806bb8 which can be used as unique global reference for FireEye APT29 Domain Fronting With TOR March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-20T00:00:00Z |
| date_published | 2017-03-27T00:00:00Z |
| source | MITRE |
| title | APT29 Domain Fronting With TOR |
FireEye APT30
FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved November 17, 2024.
Internal MISP references
UUID c48d2084-61cf-4e86-8072-01e5d2de8416 which can be used as unique global reference for FireEye APT30 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2015-04-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION |
Zscaler APT31 Covid-19 October 2020
Singh, S. and Antil, S. (2020, October 27). APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services. Retrieved March 24, 2021.
Internal MISP references
UUID 1647c9a6-e475-4a9a-a202-0133dbeef9a0 which can be used as unique global reference for Zscaler APT31 Covid-19 October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| date_published | 2020-10-27T00:00:00Z |
| source | MITRE |
| title | APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services |
sentinelone apt32 macOS backdoor 2020
Phil Stokes. (2020, December 2). APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique. Retrieved September 13, 2021.
Internal MISP references
UUID d31dcbe6-06ec-475e-b121-fd25a93c3ef7 which can be used as unique global reference for sentinelone apt32 macOS backdoor 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2020-12-02T00:00:00Z |
| source | MITRE |
| title | APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique |
FireEye APT33 Webinar Sept 2017
Davis, S. and Carr, N. (2017, September 21). APT33: New Insights into Iranian Cyber Espionage Group. Retrieved February 15, 2018.
Internal MISP references
UUID 9b378592-5737-403d-8a07-27077f5b2d61 which can be used as unique global reference for FireEye APT33 Webinar Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-09-21T00:00:00Z |
| source | MITRE |
| title | APT33: New Insights into Iranian Cyber Espionage Group |
FireEye APT34 Webinar Dec 2017
Davis, S. and Caban, D. (2017, December 19). APT34 - New Targeted Attack in the Middle East. Retrieved December 20, 2017.
Internal MISP references
UUID 4eef7032-de14-44a2-a403-82aefdc85c50 which can be used as unique global reference for FireEye APT34 Webinar Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-12-19T00:00:00Z |
| source | MITRE |
| title | APT34 - New Targeted Attack in the Middle East |
DFIR Report APT35 ProxyShell March 2022
DFIR Report. (2022, March 21). APT35 Automates Initial Access Using ProxyShell. Retrieved May 25, 2022.
Internal MISP references
UUID 1837e917-d80b-4632-a1ca-c70d4b712ac7 which can be used as unique global reference for DFIR Report APT35 ProxyShell March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-25T00:00:00Z |
| date_published | 2022-03-21T00:00:00Z |
| source | MITRE |
| title | APT35 Automates Initial Access Using ProxyShell |
Check Point APT35 CharmPower January 2022
Check Point. (2022, January 11). APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit. Retrieved January 24, 2022.
Internal MISP references
UUID 81dce660-93ea-42a4-902f-0c6021d30f59 which can be used as unique global reference for Check Point APT35 CharmPower January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-24T00:00:00Z |
| date_published | 2022-01-11T00:00:00Z |
| source | MITRE |
| title | APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit |
FireEye APT37 Feb 2018
FireEye. (2018, February 20). APT37 (Reaper): The Overlooked North Korean Actor. Retrieved November 17, 2024.
Internal MISP references
UUID 4d575c1a-4ff9-49ce-97cd-f9d0637c2271 which can be used as unique global reference for FireEye APT37 Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2018-02-20T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT37 (Reaper): The Overlooked North Korean Actor |
FireEye APT38 Oct 2018
FireEye. (2018, October 03). APT38: Un-usual Suspects. Retrieved November 6, 2018.
Internal MISP references
UUID 7c916329-af56-4723-820c-ef932a6e3409 which can be used as unique global reference for FireEye APT38 Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-06T00:00:00Z |
| date_published | 2018-10-03T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT38: Un-usual Suspects |
FireEye APT39 Jan 2019
Hawley et al. (2019, January 29). APT39: An Iranian Cyber Espionage Group Focused on Personal Information. Retrieved February 19, 2019.
Internal MISP references
UUID ba366cfc-cc04-41a5-903b-a7bb73136bc3 which can be used as unique global reference for FireEye APT39 Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-19T00:00:00Z |
| date_published | 2019-01-29T00:00:00Z |
| source | MITRE |
| title | APT39: An Iranian Cyber Espionage Group Focused on Personal Information |
APT3 Adversary Emulation Plan
Korban, C, et al. (2017, September). APT3 Adversary Emulation Plan. Retrieved January 16, 2018.
Internal MISP references
UUID 64c01921-c33f-402e-b30d-a2ba26583a24 which can be used as unique global reference for APT3 Adversary Emulation Plan in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-16T00:00:00Z |
| date_published | 2017-09-01T00:00:00Z |
| source | MITRE |
| title | APT3 Adversary Emulation Plan |
evolution of pirpi
Yates, M. (2017, June 18). APT3 Uncovered: The code evolution of Pirpi. Retrieved September 28, 2017.
Internal MISP references
UUID 9c8bd493-bf08-431b-9d53-29eb14a6eef5 which can be used as unique global reference for evolution of pirpi in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-28T00:00:00Z |
| date_published | 2017-06-18T00:00:00Z |
| source | MITRE |
| title | APT3 Uncovered: The code evolution of Pirpi |
FireEye APT40 March 2019
Plan, F., et al. (2019, March 4). APT40: Examining a China-Nexus Espionage Actor. Retrieved March 18, 2019.
Internal MISP references
UUID 8a44368f-3348-4817-aca7-81bfaca5ae6d which can be used as unique global reference for FireEye APT40 March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-18T00:00:00Z |
| date_published | 2019-03-04T00:00:00Z |
| source | MITRE |
| title | APT40: Examining a China-Nexus Espionage Actor |
apt41_mandiant
Mandiant. (n.d.). APT41, A DUAL ESPIONAGE AND CYBER CRIME OPERATION. Retrieved June 11, 2024.
Internal MISP references
UUID 599f4411-6829-5a2d-865c-ac59e80afe83 which can be used as unique global reference for apt41_mandiant in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-11T00:00:00Z |
| source | MITRE |
| title | APT41, A DUAL ESPIONAGE AND CYBER CRIME OPERATION |
Google Cloud APT41 2024
Mike Stokkel et al. (2024, July 18). APT41 Has Arisen From the DUST. Retrieved September 16, 2024.
Internal MISP references
UUID 33bb9f8a-db9d-5dda-b4ae-2ba7fee0a0ae which can be used as unique global reference for Google Cloud APT41 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-16T00:00:00Z |
| date_published | 2024-07-18T00:00:00Z |
| source | MITRE |
| title | APT41 Has Arisen From the DUST |
Mandiant APT41 July 18 2024
Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore. (2024, July 18). APT41 Has Arisen From the DUST. Retrieved August 2, 2024.
Internal MISP references
UUID 34ee3a7c-27c0-492f-a3c6-a5a3e86915f0 which can be used as unique global reference for Mandiant APT41 July 18 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-02T00:00:00Z |
| date_published | 2024-07-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | APT41 Has Arisen From the DUST |
apt41_dcsocytec_dec2022
DCSO CyTec Blog. (2022, December 24). APT41 — The spy who failed to encrypt me. Retrieved June 13, 2024.
Internal MISP references
UUID fad90e96-93fd-59bd-970e-f0b37cac331d which can be used as unique global reference for apt41_dcsocytec_dec2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-13T00:00:00Z |
| date_published | 2022-12-24T00:00:00Z |
| source | MITRE |
| title | APT41 — The spy who failed to encrypt me |
Rostovcev APT41 2021
Nikita Rostovcev. (2022, August 18). APT41 World Tour 2021 on a tight schedule. Retrieved February 22, 2024.
Internal MISP references
UUID b6e7fb29-7935-5454-8fb2-37585c46324a which can be used as unique global reference for Rostovcev APT41 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-22T00:00:00Z |
| date_published | 2022-08-18T00:00:00Z |
| source | MITRE |
| title | APT41 World Tour 2021 on a tight schedule |
Mandiant APT42
Mandiant. (n.d.). APT42: Crooked Charms, Cons and Compromise. Retrieved September 16, 2022.
Internal MISP references
UUID 10b3e476-a0c5-41fd-8cb8-5bfb245b118f which can be used as unique global reference for Mandiant APT42 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-16T00:00:00Z |
| source | MITRE |
| title | APT42: Crooked Charms, Cons and Compromise |
Mandiant Crooked Charms August 12 2022
Mandiant. (2022, August 12). APT42: Crooked Charms, Cons and Compromises. Retrieved August 30, 2024.
Internal MISP references
UUID 53bab956-be5b-4d8d-b553-9926bc5d9fee which can be used as unique global reference for Mandiant Crooked Charms August 12 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-30T00:00:00Z |
| date_published | 2022-08-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | APT42: Crooked Charms, Cons and Compromises |
Mandiant APT42-charms
Mandiant. (n.d.). APT42: Crooked Charms, Cons and Compromises. Retrieved October 9, 2024.
Internal MISP references
UUID 12e517a6-0045-5434-b9ef-e3ecd9ec8508 which can be used as unique global reference for Mandiant APT42-charms in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-09T00:00:00Z |
| source | MITRE |
| title | APT42: Crooked Charms, Cons and Compromises |
Mandiant APT43 Full PDF Report
Mandiant. (n.d.). APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations. Retrieved October 14, 2024.
Internal MISP references
UUID b5414a09-0da6-5d8c-bcca-47df9a469ec0 which can be used as unique global reference for Mandiant APT43 Full PDF Report in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-14T00:00:00Z |
| source | MITRE |
| title | APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations |
Mandiant APT43 March 2024
Mandiant. (2024, March 14). APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations. Retrieved May 3, 2024.
Internal MISP references
UUID 8ac3fd0a-4a93-5262-9ac2-f676c5d11fda which can be used as unique global reference for Mandiant APT43 March 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-03T00:00:00Z |
| date_published | 2024-03-14T00:00:00Z |
| source | MITRE |
| title | APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations |
mandiant_apt44_unearthing_sandworm
Roncone, G. et al. (n.d.). APT44: Unearthing Sandworm. Retrieved July 11, 2024.
Internal MISP references
UUID cc03d668-e4d9-5dc1-b365-203db84938f2 which can be used as unique global reference for mandiant_apt44_unearthing_sandworm in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-11T00:00:00Z |
| source | MITRE |
| title | APT44: Unearthing Sandworm |
Mandiant APT45 July 25 2024
Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, Michael Barnhart. (2024, July 25). APT45: North Korea’s Digital Military Machine. Retrieved July 26, 2024.
Internal MISP references
UUID a9673491-7493-4b85-b5fc-595e91bc7fdc which can be used as unique global reference for Mandiant APT45 July 25 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-26T00:00:00Z |
| date_published | 2024-07-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | APT45: North Korea’s Digital Military Machine |
NSA APT5 Citrix Threat Hunting December 2022
National Security Agency. (2022, December). APT5: Citrix ADC Threat Hunting Guidance. Retrieved February 5, 2024.
Internal MISP references
UUID 916e2137-46e6-53c2-a917-5b5b5c4bae3a which can be used as unique global reference for NSA APT5 Citrix Threat Hunting December 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-05T00:00:00Z |
| date_published | 2022-12-01T00:00:00Z |
| source | MITRE |
| title | APT5: Citrix ADC Threat Hunting Guidance |
Medium April 20 2024
Rakesh Krishnan. (2024, April 20). APT73-ERALEIG NEWS UNVEILING NEW RANSOMWARE GROUP. Retrieved April 25, 2024.
Internal MISP references
UUID 428333d6-8b04-415c-877c-36cf5a3e5967 which can be used as unique global reference for Medium April 20 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-25T00:00:00Z |
| date_published | 2024-04-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | APT73-ERALEIG NEWS UNVEILING NEW RANSOMWARE GROUP |
ASEC PebbleDash December 21 2021
ASEC. (2021, December 21). APT Attack Cases of Kimsuky Group (PebbleDash). Retrieved February 10, 2025.
Internal MISP references
UUID cd71395a-9b7f-4b38-9ca7-337f9bcf1598 which can be used as unique global reference for ASEC PebbleDash December 21 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-10T00:00:00Z |
| date_published | 2021-12-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | APT Attack Cases of Kimsuky Group (PebbleDash) |
welivesecurity_apt-c-23
Stefanko, L. (2020, September 30). APT‑C‑23 group evolves its Android spyware. Retrieved March 4, 2024.
Internal MISP references
UUID 7196226e-7d0d-5e14-a4e3-9b6322537039 which can be used as unique global reference for welivesecurity_apt-c-23 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-04T00:00:00Z |
| date_published | 2020-09-30T00:00:00Z |
| source | MITRE |
| title | APT‑C‑23 group evolves its Android spyware |
QiAnXin APT-C-36 Feb2019
QiAnXin Threat Intelligence Center. (2019, February 18). APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations. Retrieved May 5, 2020.
Internal MISP references
UUID cae075ea-42cb-4695-ac66-9187241393d1 which can be used as unique global reference for QiAnXin APT-C-36 Feb2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-05T00:00:00Z |
| date_published | 2019-02-18T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations |
360 Machete Sep 2020
kate. (2020, September 25). APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign. Retrieved November 20, 2020.
Internal MISP references
UUID 682c843d-1bb8-4f30-9d2e-35e8d41b1976 which can be used as unique global reference for 360 Machete Sep 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-20T00:00:00Z |
| date_published | 2020-09-25T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign |
Cycraft Chimera April 2020
Cycraft. (2020, April 15). APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors. Retrieved August 24, 2020..
Internal MISP references
UUID a5a14a4e-2214-44ab-9067-75429409d744 which can be used as unique global reference for Cycraft Chimera April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-24T00:00:00Z |
| date_published | 2020-04-15T00:00:00Z |
| source | MITRE |
| title | APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors |
CISA IT Service Providers
CISA. (n.d.). APTs Targeting IT Service Provider Customers. Retrieved November 16, 2020.
Internal MISP references
UUID b8bee7f9-155e-4765-9492-01182e4435b7 which can be used as unique global reference for CISA IT Service Providers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-16T00:00:00Z |
| source | MITRE |
| title | APTs Targeting IT Service Provider Customers |
Securelist GCMAN
Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.
Internal MISP references
UUID 1f07f234-50f0-4c1e-942a-a01d3f733161 which can be used as unique global reference for Securelist GCMAN in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| date_published | 2016-02-08T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks |
Proofpoint TA459 April 2017
Axel F. (2017, April 27). APT Targets Financial Analysts with CVE-2017-0199. Retrieved February 15, 2018.
Internal MISP references
UUID dabad6df-1e31-4c16-9217-e079f2493b02 which can be used as unique global reference for Proofpoint TA459 April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-04-27T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT Targets Financial Analysts with CVE-2017-0199 |
Kaspersky ToddyCat June 2022
Dedola, G. (2022, June 21). APT ToddyCat. Retrieved January 3, 2024.
Internal MISP references
UUID 285c038b-e5fc-57ef-9a98-d9e24c52e2cf which can be used as unique global reference for Kaspersky ToddyCat June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-03T00:00:00Z |
| date_published | 2022-06-21T00:00:00Z |
| source | MITRE |
| title | APT ToddyCat |
Securelist APT Trends April 2018
Global Research and Analysis Team . (2018, April 12). APT Trends report Q1 2018. Retrieved January 27, 2021.
Internal MISP references
UUID 587f5195-e696-4a3c-8c85-90b9c002cd11 which can be used as unique global reference for Securelist APT Trends April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-27T00:00:00Z |
| date_published | 2018-04-12T00:00:00Z |
| source | MITRE |
| title | APT Trends report Q1 2018 |
Kaspersky APT Trends Q1 2020
Global Research and Analysis Team. (2020, April 30). APT trends report Q1 2020. Retrieved September 19, 2022.
Internal MISP references
UUID 23c91719-5ebe-4d03-8018-df1809fffd2f which can be used as unique global reference for Kaspersky APT Trends Q1 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-19T00:00:00Z |
| date_published | 2020-04-30T00:00:00Z |
| source | MITRE |
| title | APT trends report Q1 2020 |
Kaspersky APT Trends Q1 April 2021
GReAT . (2021, April 27). APT trends report Q1 2021. Retrieved June 6, 2022.
Internal MISP references
UUID 3fd0ba3b-7919-46d3-a444-50508603956f which can be used as unique global reference for Kaspersky APT Trends Q1 April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-06T00:00:00Z |
| date_published | 2021-04-27T00:00:00Z |
| source | MITRE |
| title | APT trends report Q1 2021 |
Securelist APT Trends Q2 2017
Kaspersky Lab's Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018.
Internal MISP references
UUID fe28042c-d289-463f-9ece-1a75a70b966e which can be used as unique global reference for Securelist APT Trends Q2 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-08-08T00:00:00Z |
| source | MITRE |
| title | APT Trends report Q2 2017 |
Wired ArcaneDoor April 24 2024
Andy Greenberg. (2024, April 24). ‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks. Retrieved May 6, 2024.
Internal MISP references
UUID 05a8afd3-0173-41ca-b23b-196ea0f3b1c1 which can be used as unique global reference for Wired ArcaneDoor April 24 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-06T00:00:00Z |
| date_published | 2024-04-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks |
Cisco ArcaneDoor 2024
Cisco Talos. (2024, April 24). ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices. Retrieved January 6, 2025.
Internal MISP references
UUID da99c764-8c3d-5a2c-9321-0f6fe4da141b which can be used as unique global reference for Cisco ArcaneDoor 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-06T00:00:00Z |
| date_published | 2024-04-24T00:00:00Z |
| source | MITRE |
| title | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices |
Cisco Talos ArcaneDoor April 24 2024
Cisco Talos. (2024, April 24). ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices. Retrieved May 6, 2024.
Internal MISP references
UUID 531c3f6f-2d2b-4774-b069-e2b7a13602c1 which can be used as unique global reference for Cisco Talos ArcaneDoor April 24 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-06T00:00:00Z |
| date_published | 2024-04-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices |
Arctic Wolf
Julian Tuin, Stefan Hostetler, Jon Grimm, Aaron Diaz, and Trevor Daher. (2024, November 22). Arctic Wolf Observes Threat Campaign Targeting Palo Alto Networks Firewall Devices. Retrieved January 8, 2025.
Internal MISP references
UUID 87218d4c-ed0a-514c-b9c8-048bad4d0245 which can be used as unique global reference for Arctic Wolf in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-08T00:00:00Z |
| date_published | 2024-11-22T00:00:00Z |
| source | MITRE |
| title | Arctic Wolf Observes Threat Campaign Targeting Palo Alto Networks Firewall Devices |
Wald0 Guide to GPOs
Robbins, A. (2018, April 2). A Red Teamer’s Guide to GPOs and OUs. Retrieved March 5, 2019.
Internal MISP references
UUID 48bb84ac-56c8-4840-9a11-2cc76213e24e which can be used as unique global reference for Wald0 Guide to GPOs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2018-04-02T00:00:00Z |
| source | MITRE |
| title | A Red Teamer’s Guide to GPOs and OUs |
Lau 2011
Lau, H. (2011, August 8). Are MBR Infections Back in Fashion? (Infographic). Retrieved November 13, 2014.
Internal MISP references
UUID fa809aab-5051-4f9c-8e27-b5989608b03c which can be used as unique global reference for Lau 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-13T00:00:00Z |
| date_published | 2011-08-08T00:00:00Z |
| source | MITRE |
| title | Are MBR Infections Back in Fashion? (Infographic) |
Krebs-Booter
Brian Krebs. (2016, October 27). Are the Days of “Booter” Services Numbered?. Retrieved May 15, 2017.
Internal MISP references
UUID d29a88ae-273b-439e-8808-dc9931f1ff72 which can be used as unique global reference for Krebs-Booter in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-15T00:00:00Z |
| date_published | 2016-10-27T00:00:00Z |
| source | MITRE |
| title | Are the Days of “Booter” Services Numbered? |
RSA Forfiles Aug 2017
Partington, E. (2017, August 14). Are you looking out for forfiles.exe (if you are watching for cmd.exe). Retrieved January 22, 2018.
Internal MISP references
UUID 923d6d3e-6117-43a5-92c6-ea0c131355c2 which can be used as unique global reference for RSA Forfiles Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2017-08-14T00:00:00Z |
| source | MITRE |
| title | Are you looking out for forfiles.exe (if you are watching for cmd.exe) |
FireEye Respond Webinar July 2017
Scavella, T. and Rifki, A. (2017, July 20). Are you Ready to Respond? (Webinar). Retrieved October 4, 2017.
Internal MISP references
UUID e7091d66-7faa-49d6-b16f-be1f79db4471 which can be used as unique global reference for FireEye Respond Webinar July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-04T00:00:00Z |
| date_published | 2017-07-20T00:00:00Z |
| source | MITRE |
| title | Are you Ready to Respond? (Webinar) |
Browser-updates
Dusty Miller. (2023, October 17). Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates . Retrieved February 13, 2024.
Internal MISP references
UUID 89e913a8-1d52-53fe-b692-fb72e21d794f which can be used as unique global reference for Browser-updates in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-13T00:00:00Z |
| date_published | 2023-10-17T00:00:00Z |
| source | MITRE |
| title | Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates |
Sekoia.io AridViper
Threat & Detection Research Team. (2023, October 26). AridViper, an intrusion set allegedly associated with Hamas. Retrieved October 30, 2023.
Internal MISP references
UUID 963a97b9-71b2-46e7-8315-1d7ef76d832c which can be used as unique global reference for Sekoia.io AridViper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-30T00:00:00Z |
| date_published | 2023-10-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AridViper, an intrusion set allegedly associated with Hamas |
Proofpoint April 16 2025
Saher Naumaan; Mark Kelly; Greg Lesnewich; Josh Miller; The Proofpoint Threat Research Team. (2025, April 16). Around the World in 90 Days State-Sponsored Actors Try ClickFix . Retrieved May 6, 2025.
Internal MISP references
UUID 2fa6240b-ff2a-4d4b-93f2-901e15cffd5f which can be used as unique global reference for Proofpoint April 16 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-06T00:00:00Z |
| date_published | 2025-04-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Around the World in 90 Days State-Sponsored Actors Try ClickFix |
TechNet Arp
Microsoft. (n.d.). Arp. Retrieved April 17, 2016.
Internal MISP references
UUID 7714222e-8046-4884-b460-493d9ef46305 which can be used as unique global reference for TechNet Arp in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-17T00:00:00Z |
| source | MITRE |
| title | Arp |
Cisco ARP Poisoning Mitigation 2016
King, J., Lauerman, K. (2016, January 22). ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique. Retrieved October 15, 2020.
Internal MISP references
UUID 715cd044-f5ef-4cad-8741-308d104f05a5 which can be used as unique global reference for Cisco ARP Poisoning Mitigation 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| date_published | 2016-01-22T00:00:00Z |
| source | MITRE |
| title | ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique |
ASEC Emotet 2017
ASEC. (2017). ASEC REPORT VOL.88. Retrieved April 16, 2019.
Internal MISP references
UUID a02e3bbf-5864-4ccf-8b6f-5f8452395670 which can be used as unique global reference for ASEC Emotet 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | ASEC REPORT VOL.88 |
ASERT Seven Pointed Dagger Aug 2015
ASERT. (2015, August). ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger. Retrieved March 19, 2018.
Internal MISP references
UUID a8f323c7-82bc-46e6-bd6c-0b631abc644a which can be used as unique global reference for ASERT Seven Pointed Dagger Aug 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2015-08-01T00:00:00Z |
| source | MITRE |
| title | ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger |
Securelist Sofacy Feb 2018
Kaspersky Lab's Global Research & Analysis Team. (2018, February 20). A Slice of 2017 Sofacy Activity. Retrieved November 27, 2018.
Internal MISP references
UUID 3a043bba-2451-4765-946b-c1f3bf4aea36 which can be used as unique global reference for Securelist Sofacy Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-27T00:00:00Z |
| date_published | 2018-02-20T00:00:00Z |
| source | MITRE |
| title | A Slice of 2017 Sofacy Activity |
Sophos News April 26 2020
Sophos. (2020, April 26). “Asnarok” Trojan targets firewalls. Retrieved November 8, 2024.
Internal MISP references
UUID c134c6d8-c027-4528-a13f-08aebf40f8e6 which can be used as unique global reference for Sophos News April 26 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-08T00:00:00Z |
| date_published | 2020-04-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | “Asnarok” Trojan targets firewalls |
THE FINANCIAL TIMES LTD 2019.
THE FINANCIAL TIMES. (2019, September 2). A sobering day. Retrieved October 8, 2019.
Internal MISP references
UUID 5a01f0b7-86f7-44a1-bf35-46a631402ceb which can be used as unique global reference for THE FINANCIAL TIMES LTD 2019. in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2019-09-02T00:00:00Z |
| source | MITRE |
| title | A sobering day |
Aspnet_Compiler.exe - LOLBAS Project
LOLBAS. (2021, September 26). Aspnet_Compiler.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 15864c56-115e-4163-b816-03bdb9bfd5c5 which can be used as unique global reference for Aspnet_Compiler.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Aspnet_Compiler.exe |
Mandiant UNC2452 APT29 April 2022
Mandiant. (2020, April 27). Assembling the Russian Nesting Doll: UNC2452 Merged into APT29. Retrieved March 26, 2023.
Internal MISP references
UUID 5276508c-6792-56be-b757-e4b495ef6c37 which can be used as unique global reference for Mandiant UNC2452 APT29 April 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-26T00:00:00Z |
| date_published | 2020-04-27T00:00:00Z |
| source | MITRE |
| title | Assembling the Russian Nesting Doll: UNC2452 Merged into APT29 |
Microsoft AssemblyLoad
Microsoft. (n.d.). Assembly.Load Method. Retrieved February 9, 2024.
Internal MISP references
UUID 3d980d7a-7074-5812-9bb1-ca8e27e028bd which can be used as unique global reference for Microsoft AssemblyLoad in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-09T00:00:00Z |
| source | MITRE |
| title | Assembly.Load Method |
Kubernetes Assigning Pods to Nodes
Kubernetes. (n.d.). Assigning Pods to Nodes. Retrieved February 15, 2024.
Internal MISP references
UUID fe6ba97b-ff61-541b-9a67-a835290dc4ab which can be used as unique global reference for Kubernetes Assigning Pods to Nodes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-15T00:00:00Z |
| source | MITRE |
| title | Assigning Pods to Nodes |
Microsoft Assoc Oct 2017
Plett, C. et al.. (2017, October 15). assoc. Retrieved August 7, 2018.
Internal MISP references
UUID 63fb65d7-6423-42de-b868-37fbc2bc133d which can be used as unique global reference for Microsoft Assoc Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-07T00:00:00Z |
| date_published | 2017-10-15T00:00:00Z |
| source | MITRE |
| title | assoc |
Rhino Security Labs Enumerating AWS Roles
Spencer Gietzen. (2018, August 8). Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’. Retrieved April 1, 2022.
Internal MISP references
UUID f403fc54-bdac-415a-9cc0-78803dd84214 which can be used as unique global reference for Rhino Security Labs Enumerating AWS Roles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2018-08-08T00:00:00Z |
| source | MITRE |
| title | Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’ |
Cybereason Astaroth Feb 2019
Salem, E. (2019, February 13). ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA. Retrieved April 17, 2019.
Internal MISP references
UUID eb4dc1f8-c6e7-4d6c-9258-b03a0ae64d2e which can be used as unique global reference for Cybereason Astaroth Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2019-02-13T00:00:00Z |
| source | MITRE |
| title | ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA |
spamhaus-malvertising
Miller, Sarah. (2023, February 2). A surge of malvertising across Google Ads is distributing dangerous malware. Retrieved February 21, 2023.
Internal MISP references
UUID 15a4d429-28c3-52be-aeb8-d94ad2743866 which can be used as unique global reference for spamhaus-malvertising in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2023-02-02T00:00:00Z |
| source | MITRE |
| title | A surge of malvertising across Google Ads is distributing dangerous malware |
Lua Proofpoint Sunseed
Raggi, Michael. Cass, Zydeca. The Proofpoint Threat Research Team.. (2022, March 1). Asylum Ambuscade: State Actor Uses Lua-based Sunseed Malware to Target European Governments and Refugee Movement. Retrieved August 5, 2024.
Internal MISP references
UUID 313e8333-0512-50d4-a7f6-4294dc935003 which can be used as unique global reference for Lua Proofpoint Sunseed in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-05T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | Asylum Ambuscade: State Actor Uses Lua-based Sunseed Malware to Target European Governments and Refugee Movement |
Microsoft APC
Microsoft. (n.d.). Asynchronous Procedure Calls. Retrieved December 8, 2017.
Internal MISP references
UUID 37f1ef6c-fc0e-4e47-85ab-20d53caba77e which can be used as unique global reference for Microsoft APC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-08T00:00:00Z |
| source | MITRE |
| title | Asynchronous Procedure Calls |
Medium February 08 2023
Hack sydney. (2023, February 8). AsyncRAT: Analysing the Three Stages of Execution. Retrieved May 7, 2023.
Internal MISP references
UUID 86a69887-8d23-460f-9a51-96a10bfb3c29 which can be used as unique global reference for Medium February 08 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2023-02-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AsyncRAT: Analysing the Three Stages of Execution |
AsyncRAT Crusade: Detections and Defense | Splunk
Splunk-Blogs. (n.d.). AsyncRAT Crusade: Detections and Defense. Retrieved May 7, 2023.
Internal MISP references
UUID 2869d93c-d3fe-475e-adc9-ab6eb7e26c0f which can be used as unique global reference for AsyncRAT Crusade: Detections and Defense | Splunk in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AsyncRAT Crusade: Detections and Defense |
TechNet At
Microsoft. (n.d.). At. Retrieved April 28, 2016.
Internal MISP references
UUID 31b40c09-d68f-4889-b585-c077bd9cef28 which can be used as unique global reference for TechNet At in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-28T00:00:00Z |
| source | MITRE |
| title | At |
Die.net Linux at Man Page
Thomas Koenig. (n.d.). at(1) - Linux man page. Retrieved December 19, 2017.
Internal MISP references
UUID 4bc1389d-9586-4dfc-a67c-58c6d3f6796a which can be used as unique global reference for Die.net Linux at Man Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| source | MITRE |
| title | at(1) - Linux man page |
Linux at
IEEE/The Open Group. (2017). at(1p) — Linux manual page. Retrieved February 25, 2022.
Internal MISP references
UUID 3e3a84bc-ab6d-460d-8abc-cafae6eaaedd which can be used as unique global reference for Linux at in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-25T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | at(1p) — Linux manual page |
PWC Pirpi Scanbox
Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.
Internal MISP references
UUID 4904261a-a3a9-4c3e-b6a7-079890026ee2 which can be used as unique global reference for PWC Pirpi Scanbox in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-30T00:00:00Z |
| date_published | 2015-07-25T00:00:00Z |
| source | MITRE |
| title | A tale of Pirpi, Scanbox & CVE-2015-3113 |
Atbroker.exe - LOLBAS Project
LOLBAS. (2018, May 25). Atbroker.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b0c21b56-6591-49c3-8e67-328ddb7b436d which can be used as unique global reference for Atbroker.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Atbroker.exe |
ESET Attor Oct 2019
Hromcova, Z. (2019, October). AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM. Retrieved May 6, 2020.
Internal MISP references
UUID fdd57c56-d989-4a6f-8cc5-5b3713605dec which can be used as unique global reference for ESET Attor Oct 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-06T00:00:00Z |
| date_published | 2019-10-01T00:00:00Z |
| source | MITRE |
| title | AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM |
LogRhythm WannaCry
Noerenberg, E., Costis, A., and Quist, N. (2017, May 16). A Technical Analysis of WannaCry Ransomware. Retrieved December 8, 2024.
Internal MISP references
UUID 305d0742-154a-44af-8686-c6d8bd7f8636 which can be used as unique global reference for LogRhythm WannaCry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-08T00:00:00Z |
| date_published | 2017-05-16T00:00:00Z |
| source | MITRE |
| title | A Technical Analysis of WannaCry Ransomware |
Malwarebytes Dyreza November 2015
hasherezade. (2015, November 4). A Technical Look At Dyreza. Retrieved June 15, 2020.
Internal MISP references
UUID 0a5719f2-8a88-44e2-81c5-2d16a39f1f8d which can be used as unique global reference for Malwarebytes Dyreza November 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2015-11-04T00:00:00Z |
| source | MITRE |
| title | A Technical Look At Dyreza |
At.exe - LOLBAS Project
LOLBAS. (2019, September 20). At.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a31e1f5c-9b8d-4af4-875b-5c03d2400c12 which can be used as unique global reference for At.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-09-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | At.exe |
ENSIL AtomBombing Oct 2016
Liberman, T. (2016, October 27). ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS. Retrieved December 8, 2017.
Internal MISP references
UUID 9282dbab-391c-4ffd-ada9-1687413b686b which can be used as unique global reference for ENSIL AtomBombing Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-08T00:00:00Z |
| date_published | 2016-10-27T00:00:00Z |
| source | MITRE |
| title | ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS |
SentinelOne 5 3 2023
Phil Stokes. (2023, May 3). Atomic Stealer . Retrieved January 1, 2024.
Internal MISP references
UUID c4721cab-2895-48ed-bfde-748aa3c80209 which can be used as unique global reference for SentinelOne 5 3 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-01T00:00:00Z |
| date_published | 2023-05-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Atomic Stealer |
Malwarebytes 1 10 2024
Jerome Segura. (2024, January 10). Atomic Stealer rings in the new year with updated version . Retrieved January 11, 2024.
Internal MISP references
UUID 660de1b0-574d-48df-865a-257b8ed4b928 which can be used as unique global reference for Malwarebytes 1 10 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-11T00:00:00Z |
| date_published | 2024-01-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Atomic Stealer rings in the new year with updated version |
FireEye TRITON 2018
Miller, S. Reese, E. (2018, June 7). A Totally Tubular Treatise on TRITON and TriStation. Retrieved November 17, 2024.
Internal MISP references
UUID bfa5886a-a7f4-40d1-98d0-c3358abcf265 which can be used as unique global reference for FireEye TRITON 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2018-06-07T00:00:00Z |
| source | MITRE |
| title | A Totally Tubular Treatise on TRITON and TriStation |
The DFIR Report Truebot June 12 2023
The DFIR Report. (2023, June 12). A Truly Graceful Wipe Out. Retrieved June 15, 2023.
Internal MISP references
UUID a6311a66-bb36-4cad-a98f-2b0b89aafa3d which can be used as unique global reference for The DFIR Report Truebot June 12 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-15T00:00:00Z |
| date_published | 2023-06-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | A Truly Graceful Wipe Out |
DFIR Report Trickbot June 2023
The DFIR Report. (2023, June 12). A Truly Graceful Wipe Out. Retrieved May 31, 2024.
Internal MISP references
UUID b65988a7-3469-54d2-804c-e8ce1f698b5c which can be used as unique global reference for DFIR Report Trickbot June 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-31T00:00:00Z |
| date_published | 2023-06-12T00:00:00Z |
| source | MITRE |
| title | A Truly Graceful Wipe Out |
att_def_ps_logging
Hao, M. (2019, February 27). Attack and Defense Around PowerShell Event Logging. Retrieved November 24, 2021.
Internal MISP references
UUID 52212570-b1a6-4249-99d4-3bcf66c27140 which can be used as unique global reference for att_def_ps_logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-24T00:00:00Z |
| date_published | 2019-02-27T00:00:00Z |
| source | MITRE |
| title | Attack and Defense Around PowerShell Event Logging |
Attack chain leads to XWORM and AGENTTESLA | Elastic
Elastic Blog. (2023, April 7). Attack chain leads to XWORM and AGENTTESLA. Retrieved May 10, 2023.
Internal MISP references
UUID 9b32397b-58be-4275-a701-fe0351ff2982 which can be used as unique global reference for Attack chain leads to XWORM and AGENTTESLA | Elastic in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-10T00:00:00Z |
| date_published | 2023-04-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Attack chain leads to XWORM and AGENTTESLA |
Intezer TeamTNT September 2020
Fishbein, N. (2020, September 8). Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks. Retrieved September 22, 2021.
Internal MISP references
UUID 1155a45e-86f4-497a-9a03-43b6dcb25202 which can be used as unique global reference for Intezer TeamTNT September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2020-09-08T00:00:00Z |
| source | MITRE |
| title | Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks |
Metcalf 2015
Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.
Internal MISP references
UUID 1c899028-466c-49b0-8d64-1a954c812508 which can be used as unique global reference for Metcalf 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-02-03T00:00:00Z |
| date_published | 2015-01-19T00:00:00Z |
| source | MITRE |
| title | Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest |
Cisco Blog Legacy Device Attacks
Omar Santos. (2020, October 19). Attackers Continue to Target Legacy Devices. Retrieved October 20, 2020.
Internal MISP references
UUID f7ce5099-7e04-4c0b-8767-e0eec664b18e which can be used as unique global reference for Cisco Blog Legacy Device Attacks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Attackers Continue to Target Legacy Devices |
FireEye TRITON 2017
Johnson, B, et. al. (2017, December 14). Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure. Retrieved January 6, 2021.
Internal MISP references
UUID 597a4d8b-ffb2-4551-86db-b319f5a5b707 which can be used as unique global reference for FireEye TRITON 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2017-12-14T00:00:00Z |
| source | MITRE |
| title | Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure |
FireEye TRITON Dec 2017
Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer. (2017, December 14). Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure. Retrieved January 12, 2018.
Internal MISP references
UUID d4ca3351-eeb8-5342-8c85-806614e22c48 which can be used as unique global reference for FireEye TRITON Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| date_published | 2017-12-14T00:00:00Z |
| source | MITRE |
| title | Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure |
Forbes GitHub Creds
Sandvik, R. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved October 19, 2020.
Internal MISP references
UUID 303f8801-bdd6-4a0c-a90a-37867898c99c which can be used as unique global reference for Forbes GitHub Creds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2014-01-14T00:00:00Z |
| source | MITRE |
| title | Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency |
GitHub Cloud Service Credentials
Runa A. Sandvik. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved August 9, 2022.
Internal MISP references
UUID d2186b8c-10c9-493b-8e25-7d69fce006e4 which can be used as unique global reference for GitHub Cloud Service Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-09T00:00:00Z |
| date_published | 2014-01-14T00:00:00Z |
| source | MITRE |
| title | Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency |
Unit 42 Unsecured Docker Daemons
Chen, J.. (2020, January 29). Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed. Retrieved March 31, 2021.
Internal MISP references
UUID efcbbbdd-9af1-46c2-8538-3fd22f2b67d2 which can be used as unique global reference for Unit 42 Unsecured Docker Daemons in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-31T00:00:00Z |
| date_published | 2020-01-29T00:00:00Z |
| source | MITRE |
| title | Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed |
Proofpoint June 9 2025
The Proofpoint Threat Research Team. (2025, June 9). Attackers Unleash TeamFiltration Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool . Retrieved June 16, 2025.
Internal MISP references
UUID 0346a943-4e49-4984-8fc9-90b27ebbcd26 which can be used as unique global reference for Proofpoint June 9 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-16T12:00:00Z |
| date_published | 2025-06-09T12:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Attackers Unleash TeamFiltration Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool |
Talos Roblox Scam 2023
Tiago Pereira. (2023, November 2). Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”. Retrieved January 2, 2024.
Internal MISP references
UUID 9371ee4a-ac23-5acb-af3f-132ef3645392 which can be used as unique global reference for Talos Roblox Scam 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-02T00:00:00Z |
| date_published | 2023-11-02T00:00:00Z |
| source | MITRE |
| title | Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox” |
Black Hills Attacking Exchange MailSniper, 2016
Bullock, B.. (2016, October 3). Attacking Exchange with MailSniper. Retrieved October 6, 2019.
Internal MISP references
UUID adedfddc-29b7-4245-aa67-cc590acb7434 which can be used as unique global reference for Black Hills Attacking Exchange MailSniper, 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| date_published | 2016-10-03T00:00:00Z |
| source | MITRE |
| title | Attacking Exchange with MailSniper |
SANS Attacking Kerberos Nov 2014
Medin, T. (2014, November). Attacking Kerberos - Kicking the Guard Dog of Hades. Retrieved March 22, 2018.
Internal MISP references
UUID f20d6bd0-d699-4ee4-8ef6-3c45ec12cd42 which can be used as unique global reference for SANS Attacking Kerberos Nov 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-22T00:00:00Z |
| date_published | 2014-11-01T00:00:00Z |
| source | MITRE |
| title | Attacking Kerberos - Kicking the Guard Dog of Hades |
NetSPI SQL Server CLR
Sutherland, S. (2017, July 13). Attacking SQL Server CLR Assemblies. Retrieved September 12, 2024.
Internal MISP references
UUID 6f3d8c89-9d5d-4754-98d5-44fe3a5dd0d5 which can be used as unique global reference for NetSPI SQL Server CLR in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2017-07-13T00:00:00Z |
| source | MITRE |
| title | Attacking SQL Server CLR Assemblies |
Mandiant FIN5 GrrCON Oct 2016
Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.
Internal MISP references
UUID 2bd39baf-4223-4344-ba93-98aa8453dc11 which can be used as unique global reference for Mandiant FIN5 GrrCON Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-06T00:00:00Z |
| date_published | 2016-10-07T00:00:00Z |
| source | MITRE |
| title | Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years |
Attacking VNC Servers PentestLab
Administrator, Penetration Testing Lab. (2012, October 30). Attacking VNC Servers. Retrieved October 6, 2021.
Internal MISP references
UUID f953ea41-f9ca-4f4e-a46f-ef1d2def1d07 which can be used as unique global reference for Attacking VNC Servers PentestLab in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-06T00:00:00Z |
| date_published | 2012-10-30T00:00:00Z |
| source | MITRE |
| title | Attacking VNC Servers |
Talos Template Injection July 2017
Baird, S. et al.. (2017, July 7). Attack on Critical Infrastructure Leverages Template Injection. Retrieved July 21, 2018.
Internal MISP references
UUID 175ea537-2a94-42c7-a83b-bec8906ee6b9 which can be used as unique global reference for Talos Template Injection July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-21T00:00:00Z |
| date_published | 2017-07-07T00:00:00Z |
| source | MITRE |
| title | Attack on Critical Infrastructure Leverages Template Injection |
Lotus Blossom Dec 2015
Falcone, R. and Miller-Osborn, J.. (2015, December 18). Attack on French Diplomat Linked to Operation Lotus Blossom. Retrieved February 15, 2016.
Internal MISP references
UUID dcbe51a0-6d63-4401-b19e-46cd3c42204c which can be used as unique global reference for Lotus Blossom Dec 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-15T00:00:00Z |
| date_published | 2015-12-18T00:00:00Z |
| source | MITRE |
| title | Attack on French Diplomat Linked to Operation Lotus Blossom |
Symantec Attacks Against Government Sector
Symantec. (2021, June 10). Attacks Against the Government Sector. Retrieved September 28, 2021.
Internal MISP references
UUID f5940cc2-1bbd-4e42-813a-f50867b01035 which can be used as unique global reference for Symantec Attacks Against Government Sector in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2021-06-10T00:00:00Z |
| source | MITRE |
| title | Attacks Against the Government Sector |
Aqua Security Cloud Native Threat Report June 2021
Team Nautilus. (2021, June). Attacks in the Wild on the Container Supply Chain and Infrastructure. Retrieved August 26, 2021.
Internal MISP references
UUID be9652d5-7531-4143-9c44-aefd019b7a32 which can be used as unique global reference for Aqua Security Cloud Native Threat Report June 2021 in MISP communities and other software using the MISP galaxy
External references
- https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-26T00:00:00Z |
| date_published | 2021-06-01T00:00:00Z |
| source | MITRE |
| title | Attacks in the Wild on the Container Supply Chain and Infrastructure |
CERT-FR PYSA April 2020
CERT-FR. (2020, April 1). ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE. Retrieved March 1, 2021.
Internal MISP references
UUID 4e502db6-2e09-4422-9dcc-1e10e701e122 which can be used as unique global reference for CERT-FR PYSA April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-01T00:00:00Z |
| date_published | 2020-04-01T00:00:00Z |
| source | MITRE |
| title | ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE |
InsiderThreat NTFS EA Oct 2017
Sander, J. (2017, October 12). Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks. Retrieved March 21, 2018.
Internal MISP references
UUID 6d270128-0461-43ec-8925-204c7b5aacc9 which can be used as unique global reference for InsiderThreat NTFS EA Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-21T00:00:00Z |
| date_published | 2017-10-12T00:00:00Z |
| source | MITRE |
| title | Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks |
Microsoft ASR Obfuscation
Microsoft. (2023, February 22). Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts. Retrieved March 17, 2023.
Internal MISP references
UUID dec646d4-8b32-5091-b097-abe887aeca96 which can be used as unique global reference for Microsoft ASR Obfuscation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2023-02-22T00:00:00Z |
| source | MITRE |
| title | Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts |
Obfuscated scripts
Microsoft. (2024, March 4). Attack surface reduction rules reference. Retrieved March 29, 2024.
Internal MISP references
UUID 2b4dcb27-f32e-50f0-83e0-350659e49f0b which can be used as unique global reference for Obfuscated scripts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-29T00:00:00Z |
| date_published | 2024-03-04T00:00:00Z |
| source | MITRE |
| title | Attack surface reduction rules reference |
Sophos News August 27 2024
Andreas Klopsch. (2024, August 27). Attack tool update impairs Windows computers. Retrieved August 30, 2024.
Internal MISP references
UUID af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc which can be used as unique global reference for Sophos News August 27 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-30T00:00:00Z |
| date_published | 2024-08-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Attack tool update impairs Windows computers |
TrendMicro Msiexec Feb 2018
Co, M. and Sison, G. (2018, February 8). Attack Using Windows Installer msiexec.exe leads to LokiBot. Retrieved April 18, 2019.
Internal MISP references
UUID 768c99f3-ee28-47dc-bc33-06d50ac72dea which can be used as unique global reference for TrendMicro Msiexec Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-18T00:00:00Z |
| date_published | 2018-02-08T00:00:00Z |
| source | MITRE |
| title | Attack Using Windows Installer msiexec.exe leads to LokiBot |
GitHub ATTACK Empire
Stepanic, D. (2018, September 2). attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs. Retrieved March 11, 2019.
Internal MISP references
UUID b3d6bb33-2b23-4c0a-b8fa-e002a5c7edfc which can be used as unique global reference for GitHub ATTACK Empire in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-11T00:00:00Z |
| date_published | 2018-09-02T00:00:00Z |
| source | MITRE |
| title | attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs |
lambert systemd 2022
Tony Lambert. (2022, November 13). ATT&CK T1501: Understanding systemd service persistence. Retrieved March 20, 2023.
Internal MISP references
UUID 196f0c77-4c98-57e7-ad79-eb43bdd2c848 which can be used as unique global reference for lambert systemd 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-20T00:00:00Z |
| date_published | 2022-11-13T00:00:00Z |
| source | MITRE |
| title | ATT&CK T1501: Understanding systemd service persistence |
TechNet Credential Theft
Microsoft. (2016, April 15). Attractive Accounts for Credential Theft. Retrieved June 3, 2016.
Internal MISP references
UUID 5c183c97-0ab2-4b75-8dbc-9db92a929ff4 which can be used as unique global reference for TechNet Credential Theft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2016-04-15T00:00:00Z |
| source | MITRE |
| title | Attractive Accounts for Credential Theft |
Microsoft attrib 2023
Xelu86, et al. (2023, September 25). attrib. Retrieved November 22, 2024.
Internal MISP references
UUID 47ff2831-85b9-5873-95aa-2cd676d1e82d which can be used as unique global reference for Microsoft attrib 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-22T00:00:00Z |
| date_published | 2023-09-25T00:00:00Z |
| source | MITRE |
| title | attrib |
AcidRain State Department 2022
Antony J. Blinken, US Department of State. (2022, May 10). Attribution of Russia’s Malicious Cyber Activity Against Ukraine. Retrieved March 25, 2024.
Internal MISP references
UUID 9d514c52-9def-5b11-aa06-fdf3ee9923ed which can be used as unique global reference for AcidRain State Department 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-25T00:00:00Z |
| date_published | 2022-05-10T00:00:00Z |
| source | MITRE |
| title | Attribution of Russia’s Malicious Cyber Activity Against Ukraine |
Audit OSX
Gagliardi, R. (n.d.). Audit in a OS X System. Retrieved September 23, 2021.
Internal MISP references
UUID c5181c95-0a94-4ea0-9940-04a9663d0069 which can be used as unique global reference for Audit OSX in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| source | MITRE |
| title | Audit in a OS X System |
Broadcom ESXi Shell Audit
Broadcom. (2025, February 20). Auditing ESXi Shell logins and commands. Retrieved March 26, 2025.
Internal MISP references
UUID 8c30038c-eb5b-5795-966a-e5ea4f6323ac which can be used as unique global reference for Broadcom ESXi Shell Audit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2025-02-20T00:00:00Z |
| source | MITRE |
| title | Auditing ESXi Shell logins and commands |
Microsoft Audit Logon Events
Microsoft. (2021, September 6). Audit logon events. Retrieved September 28, 2021.
Internal MISP references
UUID 050d6da7-a78c-489d-8bef-b06d802b55d7 which can be used as unique global reference for Microsoft Audit Logon Events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2021-09-06T00:00:00Z |
| source | MITRE |
| title | Audit logon events |
Cloud Audit Logs
Google. (n.d.). Audit Logs. Retrieved June 1, 2020.
Internal MISP references
UUID 500bdcea-5f49-4949-80fb-5eec1ce5e09e which can be used as unique global reference for Cloud Audit Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-01T00:00:00Z |
| source | MITRE |
| title | Audit Logs |
Microsoft Scheduled Task Events Win10
Microsoft. (2017, May 28). Audit Other Object Access Events. Retrieved June 27, 2019.
Internal MISP references
UUID 79e54b41-69ba-4738-86ef-88c4f540bce3 which can be used as unique global reference for Microsoft Scheduled Task Events Win10 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-27T00:00:00Z |
| date_published | 2017-05-28T00:00:00Z |
| source | MITRE |
| title | Audit Other Object Access Events |
auditpol
Jason Gerend, et al. (2017, October 16). auditpol. Retrieved September 1, 2021.
Internal MISP references
UUID 20d18ecf-d7d3-4433-9a3c-c28be71de4b1 which can be used as unique global reference for auditpol in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-01T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | auditpol |
auditpol.exe_STRONTIC
STRONTIC. (n.d.). auditpol.exe. Retrieved September 9, 2021.
Internal MISP references
UUID c8a305b3-cd17-4415-a740-32787da703cd which can be used as unique global reference for auditpol.exe_STRONTIC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-09T00:00:00Z |
| source | MITRE |
| title | auditpol.exe |
Audit_Policy_Microsoft
Daniel Simpson. (2017, April 19). Audit Policy. Retrieved September 13, 2021.
Internal MISP references
UUID 9ff43f64-7fcb-4aa3-9599-9d00774d8da5 which can be used as unique global reference for Audit_Policy_Microsoft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | Audit Policy |
TechNet Audit Policy
Microsoft. (2016, April 15). Audit Policy Recommendations. Retrieved June 3, 2016.
Internal MISP references
UUID 406cd8ff-e539-4853-85ed-775726155cf1 which can be used as unique global reference for TechNet Audit Policy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2016-04-15T00:00:00Z |
| source | MITRE |
| title | Audit Policy Recommendations |
Microsoft Audit Registry July 2012
Microsoft. (2012, July 2). Audit Registry. Retrieved January 31, 2018.
Internal MISP references
UUID 4e95ad81-cbc4-4f66-ba95-fb781d7d9c3c which can be used as unique global reference for Microsoft Audit Registry July 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| date_published | 2012-07-02T00:00:00Z |
| source | MITRE |
| title | Audit Registry |
audits linikatz
Wadhwa-Brown, Tim. (2022). audit.rules. Retrieved September 17, 2024.
Internal MISP references
UUID b9f940cf-74fb-5a33-992c-82bdb538adbb which can be used as unique global reference for audits linikatz in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-17T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | audit.rules |
Security Affairs Elderwood Sept 2012
Paganini, P. (2012, September 9). Elderwood project, who is behind Op. Aurora and ongoing attacks?. Retrieved February 13, 2018.
Internal MISP references
UUID ebfc56c5-0490-4b91-b49f-548c00a59162 which can be used as unique global reference for Security Affairs Elderwood Sept 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-13T00:00:00Z |
| source | MITRE |
| title | Aurora and ongoing attacks? |
Australia ‘Evil Twin’
Toulas, Bill. (2024, July 1). Australian charged for ‘Evil Twin’ WiFi attack on plane. Retrieved September 17, 2024.
Internal MISP references
UUID b50c354b-cdca-57e6-b8d6-a43ee334f091 which can be used as unique global reference for Australia ‘Evil Twin’ in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-17T00:00:00Z |
| date_published | 2024-07-01T00:00:00Z |
| source | MITRE |
| title | Australian charged for ‘Evil Twin’ WiFi attack on plane |
NIST Authentication
NIST. (n.d.). Authentication. Retrieved January 30, 2020.
Internal MISP references
UUID f3cfb9b9-62f4-4066-a2b9-7e6f25bd7a46 which can be used as unique global reference for NIST Authentication in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-30T00:00:00Z |
| source | MITRE |
| title | Authentication |
MSDN Authentication Packages
Microsoft. (n.d.). Authentication Packages. Retrieved March 1, 2017.
Internal MISP references
UUID e9bb8434-9b6d-4301-bfe2-5c83ceabb020 which can be used as unique global reference for MSDN Authentication Packages in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| source | MITRE |
| title | Authentication Packages |
Microsoft Authenticode
Microsoft. (n.d.). Authenticode. Retrieved January 31, 2018.
Internal MISP references
UUID 33efd1a3-ffe9-42b3-ae12-970ed11454bf which can be used as unique global reference for Microsoft Authenticode in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| source | MITRE |
| title | Authenticode |
K8s Authorization Overview
Kubernetes. (n.d.). Authorization Overview. Retrieved June 24, 2021.
Internal MISP references
UUID 120f968a-c81f-4902-9b76-7544577b768d which can be used as unique global reference for K8s Authorization Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-24T00:00:00Z |
| source | MITRE |
| title | Authorization Overview |
SSH Authorized Keys
ssh.com. (n.d.). Authorized_keys File in SSH. Retrieved June 24, 2020.
Internal MISP references
UUID ff100b76-894e-4d7c-9b8d-5f0eedcf59cc which can be used as unique global reference for SSH Authorized Keys in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| source | MITRE |
| title | Authorized_keys File in SSH |
Trend Micro njRAT 2018
Pascual, C. (2018, November 27). AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor. Retrieved June 4, 2019.
Internal MISP references
UUID d8e7b428-84dd-4d96-b3f3-70e7ed7f8271 which can be used as unique global reference for Trend Micro njRAT 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2018-11-27T00:00:00Z |
| source | MITRE |
| title | AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor |
Re-Open windows on Mac
Apple. (2016, December 6). Automatically re-open windows, apps, and documents on your Mac. Retrieved July 11, 2017.
Internal MISP references
UUID ed907f1e-71d6-45db-8ef3-75bec59c238b which can be used as unique global reference for Re-Open windows on Mac in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-11T00:00:00Z |
| date_published | 2016-12-06T00:00:00Z |
| source | MITRE |
| title | Automatically re-open windows, apps, and documents on your Mac |
TechNet Autoruns
Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016.
Internal MISP references
UUID 709f4509-9d69-4033-8aa6-a947496a1703 which can be used as unique global reference for TechNet Autoruns in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-06T00:00:00Z |
| date_published | 2016-01-04T00:00:00Z |
| source | MITRE |
| title | Autoruns for Windows v13.51 |
Autoruns for Windows
Mark Russinovich. (2019, June 28). Autoruns for Windows v13.96. Retrieved March 13, 2020.
Internal MISP references
UUID aaf66ad0-c444-48b5-875f-a0f66b82031c which can be used as unique global reference for Autoruns for Windows in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2019-06-28T00:00:00Z |
| source | MITRE |
| title | Autoruns for Windows v13.96 |
Hornet Security Avaddon June 2020
Security Lab. (2020, June 5). Avaddon: From seeking affiliates to in-the-wild in 2 days. Retrieved August 19, 2021.
Internal MISP references
UUID 41377d56-2e7b-48a8-8561-681e04a65907 which can be used as unique global reference for Hornet Security Avaddon June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-19T00:00:00Z |
| date_published | 2020-06-05T00:00:00Z |
| source | MITRE |
| title | Avaddon: From seeking affiliates to in-the-wild in 2 days |
Avaddon Ransomware 2021
Javier Yuste and Sergio Pastrana. (2021). Avaddon ransomware: an in-depth analysis and decryption of infected systems. Retrieved March 24, 2025.
Internal MISP references
UUID 9f6d1282-5bc1-5d0d-aede-8131411bd255 which can be used as unique global reference for Avaddon Ransomware 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-24T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | Avaddon ransomware: an in-depth analysis and decryption of infected systems |
Arxiv Avaddon Feb 2021
Yuste, J. Pastrana, S. (2021, February 9). Avaddon ransomware: an in-depth analysis and decryption of infected systems. Retrieved August 19, 2021.
Internal MISP references
UUID dbee8e7e-f477-4bd5-8225-84e0e222617e which can be used as unique global reference for Arxiv Avaddon Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-19T00:00:00Z |
| date_published | 2021-02-09T00:00:00Z |
| source | MITRE |
| title | Avaddon ransomware: an in-depth analysis and decryption of infected systems |
CISA Phishing
CISA. (2021, February 1). Avoiding Social Engineering and Phishing Attacks. Retrieved September 8, 2023.
Internal MISP references
UUID 0c98bf66-f43c-5b09-ae43-d10c682f51e7 which can be used as unique global reference for CISA Phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| date_published | 2021-02-01T00:00:00Z |
| source | MITRE |
| title | Avoiding Social Engineering and Phishing Attacks |
Malwarebytes AvosLocker Jul 2021
Hasherezade. (2021, July 23). AvosLocker enters the ransomware scene, asks for partners. Retrieved January 11, 2023.
Internal MISP references
UUID 88dffb14-a7a7-5b36-b269-8283dec0f1a3 which can be used as unique global reference for Malwarebytes AvosLocker Jul 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-11T00:00:00Z |
| date_published | 2021-07-23T00:00:00Z |
| source | MITRE |
| title | AvosLocker enters the ransomware scene, asks for partners |
avoslocker_ransomware
Lakshmanan, R. (2022, May 2). AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection. Retrieved May 17, 2022.
Internal MISP references
UUID ea2756ce-a183-4c80-af11-92374ad045b2 which can be used as unique global reference for avoslocker_ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-17T00:00:00Z |
| date_published | 2022-05-02T00:00:00Z |
| source | MITRE |
| title | AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection |
Cisco Talos Avos Jun 2022
Venere, G. Neal, C. (2022, June 21). Avos ransomware group expands with new attack arsenal. Retrieved January 11, 2023.
Internal MISP references
UUID 1170fdc2-6d8e-5b60-bf9e-ca915790e534 which can be used as unique global reference for Cisco Talos Avos Jun 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-11T00:00:00Z |
| date_published | 2022-06-21T00:00:00Z |
| source | MITRE |
| title | Avos ransomware group expands with new attack arsenal |
Awesome Executable Packing
Alexandre D'Hondt. (n.d.). Awesome Executable Packing. Retrieved March 11, 2022.
Internal MISP references
UUID 565bf600-5657-479b-9678-803e991c88a5 which can be used as unique global reference for Awesome Executable Packing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-11T00:00:00Z |
| source | MITRE |
| title | Awesome Executable Packing |
ESET Kobalos Jan 2021
M.Leveille, M., Sanmillan, I. (2021, January). A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs. Retrieved August 24, 2021.
Internal MISP references
UUID 745e963e-33fd-40d4-a8c6-1a9f321017f4 which can be used as unique global reference for ESET Kobalos Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs |
GeeksforGeeks October 10 2017
GeeksforGeeks Improve. (2017, October 10). AWK command in UnixLinux with examples - GeeksforGeeks. Retrieved December 19, 2024.
Internal MISP references
UUID 71dcac81-efb2-4631-80bd-5fae77c32d7f which can be used as unique global reference for GeeksforGeeks October 10 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2017-10-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AWK command in UnixLinux with examples - GeeksforGeeks |
AWS Root User
Amazon. (n.d.). AWS Account Root User. Retrieved April 5, 2021.
Internal MISP references
UUID 5f315c21-f02f-4c9e-aac6-d648deff3ff9 which can be used as unique global reference for AWS Root User in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-05T00:00:00Z |
| source | MITRE |
| title | AWS Account Root User |
GitHub AWS-ADFS-Credential-Generator
Damian Hickey. (2017, January 28). AWS-ADFS-Credential-Generator. Retrieved September 27, 2024.
Internal MISP references
UUID 340a3a20-0ee1-4fd8-87ab-10ac0d2a50c8 which can be used as unique global reference for GitHub AWS-ADFS-Credential-Generator in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-27T00:00:00Z |
| date_published | 2017-01-28T00:00:00Z |
| source | MITRE |
| title | AWS-ADFS-Credential-Generator |
AWS GetPasswordPolicy
Amazon Web Services. (n.d.). AWS API GetAccountPasswordPolicy. Retrieved June 8, 2021.
Internal MISP references
UUID dd44d565-b9d9-437e-a31a-a52c6a21e3b3 which can be used as unique global reference for AWS GetPasswordPolicy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-08T00:00:00Z |
| source | MITRE |
| title | AWS API GetAccountPasswordPolicy |
AWS Console Sign-in Events
Amazon. (n.d.). AWS Console Sign-in Events. Retrieved October 23, 2019.
Internal MISP references
UUID 72578d0b-f68a-40fa-9a5d-379a66792be8 which can be used as unique global reference for AWS Console Sign-in Events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-23T00:00:00Z |
| source | MITRE |
| title | AWS Console Sign-in Events |
AWS Describe DB Instances
Amazon Web Services. (n.d.). Retrieved May 28, 2021.
Internal MISP references
UUID 85bda17d-7b7c-4d0e-a0d2-2adb5f0a6b82 which can be used as unique global reference for AWS Describe DB Instances in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-28T00:00:00Z |
| source | MITRE |
| title | AWS Describe DB Instances |
AWS Get Bucket ACL
Amazon Web Services. (n.d.). Retrieved May 28, 2021.
Internal MISP references
UUID 1eddbd32-8314-4f95-812a-550904eac2fa which can be used as unique global reference for AWS Get Bucket ACL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-28T00:00:00Z |
| source | MITRE |
| title | AWS Get Bucket ACL |
AWS Get Public Access Block
Amazon Web Services. (n.d.). Retrieved May 28, 2021.
Internal MISP references
UUID f2887980-569a-4bc2-949e-bd8ff266c43c which can be used as unique global reference for AWS Get Public Access Block in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-28T00:00:00Z |
| source | MITRE |
| title | AWS Get Public Access Block |
AWS Head Bucket
Amazon Web Services. (n.d.). AWS HeadBucket. Retrieved February 14, 2022.
Internal MISP references
UUID 1388a78e-9f86-4927-a619-e0fcbac5b7a1 which can be used as unique global reference for AWS Head Bucket in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-14T00:00:00Z |
| source | MITRE |
| title | AWS HeadBucket |
Rhino Security Labs AWS Privilege Escalation
Spencer Gietzen. (n.d.). AWS IAM Privilege Escalation – Methods and Mitigation. Retrieved May 27, 2022.
Internal MISP references
UUID 693e5783-4aa1-40ce-8080-cec01c3e7b59 which can be used as unique global reference for Rhino Security Labs AWS Privilege Escalation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| source | MITRE |
| title | AWS IAM Privilege Escalation – Methods and Mitigation |
AWS Lambda Redirector
Adam Chester. (2020, February 25). AWS Lambda Redirector. Retrieved July 8, 2022.
Internal MISP references
UUID 9ba87a5d-a140-4959-9905-c4a80e684d56 which can be used as unique global reference for AWS Lambda Redirector in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-08T00:00:00Z |
| date_published | 2020-02-25T00:00:00Z |
| source | MITRE |
| title | AWS Lambda Redirector |
Sysdig AMBERSQUID September 18 2023
Alessandro Brucato. (2023, September 18). AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation. Retrieved April 11, 2024.
Internal MISP references
UUID 7ffa880f-5854-4b8a-83f5-da42c1c39345 which can be used as unique global reference for Sysdig AMBERSQUID September 18 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-11T00:00:00Z |
| date_published | 2023-09-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation |
Rhino Security Labs AWS S3 Ransomware
Spencer Gietzen. (n.d.). AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense. Retrieved March 21, 2023.
Internal MISP references
UUID 785c6b11-c5f0-5cb4-931b-cf75fcc368a1 which can be used as unique global reference for Rhino Security Labs AWS S3 Ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-21T00:00:00Z |
| source | MITRE |
| title | AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense |
AWS Systems Manager Run Command
AWS. (n.d.). AWS Systems Manager Run Command. Retrieved March 13, 2023.
Internal MISP references
UUID ef66f17b-6a5b-5eb8-83de-943e2bddd114 which can be used as unique global reference for AWS Systems Manager Run Command in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| source | MITRE |
| title | AWS Systems Manager Run Command |
Pylos Xenotime 2019
Slowik, J.. (2019, April 12). A XENOTIME to Remember: Veles in the Wild. Retrieved April 16, 2019.
Internal MISP references
UUID e2f246d8-c75e-4e0f-bba8-869d82be26da which can be used as unique global reference for Pylos Xenotime 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-04-12T00:00:00Z |
| source | MITRE |
| title | A XENOTIME to Remember: Veles in the Wild |
objective-see ay mami 2018
Patrick Wardle. (2018, January 11). Ay MaMi. Retrieved March 19, 2018.
Internal MISP references
UUID 1b1d656c-4fe6-47d1-9ce5-a70c33003507 which can be used as unique global reference for objective-see ay mami 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2018-01-11T00:00:00Z |
| source | MITRE |
| title | Ay MaMi |
Microsoft AZ CLI
Microsoft. (n.d.). az ad user. Retrieved October 6, 2019.
Internal MISP references
UUID cfd94553-272b-466b-becb-3859942bcaa5 which can be used as unique global reference for Microsoft AZ CLI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| source | MITRE |
| title | az ad user |
Intezer Russian APT Dec 2020
Kennedy, J. (2020, December 9). A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy. Retrieved February 22, 2021.
Internal MISP references
UUID 88d8a3b7-d994-4fd2-9aa1-83b79bccda7e which can be used as unique global reference for Intezer Russian APT Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2020-12-09T00:00:00Z |
| source | MITRE |
| title | A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy |
az monitor diagnostic-settings
Microsoft. (n.d.). az monitor diagnostic-settings. Retrieved October 16, 2020.
Internal MISP references
UUID 6ddd92ee-1014-4b7a-953b-18ac396b100e which can be used as unique global reference for az monitor diagnostic-settings in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| source | MITRE |
| title | az monitor diagnostic-settings |
Microsoft Azure AD Security Operations for Devices
Microsoft. (2020, September 16). Azure Active Directory security operations for devices. Retrieved February 21, 2023.
Internal MISP references
UUID eeba5eab-a9d8-55c0-b555-0414f65d2c2d which can be used as unique global reference for Microsoft Azure AD Security Operations for Devices in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2020-09-16T00:00:00Z |
| source | MITRE |
| title | Azure Active Directory security operations for devices |
Microsoft Azure Active Directory security operations guide
Microsoft . (2022, September 16). Azure Active Directory security operations guide. Retrieved February 21, 2023.
Internal MISP references
UUID b75a3f28-a028-50e6-b971-cc85e7d52e0c which can be used as unique global reference for Microsoft Azure Active Directory security operations guide in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-09-16T00:00:00Z |
| source | MITRE |
| title | Azure Active Directory security operations guide |
Azure AD Connect for Read Teamers
Adam Chester. (2019, February 18). Azure AD Connect for Red Teamers. Retrieved September 28, 2022.
Internal MISP references
UUID 0b9946ff-8c1c-4d93-8401-e1e4dd186305 which can be used as unique global reference for Azure AD Connect for Read Teamers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2019-02-18T00:00:00Z |
| source | MITRE |
| title | Azure AD Connect for Red Teamers |
Microsoft - Azure PowerShell
Microsoft. (2014, December 12). Azure/azure-powershell. Retrieved March 24, 2023.
Internal MISP references
UUID 3b17b649-9efa-525f-aa49-cf6c9ad559d7 which can be used as unique global reference for Microsoft - Azure PowerShell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-24T00:00:00Z |
| date_published | 2014-12-12T00:00:00Z |
| source | MITRE |
| title | Azure/azure-powershell |
Azure Blob Storage
Microsoft. (n.d.). Azure Blob Storage. Retrieved November 17, 2024.
Internal MISP references
UUID 7a392b85-872a-4a5a-984c-185a8e8f8a3f which can be used as unique global reference for Azure Blob Storage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| source | MITRE |
| title | Azure Blob Storage |
Microsoft Azure Instance Metadata 2021
Microsoft. (2021, February 21). Azure Instance Metadata Service (Windows). Retrieved April 2, 2021.
Internal MISP references
UUID 66e93b75-0067-4cdb-b695-8f8109ef26e0 which can be used as unique global reference for Microsoft Azure Instance Metadata 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-02T00:00:00Z |
| date_published | 2021-02-21T00:00:00Z |
| source | MITRE |
| title | Azure Instance Metadata Service (Windows) |
Microsoft Azure Policy
Microsoft. (2023, August 30). Azure Policy built-in policy definitions. Retrieved September 5, 2023.
Internal MISP references
UUID 761d102e-768a-5536-a098-0b1819029d33 which can be used as unique global reference for Microsoft Azure Policy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-05T00:00:00Z |
| date_published | 2023-08-30T00:00:00Z |
| source | MITRE |
| title | Azure Policy built-in policy definitions |
SpecterOps Azure Privilege Escalation
Andy Robbins. (2021, October 12). Azure Privilege Escalation via Service Principal Abuse. Retrieved April 1, 2022.
Internal MISP references
UUID 5dba5a6d-465e-4489-bc4d-299a891b62f6 which can be used as unique global reference for SpecterOps Azure Privilege Escalation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2021-10-12T00:00:00Z |
| source | MITRE |
| title | Azure Privilege Escalation via Service Principal Abuse |
Azure Products
Microsoft. (n.d.). Azure products. Retrieved November 17, 2024.
Internal MISP references
UUID 12a72e05-ada4-4f77-8d6e-03024f88cab6 which can be used as unique global reference for Azure Products in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| source | MITRE |
| title | Azure products |
Azure - Resource Manager API
Microsoft. (2019, May 20). Azure Resource Manager. Retrieved June 17, 2020.
Internal MISP references
UUID 223cc020-e88a-4236-9c34-64fe606a1729 which can be used as unique global reference for Azure - Resource Manager API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-17T00:00:00Z |
| date_published | 2019-05-20T00:00:00Z |
| source | MITRE |
| title | Azure Resource Manager |
Mandiant Azure Run Command 2021
Adrien Bataille, Anders Vejlby, Jared Scott Wilson, and Nader Zaveri. (2021, December 14). Azure Run Command for Dummies. Retrieved March 13, 2023.
Internal MISP references
UUID e15d38de-bc15-525b-bd03-27c0edca768d which can be used as unique global reference for Mandiant Azure Run Command 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2021-12-14T00:00:00Z |
| source | MITRE |
| title | Azure Run Command for Dummies |
Microsoft Azure security baseline for Azure Active Directory
Microsoft. (2022, November 14). Azure security baseline for Azure Active Directory. Retrieved February 21, 2023.
Internal MISP references
UUID 2bc66dc9-2ed2-52ad-8ae2-5497be3b0c53 which can be used as unique global reference for Microsoft Azure security baseline for Azure Active Directory in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-11-14T00:00:00Z |
| source | MITRE |
| title | Azure security baseline for Azure Active Directory |
Microsoft - Azure Sentinel ADFSDomainTrustMods
Microsoft. (2020, December). Azure Sentinel Detections. Retrieved December 30, 2020.
Internal MISP references
UUID 34314090-33c2-4276-affa-3d0b527bbcef which can be used as unique global reference for Microsoft - Azure Sentinel ADFSDomainTrustMods in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-30T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | Azure Sentinel Detections |
Azure Serial Console
Microsoft. (2022, October 17). Azure Serial Console. Retrieved June 2, 2023.
Internal MISP references
UUID fd75d136-e818-5233-b2c2-5d8ed033b9e6 which can be used as unique global reference for Azure Serial Console in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-02T00:00:00Z |
| date_published | 2022-10-17T00:00:00Z |
| source | MITRE |
| title | Azure Serial Console |
Microsoft Azure Storage Security, 2019
Amlekar, M., Brooks, C., Claman, L., et. al.. (2019, March 20). Azure Storage security guide. Retrieved October 4, 2019.
Internal MISP references
UUID 95bda448-bb13-4fa6-b663-e48a9d1b866f which can be used as unique global reference for Microsoft Azure Storage Security, 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2019-03-20T00:00:00Z |
| source | MITRE |
| title | Azure Storage security guide |
Azure - Stormspotter
Microsoft. (2020). Azure Stormspotter GitHub. Retrieved June 17, 2020.
Internal MISP references
UUID 42383ed1-9705-4313-8068-28a22a23f50e which can be used as unique global reference for Azure - Stormspotter in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-17T00:00:00Z |
| date_published | 2020-01-01T00:00:00Z |
| source | MITRE |
| title | Azure Stormspotter GitHub |
Cyjax Bjorka January 29 2025
Jovana Macakanja. (2025, January 29). Babuk Ba-back? Potential Return of the Infamous RaaS Group. Retrieved February 14, 2025.
Internal MISP references
UUID 1d775a36-8b15-49f8-8c08-f92101e6d1be which can be used as unique global reference for Cyjax Bjorka January 29 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-14T00:00:00Z |
| date_published | 2025-01-29T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Babuk Ba-back? Potential Return of the Infamous RaaS Group |
Medium Babuk February 2021
Sebdraven. (2021, February 8). Babuk is distributed packed. Retrieved August 11, 2021.
Internal MISP references
UUID 58759b1c-8e2c-44fa-8e37-8bf7325c330d which can be used as unique global reference for Medium Babuk February 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-11T00:00:00Z |
| date_published | 2021-02-08T00:00:00Z |
| source | MITRE |
| title | Babuk is distributed packed |
Sogeti CERT ESEC Babuk March 2021
Sogeti. (2021, March). Babuk Ransomware. Retrieved August 11, 2021.
Internal MISP references
UUID e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e which can be used as unique global reference for Sogeti CERT ESEC Babuk March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-11T00:00:00Z |
| date_published | 2021-03-01T00:00:00Z |
| source | MITRE |
| title | Babuk Ransomware |
Unit42 BabyShark Apr 2019
Lim, M.. (2019, April 26). BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat . Retrieved October 7, 2019.
Internal MISP references
UUID c020569d-9c85-45fa-9f0b-97be5bdbab08 which can be used as unique global reference for Unit42 BabyShark Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-07T00:00:00Z |
| date_published | 2019-04-26T00:00:00Z |
| source | MITRE |
| title | BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat |
Mandiant APT29 Phishing September 21 2023
Luke Jenkins, Josh Atkins, Dan Black. (2023, September 21). Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations. Retrieved March 22, 2025.
Internal MISP references
UUID ad3fa9b5-2c2b-490e-bb46-0337020446f8 which can be used as unique global reference for Mandiant APT29 Phishing September 21 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-22T00:00:00Z |
| date_published | 2023-09-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations |
Symantec Briba May 2012
Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.
Internal MISP references
UUID bcf0f82b-1b26-4c0c-905e-0dd8b88d0903 which can be used as unique global reference for Symantec Briba May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-21T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Briba |
TrendMicro Squiblydoo Aug 2017
Bermejo, L., Giagone, R., Wu, R., and Yarochkin, F. (2017, August 7). Backdoor-carrying Emails Set Sights on Russian-speaking Businesses. Retrieved March 7, 2019.
Internal MISP references
UUID efeb475c-2a7c-4ab6-814d-3ee7866fa322 which can be used as unique global reference for TrendMicro Squiblydoo Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-07T00:00:00Z |
| date_published | 2017-08-07T00:00:00Z |
| source | MITRE |
| title | Backdoor-carrying Emails Set Sights on Russian-speaking Businesses |
Symantec Darkmoon Aug 2005
Hayashi, K. (2005, August 18). Backdoor.Darkmoon. Retrieved February 23, 2018.
Internal MISP references
UUID 7088234d-a6fc-49ad-b4fd-2fe8ca333c1d which can be used as unique global reference for Symantec Darkmoon Aug 2005 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-23T00:00:00Z |
| date_published | 2005-08-18T00:00:00Z |
| source | MITRE |
| title | Backdoor.Darkmoon |
ESET BackdoorDiplomacy Jun 2021
Adam Burgher. (2021, June 10). BackdoorDiplomacy: Upgrading from Quarian to Turian. Retrieved September 1, 2021
Internal MISP references
UUID 127d4b10-8d61-4bdf-b5b9-7d86bbc065b6 which can be used as unique global reference for ESET BackdoorDiplomacy Jun 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-01T00:00:00Z |
| date_published | 2021-06-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BackdoorDiplomacy: Upgrading from Quarian to Turian |
Backdooring an AWS account
Daniel Grzelak. (2016, July 9). Backdooring an AWS account. Retrieved May 27, 2022.
Internal MISP references
UUID 2c867527-1584-44f7-b5e5-8ca54ea79619 which can be used as unique global reference for Backdooring an AWS account in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2016-07-09T00:00:00Z |
| source | MITRE |
| title | Backdooring an AWS account |
Symantec Linfo May 2012
Zhou, R. (2012, May 15). Backdoor.Linfo. Retrieved February 23, 2018.
Internal MISP references
UUID e6b88cd4-a58e-4139-b266-48d0f5957407 which can be used as unique global reference for Symantec Linfo May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-23T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Linfo |
Symantec Backdoor.Mivast
Stama, D.. (2015, February 6). Backdoor.Mivast. Retrieved February 15, 2016.
Internal MISP references
UUID 800780e3-7d00-4cfc-8458-74fe17da2f71 which can be used as unique global reference for Symantec Backdoor.Mivast in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-15T00:00:00Z |
| date_published | 2015-02-06T00:00:00Z |
| source | MITRE |
| title | Backdoor.Mivast |
Symantec Nerex May 2012
Ladley, F. (2012, May 15). Backdoor.Nerex. Retrieved February 23, 2018.
Internal MISP references
UUID 1613fd6b-4d62-464b-9cda-6f7d3f0192e1 which can be used as unique global reference for Symantec Nerex May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-23T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Nerex |
Symantec Backdoor.Nidiran
Sponchioni, R.. (2016, March 11). Backdoor.Nidiran. Retrieved August 3, 2016.
Internal MISP references
UUID 01852772-c333-47a3-9e3f-e234a87f0b9b which can be used as unique global reference for Symantec Backdoor.Nidiran in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-03-11T00:00:00Z |
| source | MITRE |
| title | Backdoor.Nidiran |
Symantec Remsec IOCs
Symantec Security Response. (2016, August 8). Backdoor.Remsec indicators of compromise. Retrieved August 17, 2016.
Internal MISP references
UUID b00bf616-96e6-42c9-a56c-380047ad5acb which can be used as unique global reference for Symantec Remsec IOCs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-17T00:00:00Z |
| date_published | 2016-08-08T00:00:00Z |
| source | MITRE |
| title | Backdoor.Remsec indicators of compromise |
Symantec Ristol May 2012
Ladley, F. (2012, May 15). Backdoor.Ritsol. Retrieved February 23, 2018.
Internal MISP references
UUID 1c8b1762-8abd-479b-b78c-43d8c7be7c27 which can be used as unique global reference for Symantec Ristol May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-23T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Ritsol |
Symantec Vasport May 2012
Zhou, R. (2012, May 15). Backdoor.Vasport. Retrieved February 22, 2018.
Internal MISP references
UUID 2dc7d7fb-3d13-4647-b15b-5e501946d606 which can be used as unique global reference for Symantec Vasport May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-22T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Vasport |
FSecure Hupigon
FSecure. (n.d.). Backdoor - W32/Hupigon.EMV - Threat Description. Retrieved December 18, 2017.
Internal MISP references
UUID 08ceb57f-065e-45e9-98e9-d58a92caa755 which can be used as unique global reference for FSecure Hupigon in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| source | MITRE |
| title | Backdoor - W32/Hupigon.EMV - Threat Description |
Symantec Wiarp May 2012
Zhou, R. (2012, May 15). Backdoor.Wiarp. Retrieved February 22, 2018.
Internal MISP references
UUID 78285833-4b0d-4077-86d2-f34b010a5862 which can be used as unique global reference for Symantec Wiarp May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-22T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Wiarp |
Microsoft Lamin Sept 2017
Microsoft. (2009, May 17). Backdoor:Win32/Lamin.A. Retrieved September 6, 2018.
Internal MISP references
UUID 84b8b159-6e85-4329-8903-aca156f4ed84 which can be used as unique global reference for Microsoft Lamin Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-06T00:00:00Z |
| date_published | 2009-05-17T00:00:00Z |
| source | MITRE |
| title | Backdoor:Win32/Lamin.A |
Microsoft PoisonIvy 2017
McCormack, M. (2017, September 15). Backdoor:Win32/Poisonivy.E. Retrieved December 21, 2020.
Internal MISP references
UUID fc97a89c-c912-4b0c-b151-916695dbbca4 which can be used as unique global reference for Microsoft PoisonIvy 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| date_published | 2017-09-15T00:00:00Z |
| source | MITRE |
| title | Backdoor:Win32/Poisonivy.E |
Microsoft Win Defender Truvasys Sep 2017
Microsoft. (2017, September 15). Backdoor:Win32/Truvasys.A!dha. Retrieved November 30, 2017.
Internal MISP references
UUID 3c8ba6ef-8edc-44bf-9abe-655ba0f45912 which can be used as unique global reference for Microsoft Win Defender Truvasys Sep 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| date_published | 2017-09-15T00:00:00Z |
| source | MITRE |
| title | Backdoor:Win32/Truvasys.A!dha |
Microsoft Wingbird Nov 2017
Microsoft. (2017, November 9). Backdoor:Win32/Wingbird.A!dha. Retrieved November 27, 2017.
Internal MISP references
UUID 6c7e2b89-8f3a-443c-9b72-12934b9dc364 which can be used as unique global reference for Microsoft Wingbird Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| date_published | 2017-11-09T00:00:00Z |
| source | MITRE |
| title | Backdoor:Win32/Wingbird.A!dha |
Microsoft KnuckleTouch 2024
Microsoft. (2024, February 14). Backdoor:Win64/KnuckleTouch.A!dha. Retrieved January 6, 2025.
Internal MISP references
UUID b4b71551-45a7-50eb-891f-0f3df592f316 which can be used as unique global reference for Microsoft KnuckleTouch 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-06T00:00:00Z |
| date_published | 2024-02-14T00:00:00Z |
| source | MITRE |
| title | Backdoor:Win64/KnuckleTouch.A!dha |
Microsoft BITS
Microsoft. (n.d.). Background Intelligent Transfer Service. Retrieved January 12, 2018.
Internal MISP references
UUID 3d925a69-35f3-4337-8e1e-275de4c1783e which can be used as unique global reference for Microsoft BITS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| source | MITRE |
| title | Background Intelligent Transfer Service |
NCC Group Research Blog August 19 2022
NCC Group Research Blog. (2022, August 19). Back in Black: Unlocking a LockBit 3.0 Ransomware Attack. Retrieved May 7, 2023.
Internal MISP references
UUID 8c1fbe98-5fc1-4e67-9b96-b740ffc9b1ae which can be used as unique global reference for NCC Group Research Blog August 19 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2022-08-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Back in Black: Unlocking a LockBit 3.0 Ransomware Attack |
Tech Republic - Restore AWS Snapshots
Hardiman, N.. (2012, March 20). Backing up and restoring snapshots on Amazon EC2 machines. Retrieved October 8, 2019.
Internal MISP references
UUID bfe848a3-c855-4bca-a6ea-44804d48c7eb which can be used as unique global reference for Tech Republic - Restore AWS Snapshots in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2012-03-20T00:00:00Z |
| source | MITRE |
| title | Backing up and restoring snapshots on Amazon EC2 machines |
BleepingComputer BackSwap
Catalin Cimpanu. (2018, May 25). BackSwap Banking Trojan Uses Never-Before-Seen Techniques. Retrieved March 27, 2025.
Internal MISP references
UUID 47fed6be-5d7e-5491-ba2e-0a8129494476 which can be used as unique global reference for BleepingComputer BackSwap in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| source | MITRE |
| title | BackSwap Banking Trojan Uses Never-Before-Seen Techniques |
welivesecurity BackSwap
Michal Poslušný. (2018, May 25). BackSwap malware finds innovative ways to empty bank accounts. Retrieved March 27, 2025.
Internal MISP references
UUID aeb4e022-a0cb-58ab-8ee5-1c5753927755 which can be used as unique global reference for welivesecurity BackSwap in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| source | MITRE |
| title | BackSwap malware finds innovative ways to empty bank accounts |
Secureworks COBALT DICKENS August 2018
Counter Threat Unit Research Team. (2018, August 24). Back to School: COBALT DICKENS Targets Universities. Retrieved February 3, 2021.
Internal MISP references
UUID addbb46b-b2b5-4844-b4be-f6294cf51caa which can be used as unique global reference for Secureworks COBALT DICKENS August 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-03T00:00:00Z |
| date_published | 2018-08-24T00:00:00Z |
| source | MITRE |
| title | Back to School: COBALT DICKENS Targets Universities |
Cybereason Kimsuky November 2020
Dahan, A. et al. (2020, November 2). Back to the Future: Inside the Kimsuky KGH Spyware Suite. Retrieved November 6, 2020.
Internal MISP references
UUID ecc2f5ad-b2a8-470b-b919-cb184d12d00f which can be used as unique global reference for Cybereason Kimsuky November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-06T00:00:00Z |
| date_published | 2020-11-02T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Back to the Future: Inside the Kimsuky KGH Spyware Suite |
Proofpoint TA453 March 2021
Miller, J. et al. (2021, March 30). BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns. Retrieved May 4, 2021.
Internal MISP references
UUID 5ba4217c-813b-4cc5-b694-3a4dcad776e4 which can be used as unique global reference for Proofpoint TA453 March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-04T00:00:00Z |
| date_published | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns |
Unit 42 BadPatch Oct 2017
Bar, T., Conant, S. (2017, October 20). BadPatch. Retrieved November 13, 2018.
Internal MISP references
UUID 9c294bf7-24ba-408a-90b8-5b9885838e1b which can be used as unique global reference for Unit 42 BadPatch Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2017-10-20T00:00:00Z |
| source | MITRE |
| title | BadPatch |
ESET Bad Rabbit
M.Léveille, M-E.. (2017, October 24). Bad Rabbit: Not‑Petya is back with improved ransomware. Retrieved January 28, 2021.
Internal MISP references
UUID a9664f01-78f0-4461-a757-12f54ec99a56 which can be used as unique global reference for ESET Bad Rabbit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-28T00:00:00Z |
| date_published | 2017-10-24T00:00:00Z |
| source | MITRE |
| title | Bad Rabbit: Not‑Petya is back with improved ransomware |
Secure List Bad Rabbit
Mamedov, O. Sinitsyn, F. Ivanov, A.. (2017, October 24). Bad Rabbit ransomware. Retrieved January 28, 2021.
Internal MISP references
UUID f4cec03a-ea94-4874-9bea-16189e967ff9 which can be used as unique global reference for Secure List Bad Rabbit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-28T00:00:00Z |
| date_published | 2017-10-24T00:00:00Z |
| source | MITRE |
| title | Bad Rabbit ransomware |
Google Cloud Threat Intelligence ESXi VIBs 2022
Alexander Marvi, Jeremy Koppen, Tufail Ahmed, and Jonathan Lepore. (2022, September 29). Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors. Retrieved March 26, 2025.
Internal MISP references
UUID 09edd87d-8b5b-5071-90f5-b4d394df38fa which can be used as unique global reference for Google Cloud Threat Intelligence ESXi VIBs 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2022-09-29T00:00:00Z |
| source | MITRE |
| title | Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors |
BlackBerry Bahamut
The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.
Internal MISP references
UUID 872c377b-724b-454c-8432-e38062a7c331 which can be used as unique global reference for BlackBerry Bahamut in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-08T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps |
BaltimoreSun RobbinHood May 2019
Duncan, I., Campbell, C. (2019, May 7). Baltimore city government computer network hit by ransomware attack. Retrieved July 29, 2019.
Internal MISP references
UUID f578de81-ea6b-49d0-9a0a-111e07249cd8 which can be used as unique global reference for BaltimoreSun RobbinHood May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-29T00:00:00Z |
| date_published | 2019-05-07T00:00:00Z |
| source | MITRE |
| title | Baltimore city government computer network hit by ransomware attack |
ESET Research Bandook July 7 2021
Fernando Tavella, Matías Porolli. (2021, July 7). Bandidos at large: A spying campaign in Latin America. Retrieved October 25, 2023.
Internal MISP references
UUID da6cac04-a318-4972-bd78-8272116b4ad7 which can be used as unique global reference for ESET Research Bandook July 7 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| date_published | 2021-07-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bandidos at large: A spying campaign in Latin America |
CheckPoint Bandook Nov 2020
Check Point. (2020, November 26). Bandook: Signed & Delivered. Retrieved May 31, 2021.
Internal MISP references
UUID 352652a9-86c9-42e1-8ee0-968180c6a51e which can be used as unique global reference for CheckPoint Bandook Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-31T00:00:00Z |
| date_published | 2020-11-26T00:00:00Z |
| source | MITRE |
| title | Bandook: Signed & Delivered |
Banker Google Chrome Extension Steals Creds
Marinho, R. (n.d.). (Banker(GoogleChromeExtension)).targeting. Retrieved November 18, 2017.
Internal MISP references
UUID 93f37adc-d060-4b35-9a4d-62d2ad61cdf3 which can be used as unique global reference for Banker Google Chrome Extension Steals Creds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-18T00:00:00Z |
| source | MITRE |
| title | (Banker(GoogleChromeExtension)).targeting |
Unit42 Banking Trojans Hooking 2022
Or Chechik. (2022, October 31). Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure. Retrieved September 27, 2023.
Internal MISP references
UUID 411c3df4-08e6-518a-953d-19988b663dc4 which can be used as unique global reference for Unit42 Banking Trojans Hooking 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2022-10-31T00:00:00Z |
| source | MITRE |
| title | Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure |
Linux manual bash invocation
ArchWiki. (2021, January 19). Bash. Retrieved February 25, 2021.
Internal MISP references
UUID 06185cbd-6635-46c7-9783-67bd8742b66f which can be used as unique global reference for Linux manual bash invocation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-25T00:00:00Z |
| date_published | 2021-01-19T00:00:00Z |
| source | MITRE |
| title | Bash |
DieNet Bash
die.net. (n.d.). bash(1) - Linux man page. Retrieved June 12, 2020.
Internal MISP references
UUID c5b362ce-6bae-46f7-b047-e3a0b2bf2580 which can be used as unique global reference for DieNet Bash in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-12T00:00:00Z |
| source | MITRE |
| title | bash(1) - Linux man page |
Bash.exe - LOLBAS Project
LOLBAS. (2018, May 25). Bash.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7d3efbc7-6abf-4f3f-aec8-686100bb90ad which can be used as unique global reference for Bash.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bash.exe |
Bashfuscator Command Obfuscators
LeFevre, A. (n.d.). Bashfuscator Command Obfuscators. Retrieved March 17, 2023.
Internal MISP references
UUID c0256889-3ff0-59de-b0d1-39a947a4c89d which can be used as unique global reference for Bashfuscator Command Obfuscators in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| source | MITRE |
| title | Bashfuscator Command Obfuscators |
Microsoft Basic TxF Concepts
Microsoft. (n.d.). Basic TxF Concepts. Retrieved December 20, 2017.
Internal MISP references
UUID 72798536-a7e3-43e2-84e3-b5b8b54f0bca which can be used as unique global reference for Microsoft Basic TxF Concepts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| source | MITRE |
| title | Basic TxF Concepts |
eSentire | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif
eSentire. (2023, March 9). BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif. Retrieved May 10, 2023.
Internal MISP references
UUID 1bf10604-708f-4c4f-abe5-816768873496 which can be used as unique global reference for eSentire | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-10T00:00:00Z |
| date_published | 2023-03-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif |
BATLOADER: The Evasive Downloader Malware
Bethany Hardin, Lavine Oluoch, Tatiana Vollbrecht. (2022, November 14). BATLOADER: The Evasive Downloader Malware. Retrieved June 5, 2023.
Internal MISP references
UUID 53e12ade-99ed-51ee-b5c8-32180f144658 which can be used as unique global reference for BATLOADER: The Evasive Downloader Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-05T00:00:00Z |
| date_published | 2022-11-14T00:00:00Z |
| source | MITRE |
| title | BATLOADER: The Evasive Downloader Malware |
AdvIntel Bazar Call August 10 2022
AdvIntel. (2022, August 10). “BazarCall” Advisory: Essential Guide to Attack Vector that Revolutionized Data Breaches. Retrieved June 28, 2024.
Internal MISP references
UUID 5d3dff70-28c2-42a5-bf58-211fe6491fd2 which can be used as unique global reference for AdvIntel Bazar Call August 10 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-28T00:00:00Z |
| date_published | 2022-08-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | “BazarCall” Advisory: Essential Guide to Attack Vector that Revolutionized Data Breaches |
Palo Alto Networks BBSRAT
Lee, B. Grunzweig, J. (2015, December 22). BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger. Retrieved August 19, 2016.
Internal MISP references
UUID 8c5d61ba-24c5-4f6c-a208-e0a5d23ebb49 which can be used as unique global reference for Palo Alto Networks BBSRAT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-19T00:00:00Z |
| date_published | 2015-12-22T00:00:00Z |
| source | MITRE |
| title | BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger |
Microsoft bcdedit 2021
Microsoft. (2021, May 27). bcdedit. Retrieved June 23, 2021.
Internal MISP references
UUID 40dedfcb-f666-4f2d-a518-5cd4ae2e273c which can be used as unique global reference for Microsoft bcdedit 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-23T00:00:00Z |
| date_published | 2021-05-27T00:00:00Z |
| source | MITRE |
| title | bcdedit |
MicrosoftLearn December 15 2021
MicrosoftLearn. (2021, December 15). BCDEdit Command-Line Options. Retrieved December 19, 2024.
Internal MISP references
UUID 0735cdfc-1f92-4e9e-848e-bc898e85b29d which can be used as unique global reference for MicrosoftLearn December 15 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2021-12-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BCDEdit Command-Line Options |
Securelist BlackEnergy Nov 2014
Baumgartner, K. and Garnaeva, M.. (2014, November 3). BE2 custom plugins, router abuse, and target profiles. Retrieved March 24, 2016.
Internal MISP references
UUID c64696d0-ee42-41e5-92cb-13cf43fac0c9 which can be used as unique global reference for Securelist BlackEnergy Nov 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2014-11-03T00:00:00Z |
| source | MITRE |
| title | BE2 custom plugins, router abuse, and target profiles |
Securelist BlackEnergy Feb 2015
Baumgartner, K. and Garnaeva, M.. (2015, February 17). BE2 extraordinary plugins, Siemens targeting, dev fails. Retrieved March 24, 2016.
Internal MISP references
UUID ef043c07-6ae6-4cd2-82cf-7cbdb259f676 which can be used as unique global reference for Securelist BlackEnergy Feb 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2015-02-17T00:00:00Z |
| source | MITRE |
| title | BE2 extraordinary plugins, Siemens targeting, dev fails |
Crowdstrike DNC June 2016
Alperovitch, D.. (2016, June 15). Bears in the Midst: Intrusion into the Democratic National Committee. Retrieved August 3, 2016.
Internal MISP references
UUID 7f4edc06-ac67-4d71-b39c-5df9ce521bbb which can be used as unique global reference for Crowdstrike DNC June 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-06-15T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Bears in the Midst: Intrusion into the Democratic National Committee |
Deep Instinct Black Basta August 2022
Vilkomir-Preisman, S. (2022, August 18). Beating Black Basta Ransomware. Retrieved March 8, 2023.
Internal MISP references
UUID 72b64d7d-f8eb-54d3-83c8-a883906ceea1 which can be used as unique global reference for Deep Instinct Black Basta August 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-08-18T00:00:00Z |
| source | MITRE |
| title | Beating Black Basta Ransomware |
Bienstock, D. - Defending O365 - 2019
Bienstock, D.. (2019). BECS and Beyond: Investigating and Defending O365. Retrieved November 17, 2024.
Internal MISP references
UUID 4866e6c3-c1b2-4131-bd8f-0ac228168a10 which can be used as unique global reference for Bienstock, D. - Defending O365 - 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2019-01-01T00:00:00Z |
| source | MITRE |
| title | BECS and Beyond: Investigating and Defending O365 |
Kevin Mandia Statement to US Senate Committee on Intelligence
Kevin Mandia. (2017, March 30). Prepared Statement of Kevin Mandia, CEO of FireEye, Inc. before the United States Senate Select Committee on Intelligence. Retrieved April 19, 2019.
Internal MISP references
UUID c40a3f96-75f4-4b1c-98a5-cb38129c6dc4 which can be used as unique global reference for Kevin Mandia Statement to US Senate Committee on Intelligence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| source | MITRE |
| title | before the United States Senate Select Committee on Intelligence |
Microsoft Dofoil 2018
Windows Defender Research. (2018, March 7). Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign. Retrieved March 20, 2018.
Internal MISP references
UUID 85069317-2c25-448b-9ff4-504e429dc1bf which can be used as unique global reference for Microsoft Dofoil 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-20T00:00:00Z |
| date_published | 2018-03-07T00:00:00Z |
| source | MITRE |
| title | Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign |
Obsidian SSPR Abuse 2023
Noah Corradin and Shuyang Wang. (2023, August 1). Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD. Retrieved March 28, 2024.
Internal MISP references
UUID 7f28f770-ef06-5923-b759-b731ceabe08a which can be used as unique global reference for Obsidian SSPR Abuse 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-28T00:00:00Z |
| date_published | 2023-08-01T00:00:00Z |
| source | MITRE |
| title | Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD |
FireEye CARBANAK June 2017
Bennett, J., Vengerik, B. (2017, June 12). Behind the CARBANAK Backdoor. Retrieved June 11, 2018.
Internal MISP references
UUID 39105492-6044-460c-9dc9-3d4473ee862e which can be used as unique global reference for FireEye CARBANAK June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-11T00:00:00Z |
| date_published | 2017-06-12T00:00:00Z |
| source | MITRE |
| title | Behind the CARBANAK Backdoor |
Expel Behind the Scenes
S. Lipton, L. Easterly, A. Randazzo and J. Hencinski. (2020, July 28). Behind the scenes in the Expel SOC: Alert-to-fix in AWS. Retrieved October 1, 2020.
Internal MISP references
UUID d538026c-da30-48d2-bc30-fde3776db1a8 which can be used as unique global reference for Expel Behind the Scenes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-01T00:00:00Z |
| date_published | 2020-07-28T00:00:00Z |
| source | MITRE |
| title | Behind the scenes in the Expel SOC: Alert-to-fix in AWS |
Microsoft BEC Campaign
Carr, N., Sellmer, S. (2021, June 14). Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign. Retrieved June 15, 2021.
Internal MISP references
UUID 1de8c853-2b0c-439b-a31b-a2c4fa9f4206 which can be used as unique global reference for Microsoft BEC Campaign in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-15T00:00:00Z |
| date_published | 2021-06-14T00:00:00Z |
| source | MITRE |
| title | Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign |
FBI i-Soon PSA March 5 2025
FBI IC3. (2025, March 5). Beijing Leveraging Freelance Hackers and Information Security Companies to Compromise Computer Networks Worldwide. Retrieved March 12, 2025.
Internal MISP references
UUID 7f549454-a535-4453-8586-5c4603089cc4 which can be used as unique global reference for FBI i-Soon PSA March 5 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-12T00:00:00Z |
| date_published | 2025-03-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Beijing Leveraging Freelance Hackers and Information Security Companies to Compromise Computer Networks Worldwide |
Unit42 BendyBear Feb 2021
Harbison, M. (2021, February 9). BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech. Retrieved February 16, 2021.
Internal MISP references
UUID f5cbc08f-6f2c-4c81-9d68-07f61e16f138 which can be used as unique global reference for Unit42 BendyBear Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-16T00:00:00Z |
| date_published | 2021-02-09T00:00:00Z |
| source | MITRE |
| title | BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech |
Google Cloud Storage Best Practices, 2019
Google. (2019, September 16). Best practices for Cloud Storage. Retrieved October 4, 2019.
Internal MISP references
UUID 752ad355-0f10-4c8d-bad8-42bf2fc75fa0 which can be used as unique global reference for Google Cloud Storage Best Practices, 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2019-09-16T00:00:00Z |
| source | MITRE |
| title | Best practices for Cloud Storage |
AWS Management Account Best Practices
AWS. (n.d.). Best practices for the management account. Retrieved October 16, 2024.
Internal MISP references
UUID f20b5870-d82d-5c50-893a-73248c8f5900 which can be used as unique global reference for AWS Management Account Best Practices in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-16T00:00:00Z |
| source | MITRE |
| title | Best practices for the management account |
site notifications - krebsonsecurity
Frank Angiolelli, Indelible LLC, Malwarebytes, McAfee, Norton, Pieter Arntz, PushWelcome. (2020, November 17). Be Very Sparing in Allowing Site Notifications. Retrieved March 14, 2025.
Internal MISP references
UUID 64f4d843-7243-561f-a31a-0ddcc7050dcc which can be used as unique global reference for site notifications - krebsonsecurity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-14T00:00:00Z |
| date_published | 2020-11-17T00:00:00Z |
| source | MITRE |
| title | Be Very Sparing in Allowing Site Notifications |
blog.avast.com January 16 2023
Emma McGowan. (2023, January 16). Beware of DDosia, a botnet created to facilitate DDoS attacks. Retrieved December 12, 2024.
Internal MISP references
UUID b621071e-6b0f-4e27-b179-2f28b5d66b7f which can be used as unique global reference for blog.avast.com January 16 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-12T00:00:00Z |
| date_published | 2023-01-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Beware of DDosia, a botnet created to facilitate DDoS attacks |
vNinja Rogue VMs 2024
Christian Mohn. (2024, November 11). Beware Of The Rogue VMs!. Retrieved March 26, 2025.
Internal MISP references
UUID 13e70e21-edf7-5894-ad90-9a2545df13fc which can be used as unique global reference for vNinja Rogue VMs 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2024-11-11T00:00:00Z |
| source | MITRE |
| title | Beware Of The Rogue VMs! |
Shadowbunny VM Defense Evasion
Johann Rehberger. (2020, September 23). Beware of the Shadowbunny - Using virtual machines to persist and evade detections. Retrieved September 22, 2021.
Internal MISP references
UUID eef7cd8a-8cb6-4b24-ba49-9b17353d20b5 which can be used as unique global reference for Shadowbunny VM Defense Evasion in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2020-09-23T00:00:00Z |
| source | MITRE |
| title | Beware of the Shadowbunny - Using virtual machines to persist and evade detections |
Akamai Corona Zero-Day August 28 2024
Kyle Lefton, Larry Cashdollar, Aline Eliovich. (2024, August 28). Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day. Retrieved September 5, 2024.
Internal MISP references
UUID 140284f8-075c-4225-99dd-519ba5cebabe which can be used as unique global reference for Akamai Corona Zero-Day August 28 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-05T00:00:00Z |
| date_published | 2024-08-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day |
T1105: Trellix_search-ms
Mathanraj Thangaraju, Sijo Jacob. (2023, July 26). Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler. Retrieved March 15, 2024.
Internal MISP references
UUID 7079d170-9ead-5be4-bbc8-13c3f082b3dd which can be used as unique global reference for T1105: Trellix_search-ms in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-15T00:00:00Z |
| date_published | 2023-07-26T00:00:00Z |
| source | MITRE |
| title | Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler |
Hexacorn Office Test
Hexacorn. (2014, April 16). Beyond good ol’ Run key, Part 10. Retrieved July 3, 2017.
Internal MISP references
UUID 60d90852-ea00-404d-b613-9ad1589aff31 which can be used as unique global reference for Hexacorn Office Test in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2014-04-16T00:00:00Z |
| source | MITRE |
| title | Beyond good ol’ Run key, Part 10 |
Hexacorn Logon Scripts
Hexacorn. (2014, November 14). Beyond good ol’ Run key, Part 18. Retrieved November 15, 2019.
Internal MISP references
UUID bdcdfe9e-1f22-4472-9a86-faefcb5c5618 which can be used as unique global reference for Hexacorn Logon Scripts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-15T00:00:00Z |
| date_published | 2014-11-14T00:00:00Z |
| source | MITRE |
| title | Beyond good ol’ Run key, Part 18 |
Hexacorn DLL Hijacking
Hexacorn. (2013, December 8). Beyond good ol’ Run key, Part 5. Retrieved August 14, 2024.
Internal MISP references
UUID bbe0690e-f368-5715-8a41-aa95836a5e4c which can be used as unique global reference for Hexacorn DLL Hijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-14T00:00:00Z |
| date_published | 2013-12-08T00:00:00Z |
| source | MITRE |
| title | Beyond good ol’ Run key, Part 5 |
Hexacorn Office Template Macros
Hexacorn. (2017, April 17). Beyond good ol’ Run key, Part 62. Retrieved July 3, 2017.
Internal MISP references
UUID 7d558a35-a5c0-4e4c-92bf-cb2435c41a95 which can be used as unique global reference for Hexacorn Office Template Macros in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2017-04-17T00:00:00Z |
| source | MITRE |
| title | Beyond good ol’ Run key, Part 62 |
elastic.co August 15 2024
Elastic Security Labs. (2024, August 15). Beyond the wail deconstructing the BANSHEE infostealer — Elastic Security Labs. Retrieved August 25, 2024.
Internal MISP references
UUID 9cfe5512-0fa8-48c3-8431-392aaa1a2baa which can be used as unique global reference for elastic.co August 15 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-25T00:00:00Z |
| date_published | 2024-08-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Beyond the wail deconstructing the BANSHEE infostealer — Elastic Security Labs |
BeyondTrust Announcement December 8 2024
BeyondTrust. (2024, December 8). BeyondTrust Remote Support SaaS Service Security Investigation. Retrieved January 6, 2025.
Internal MISP references
UUID 1d1347e2-56b6-4376-b2b6-7e3fc0a1ccde which can be used as unique global reference for BeyondTrust Announcement December 8 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-06T00:00:00Z |
| date_published | 2024-12-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BeyondTrust Remote Support SaaS Service Security Investigation |
BleepingComputer BeyondTrust December 19 2024
Bill Toulas. (2024, December 19). BeyondTrust says hackers breached Remote Support SaaS instances. Retrieved January 6, 2025.
Internal MISP references
UUID 20c92ad4-9481-48cd-8e72-2f720cd7c52b which can be used as unique global reference for BleepingComputer BeyondTrust December 19 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-06T00:00:00Z |
| date_published | 2024-12-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BeyondTrust says hackers breached Remote Support SaaS instances |
Bginfo.exe - LOLBAS Project
LOLBAS. (2018, May 25). Bginfo.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ca1eaac2-7449-4a76-bec2-9dc5971fd808 which can be used as unique global reference for Bginfo.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bginfo.exe |
Cyble August 18 2022
Cybleinc. (2022, August 18). BianLian: New Ransomware variant on the rise. Retrieved May 18, 2023.
Internal MISP references
UUID 2de00d16-9b9e-4e03-925f-4fcdae4d6e1a which can be used as unique global reference for Cyble August 18 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-18T00:00:00Z |
| date_published | 2022-08-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BianLian: New Ransomware variant on the rise |
BianLian Ransomware Gang Gives It a Go! | [redacted]
Ben Armstrong, Lauren Pearce, Brad Pittack, Danny Quist. (2022, September 1). BianLian Ransomware Gang Gives It a Go!. Retrieved May 18, 2023.
Internal MISP references
UUID fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d which can be used as unique global reference for BianLian Ransomware Gang Gives It a Go! | [redacted] in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-18T00:00:00Z |
| date_published | 2022-09-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BianLian Ransomware Gang Gives It a Go! |
Group IB APT 41 June 2021
Rostovcev, N. (2021, June 10). Big airline heist APT41 likely behind a third-party attack on Air India. Retrieved August 26, 2021.
Internal MISP references
UUID a2bf43a0-c7da-4cb9-8f9a-b34fac92b625 which can be used as unique global reference for Group IB APT 41 June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-26T00:00:00Z |
| date_published | 2021-06-10T00:00:00Z |
| source | MITRE |
| title | Big airline heist APT41 likely behind a third-party attack on Air India |
Crowdstrike Indrik November 2018
Frankoff, S., Hartley, B. (2018, November 14). Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware. Retrieved January 6, 2021.
Internal MISP references
UUID 0f85f611-90db-43ba-8b71-5d0d4ec8cdd5 which can be used as unique global reference for Crowdstrike Indrik November 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2018-11-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware |
CrowdStrike Ryuk January 2019
Hanel, A. (2019, January 10). Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved May 12, 2020.
Internal MISP references
UUID df471757-2ce0-48a7-922f-a84c57704914 which can be used as unique global reference for CrowdStrike Ryuk January 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-12T00:00:00Z |
| date_published | 2019-01-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware |
Symantec Bilbug 2022
Symntec Threat Hunter Team. (2022, November 12). Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries. Retrieved March 15, 2025.
Internal MISP references
UUID 0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05 which can be used as unique global reference for Symantec Bilbug 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-15T00:00:00Z |
| date_published | 2022-11-12T00:00:00Z |
| source | MITRE |
| title | Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries |
Elastic Binary Executed from Shared Memory Directory
Elastic. (n.d.). Binary Executed from Shared Memory Directory. Retrieved September 24, 2024.
Internal MISP references
UUID 025912f5-531c-5a14-b300-e42f00077264 which can be used as unique global reference for Elastic Binary Executed from Shared Memory Directory in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-24T00:00:00Z |
| source | MITRE |
| title | Binary Executed from Shared Memory Directory |
OWASP Binary Planting
OWASP. (2013, January 30). Binary planting. Retrieved June 7, 2016.
Internal MISP references
UUID 86fc5a62-385e-4c56-9812-138db0808fba which can be used as unique global reference for OWASP Binary Planting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-07T00:00:00Z |
| date_published | 2013-01-30T00:00:00Z |
| source | MITRE |
| title | Binary planting |
dll pre load owasp
OWASP. (n.d.). Binary Planting. Retrieved January 30, 2025.
Internal MISP references
UUID 78a3b96a-42d6-51d1-97ed-89de5d91dbb0 which can be used as unique global reference for dll pre load owasp in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-30T00:00:00Z |
| source | MITRE |
| title | Binary Planting |
Wikipedia Binary-to-text Encoding
Wikipedia. (2016, December 26). Binary-to-text encoding. Retrieved March 1, 2017.
Internal MISP references
UUID 9b3820e8-f094-4e87-9ed6-ab0207d509fb which can be used as unique global reference for Wikipedia Binary-to-text Encoding in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2016-12-26T00:00:00Z |
| source | MITRE |
| title | Binary-to-text encoding |
Sucuri BIND9 August 2015
Cid, D.. (2015, August 2). BIND9 – Denial of Service Exploit in the Wild. Retrieved April 26, 2019.
Internal MISP references
UUID 5e108782-2f32-4704-be01-055d9e767216 which can be used as unique global reference for Sucuri BIND9 August 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-26T00:00:00Z |
| date_published | 2015-08-02T00:00:00Z |
| source | MITRE |
| title | BIND9 – Denial of Service Exploit in the Wild |
Wikipedia BIOS
Wikipedia. (n.d.). BIOS. Retrieved January 5, 2016.
Internal MISP references
UUID 0c4a2cb3-d663-47ee-87af-c5e9e68fe15f which can be used as unique global reference for Wikipedia BIOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-05T00:00:00Z |
| source | MITRE |
| title | BIOS |
Ge 2011
Ge, L. (2011, September 9). BIOS Threat is Showing up Again!. Retrieved November 14, 2014.
Internal MISP references
UUID dd6032fb-8913-4593-81b9-86d1239e01f4 which can be used as unique global reference for Ge 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-14T00:00:00Z |
| date_published | 2011-09-09T00:00:00Z |
| source | MITRE |
| title | BIOS Threat is Showing up Again! |
Broadcom BirdyClient Microsoft Graph API 2024
Broadcom. (2024, May 2). BirdyClient malware leverages Microsoft Graph API for C&C communication. Retrieved July 1, 2024.
Internal MISP references
UUID a55197e2-3ed7-5b6f-8ab5-06218c2226a4 which can be used as unique global reference for Broadcom BirdyClient Microsoft Graph API 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-01T00:00:00Z |
| date_published | 2024-05-02T00:00:00Z |
| source | MITRE |
| title | BirdyClient malware leverages Microsoft Graph API for C&C communication |
Talos Bisonal Mar 2020
Mercer, W., et al. (2020, March 5). Bisonal: 10 years of play. Retrieved January 26, 2022.
Internal MISP references
UUID eaecccff-e0a0-4fa0-81e5-799b23c26b5a which can be used as unique global reference for Talos Bisonal Mar 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-26T00:00:00Z |
| date_published | 2020-03-05T00:00:00Z |
| source | MITRE |
| title | Bisonal: 10 years of play |
Talos Bisonal 10 Years March 2020
Warren Mercer, Paul Rascagneres, Vitor Ventura. (2020, March 6). Bisonal 10 Years of Play. Retrieved October 17, 2021.
Internal MISP references
UUID 6844e59b-d393-43df-9978-e3e3cc7b8db6 which can be used as unique global reference for Talos Bisonal 10 Years March 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-17T00:00:00Z |
| date_published | 2020-03-06T00:00:00Z |
| source | MITRE |
| title | Bisonal 10 Years of Play |
Unit 42 Bisonal July 2018
Hayashi, K., Ray, V. (2018, July 31). Bisonal Malware Used in Attacks Against Russia and South Korea. Retrieved August 7, 2018.
Internal MISP references
UUID 30b2ec12-b785-43fb-ab72-b37387046d15 which can be used as unique global reference for Unit 42 Bisonal July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-07T00:00:00Z |
| date_published | 2018-07-31T00:00:00Z |
| source | MITRE |
| title | Bisonal Malware Used in Attacks Against Russia and South Korea |
Bitsadmin.exe - LOLBAS Project
LOLBAS. (2018, May 25). Bitsadmin.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 89bdc17b-553c-4245-acde-f6c56602e357 which can be used as unique global reference for Bitsadmin.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bitsadmin.exe |
Microsoft BITSAdmin
Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018.
Internal MISP references
UUID 5b8c2a8c-f01e-491a-aaf9-504ee7a1caed which can be used as unique global reference for Microsoft BITSAdmin in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| source | MITRE |
| title | BITSAdmin Tool |
Cisco Talos Bitter Bangladesh May 2022
Raghuprasad, C . (2022, May 11). Bitter APT adds Bangladesh to their targets. Retrieved June 1, 2022.
Internal MISP references
UUID 097583ed-03b0-41cd-bf85-66d473f46439 which can be used as unique global reference for Cisco Talos Bitter Bangladesh May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| date_published | 2022-05-11T00:00:00Z |
| source | MITRE |
| title | Bitter APT adds Bangladesh to their targets |
Forcepoint BITTER Pakistan Oct 2016
Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved June 1, 2022.
Internal MISP references
UUID 9fc54fb0-b7d9-49dc-b6dd-ab4cb2cd34fa which can be used as unique global reference for Forcepoint BITTER Pakistan Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| date_published | 2016-10-21T00:00:00Z |
| source | MITRE |
| title | BITTER: a targeted attack against Pakistan |
Camba RARSTONE
Camba, A. (2013, February 27). BKDR_RARSTONE: New RAT to Watch Out For. Retrieved January 8, 2016.
Internal MISP references
UUID bca93846-457d-4644-ba43-f9293982916f which can be used as unique global reference for Camba RARSTONE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-08T00:00:00Z |
| date_published | 2013-02-27T00:00:00Z |
| source | MITRE |
| title | BKDR_RARSTONE: New RAT to Watch Out For |
TrendMicro BKDR_URSNIF.SM
Sioting, S. (2013, June 15). BKDR_URSNIF.SM. Retrieved June 5, 2019.
Internal MISP references
UUID aa791512-039e-4230-ab49-f184ca0e38c5 which can be used as unique global reference for TrendMicro BKDR_URSNIF.SM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-05T00:00:00Z |
| date_published | 2013-06-15T00:00:00Z |
| source | MITRE |
| title | BKDR_URSNIF.SM |
Cyble September 28 2022
Cybleinc. (2023, September 28). Bl00dy – New Ransomware Strain Active in the Wild. Retrieved August 3, 2023.
Internal MISP references
UUID ae2daa9c-6741-4ab7-854d-bee1170b3d7a which can be used as unique global reference for Cyble September 28 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-03T00:00:00Z |
| date_published | 2023-09-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bl00dy – New Ransomware Strain Active in the Wild |
Trend Micro Pikabot January 9 2024
Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot, Ian Kenefick. (2024, January 9). Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign. Retrieved January 11, 2024.
Internal MISP references
UUID dc7d882b-4e83-42da-8e2f-f557b675930a which can be used as unique global reference for Trend Micro Pikabot January 9 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-11T00:00:00Z |
| date_published | 2024-01-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign |
TrendMicro Pikabot 2024
Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot & Ian Kenefick. (2024, January 9). Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign. Retrieved July 17, 2024.
Internal MISP references
UUID a2a22246-d49e-5847-9d20-dac64f1df3ea which can be used as unique global reference for TrendMicro Pikabot 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-17T00:00:00Z |
| date_published | 2024-01-09T00:00:00Z |
| source | MITRE |
| title | Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign |
Check Point Black Basta October 2022
Check Point. (2022, October 20). BLACK BASTA AND THE UNNOTICED DELIVERY. Retrieved March 8, 2023.
Internal MISP references
UUID 7a00457b-ae72-5aea-904f-9ca7f4cb9fe9 which can be used as unique global reference for Check Point Black Basta October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-10-20T00:00:00Z |
| source | MITRE |
| title | BLACK BASTA AND THE UNNOTICED DELIVERY |
BlackBasta
Antonio Cocomazzi and Antonio Pirozzi. (2022, November 3). Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor. Retrieved March 14, 2023.
Internal MISP references
UUID c7e55e37-d051-5111-8d0a-738656f88650 which can be used as unique global reference for BlackBasta in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-14T00:00:00Z |
| date_published | 2022-11-03T00:00:00Z |
| source | MITRE |
| title | Black Basta Ransomware |
Rapid7 BlackBasta 2024
McGraw, T. (2024, December 4). Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware. Retrieved December 9, 2024.
Internal MISP references
UUID a7a7b054-03ce-5e2d-96a7-5b7be993b260 which can be used as unique global reference for Rapid7 BlackBasta 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-09T00:00:00Z |
| date_published | 2024-12-04T00:00:00Z |
| source | MITRE |
| title | Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware |
Trend Micro Black Basta October 2022
Kenefick, I. et al. (2022, October 12). Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike. Retrieved February 6, 2023.
Internal MISP references
UUID 6e4a1565-4a30-5a6b-961c-226a6f1967ae which can be used as unique global reference for Trend Micro Black Basta October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-06T00:00:00Z |
| date_published | 2022-10-12T00:00:00Z |
| source | MITRE |
| title | Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike |
Uptycs Black Basta ESXi June 2022
Sharma, S. and Hegde, N. (2022, June 7). Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems. Retrieved March 8, 2023.
Internal MISP references
UUID a8145e38-c2a4-5021-824d-5a831299b9d9 which can be used as unique global reference for Uptycs Black Basta ESXi June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-06-07T00:00:00Z |
| source | MITRE |
| title | Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems |
Elliptic Black Basta November 29 2023
Elliptic Research. (2023, November 29). Black Basta ransomware victims have paid over $100 million. Retrieved May 14, 2024.
Internal MISP references
UUID dc7579c0-911d-417d-bba5-bc36e078b640 which can be used as unique global reference for Elliptic Black Basta November 29 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-14T00:00:00Z |
| date_published | 2023-11-29T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Black Basta ransomware victims have paid over $100 million |
BlackBerry Black Basta May 2022
Ballmer, D. (2022, May 6). Black Basta: Rebrand of Conti or Something New?. Retrieved March 7, 2023.
Internal MISP references
UUID 32a272fe-ac10-5478-88a0-b3dd366ec540 which can be used as unique global reference for BlackBerry Black Basta May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-05-06T00:00:00Z |
| source | MITRE |
| title | Black Basta: Rebrand of Conti or Something New? |
Cisco BlackByte 2024
James Nutland, Craig Jackson, Terryn Valikodath, & Brennan Evans. (2024, August 28). BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks. Retrieved December 16, 2024.
Internal MISP references
UUID 0b5c9baf-0f4e-5bed-a77d-7006559fc110 which can be used as unique global reference for Cisco BlackByte 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-16T00:00:00Z |
| date_published | 2024-08-28T00:00:00Z |
| source | MITRE |
| title | BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks |
WMI 6
Microsoft. (2022, June 13). BlackCat. Retrieved February 13, 2024.
Internal MISP references
UUID df07a086-0d38-570b-b0c5-9f5061212db7 which can be used as unique global reference for WMI 6 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-13T00:00:00Z |
| date_published | 2022-06-13T00:00:00Z |
| source | MITRE |
| title | BlackCat |
FBI BlackCat April 19 2022
FBI. (2022, April 19). BlackCat/ALPHV Ransomware Indicators of Compromise. Retrieved September 14, 2023.
Internal MISP references
UUID 2640b58c-8413-4691-80e1-33aec9b6c7f6 which can be used as unique global reference for FBI BlackCat April 19 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2022-04-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackCat/ALPHV Ransomware Indicators of Compromise |
X-Force BlackCat May 30 2023
IBM Security X-Force Team. (2023, May 30). BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration. Retrieved September 14, 2023.
Internal MISP references
UUID b80c1f70-9d05-4f4b-bdc2-6157c6837202 which can be used as unique global reference for X-Force BlackCat May 30 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2023-05-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration |
BlackBerry BlackCat Threat Overview
BlackBerry. (n.d.). BlackCat Malware (AKA ALPHV). Retrieved September 14, 2023.
Internal MISP references
UUID 59f98ae1-c62d-460f-8d2a-9ae287b59953 which can be used as unique global reference for BlackBerry BlackCat Threat Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackCat Malware (AKA ALPHV) |
Cybereason
Cybereason Nocturnus. (n.d.). Cybereason vs. BlackCat Ransomware. Retrieved March 26, 2025.
Internal MISP references
UUID 61dc7b51-3cca-5973-80a2-116cc9ad6f08 which can be used as unique global reference for Cybereason in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| source | MITRE |
| title | BlackCat Ransomware |
Huntress BlackCat
Carvey, H. (2024, February 28). BlackCat Ransomware Affiliate TTPs. Retrieved March 27, 2024.
Internal MISP references
UUID faa60cf9-0fc5-5728-90be-d0e11b48a921 which can be used as unique global reference for Huntress BlackCat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-27T00:00:00Z |
| date_published | 2024-02-28T00:00:00Z |
| source | MITRE |
| title | BlackCat Ransomware Affiliate TTPs |
Sophos BlackCat Jul 2022
Brandt, Andrew. (2022, July 14). BlackCat ransomware attacks not merely a byproduct of bad luck. Retrieved December 20, 2022.
Internal MISP references
UUID 481a0106-d5b6-532c-8f5b-6c0c477185f4 which can be used as unique global reference for Sophos BlackCat Jul 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-12-20T00:00:00Z |
| date_published | 2022-07-14T00:00:00Z |
| source | MITRE |
| title | BlackCat ransomware attacks not merely a byproduct of bad luck |
ESEST Black Energy Jan 2016
Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved May 18, 2016.
Internal MISP references
UUID 4d626eb9-3722-4aa4-b95e-1650cc2865c2 which can be used as unique global reference for ESEST Black Energy Jan 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-05-18T00:00:00Z |
| date_published | 2016-01-03T00:00:00Z |
| source | MITRE |
| title | BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry |
ESET BlackEnergy Jan 2016
Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry . Retrieved June 10, 2020.
Internal MISP references
UUID a0103079-c966-46b6-8871-c01f7f0eea4c which can be used as unique global reference for ESET BlackEnergy Jan 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2016-01-03T00:00:00Z |
| source | MITRE |
| title | BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry |
F-Secure BlackEnergy 2014
F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.
Internal MISP references
UUID 5f228fb5-d959-4c4a-bb8c-f9dc01d5af07 which can be used as unique global reference for F-Secure BlackEnergy 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | BlackEnergy & Quedagh: The convergence of crimeware and APT attacks |
Resecurity BlackLock March 25 2025
Resecurity. (2025, March 25). Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure. Retrieved June 13, 2025.
Internal MISP references
UUID 2977c45f-3a7a-42ae-be59-378aa288dc24 which can be used as unique global reference for Resecurity BlackLock March 25 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-13T12:00:00Z |
| date_published | 2025-03-25T12:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure |
The Hacker News BlackLock March 29 2025
Ravie Lakshmanan. (2025, March 29). BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability. Retrieved June 13, 2025.
Internal MISP references
UUID 01ac7d5f-252c-496f-b637-6ba673e7ccab which can be used as unique global reference for The Hacker News BlackLock March 29 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-13T12:00:00Z |
| date_published | 2025-03-29T12:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability |
ESET BlackLotus March 01 2023
Martin Smolár. (2023, March 1). BlackLotus UEFI bootkit: Myth confirmed. Retrieved September 29, 2023.
Internal MISP references
UUID 1a4c134b-c701-400f-beee-e6b3cc835042 which can be used as unique global reference for ESET BlackLotus March 01 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-29T00:00:00Z |
| date_published | 2023-03-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackLotus UEFI bootkit: Myth confirmed |
welivesecurity
Martin Smolár. (2023, March 1). BlackLotus UEFI bootkit: Myth confirmed. Retrieved February 11, 2025.
Internal MISP references
UUID dedb9dce-a1d7-5537-9695-064a27e9a5d6 which can be used as unique global reference for welivesecurity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-11T00:00:00Z |
| date_published | 2023-03-01T00:00:00Z |
| source | MITRE |
| title | BlackLotus UEFI bootkit: Myth confirmed |
Securelist BlackOasis Oct 2017
Kaspersky Lab's Global Research & Analysis Team. (2017, October 16). BlackOasis APT and new targeted attacks leveraging zero-day exploit. Retrieved February 15, 2018.
Internal MISP references
UUID 66121c37-6b66-4ab2-9f63-1adb80dcec62 which can be used as unique global reference for Securelist BlackOasis Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BlackOasis APT and new targeted attacks leveraging zero-day exploit |
ReliaQuest May 28 2024
ReliaQuest Threat Research Team. (2024, May 28). BlackSuit Attack Analysis - ReliaQuest. Retrieved June 5, 2024.
Internal MISP references
UUID 2a67b1df-9a15-487e-a777-8a3fe46b0179 which can be used as unique global reference for ReliaQuest May 28 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-05T00:00:00Z |
| date_published | 2024-05-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackSuit Attack Analysis - ReliaQuest |
HC3 Analyst Note BlackSuit Ransomware November 2023
Health Sector Cybersecurity Coordination Center (HC3). (2023, November 6). BlackSuit Ransomware. Retrieved June 7, 2024.
Internal MISP references
UUID d956f0c6-d90e-49e8-a64c-a46bfc177cc6 which can be used as unique global reference for HC3 Analyst Note BlackSuit Ransomware November 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-07T00:00:00Z |
| date_published | 2023-11-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackSuit Ransomware |
Cyble May 12 2023
Cybleinc. (2023, May 12). BlackSuit Ransomware Strikes Windows and Linux Users. Retrieved January 1, 2024.
Internal MISP references
UUID 7e335494-86a7-49cd-a9f3-783d73c36d9d which can be used as unique global reference for Cyble May 12 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-01T00:00:00Z |
| date_published | 2023-05-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackSuit Ransomware Strikes Windows and Linux Users |
Palo Alto Black-T October 2020
Quist, N. (2020, October 5). Black-T: New Cryptojacking Variant from TeamTNT. Retrieved September 22, 2021.
Internal MISP references
UUID d4351c8e-026d-4660-9344-166481ecf64a which can be used as unique global reference for Palo Alto Black-T October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2020-10-05T00:00:00Z |
| source | MITRE |
| title | Black-T: New Cryptojacking Variant from TeamTNT |
BlackWater Malware Cloudflare Workers
Lawrence Abrams. (2020, March 14). BlackWater Malware Abuses Cloudflare Workers for C2 Communication. Retrieved July 8, 2022.
Internal MISP references
UUID 053895e8-da3f-4291-a728-2198fde774e7 which can be used as unique global reference for BlackWater Malware Cloudflare Workers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-08T00:00:00Z |
| date_published | 2020-03-14T00:00:00Z |
| source | MITRE |
| title | BlackWater Malware Abuses Cloudflare Workers for C2 Communication |
Check Point Research Blind Eagle March 10 2025
Check Point Research. (2025, March 10). Blind Eagle: …And Justice for All. Retrieved March 22, 2025.
Internal MISP references
UUID 4a9b874a-8ed3-476d-8da2-d59e081c4b40 which can be used as unique global reference for Check Point Research Blind Eagle March 10 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-22T00:00:00Z |
| date_published | 2025-03-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Blind Eagle: …And Justice for All |
Zscaler September 5 2024
Gaetano Pellegrino. (2024, September 5). BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar. Retrieved September 6, 2024.
Internal MISP references
UUID 46689fc2-1a48-43d6-9c48-78e050e7f102 which can be used as unique global reference for Zscaler September 5 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-06T00:00:00Z |
| date_published | 2024-09-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar |
NHS UK BLINDINGCAN Aug 2020
NHS Digital . (2020, August 20). BLINDINGCAN Remote Access Trojan. Retrieved August 20, 2020.
Internal MISP references
UUID acca4c89-acce-4916-88b6-f4dac7d8ab19 which can be used as unique global reference for NHS UK BLINDINGCAN Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-20T00:00:00Z |
| date_published | 2020-08-20T00:00:00Z |
| source | MITRE |
| title | BLINDINGCAN Remote Access Trojan |
Azure Blob Snapshots
Microsoft Azure. (2021, December 29). Blob snapshots. Retrieved March 2, 2022.
Internal MISP references
UUID 152628ab-3244-4cc7-a68e-a220b652039b which can be used as unique global reference for Azure Blob Snapshots in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-02T00:00:00Z |
| date_published | 2021-12-29T00:00:00Z |
| source | MITRE |
| title | Blob snapshots |
objsee block blocking login items
Patrick Wardle. (2018, July 23). Block Blocking Login Items. Retrieved October 1, 2021.
Internal MISP references
UUID 76511800-8331-476b-ab4f-0daa587f5e22 which can be used as unique global reference for objsee block blocking login items in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-01T00:00:00Z |
| date_published | 2018-07-23T00:00:00Z |
| source | MITRE |
| title | Block Blocking Login Items |
Technospot Chrome Extensions GP
Mohta, A. (n.d.). Block Chrome Extensions using Google Chrome Group Policy Settings. Retrieved January 10, 2018.
Internal MISP references
UUID 76faf20c-27d3-4e67-8ab7-8480f8f88ae5 which can be used as unique global reference for Technospot Chrome Extensions GP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-10T00:00:00Z |
| source | MITRE |
| title | Block Chrome Extensions using Google Chrome Group Policy Settings |
Evi1cg Forfiles Nov 2017
Evi1cg. (2017, November 26). block cmd.exe ? try this :. Retrieved September 12, 2024.
Internal MISP references
UUID b292b85e-68eb-43c3-9b5b-222810e2f26a which can be used as unique global reference for Evi1cg Forfiles Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2017-11-26T00:00:00Z |
| source | MITRE |
| title | block cmd.exe ? try this : |
Fifield Blocking Resistent Communication through domain fronting 2015
David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. (2015). Blocking-resistant communication through domain fronting. Retrieved November 20, 2017.
Internal MISP references
UUID 52671075-c425-40c7-a49a-b75e44a0c58a which can be used as unique global reference for Fifield Blocking Resistent Communication through domain fronting 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-20T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | Blocking-resistant communication through domain fronting |
GitHub Bloodhound
Robbins, A., Vazarkar, R., and Schroeder, W. (2016, April 17). Bloodhound: Six Degrees of Domain Admin. Retrieved March 5, 2019.
Internal MISP references
UUID e90b4941-5dff-4f38-b4dd-af3426fd621e which can be used as unique global reference for GitHub Bloodhound in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2016-04-17T00:00:00Z |
| source | MITRE |
| title | Bloodhound: Six Degrees of Domain Admin |
Recorded Future BlueAlpha December 5 2024
Insikt Group. (2024, December 5). BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure. Retrieved December 10, 2024.
Internal MISP references
UUID 0baac037-864d-47d6-beb2-6243cd816036 which can be used as unique global reference for Recorded Future BlueAlpha December 5 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-10T00:00:00Z |
| date_published | 2024-12-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure |
PwC Blue Callisto December 6 2022
PwC Threat Intelligence. (2022, December 6). Blue Callisto orbits around US Laboratories in 2022. Retrieved October 1, 2024.
Internal MISP references
UUID ab48a205-ca06-4328-96a4-876007024a7d which can be used as unique global reference for PwC Blue Callisto December 6 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-01T00:00:00Z |
| date_published | 2022-12-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Blue Callisto orbits around US Laboratories in 2022 |
Blue Cloud of Death
Kunz, Bryce. (2018, May 11). Blue Cloud of Death: Red Teaming Azure. Retrieved October 23, 2019.
Internal MISP references
UUID 0c764280-9d8c-4fa4-9088-170f02550d4c which can be used as unique global reference for Blue Cloud of Death in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-23T00:00:00Z |
| date_published | 2018-05-11T00:00:00Z |
| source | MITRE |
| title | Blue Cloud of Death: Red Teaming Azure |
Blue Cloud of Death Video
Kunz, Bruce. (2018, October 14). Blue Cloud of Death: Red Teaming Azure. Retrieved November 21, 2019.
Internal MISP references
UUID 39b0adf6-c71e-4501-b8bb-fab82718486b which can be used as unique global reference for Blue Cloud of Death Video in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-21T00:00:00Z |
| date_published | 2018-10-14T00:00:00Z |
| source | MITRE |
| title | Blue Cloud of Death: Red Teaming Azure |
1 - appv
SEONGSU PARK. (2022, December 27). BlueNoroff introduces new methods bypassing MoTW. Retrieved February 6, 2024.
Internal MISP references
UUID acdf0a7f-f341-5bec-bfe0-f879827f0185 which can be used as unique global reference for 1 - appv in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-06T00:00:00Z |
| date_published | 2022-12-27T00:00:00Z |
| source | MITRE |
| title | BlueNoroff introduces new methods bypassing MoTW |
apple doco bonjour description
Apple Inc. (2013, April 23). Bonjour Overview. Retrieved October 11, 2021.
Internal MISP references
UUID b8538d67-ab91-41c2-9cc3-a7b00c6b372a which can be used as unique global reference for apple doco bonjour description in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-11T00:00:00Z |
| date_published | 2013-04-23T00:00:00Z |
| source | MITRE |
| title | Bonjour Overview |
Booby Trap Shortcut 2017
Weyne, F. (2017, April). Booby trap a shortcut with a backdoor. Retrieved October 3, 2023.
Internal MISP references
UUID 1a820fb8-3cff-584b-804f-9bad0592873b which can be used as unique global reference for Booby Trap Shortcut 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-03T00:00:00Z |
| date_published | 2017-04-01T00:00:00Z |
| source | MITRE |
| title | Booby trap a shortcut with a backdoor |
Microsoft Bootcfg
Gerend, J. et al. (2017, October 16). bootcfg. Retrieved August 30, 2021.
Internal MISP references
UUID 44ffaa60-4461-4463-a1b5-abc868368c0a which can be used as unique global reference for Microsoft Bootcfg in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-30T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | bootcfg |
Imperva DDoS for Hire
Imperva. (n.d.). Booters, Stressers and DDoSers. Retrieved October 4, 2020.
Internal MISP references
UUID 86f87ec6-058e-45a7-9314-0579a2b4e8f2 which can be used as unique global reference for Imperva DDoS for Hire in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-04T00:00:00Z |
| source | MITRE |
| title | Booters, Stressers and DDoSers |
Wikipedia Booting
Wikipedia. (n.d.). Booting. Retrieved November 13, 2019.
Internal MISP references
UUID 6d9c72cb-6cda-445e-89ea-7e695063d49a which can be used as unique global reference for Wikipedia Booting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-13T00:00:00Z |
| source | MITRE |
| title | Booting |
FireEye BOOTRASH SANS
Glyer, C.. (2017, June 22). Boot What?. Retrieved November 17, 2024.
Internal MISP references
UUID 835c9e5d-b291-43d9-9b8a-2978aa8c8cd3 which can be used as unique global reference for FireEye BOOTRASH SANS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE |
| title | Boot What? |
Unit42 LockerGoga 2019
Harbison, M. (2019, March 26). Born This Way? Origins of LockerGoga. Retrieved April 16, 2019.
Internal MISP references
UUID 8f058923-f2f7-4c0e-b90a-c7a0d5e62186 which can be used as unique global reference for Unit42 LockerGoga 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-03-26T00:00:00Z |
| source | MITRE |
| title | Born This Way? Origins of LockerGoga |
Threatexpress MetaTwin 2017
Vest, J. (2017, October 9). Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads. Retrieved September 10, 2019.
Internal MISP references
UUID 156efefd-793f-4219-8904-ef160a45c9ec which can be used as unique global reference for Threatexpress MetaTwin 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-10T00:00:00Z |
| date_published | 2017-10-09T00:00:00Z |
| source | MITRE |
| title | Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads |
Sandfly BPFDoor 2022
The Sandfly Security Team. (2022, May 11). BPFDoor - An Evasive Linux Backdoor Technical Analysis. Retrieved September 29, 2023.
Internal MISP references
UUID 01c8337f-614b-5f63-870f-5c880b390922 which can be used as unique global reference for Sandfly BPFDoor 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-29T00:00:00Z |
| date_published | 2022-05-11T00:00:00Z |
| source | MITRE |
| title | BPFDoor - An Evasive Linux Backdoor Technical Analysis |
Deep Instinct BPFDoor 2023
Shaul Vilkomir-Preisman and Eliran Nissan. (2023, May 10). BPFDoor Malware Evolves – Stealthy Sniffing Backdoor Ups Its Game. Retrieved September 19, 2024.
Internal MISP references
UUID c246b4da-75fb-5b41-ba9c-c0eb1b261e37 which can be used as unique global reference for Deep Instinct BPFDoor 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-19T00:00:00Z |
| date_published | 2023-05-10T00:00:00Z |
| source | MITRE |
| title | BPFDoor Malware Evolves – Stealthy Sniffing Backdoor Ups Its Game |
AADInternals - BPRT
Dr. Nestori Syynimaa. (2021, January 31). BPRT unleashed: Joining multiple devices to Azure AD and Intune. Retrieved March 4, 2022.
Internal MISP references
UUID 19af3fce-eb57-4e67-9678-1968e9ea9677 which can be used as unique global reference for AADInternals - BPRT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-04T00:00:00Z |
| date_published | 2021-01-31T00:00:00Z |
| source | MITRE |
| title | BPRT unleashed: Joining multiple devices to Azure AD and Intune |
Brazking-Websockets
Shahar Tavor. (n.d.). BrazKing Android Malware Upgraded and Targeting Brazilian Banks. Retrieved March 24, 2023.
Internal MISP references
UUID fa813afd-b8f0-535b-9108-6d3d3989b6b9 which can be used as unique global reference for Brazking-Websockets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-24T00:00:00Z |
| source | MITRE |
| title | BrazKing Android Malware Upgraded and Targeting Brazilian Banks |
Morphisec 3 26 2024
Arnold Osipov. (2024, March 26). Breaking Boundaries Mispadu's Infiltration Beyond LATAM. Retrieved April 4, 2024.
Internal MISP references
UUID 38d88851-1b71-4ed7-88e3-2ee5c3876c06 which can be used as unique global reference for Morphisec 3 26 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-04T00:00:00Z |
| date_published | 2024-03-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Breaking Boundaries Mispadu's Infiltration Beyond LATAM |
Trend Micro Earth Estries November 8 2024
Ted Lee, Leon M Chang, Lenart Bermejo. (2024, November 8). Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations. Retrieved November 13, 2024.
Internal MISP references
UUID 75e21136-ebd2-449a-8fd9-7379db7bdc64 which can be used as unique global reference for Trend Micro Earth Estries November 8 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-13T00:00:00Z |
| date_published | 2024-11-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations |
MSTIC Nobelium Toolset May 2021
MSTIC. (2021, May 28). Breaking down NOBELIUM’s latest early-stage toolset. Retrieved August 4, 2021.
Internal MISP references
UUID 52464e69-ff9e-4101-9596-dd0c6404bf76 which can be used as unique global reference for MSTIC Nobelium Toolset May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-04T00:00:00Z |
| date_published | 2021-05-28T00:00:00Z |
| source | MITRE |
| title | Breaking down NOBELIUM’s latest early-stage toolset |
Lee 2013
Lee, T., Hanzlik, D., Ahl, I. (2013, August 7). Breaking Down the China Chopper Web Shell - Part I. Retrieved March 27, 2015.
Internal MISP references
UUID 6d1e2b0a-fed2-490b-be25-6580dfb7d6aa which can be used as unique global reference for Lee 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-03-27T00:00:00Z |
| date_published | 2013-08-07T00:00:00Z |
| source | MITRE |
| title | Breaking Down the China Chopper Web Shell - Part I |
sentinelone-malvertising
Hegel, Tom. (2023, January 19). Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results. Retrieved February 21, 2023.
Internal MISP references
UUID 7989f0de-90b8-5e6d-bc20-1764610d1568 which can be used as unique global reference for sentinelone-malvertising in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2023-01-19T00:00:00Z |
| source | MITRE |
| title | Breaking Down the SEO Poisoning Attack |
OS X Keychain
Juuso Salonen. (2012, September 5). Breaking into the OS X keychain. Retrieved November 17, 2024.
Internal MISP references
UUID bde3ff9c-fbf9-49c4-b414-70dc8356d57d which can be used as unique global reference for OS X Keychain in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2012-09-05T00:00:00Z |
| source | MITRE |
| title | Breaking into the OS X keychain |
Brown Exploiting Linkers
Tim Brown. (2011, June 29). Breaking the links: Exploiting the linker. Retrieved March 29, 2021.
Internal MISP references
UUID 24674e91-5cbf-4023-98ae-a9f0968ad99a which can be used as unique global reference for Brown Exploiting Linkers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| date_published | 2011-06-29T00:00:00Z |
| source | MITRE |
| title | Breaking the links: Exploiting the linker |
FireEye Outlook Dec 2019
McWhirt, M., Carr, N., Bienstock, D. (2019, December 4). Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774). Retrieved June 23, 2020.
Internal MISP references
UUID f23a773f-9c50-4193-877d-97f7c13f48f1 which can be used as unique global reference for FireEye Outlook Dec 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| date_published | 2019-12-04T00:00:00Z |
| source | MITRE |
| title | Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) |
Cisco Talos Blog December 08 2022
Cisco Talos Blog. (2022, December 8). Breaking the silence - Recent Truebot activity. Retrieved May 8, 2023.
Internal MISP references
UUID bcf92374-48a3-480f-a679-9fd34b67bcdd which can be used as unique global reference for Cisco Talos Blog December 08 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-08T00:00:00Z |
| date_published | 2022-12-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Breaking the silence - Recent Truebot activity |
PaloAlto Preventing Opportunistic Attacks Apr 2016
Kiwi. (2016, April 6). Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks. Retrieved October 3, 2018.
Internal MISP references
UUID 60fac434-2815-4568-b951-4bde55c2e3af which can be used as unique global reference for PaloAlto Preventing Opportunistic Attacks Apr 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| date_published | 2016-04-06T00:00:00Z |
| source | MITRE |
| title | Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks |
Mandiant-iab-control
Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen. (2024, March 21). Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect. Retrieved January 31, 2025.
Internal MISP references
UUID e7743974-f2b8-56e9-9812-dba6c38b6928 which can be used as unique global reference for Mandiant-iab-control in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-31T00:00:00Z |
| date_published | 2024-03-21T00:00:00Z |
| source | MITRE |
| title | Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect |
Mandiant BYOL
Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 4, 2021.
Internal MISP references
UUID 445efe8b-659a-4023-afc7-aa7cd21ee5a1 which can be used as unique global reference for Mandiant BYOL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2018-06-18T00:00:00Z |
| source | MITRE |
| title | Bring Your Own Land (BYOL) – A Novel Red Teaming Technique |
Mandiant BYOL 2018
Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 8, 2021.
Internal MISP references
UUID 104a1c1c-0899-4ff9-a5c4-73de702c467d which can be used as unique global reference for Mandiant BYOL 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-08T00:00:00Z |
| date_published | 2018-06-18T00:00:00Z |
| source | MITRE |
| title | Bring Your Own Land (BYOL) – A Novel Red Teaming Technique |
Comparitech Leak
Bischoff, P. (2020, October 15). Broadvoice database of more than 350 million customer records exposed online. Retrieved October 20, 2020.
Internal MISP references
UUID fa0eac56-45ea-4628-88cf-b843874b4a4d which can be used as unique global reference for Comparitech Leak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | Broadvoice database of more than 350 million customer records exposed online |
ThreatPost Broadvoice Leak
Seals, T. (2020, October 15). Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts. Retrieved October 20, 2020.
Internal MISP references
UUID 91d20979-d4e7-4372-8a83-1e1512c8d3a9 which can be used as unique global reference for ThreatPost Broadvoice Leak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts |
Secureworks BRONZE BUTLER Oct 2017
Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
Internal MISP references
UUID c62d8d1a-cd1b-4b39-95b6-68f3f063dacf which can be used as unique global reference for Secureworks BRONZE BUTLER Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-04T00:00:00Z |
| date_published | 2017-10-12T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BRONZE BUTLER Targets Japanese Enterprises |
Secureworks BRONZE FLEETWOOD Profile
Secureworks CTU. (n.d.). BRONZE FLEETWOOD. Retrieved February 5, 2024.
Internal MISP references
UUID 4fbb113c-94b4-56fd-b292-1ccf84e1c8f3 which can be used as unique global reference for Secureworks BRONZE FLEETWOOD Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-05T00:00:00Z |
| source | MITRE |
| title | BRONZE FLEETWOOD |
Secureworks BRONZE HUNTLEY
Secureworks. (2021, January 1). BRONZE HUNTLEY Threat Profile. Retrieved May 5, 2021.
Internal MISP references
UUID 9558ebc5-4de3-4b1d-b32c-a170adbc3451 which can be used as unique global reference for Secureworks BRONZE HUNTLEY in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-05T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | BRONZE HUNTLEY Threat Profile |
Secureworks BRONZE PRESIDENT December 2019
Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021.
Internal MISP references
UUID 019889e0-a2ce-476f-9a31-2fc394de2821 which can be used as unique global reference for Secureworks BRONZE PRESIDENT December 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2019-12-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BRONZE PRESIDENT Targets NGOs |
Dell SecureWorks BRONZE STARLIGHT Profile
SecureWorks. (n.d.). BRONZE STARLIGHT. Retrieved December 6, 2023.
Internal MISP references
UUID d2e8cd95-fcd5-58e4-859a-c4724ec94ab4 which can be used as unique global reference for Dell SecureWorks BRONZE STARLIGHT Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-06T00:00:00Z |
| source | MITRE |
| title | BRONZE STARLIGHT |
SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022
Counter Threat Unit Research Team . (2022, June 23). BRONZE STARLIGHT RANSOMWARE OPERATIONS USE HUI LOADER. Retrieved December 7, 2023.
Internal MISP references
UUID 0b275cf9-a885-58cc-b859-112090a711e3 which can be used as unique global reference for SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-07T00:00:00Z |
| date_published | 2022-06-23T00:00:00Z |
| source | MITRE |
| title | BRONZE STARLIGHT RANSOMWARE OPERATIONS USE HUI LOADER |
SecureWorks BRONZE UNION June 2017
Counter Threat Unit Research Team. (2017, June 27). BRONZE UNION Cyberespionage Persists Despite Disclosures. Retrieved July 13, 2017.
Internal MISP references
UUID 42adda47-f5d6-4d34-9b3d-3748a782f886 which can be used as unique global reference for SecureWorks BRONZE UNION June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-13T00:00:00Z |
| date_published | 2017-06-27T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BRONZE UNION Cyberespionage Persists Despite Disclosures |
Wikipedia Browser Extension
Wikipedia. (2017, October 8). Browser Extension. Retrieved January 11, 2018.
Internal MISP references
UUID 52aef082-3f8e-41b4-af95-6631ce4c9e91 which can be used as unique global reference for Wikipedia Browser Extension in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-11T00:00:00Z |
| date_published | 2017-10-08T00:00:00Z |
| source | MITRE |
| title | Browser Extension |
Mr. D0x BitB 2022
mr.d0x. (2022, March 15). Browser In The Browser (BITB) Attack. Retrieved March 8, 2023.
Internal MISP references
UUID 447f6b34-ac3a-58d9-af96-aa1d947a3e0e which can be used as unique global reference for Mr. D0x BitB 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-03-15T00:00:00Z |
| source | MITRE |
| title | Browser In The Browser (BITB) Attack |
Cobalt Strike Browser Pivot
Mudge, R. (n.d.). Browser Pivoting. Retrieved January 10, 2018.
Internal MISP references
UUID 0c1dd453-7281-4ee4-9c8f-bdc401cf48d7 which can be used as unique global reference for Cobalt Strike Browser Pivot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-10T00:00:00Z |
| source | MITRE |
| title | Browser Pivoting |
push notifications - malwarebytes
Pieter Arntz. (2019, January 22). Browser push notifications: a feature asking to be abused. Retrieved March 14, 2025.
Internal MISP references
UUID 3863f365-810b-5f60-aed0-36646d855ac7 which can be used as unique global reference for push notifications - malwarebytes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-14T00:00:00Z |
| date_published | 2019-01-22T00:00:00Z |
| source | MITRE |
| title | Browser push notifications: a feature asking to be abused |
Symantec Buckeye
Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.
Internal MISP references
UUID dbf3ce3e-bcf2-4e47-ad42-839e51967395 which can be used as unique global reference for Symantec Buckeye in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-26T00:00:00Z |
| date_published | 2016-09-06T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Buckeye cyberespionage group shifts gaze from US to Hong Kong |
ESET Buhtrap and Buran April 2019
ESET Research. (2019, April 30). Buhtrap backdoor and Buran ransomware distributed via major advertising platform. Retrieved May 11, 2020.
Internal MISP references
UUID e308a957-fb5c-44e8-a846-be6daef4b940 which can be used as unique global reference for ESET Buhtrap and Buran April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-11T00:00:00Z |
| date_published | 2019-04-30T00:00:00Z |
| source | MITRE |
| title | Buhtrap backdoor and Buran ransomware distributed via major advertising platform |
S1 Custom Shellcode Tool
Bunce, D. (2019, October 31). Building A Custom Tool For Shellcode Analysis. Retrieved October 4, 2021.
Internal MISP references
UUID f49bfd00-48d5-4d84-a7b7-cb23fcdf861b which can be used as unique global reference for S1 Custom Shellcode Tool in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2019-10-31T00:00:00Z |
| source | MITRE |
| title | Building A Custom Tool For Shellcode Analysis |
Data Driven Security DGA
Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.
Internal MISP references
UUID c92fb2ec-c144-42d4-bd42-179d3d737db0 which can be used as unique global reference for Data Driven Security DGA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2014-10-02T00:00:00Z |
| source | MITRE |
| title | Building a DGA Classifier: Part 2, Feature Engineering |
CTD PPID Spoofing Macro Mar 2019
Tafani-Dereeper, C. (2019, March 12). Building an Office macro to spoof parent processes and command line arguments. Retrieved June 3, 2019.
Internal MISP references
UUID b06b72ba-dbd6-4190-941a-0cdd3d659ab6 which can be used as unique global reference for CTD PPID Spoofing Macro Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-03T00:00:00Z |
| date_published | 2019-03-12T00:00:00Z |
| source | MITRE |
| title | Building an Office macro to spoof parent processes and command line arguments |
Trend Micro September 02 2022
Trend Micro. (2022, September 2). BumbleBee a New Modular Backdoor Evolved From BookWorm. Retrieved May 7, 2023.
Internal MISP references
UUID acb25abb-23c7-4b5d-849b-346388dde15c which can be used as unique global reference for Trend Micro September 02 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2022-09-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BumbleBee a New Modular Backdoor Evolved From BookWorm |
Proofpoint 2 12 2024
Axel F; Selena Larson; The Proofpoint Threat Research Team. (2024, February 12). Bumblebee Buzzes Back in Black . Retrieved February 14, 2024.
Internal MISP references
UUID 643968ec-bc01-4317-ba91-b2bafeb421c9 which can be used as unique global reference for Proofpoint 2 12 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-14T00:00:00Z |
| date_published | 2024-02-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bumblebee Buzzes Back in Black |
Toxin Labs 3 4 2023
Toxin Labs. (2023, March 4). BumbleBee DocuSign Campaign. Retrieved February 19, 2024.
Internal MISP references
UUID 8404527a-9197-47ea-8bdf-c824b66ffede which can be used as unique global reference for Toxin Labs 3 4 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-19T00:00:00Z |
| date_published | 2023-03-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BumbleBee DocuSign Campaign |
SEC Consult Bumblebee April 11 2023
Angelo Violetti. (2023, April 11). BumbleBee hunting with a Velociraptor. Retrieved May 6, 2023.
Internal MISP references
UUID c4cdaaeb-5776-4899-bdcf-8daf9d6ea615 which can be used as unique global reference for SEC Consult Bumblebee April 11 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-06T00:00:00Z |
| date_published | 2023-04-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BumbleBee hunting with a Velociraptor |
Cybereason Bumblebee August 2022
Cybereason. (2022, August 17). Bumblebee Loader – The High Road to Enterprise Domain Control. Retrieved August 29, 2022.
Internal MISP references
UUID 64bfb605-af69-4df0-ae56-32fa997516bc which can be used as unique global reference for Cybereason Bumblebee August 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-29T00:00:00Z |
| date_published | 2022-08-17T00:00:00Z |
| source | MITRE |
| title | Bumblebee Loader – The High Road to Enterprise Domain Control |
Secureworks Bumblebee April 20 2023
Counter Threat Unit Research Team. (2023, April 20). Bumblebee Malware Distributed Via Trojanized Installer Downloads. Retrieved May 6, 2023.
Internal MISP references
UUID ac31c45d-ba78-4158-b163-723ab22c4dc4 which can be used as unique global reference for Secureworks Bumblebee April 20 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-06T00:00:00Z |
| date_published | 2023-04-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bumblebee Malware Distributed Via Trojanized Installer Downloads |
Symantec Bumblebee June 2022
Kamble, V. (2022, June 28). Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem. Retrieved August 24, 2022.
Internal MISP references
UUID 81bfabad-b5b3-4e45-ac1d-1e2e829fca33 which can be used as unique global reference for Symantec Bumblebee June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-24T00:00:00Z |
| date_published | 2022-06-28T00:00:00Z |
| source | MITRE |
| title | Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem |
Cyble September 07 2022
Cybleinc. (2022, September 7). Bumblebee Returns with New Infection Technique. Retrieved May 7, 2023.
Internal MISP references
UUID 9d194526-2d01-4f92-9055-39e66d26081a which can be used as unique global reference for Cyble September 07 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2022-09-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bumblebee Returns with New Infection Technique |
The DFIR Report Bumblebee September 26 2022
The DFIR Report. (2022, September 26). BumbleBee: Round Two. Retrieved May 7, 2023.
Internal MISP references
UUID 8b51d35c-7a2a-4f03-95b1-c0b319f73c05 which can be used as unique global reference for The DFIR Report Bumblebee September 26 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2022-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BumbleBee: Round Two |
The DFIR Report Bumblebee November 14 2022
The DFIR Report. (2022, November 14). BumbleBee Zeros in on Meterpreter. Retrieved May 7, 2023.
Internal MISP references
UUID 831e1b4e-6edd-498f-863c-606d2392b622 which can be used as unique global reference for The DFIR Report Bumblebee November 14 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2022-11-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BumbleBee Zeros in on Meterpreter |
objsee netwire backdoor 2019
Patrick Wardle. (2019, June 20). Burned by Fire(fox). Retrieved October 1, 2021.
Internal MISP references
UUID 866c5305-8629-4f09-8dfe-192c8573ffb0 which can be used as unique global reference for objsee netwire backdoor 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-01T00:00:00Z |
| date_published | 2019-06-20T00:00:00Z |
| source | MITRE |
| title | Burned by Fire(fox) |
401 TRG Winnti Umbrella May 2018
Hegel, T. (2018, May 3). Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers. Retrieved July 8, 2018.
Internal MISP references
UUID e3f1f2e4-dc1c-4d9c-925d-47013f44a69f which can be used as unique global reference for 401 TRG Winnti Umbrella May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-08T00:00:00Z |
| date_published | 2018-05-03T00:00:00Z |
| source | MITRE |
| title | Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers |
Fortinet Ivanti Vulnerabilities January 22 2025
Fortinet. (2024, October 11). Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA. Retrieved January 27, 2025.
Internal MISP references
UUID 7cc64109-8b40-4075-9637-46c0de35df7d which can be used as unique global reference for Fortinet Ivanti Vulnerabilities January 22 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-27T00:00:00Z |
| date_published | 2024-10-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA |
Busybox.net September 27 2024
Busybox.net. (2024, September 27). BusyBox. Retrieved December 19, 2024.
Internal MISP references
UUID ae614b34-2fd8-4fc3-9b19-d2f6b635d7da which can be used as unique global reference for Busybox.net September 27 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2024-09-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BusyBox |
Bypassing Gatekeeper
Thomas Reed. (2016, March 31). Bypassing Apple's Gatekeeper. Retrieved July 5, 2017.
Internal MISP references
UUID 957a0916-614e-4c7b-a6dd-1baa4fc6f93e which can be used as unique global reference for Bypassing Gatekeeper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2016-03-31T00:00:00Z |
| source | MITRE |
| title | Bypassing Apple's Gatekeeper |
engima0x3 DNX Bypass
Nelson, M. (2017, November 17). Bypassing Application Whitelisting By Using dnx.exe. Retrieved May 25, 2017.
Internal MISP references
UUID e0186f1d-100d-4e52-b6f7-0a7e1c1a35f0 which can be used as unique global reference for engima0x3 DNX Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-25T00:00:00Z |
| date_published | 2017-11-17T00:00:00Z |
| source | MITRE |
| title | Bypassing Application Whitelisting By Using dnx.exe |
engima0x3 RCSI Bypass
Nelson, M. (2016, November 21). Bypassing Application Whitelisting By Using rcsi.exe. Retrieved May 26, 2017.
Internal MISP references
UUID 0b815bd9-6c7f-4bd8-9031-667fa6252f89 which can be used as unique global reference for engima0x3 RCSI Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-26T00:00:00Z |
| date_published | 2016-11-21T00:00:00Z |
| source | MITRE |
| title | Bypassing Application Whitelisting By Using rcsi.exe |
Exploit Monday WinDbg
Graeber, M. (2016, August 15). Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner. Retrieved November 17, 2024.
Internal MISP references
UUID abd5f871-e12e-4355-af72-d4be79cb0291 which can be used as unique global reference for Exploit Monday WinDbg in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2016-08-15T00:00:00Z |
| source | MITRE |
| title | Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner |
SubTee MSBuild
Smith, C. (2016, September 13). Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations. Retrieved September 13, 2016.
Internal MISP references
UUID 82a762d0-c59f-456d-a7d3-1cab3fa02526 which can be used as unique global reference for SubTee MSBuild in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-13T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations |
Bypassing CloudTrail in AWS Service Catalog
Nick Frichette. (2023, March 20). Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research. Retrieved September 18, 2023.
Internal MISP references
UUID de50bd67-96bb-537c-b91d-e541a717b7a1 which can be used as unique global reference for Bypassing CloudTrail in AWS Service Catalog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-18T00:00:00Z |
| date_published | 2023-03-20T00:00:00Z |
| source | MITRE |
| title | Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research |
AADInternals - Conditional Access Bypass
Dr. Nestori Syynimaa. (2020, September 6). Bypassing conditional access by faking device compliance. Retrieved March 4, 2022.
Internal MISP references
UUID 832841a1-92d1-4fcc-90f7-afbabad84aec which can be used as unique global reference for AADInternals - Conditional Access Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-04T00:00:00Z |
| date_published | 2020-09-06T00:00:00Z |
| source | MITRE |
| title | Bypassing conditional access by faking device compliance |
MsitPros CHM Aug 2017
Moe, O. (2017, August 13). Bypassing Device guard UMCI using CHM – CVE-2017-8625. Retrieved October 3, 2018.
Internal MISP references
UUID d4e4cc8a-3246-463f-ba06-d68459d907d4 which can be used as unique global reference for MsitPros CHM Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| date_published | 2017-08-13T00:00:00Z |
| source | MITRE |
| title | Bypassing Device guard UMCI using CHM – CVE-2017-8625 |
TCC macOS bypass
Phil Stokes. (2021, July 1). Bypassing macOS TCC User Privacy Protections By Accident and Design. Retrieved March 21, 2024.
Internal MISP references
UUID 4fc68e85-cd7a-5a15-84e3-8fbea0b28fd5 which can be used as unique global reference for TCC macOS bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-21T00:00:00Z |
| date_published | 2021-07-01T00:00:00Z |
| source | MITRE |
| title | Bypassing macOS TCC User Privacy Protections By Accident and Design |
enigma0x3 sdclt app paths
Nelson, M. (2017, March 14). Bypassing UAC using App Paths. Retrieved May 25, 2017.
Internal MISP references
UUID 2e69a4a7-dc7f-4b7d-99b2-190c60d7efd1 which can be used as unique global reference for enigma0x3 sdclt app paths in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-25T00:00:00Z |
| date_published | 2017-03-14T00:00:00Z |
| source | MITRE |
| title | Bypassing UAC using App Paths |
MDSec System Calls
MDSec Research. (2020, December). Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams. Retrieved September 29, 2021.
Internal MISP references
UUID b461e226-1317-4ce4-a195-ba4c4957db99 which can be used as unique global reference for MDSec System Calls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams |
Hybrid Analysis Icacls1 June 2018
Hybrid Analysis. (2018, June 12). c9b65b764985dfd7a11d3faf599c56b8.exe. Retrieved August 19, 2018.
Internal MISP references
UUID 74df644a-06b8-4331-85a3-932358d65b62 which can be used as unique global reference for Hybrid Analysis Icacls1 June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-19T00:00:00Z |
| date_published | 2018-06-12T00:00:00Z |
| source | MITRE |
| title | c9b65b764985dfd7a11d3faf599c56b8.exe |
Microsoft Credential Manager store
Microsoft. (2016, August 31). Cached and Stored Credentials Technical Overview. Retrieved November 24, 2020.
Internal MISP references
UUID c949a29b-bb31-4bd7-a967-ddd48c7efb8e which can be used as unique global reference for Microsoft Credential Manager store in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-24T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Cached and Stored Credentials Technical Overview |
Microsoft - Cached Creds
Microsoft. (2016, August 21). Cached and Stored Credentials Technical Overview. Retrieved February 21, 2020.
Internal MISP references
UUID 590ea63f-f800-47e4-8d39-df11a184ba84 which can be used as unique global reference for Microsoft - Cached Creds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2016-08-21T00:00:00Z |
| source | MITRE |
| title | Cached and Stored Credentials Technical Overview |
Kaspersky CactusPete Aug 2020
Zykov, K. (2020, August 13). CactusPete APT group’s updated Bisonal backdoor. Retrieved May 5, 2021.
Internal MISP references
UUID 1c393964-e717-45ad-8eb6-5df5555d3c70 which can be used as unique global reference for Kaspersky CactusPete Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-05T00:00:00Z |
| date_published | 2020-08-13T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | CactusPete APT group’s updated Bisonal backdoor |
Kroll CACTUS Ransomware May 10 2023
Laurie Iacono, Stephen Green, Dave Truman. (2023, May 10). CACTUS Ransomware: Prickly New Variant Evades Detection. Retrieved August 10, 2023.
Internal MISP references
UUID f50de2f6-465f-4cae-a79c-cc135ebfee4f which can be used as unique global reference for Kroll CACTUS Ransomware May 10 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-10T00:00:00Z |
| date_published | 2023-05-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CACTUS Ransomware: Prickly New Variant Evades Detection |
ESET CaddyWiper March 2022
ESET. (2022, March 15). CaddyWiper: New wiper malware discovered in Ukraine. Retrieved March 23, 2022.
Internal MISP references
UUID 9fa97444-311f-40c1-8728-c5f91634c750 which can be used as unique global reference for ESET CaddyWiper March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-23T00:00:00Z |
| date_published | 2022-03-15T00:00:00Z |
| source | MITRE |
| title | CaddyWiper: New wiper malware discovered in Ukraine |
Cadet Blizzard emerges as novel threat actor
Microsoft Threat Intelligence. (2023, June 14). Cadet Blizzard emerges as a novel and distinct Russian threat actor. Retrieved July 10, 2023.
Internal MISP references
UUID 7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b which can be used as unique global reference for Cadet Blizzard emerges as novel threat actor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-10T00:00:00Z |
| date_published | 2023-06-14T00:00:00Z |
| source | MITRE |
| title | Cadet Blizzard emerges as a novel and distinct Russian threat actor |
Cado Denonia April 3 2022
jbowen. (2022, April 3). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved April 11, 2024.
Internal MISP references
UUID b276c28d-1488-4a21-86d1-7acdfd77794b which can be used as unique global reference for Cado Denonia April 3 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-11T00:00:00Z |
| date_published | 2022-04-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cado Discovers Denonia: The First Malware Specifically Targeting Lambda |
Cado Security Denonia
Matt Muir. (2022, April 6). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved May 27, 2022.
Internal MISP references
UUID 584e7ace-ef33-423b-9801-4728a447cb34 which can be used as unique global reference for Cado Security Denonia in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2022-04-06T00:00:00Z |
| source | MITRE |
| title | Cado Discovers Denonia: The First Malware Specifically Targeting Lambda |
Caesars Scattered Spider September 13 2023
William Turton. (2023, September 13). Caesars Entertainment Paid Millions to Hackers in Attack. Retrieved September 14, 2023.
Internal MISP references
UUID 6915c003-7c8b-451c-8fb1-3541f00c14fb which can be used as unique global reference for Caesars Scattered Spider September 13 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2023-09-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Caesars Entertainment Paid Millions to Hackers in Attack |
Sekoia Calisto December 5 2022
Felix Aimé, Maxime A., Sekoia TDR. (2022, December 5). Calisto show interests into entities involved in Ukraine war support. Retrieved October 1, 2024.
Internal MISP references
UUID 02fed1d1-b8a9-4bca-9e96-2cffe6f7ba89 which can be used as unique global reference for Sekoia Calisto December 5 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-01T00:00:00Z |
| date_published | 2022-12-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Calisto show interests into entities involved in Ukraine war support |
Securelist Calisto July 2018
Kuzin, M., Zelensky S. (2018, July 20). Calisto Trojan for macOS. Retrieved September 7, 2018.
Internal MISP references
UUID a292d77b-9150-46ea-b217-f51e091fdb57 which can be used as unique global reference for Securelist Calisto July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-07T00:00:00Z |
| date_published | 2018-07-20T00:00:00Z |
| source | MITRE |
| title | Calisto Trojan for macOS |
CERTFR-2023-CTI-009
CERT-FR. (2023, October 26). Campagnes d'attaques du mode opératoire APT28 depuis 2021. Retrieved October 26, 2023.
Internal MISP references
UUID 5365ac4c-fbb8-4389-989e-a64cb7693371 which can be used as unique global reference for CERTFR-2023-CTI-009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-26T00:00:00Z |
| date_published | 2023-10-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Campagnes d'attaques du mode opératoire APT28 depuis 2021 |
FSI Andariel Campaign Rifle July 2017
FSI. (2017, July 27). Campaign Rifle - Andariel, the Maiden of Anguish. Retrieved September 12, 2024.
Internal MISP references
UUID bde61ee9-16f9-4bd9-a847-5cc9df21335c which can be used as unique global reference for FSI Andariel Campaign Rifle July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2017-07-27T00:00:00Z |
| source | MITRE |
| title | Campaign Rifle - Andariel, the Maiden of Anguish |
TinyPilot Detection
TinyPilot. (n.d.). Can anyone detect when I'm using TinyPilot?. Retrieved March 26, 2025.
Internal MISP references
UUID 1c0cad71-a540-5d75-a6fb-1e8175987d4a which can be used as unique global reference for TinyPilot Detection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| source | MITRE |
| title | Can anyone detect when I'm using TinyPilot? |
Check Point Research January 5 2022
Check Point Research. (2022, January 5). Can You Trust a File's Digital Signature? New Zloader Campaign Exploits Microsoft's Signature Verification Putting Users at Risk. Retrieved May 11, 2023.
Internal MISP references
UUID d26dfc4d-e563-4262-b527-0fffb7228234 which can be used as unique global reference for Check Point Research January 5 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-11T00:00:00Z |
| date_published | 2022-01-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Can You Trust a File's Digital Signature? New Zloader Campaign Exploits Microsoft's Signature Verification Putting Users at Risk |
Polak NPPSPY 2004
Sergey Polak. (2004, August). Capturing Windows Passwords using the Network Provider API. Retrieved May 17, 2024.
Internal MISP references
UUID ab5872b0-a755-5d85-8750-0b22f00ccb37 which can be used as unique global reference for Polak NPPSPY 2004 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-17T00:00:00Z |
| date_published | 2004-08-01T00:00:00Z |
| source | MITRE |
| title | Capturing Windows Passwords using the Network Provider API |
KasperskyCarbanak
Kaspersky Lab's Global Research & Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved March 27, 2017.
Internal MISP references
UUID 053a2bbb-5509-4aba-bbd7-ccc3d8074291 which can be used as unique global reference for KasperskyCarbanak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-27T00:00:00Z |
| date_published | 2015-02-01T00:00:00Z |
| source | MITRE |
| title | CARBANAK APT THE GREAT BANK ROBBERY |
Kaspersky Carbanak
Kaspersky Lab's Global Research and Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved August 23, 2018.
Internal MISP references
UUID 2f7e77db-fe39-4004-9945-3c8943708494 which can be used as unique global reference for Kaspersky Carbanak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-23T00:00:00Z |
| date_published | 2015-02-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | CARBANAK APT THE GREAT BANK ROBBERY |
Forcepoint Carbanak Google C2
Griffin, N. (2017, January 17). CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL. Retrieved February 15, 2017.
Internal MISP references
UUID 3da6084f-5e12-4472-afb9-82efd3e22cf6 which can be used as unique global reference for Forcepoint Carbanak Google C2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-15T00:00:00Z |
| date_published | 2017-01-17T00:00:00Z |
| source | MITRE |
| title | CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL |
Trend Micro Carberp February 2014
Trend Micro. (2014, February 27). CARBERP. Retrieved July 29, 2020.
Internal MISP references
UUID 069e458f-d780-47f9-8ebe-21b195fe9b33 which can be used as unique global reference for Trend Micro Carberp February 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-29T00:00:00Z |
| date_published | 2014-02-27T00:00:00Z |
| source | MITRE |
| title | CARBERP |
Prevx Carberp March 2011
Giuliani, M., Allievi, A. (2011, February 28). Carberp - a modular information stealing trojan. Retrieved September 12, 2024.
Internal MISP references
UUID 8f95d81a-ea8c-44bf-950d-9eb868182d39 which can be used as unique global reference for Prevx Carberp March 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2011-02-28T00:00:00Z |
| source | MITRE |
| title | Carberp - a modular information stealing trojan |
Trusteer Carberp October 2010
Trusteer Fraud Prevention Center. (2010, October 7). Carberp Under the Hood of Carberp: Malware & Configuration Analysis. Retrieved July 15, 2020.
Internal MISP references
UUID f7af5be2-0cb4-4b41-9d08-2f652b6bac3c which can be used as unique global reference for Trusteer Carberp October 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-15T00:00:00Z |
| date_published | 2010-10-07T00:00:00Z |
| source | MITRE |
| title | Carberp Under the Hood of Carberp: Malware & Configuration Analysis |
ESET Carbon Mar 2017
ESET. (2017, March 30). Carbon Paper: Peering into Turla’s second stage backdoor. Retrieved November 7, 2018.
Internal MISP references
UUID 5d2a3a81-e7b7-430d-b748-b773f89d3c77 which can be used as unique global reference for ESET Carbon Mar 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-07T00:00:00Z |
| date_published | 2017-03-30T00:00:00Z |
| source | MITRE |
| title | Carbon Paper: Peering into Turla’s second stage backdoor |
CrowdStrike Carbon Spider August 2021
Loui, E. and Reynolds, J. (2021, August 30). CARBON SPIDER Embraces Big Game Hunting, Part 1. Retrieved September 20, 2021.
Internal MISP references
UUID 36f0ddb0-94af-494c-ad10-9d3f75d1d810 which can be used as unique global reference for CrowdStrike Carbon Spider August 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2021-08-30T00:00:00Z |
| source | MITRE |
| title | CARBON SPIDER Embraces Big Game Hunting, Part 1 |
PaloAlto CardinalRat Apr 2017
Grunzweig, J.. (2017, April 20). Cardinal RAT Active for Over Two Years. Retrieved December 8, 2018.
Internal MISP references
UUID 8d978b94-75c9-46a1-812a-bafe3396eda9 which can be used as unique global reference for PaloAlto CardinalRat Apr 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-08T00:00:00Z |
| date_published | 2017-04-20T00:00:00Z |
| source | MITRE |
| title | Cardinal RAT Active for Over Two Years |
Carl Hurd March 2019
Carl Hurd. (2019, March 26) VPNFilter Deep Dive. Retrieved March 28, 2019
Internal MISP references
UUID 8a4e28f9-b0ba-56ad-a957-b5913bf9a7d5 which can be used as unique global reference for Carl Hurd March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-28T00:00:00Z |
| source | MITRE |
| title | Carl Hurd March 2019 |
ESET Casbaneiro Oct 2019
ESET Research. (2019, October 3). Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico. Retrieved September 23, 2021.
Internal MISP references
UUID a5cb3ee6-9a0b-4e90-bf32-be7177a858b1 which can be used as unique global reference for ESET Casbaneiro Oct 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2019-10-03T00:00:00Z |
| source | MITRE |
| title | Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico |
Microsoft Catalog Files and Signatures April 2017
Hudek, T. (2017, April 20). Catalog Files and Digital Signatures. Retrieved January 31, 2018.
Internal MISP references
UUID 5b6ae460-a1cf-4afe-a0c8-d6ea24741ebe which can be used as unique global reference for Microsoft Catalog Files and Signatures April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| date_published | 2017-04-20T00:00:00Z |
| source | MITRE |
| title | Catalog Files and Digital Signatures |
Catch All Chrome Extension
Marinho, R. (n.d.). "Catch-All" Google Chrome Malicious Extension Steals All Posted Data. Retrieved November 16, 2017.
Internal MISP references
UUID eddd2ea8-89c1-40f9-b6e3-37cbdebd210e which can be used as unique global reference for Catch All Chrome Extension in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-16T00:00:00Z |
| source | MITRE |
| title | "Catch-All" Google Chrome Malicious Extension Steals All Posted Data |
Akamai JS
Katz, O. (2020, October 26). Catch Me if You Can—JavaScript Obfuscation. Retrieved March 17, 2023.
Internal MISP references
UUID 379a177b-0c31-5840-ad54-3fdfc9904a88 which can be used as unique global reference for Akamai JS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2020-10-26T00:00:00Z |
| source | MITRE |
| title | Catch Me if You Can—JavaScript Obfuscation |
Categorisation_not_boundary
MDSec Research. (2017, July). Categorisation is not a Security Boundary. Retrieved September 20, 2019.
Internal MISP references
UUID 3c320f38-e691-46f7-a20d-58b024ea2fa2 which can be used as unique global reference for Categorisation_not_boundary in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-20T00:00:00Z |
| date_published | 2017-07-01T00:00:00Z |
| source | MITRE |
| title | Categorisation is not a Security Boundary |
CrowdStrike Flying Kitten
Dahl, M.. (2014, May 13). Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN. Retrieved May 27, 2020.
Internal MISP references
UUID ab669ded-e659-4313-b5ab-8c5362562f39 which can be used as unique global reference for CrowdStrike Flying Kitten in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-27T00:00:00Z |
| date_published | 2014-05-13T00:00:00Z |
| source | MITRE |
| title | Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN |
Group-IB Lynx Ransomware January 28 2025
Nikolay Kichatov, Sharmine Low, Pietro Albuquerque. (2025, January 28). Cat’s out of the bag: Lynx Ransomware-as-a-Service. Retrieved January 31, 2025.
Internal MISP references
UUID 289fd3fe-8810-445e-bc6f-2a6ec7a4c7b7 which can be used as unique global reference for Group-IB Lynx Ransomware January 28 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-31T00:00:00Z |
| date_published | 2025-01-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cat’s out of the bag: Lynx Ransomware-as-a-Service |
Wikimedia Foundation Inc. May 3 2003
Wikimedia Foundation Inc.. (2003, May 3). cat (Unix) - Wikipedia. Retrieved December 19, 2024.
Internal MISP references
UUID fc7bbaac-b10a-4cc2-aa69-cc717b91aa44 which can be used as unique global reference for Wikimedia Foundation Inc. May 3 2003 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2003-05-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | cat (Unix) - Wikipedia |
Telephone Attack Delivery
Selena Larson, Sam Scholten, Timothy Kromphardt. (2021, November 4). Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery. Retrieved January 5, 2022.
Internal MISP references
UUID 9670da7b-0600-4072-9ecc-65a918b89ac5 which can be used as unique global reference for Telephone Attack Delivery in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-05T00:00:00Z |
| date_published | 2021-11-04T00:00:00Z |
| source | MITRE |
| title | Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery |
Tetra Defense Sodinokibi March 2020
Tetra Defense. (2020, March). CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS. Retrieved November 17, 2024.
Internal MISP references
UUID a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50 which can be used as unique global reference for Tetra Defense Sodinokibi March 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2020-03-01T00:00:00Z |
| source | MITRE |
| title | CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS |
CarbonBlack RobbinHood May 2019
Lee, S. (2019, May 17). CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption. Retrieved July 29, 2019.
Internal MISP references
UUID cb9e49fa-253a-447a-9c88-c6e507bae0bb which can be used as unique global reference for CarbonBlack RobbinHood May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-29T00:00:00Z |
| date_published | 2019-05-17T00:00:00Z |
| source | MITRE |
| title | CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption |
Talos CCleanup 2017
Brumaghin, E. et al. (2017, September 18). CCleanup: A Vast Number of Machines at Risk. Retrieved March 9, 2018.
Internal MISP references
UUID f2522cf4-dc65-4dc5-87e3-9e88212fcfe9 which can be used as unique global reference for Talos CCleanup 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-09T00:00:00Z |
| date_published | 2017-09-18T00:00:00Z |
| source | MITRE |
| title | CCleanup: A Vast Number of Machines at Risk |
Cdb.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cdb.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e61b035f-6247-47e3-918c-2892815dfddf which can be used as unique global reference for Cdb.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cdb.exe |
Slowik Sandworm 2021
Joseph Slowik, DomainTools. (2021, March 3). Centreon to Exim and Back: On the Trail of Sandworm. Retrieved April 6, 2024.
Internal MISP references
UUID e1753588-bc53-5265-935e-cbbaf3e13a82 which can be used as unique global reference for Slowik Sandworm 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-06T00:00:00Z |
| date_published | 2021-03-03T00:00:00Z |
| source | MITRE |
| title | Centreon to Exim and Back: On the Trail of Sandworm |
ESET PLEAD Malware July 2018
Cherepanov, A.. (2018, July 9). Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign. Retrieved May 6, 2020.
Internal MISP references
UUID 2c28640d-e4ee-47db-a8f1-b34def7d2e9a which can be used as unique global reference for ESET PLEAD Malware July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-06T00:00:00Z |
| date_published | 2018-07-09T00:00:00Z |
| source | MITRE |
| title | Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign |
Medium Certified Pre Owned
Schroeder, W. (2021, June 17). Certified Pre-Owned. Retrieved August 2, 2022.
Internal MISP references
UUID 04e53c69-3f29-4bb4-83c9-ff3a2db1526b which can be used as unique global reference for Medium Certified Pre Owned in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2021-06-17T00:00:00Z |
| source | MITRE |
| title | Certified Pre-Owned |
SpecterOps Certified Pre Owned
Schroeder, W. & Christensen, L. (2021, June 22). Certified Pre-Owned - Abusing Active Directory Certificate Services. Retrieved August 2, 2022.
Internal MISP references
UUID 73b6a6a6-c2b8-4aed-9cbc-d3bdcbb97698 which can be used as unique global reference for SpecterOps Certified Pre Owned in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2021-06-22T00:00:00Z |
| source | MITRE |
| title | Certified Pre-Owned - Abusing Active Directory Certificate Services |
GitHub Certify
HarmJ0y et al. (2021, June 9). Certify. Retrieved August 4, 2022.
Internal MISP references
UUID 27fce38b-07d6-43ed-a3da-174458c4acbe which can be used as unique global reference for GitHub Certify in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-04T00:00:00Z |
| date_published | 2021-06-09T00:00:00Z |
| source | MITRE |
| title | Certify |
CertOC.exe - LOLBAS Project
LOLBAS. (2021, October 7). CertOC.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b906498e-2773-419b-8c6d-3e974925ac18 which can be used as unique global reference for CertOC.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-10-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CertOC.exe |
CertReq.exe - LOLBAS Project
LOLBAS. (2020, July 7). CertReq.exe. Retrieved December 4, 2023.
Internal MISP references
UUID be446484-8ecc-486e-8940-658c147f6978 which can be used as unique global reference for CertReq.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-07-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CertReq.exe |
GitHub CertStealer
TheWover. (2021, April 21). CertStealer. Retrieved August 2, 2022.
Internal MISP references
UUID da06ce8f-f950-4ae8-a62a-b59b236e91a3 which can be used as unique global reference for GitHub CertStealer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2021-04-21T00:00:00Z |
| source | MITRE |
| title | CertStealer |
TechNet Certutil
Microsoft. (2012, November 14). Certutil. Retrieved July 3, 2017.
Internal MISP references
UUID 8d095aeb-c72c-49c1-8482-dbf4ce9203ce which can be used as unique global reference for TechNet Certutil in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2012-11-14T00:00:00Z |
| source | MITRE |
| title | Certutil |
LOLBAS Certutil
LOLBAS. (n.d.). Certutil.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 4c875710-9b5d-47b5-bc9e-69ef95797c8f which can be used as unique global reference for LOLBAS Certutil in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Certutil.exe |
FireEye CFR Watering Hole 2012
Kindlund, D. (2012, December 30). CFR Watering Hole Attack Details. Retrieved November 17, 2024.
Internal MISP references
UUID 6108ab77-e4fd-43f2-9d49-8ce9c219ca9c which can be used as unique global reference for FireEye CFR Watering Hole 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2012-12-30T00:00:00Z |
| source | MITRE |
| title | CFR Watering Hole Attack Details |
Twitter Cglyer Status Update APT3 eml
Glyer, C. (2018, April 14). @cglyer Status Update. Retrieved September 12, 2024.
Internal MISP references
UUID cfcb0839-0736-489f-9779-72e5c96cce3d which can be used as unique global reference for Twitter Cglyer Status Update APT3 eml in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2018-04-14T00:00:00Z |
| source | MITRE |
| title | @cglyer Status Update |
Cybereason Chaes Nov 2020
Salem, E. (2020, November 17). CHAES: Novel Malware Targeting Latin American E-Commerce. Retrieved June 30, 2021.
Internal MISP references
UUID aaefa162-82a8-4b6d-b7be-fd31fafd9246 which can be used as unique global reference for Cybereason Chaes Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-30T00:00:00Z |
| date_published | 2020-11-17T00:00:00Z |
| source | MITRE |
| title | CHAES: Novel Malware Targeting Latin American E-Commerce |
Symantec Chafer February 2018
Symantec. (2018, February 28). Chafer: Latest Attacks Reveal Heightened Ambitions. Retrieved May 22, 2020.
Internal MISP references
UUID 3daaa402-5477-4868-b8f1-a2f6e38f04ef which can be used as unique global reference for Symantec Chafer February 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-22T00:00:00Z |
| date_published | 2018-02-28T00:00:00Z |
| source | MITRE |
| title | Chafer: Latest Attacks Reveal Heightened Ambitions |
Securelist Remexi Jan 2019
Legezo, D. (2019, January 30). Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities. Retrieved April 17, 2019.
Internal MISP references
UUID 07dfd8e7-4e51-4c6e-a4f6-aaeb74ff8845 which can be used as unique global reference for Securelist Remexi Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2019-01-30T00:00:00Z |
| source | MITRE |
| title | Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities |
change_rdp_port_conti
The DFIR Report. (2022, March 1). "Change RDP port" #ContiLeaks. Retrieved September 12, 2024.
Internal MISP references
UUID c0deb077-6c26-52f1-9e7c-d1fb535a02a0 which can be used as unique global reference for change_rdp_port_conti in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | "Change RDP port" #ContiLeaks |
Microsoft Change Normal Template
Microsoft. (n.d.). Change the Normal template (Normal.dotm). Retrieved July 3, 2017.
Internal MISP references
UUID 76bf3ce1-b94c-4b3d-9707-aca8a1ae5555 which can be used as unique global reference for Microsoft Change Normal Template in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| source | MITRE |
| title | Change the Normal template (Normal.dotm) |
Microsoft Change Default Programs
Microsoft. (n.d.). Change which programs Windows 7 uses by default. Retrieved July 26, 2016.
Internal MISP references
UUID de515277-a280-40e5-ba34-3e8f16a5c703 which can be used as unique global reference for Microsoft Change Default Programs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-26T00:00:00Z |
| source | MITRE |
| title | Change which programs Windows 7 uses by default |
Chaos Stolen Backdoor
Sebastian Feldmann. (2018, February 14). Chaos: a Stolen Backdoor Rising Again. Retrieved March 5, 2018.
Internal MISP references
UUID 8e6916c1-f102-4b54-b6a5-a58fed825c2e which can be used as unique global reference for Chaos Stolen Backdoor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-05T00:00:00Z |
| date_published | 2018-02-14T00:00:00Z |
| source | MITRE |
| title | Chaos: a Stolen Backdoor Rising Again |
Wardle Persistence Chapter
Patrick Wardle. (n.d.). Chapter 0x2: Persistence. Retrieved April 13, 2022.
Internal MISP references
UUID 6272b9a2-d704-43f3-9e25-6c434bb5d1ef which can be used as unique global reference for Wardle Persistence Chapter in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-13T00:00:00Z |
| source | MITRE |
| title | Chapter 0x2: Persistence |
cisco_deploy_rsa_keys
Cisco. (2023, February 17). Chapter: Deploying RSA Keys Within a PKI . Retrieved March 27, 2023.
Internal MISP references
UUID 132f387e-4ee3-51d3-a3b6-d61102ada152 which can be used as unique global reference for cisco_deploy_rsa_keys in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-27T00:00:00Z |
| date_published | 2023-02-17T00:00:00Z |
| source | MITRE |
| title | Chapter: Deploying RSA Keys Within a PKI |
Wikipedia Character Encoding
Wikipedia. (2017, February 19). Character Encoding. Retrieved March 1, 2017.
Internal MISP references
UUID 3e7df20f-5d11-4102-851f-04e89c25d12f which can be used as unique global reference for Wikipedia Character Encoding in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2017-02-19T00:00:00Z |
| source | MITRE |
| title | Character Encoding |
DOJ GRU Charges 2018
U.S. Department of Justice. (2018, October 4). U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations. Retrieved February 25, 2025.
Internal MISP references
UUID f97fd2f0-d265-5351-be6e-184611ac0025 which can be used as unique global reference for DOJ GRU Charges 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-25T00:00:00Z |
| source | MITRE |
| title | Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations |
Charles Carmakal LinkedIn December 19 2024
Charles Carmakal. (2024, December 19). Charles Carmakal LinkedIn December 19 2024. Retrieved December 23, 2024.
Internal MISP references
UUID ef19ad33-816a-422d-a3c9-b41048e65582 which can be used as unique global reference for Charles Carmakal LinkedIn December 19 2024 in MISP communities and other software using the MISP galaxy
External references
activity:7275175889959542784/Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-23T00:00:00Z |
| date_published | 2024-12-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Charles Carmakal LinkedIn December 19 2024 |
ClearSky Charming Kitten Dec 2017
ClearSky Cyber Security. (2017, December). Charming Kitten. Retrieved December 27, 2017.
Internal MISP references
UUID 23ab1ad2-e9d4-416a-926f-6220a59044ab which can be used as unique global reference for ClearSky Charming Kitten Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-27T00:00:00Z |
| date_published | 2017-12-01T00:00:00Z |
| source | MITRE |
| title | Charming Kitten |
Certfa Charming Kitten January 2021
Certfa Labs. (2021, January 8). Charming Kitten’s Christmas Gift. Retrieved May 3, 2021.
Internal MISP references
UUID c38a8af6-3f9b-40c3-8122-a2a51eb50664 which can be used as unique global reference for Certfa Charming Kitten January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-03T00:00:00Z |
| date_published | 2021-01-08T00:00:00Z |
| source | MITRE |
| title | Charming Kitten’s Christmas Gift |
Proofpoint TA2541 February 2022
Larson, S. and Wise, J. (2022, February 15). Charting TA2541's Flight. Retrieved September 12, 2023.
Internal MISP references
UUID db0b1425-8bd7-51b5-bae3-53c5ccccb8da which can be used as unique global reference for Proofpoint TA2541 February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-12T00:00:00Z |
| date_published | 2022-02-15T00:00:00Z |
| source | MITRE |
| title | Charting TA2541's Flight |
JPCERT ChChes Feb 2017
Nakamura, Y.. (2017, February 17). ChChes - Malware that Communicates with C&C Servers Using Cookie Headers. Retrieved November 17, 2024.
Internal MISP references
UUID 657b43aa-ead2-41d3-911a-d714d9b28e19 which can be used as unique global reference for JPCERT ChChes Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2017-02-17T00:00:00Z |
| source | MITRE |
| title | ChChes - Malware that Communicates with C&C Servers Using Cookie Headers |
Check Point Iranian Proxies December 4 2023
Check Point Research. (2023, December 4). Check Point Research Report: Iranian Hacktivist Proxies Escalate Activities Beyond Israel. Retrieved August 8, 2024.
Internal MISP references
UUID 60432d84-8f46-4934-951f-df8e0f297ff0 which can be used as unique global reference for Check Point Iranian Proxies December 4 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-08T00:00:00Z |
| date_published | 2023-12-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Check Point Research Report: Iranian Hacktivist Proxies Escalate Activities Beyond Israel |
EclecticLightChecksonEXECodeSigning
Howard Oakley. (2020, November 16). Checks on executable code in Catalina and Big Sur: a first draft. Retrieved September 21, 2022.
Internal MISP references
UUID 2885db46-4f8c-4c35-901c-7641c7701293 which can be used as unique global reference for EclecticLightChecksonEXECodeSigning in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-21T00:00:00Z |
| date_published | 2020-11-16T00:00:00Z |
| source | MITRE |
| title | Checks on executable code in Catalina and Big Sur: a first draft |
Mandiant Pulse Secure Zero-Day April 2021
Perez, D. et al. (2021, April 20). Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day. Retrieved February 5, 2024.
Internal MISP references
UUID 0760480c-97be-5fc9-a6aa-f1df91a314a3 which can be used as unique global reference for Mandiant Pulse Secure Zero-Day April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-05T00:00:00Z |
| date_published | 2021-04-20T00:00:00Z |
| source | MITRE |
| title | Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day |
Anomali MUSTANG PANDA October 2019
Anomali Threat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021.
Internal MISP references
UUID 70277fa4-60a8-475e-993a-c74241b76127 which can be used as unique global reference for Anomali MUSTANG PANDA October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-12T00:00:00Z |
| date_published | 2019-10-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations |
FireEye admin@338
FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.
Internal MISP references
UUID f3470275-9652-440e-914d-ad4fc5165413 which can be used as unique global reference for FireEye admin@338 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-04T00:00:00Z |
| date_published | 2015-12-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets |
IronNet BlackTech Oct 2021
Demboski, M., et al. (2021, October 26). China cyber attacks: the current threat landscape. Retrieved March 25, 2022.
Internal MISP references
UUID 98b2d114-4246-409d-934a-238682fd5ae6 which can be used as unique global reference for IronNet BlackTech Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2021-10-26T00:00:00Z |
| source | MITRE |
| title | China cyber attacks: the current threat landscape |
RecordedFuture RedEcho 2021
Recorded Future Insikt Group. (2021, February). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved November 21, 2024.
Internal MISP references
UUID 644fa2c1-ed3e-5203-96d5-27acfc1947a0 which can be used as unique global reference for RecordedFuture RedEcho 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-21T00:00:00Z |
| date_published | 2021-02-01T00:00:00Z |
| source | MITRE |
| title | China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions |
Recorded Future RedEcho Feb 2021
Insikt Group. (2021, February 28). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved March 22, 2021.
Internal MISP references
UUID 6da7eb8a-aab4-41ea-a0b7-5313d88cbe91 which can be used as unique global reference for Recorded Future RedEcho Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-22T00:00:00Z |
| date_published | 2021-02-28T00:00:00Z |
| source | MITRE |
| title | China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions |
WSJ Salt Typhoon September 26 2024
Sarah Krouse, Robert McMillan, Dustin Volz. (2024, September 26). China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack. Retrieved October 24, 2024.
Internal MISP references
UUID 15b4c5c3-edf2-4f6b-b398-62767cfabf5a which can be used as unique global reference for WSJ Salt Typhoon September 26 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-24T00:00:00Z |
| date_published | 2024-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack |
EclecticIQ CVE-2025-31324 May 13 2025
Arda Büyükkaya. (2025, May 13). China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures. Retrieved June 2, 2025.
Internal MISP references
UUID 4773c05c-c463-4d4a-aeae-c20836ccc35f which can be used as unique global reference for EclecticIQ CVE-2025-31324 May 13 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-02T00:00:00Z |
| date_published | 2025-05-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures |
Sygnia VelvetAnt 2024A
Sygnia Team. (2024, June 3). China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence. Retrieved March 14, 2025.
Internal MISP references
UUID daa0360d-8a50-5256-8c95-cf68a3e7bb90 which can be used as unique global reference for Sygnia VelvetAnt 2024A in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-14T00:00:00Z |
| date_published | 2024-06-03T00:00:00Z |
| source | MITRE |
| title | China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence |
Sygnia VelvetAnt 2024B
Sygnia Team. (2024, July 1). China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices – Advisory for Mitigation and Response. Retrieved March 14, 2025.
Internal MISP references
UUID f4a036fd-4adf-564f-a401-5e5fc2866364 which can be used as unique global reference for Sygnia VelvetAnt 2024B in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-14T00:00:00Z |
| date_published | 2024-07-01T00:00:00Z |
| source | MITRE |
| title | China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices – Advisory for Mitigation and Response |
Sygnia Velvet Ant June 17 2024
Sygnia Team. (2024, June 17). China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence. Retrieved June 20, 2024.
Internal MISP references
UUID 5c313af4-61a8-449d-a6c7-f7ead6c72e19 which can be used as unique global reference for Sygnia Velvet Ant June 17 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-20T00:00:00Z |
| date_published | 2024-06-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence |
Sygnia Velvet Ant July 1 2024
Sygnia. (2024, July 1). China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices. Retrieved July 3, 2024.
Internal MISP references
UUID a0cfeeb6-4617-4dea-80d2-290eaf2bcf5b which can be used as unique global reference for Sygnia Velvet Ant July 1 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-03T00:00:00Z |
| date_published | 2024-07-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices |
EFF China GitHub Attack
Budington, B. (2015, April 2). China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack. Retrieved September 1, 2023.
Internal MISP references
UUID b8405628-6366-5cc9-a9af-b97d5c9176dd which can be used as unique global reference for EFF China GitHub Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-01T00:00:00Z |
| date_published | 2015-04-02T00:00:00Z |
| source | MITRE |
| title | China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack |
PaloAlto 3102 Sept 2015
Falcone, R. & Miller-Osborn, J. (2015, September 23). Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media. Retrieved March 19, 2018.
Internal MISP references
UUID db340043-43a7-4b16-a570-92a0d879b2bf which can be used as unique global reference for PaloAlto 3102 Sept 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2015-09-23T00:00:00Z |
| source | MITRE |
| title | Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media |
Unit 42 September 6 2024
Tom Fakterman. (2024, September 6). Chinese APT Abuses VSCode to Target Government in Asia. Retrieved September 6, 2024.
Internal MISP references
UUID 0e5e4e62-a242-4299-ae88-346aef200858 which can be used as unique global reference for Unit 42 September 6 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-06T00:00:00Z |
| date_published | 2024-09-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Chinese APT Abuses VSCode to Target Government in Asia |
Unit42 Chinese VSCode 06 September 2024
Tom Fakterman. (2024, September 6). Chinese APT Abuses VSCode to Target Government in Asia. Retrieved March 24, 2025.
Internal MISP references
UUID 2157f860-0a64-50a1-b368-be96d5228bf3 which can be used as unique global reference for Unit42 Chinese VSCode 06 September 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-24T00:00:00Z |
| date_published | 2024-09-06T00:00:00Z |
| source | MITRE |
| title | Chinese APT Abuses VSCode to Target Government in Asia |
ZScaler Hacking Team
Desai, D.. (2015, August 14). Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm. Retrieved January 26, 2016.
Internal MISP references
UUID 83e6ab22-1f01-4c9b-90e5-0279af487805 which can be used as unique global reference for ZScaler Hacking Team in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-26T00:00:00Z |
| date_published | 2015-08-14T00:00:00Z |
| source | MITRE |
| title | Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm |
Hacker News LuckyMouse June 2018
Khandelwal, S. (2018, June 14). Chinese Hackers Carried Out Country-Level Watering Hole Attack. Retrieved August 18, 2018.
Internal MISP references
UUID de78446a-cb46-4422-820b-9ddf07557b1a which can be used as unique global reference for Hacker News LuckyMouse June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-18T00:00:00Z |
| date_published | 2018-06-14T00:00:00Z |
| source | MITRE |
| title | Chinese Hackers Carried Out Country-Level Watering Hole Attack |
The Hacker News Velvet Ant Cisco July 2 2024
Newsroom. (2024, July 2). Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware. Retrieved July 3, 2024.
Internal MISP references
UUID e3949201-c949-4126-9e02-34bfad4713c0 which can be used as unique global reference for The Hacker News Velvet Ant Cisco July 2 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-03T00:00:00Z |
| date_published | 2024-07-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware |
BleepingComputer Mustang Panda September 9 2024
Bill Toulas. (2024, September 9). Chinese hackers use new data theft malware in govt attacks. Retrieved September 13, 2024.
Internal MISP references
UUID 40774c9c-daca-4ea0-a504-ca73b11e4f29 which can be used as unique global reference for BleepingComputer Mustang Panda September 9 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-13T00:00:00Z |
| date_published | 2024-09-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Chinese hackers use new data theft malware in govt attacks |
The Record APT31 Router Hacks
Catalin Cimpanu. (2021, July 20). Chinese hacking group APT31 uses mesh of home routers to disguise attacks. Retrieved April 25, 2024.
Internal MISP references
UUID 41fc3724-85a0-4ad0-9494-47f89f3b079b which can be used as unique global reference for The Record APT31 Router Hacks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-25T00:00:00Z |
| date_published | 2021-07-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Chinese hacking group APT31 uses mesh of home routers to disguise attacks |
ORB APT31
Cimpanu, Catalin. (2021, July 20). Chinese hacking group APT31 uses mesh of home routers to disguise attacks. Retrieved July 8, 2024.
Internal MISP references
UUID 67b5e2ef-21cc-52f6-95c9-88a8cdcbe74e which can be used as unique global reference for ORB APT31 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-08T00:00:00Z |
| date_published | 2021-07-20T00:00:00Z |
| source | MITRE |
| title | Chinese hacking group APT31 uses mesh of home routers to disguise attacks |
Dark Reading Codoso Feb 2015
Chickowski, E. (2015, February 10). Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole. Retrieved September 13, 2018.
Internal MISP references
UUID c24035b1-2021-44ae-b01e-651e44526737 which can be used as unique global reference for Dark Reading Codoso Feb 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-13T00:00:00Z |
| date_published | 2015-02-10T00:00:00Z |
| source | MITRE |
| title | Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole |
DarkReading Treasury Breach December 30 2024
Becky Bracken. (2024, December 30). Chinese State Hackers Breach US Treasury Department. Retrieved January 6, 2024.
Internal MISP references
UUID 9ef5e50a-4680-4177-a4aa-b06f5f76c75d which can be used as unique global reference for DarkReading Treasury Breach December 30 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-06T00:00:00Z |
| date_published | 2024-12-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Chinese State Hackers Breach US Treasury Department |
Recorded Future TAG-22 July 2021
INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 16, 2024.
Internal MISP references
UUID 258433e7-f829-4365-adbb-c5690159070f which can be used as unique global reference for Recorded Future TAG-22 July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-16T00:00:00Z |
| date_published | 2021-07-08T00:00:00Z |
| source | MITRE |
| title | Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling |
Recorded Future Chinese Activity in Southeast Asia December 2021
Insikt Group. (2021, December 8). Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia. Retrieved September 19, 2022.
Internal MISP references
UUID 0809db3b-81a8-475d-920a-cb913b30f42e which can be used as unique global reference for Recorded Future Chinese Activity in Southeast Asia December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-19T00:00:00Z |
| date_published | 2021-12-08T00:00:00Z |
| source | MITRE |
| title | Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia |
Recorded Future REDDELTA July 2020
Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retrieved April 13, 2021.
Internal MISP references
UUID e2bc037e-d483-4670-8281-70e51b16effe which can be used as unique global reference for Recorded Future REDDELTA July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2020-07-28T00:00:00Z |
| source | MITRE |
| title | CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS |
Recorded Future RedDelta 2025
Insikt Group. (2025, January 9). Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain. Retrieved January 14, 2025.
Internal MISP references
UUID 47419c14-1c84-5c6a-9feb-b0e98948fd61 which can be used as unique global reference for Recorded Future RedDelta 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-14T00:00:00Z |
| date_published | 2025-01-09T00:00:00Z |
| source | MITRE |
| title | Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain |
Recorded Future RedDelta January 9 2025
Insikt Group. (2025, January 9). Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain. Retrieved January 10, 2025.
Internal MISP references
UUID bd7ef51c-47e1-4322-98fd-5c5a475a0605 which can be used as unique global reference for Recorded Future RedDelta January 9 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-10T00:00:00Z |
| date_published | 2025-01-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain |
Microsoft Storm-0940 October 31 2024
Microsoft Threat Intelligence. (2024, October 31). Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network. Retrieved January 27, 2025.
Internal MISP references
UUID 09651ef7-0052-4ba0-b369-7990de978485 which can be used as unique global reference for Microsoft Storm-0940 October 31 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-27T00:00:00Z |
| date_published | 2024-10-31T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network |
Github CHIPSEC
Intel. (2017, March 18). CHIPSEC Platform Security Assessment Framework. Retrieved March 20, 2017.
Internal MISP references
UUID 47501334-56cb-453b-a9e3-33990d88018b which can be used as unique global reference for Github CHIPSEC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-20T00:00:00Z |
| date_published | 2017-03-18T00:00:00Z |
| source | MITRE |
| title | CHIPSEC Platform Security Assessment Framework |
McAfee CHIPSEC Blog
Beek, C., Samani, R. (2017, March 8). CHIPSEC Support Against Vault 7 Disclosure Scanning. Retrieved March 13, 2017.
Internal MISP references
UUID b65ed687-c279-4f64-9dd2-839164cd269c which can be used as unique global reference for McAfee CHIPSEC Blog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-13T00:00:00Z |
| date_published | 2017-03-08T00:00:00Z |
| source | MITRE |
| title | CHIPSEC Support Against Vault 7 Disclosure Scanning |
Chkrootkit Main
Murilo, N., Steding-Jessen, K. (2017, August 23). Chkrootkit. Retrieved April 9, 2018.
Internal MISP references
UUID 828fb4b9-17a6-4a87-ac2a-631643adb18d which can be used as unique global reference for Chkrootkit Main in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2017-08-23T00:00:00Z |
| source | MITRE |
| title | Chkrootkit |
Wikimedia Foundation Inc. April 27 2002
Wikimedia Foundation Inc.. (2002, April 27). chmod - Wikipedia. Retrieved December 19, 2024.
Internal MISP references
UUID 0f41244c-ff31-4401-954b-701bfddae458 which can be used as unique global reference for Wikimedia Foundation Inc. April 27 2002 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2002-04-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | chmod - Wikipedia |
Azure AD Hybrid Identity
Microsoft. (2022, August 26). Choose the right authentication method for your Azure Active Directory hybrid identity solution. Retrieved September 28, 2022.
Internal MISP references
UUID b019406c-6e39-41a2-a8b4-97f8d6482147 which can be used as unique global reference for Azure AD Hybrid Identity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2022-08-26T00:00:00Z |
| source | MITRE |
| title | Choose the right authentication method for your Azure Active Directory hybrid identity solution |
Red Canary May 25 2022
Aedan Russell. (2022, May 25). ChromeLoader a pushy malvertiser. Retrieved September 26, 2024.
Internal MISP references
UUID bffc87ac-e51b-47e3-8a9f-547e762e95c2 which can be used as unique global reference for Red Canary May 25 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-26T00:00:00Z |
| date_published | 2022-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ChromeLoader a pushy malvertiser |
Chrome Remote Desktop
Huntress. (n.d.). Retrieved March 14, 2024.
Internal MISP references
UUID c1b2d0e9-2396-5080-aea3-58a99c027d20 which can be used as unique global reference for Chrome Remote Desktop in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-14T00:00:00Z |
| source | MITRE |
| title | Chrome Remote Desktop |
Truesec AB August 30 2024
Simon Hertzberg. (2024, August 30). Cicada 3301 - Ransomware-as-a-Service - Technical Analysis. Retrieved September 4, 2024.
Internal MISP references
UUID de2de0a9-17d2-41c2-838b-7850762b80ae which can be used as unique global reference for Truesec AB August 30 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-04T00:00:00Z |
| date_published | 2024-08-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cicada 3301 - Ransomware-as-a-Service - Technical Analysis |
Cipher.exe - LOLBAS Project
LOLBAS. (2024, November 22). Cipher.exe. Retrieved May 19, 2025.
Internal MISP references
UUID 3c8f87b6-655c-4e3b-ab0b-f626aac2afad which can be used as unique global reference for Cipher.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-19T00:00:00Z |
| date_published | 2024-11-22T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cipher.exe |
cipher.exe
Microsoft Support. (n.d.). Cipher.exe Security Tool for the Encrypting File System. Retrieved February 25, 2025.
Internal MISP references
UUID 14ca40cd-e672-5385-9f0d-0a68531f428b which can be used as unique global reference for cipher.exe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-25T00:00:00Z |
| source | MITRE |
| title | Cipher.exe Security Tool for the Encrypting File System |
BleepingComputer Void Banshee September 16 2024
Sergiu Gatlan. (2024, September 20). CISA warns of Windows flaw used in infostealer malware attacks. Retrieved September 19, 2024.
Internal MISP references
UUID 2c9a2355-02c5-4718-ad6e-b2fac9ad4096 which can be used as unique global reference for BleepingComputer Void Banshee September 16 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-19T00:00:00Z |
| date_published | 2024-09-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CISA warns of Windows flaw used in infostealer malware attacks |
show_ssh_users_cmd_cisco
Cisco. (2023, March 7). Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.
Internal MISP references
UUID 11d34884-4559-57ad-8910-54e517c6493e which can be used as unique global reference for show_ssh_users_cmd_cisco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2023-03-07T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Security Command Reference: Commands S to Z |
Cisco IOS Shellcode
George Nosenko. (2015). CISCO IOS SHELLCODE: ALL-IN-ONE. Retrieved October 21, 2020.
Internal MISP references
UUID 55a45f9b-7be4-4f1b-8b19-a0addf9da8d8 which can be used as unique global reference for Cisco IOS Shellcode in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | CISCO IOS SHELLCODE: ALL-IN-ONE |
Cisco IOS Software Integrity Assurance - AAA
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - AAA. Retrieved October 19, 2020.
Internal MISP references
UUID 2d1b5021-91ad-43c9-8527-4978fa779168 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - AAA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - AAA |
Cisco IOS Software Integrity Assurance - Boot Information
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Boot Information. Retrieved October 21, 2020.
Internal MISP references
UUID 5349863a-00c1-42bf-beac-4e7d053d6311 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Boot Information in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Boot Information |
Cisco IOS Software Integrity Assurance - Change Control
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Change Control. Retrieved October 21, 2020.
Internal MISP references
UUID 8fb532f2-c730-4b86-b8d2-2314ce559289 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Change Control in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Change Control |
Cisco IOS Software Integrity Assurance - Image File Verification
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification. Retrieved October 19, 2020.
Internal MISP references
UUID f1d736cb-63c1-43e8-a83b-ed86b7c27606 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Image File Verification in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification |
Cisco IOS Software Integrity Assurance - Run-Time Memory Verification
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification. Retrieved October 19, 2020.
Internal MISP references
UUID 284608ea-3769-470e-950b-cbd67796b20f which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Run-Time Memory Verification in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification |
Cisco IOS Software Integrity Assurance - Command History
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Command History. Retrieved October 21, 2020.
Internal MISP references
UUID dbca06dd-1184-4d52-9ee8-b059e368033c which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Command History in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Command History |
Cisco IOS Software Integrity Assurance - Credentials Management
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Credentials Management. Retrieved October 19, 2020.
Internal MISP references
UUID 9a7428e3-bd77-4c3e-ac90-c4e30d504ba6 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Credentials Management in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Credentials Management |
Cisco IOS Software Integrity Assurance - Deploy Signed IOS
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Deploy Signed IOS. Retrieved October 21, 2020.
Internal MISP references
UUID 71ea5591-6e46-4c58-a4e8-c629eba1b6c5 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Deploy Signed IOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Deploy Signed IOS |
Cisco IOS Software Integrity Assurance - Image File Integrity
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Image File Integrity. Retrieved October 21, 2020.
Internal MISP references
UUID 90909bd4-15e8-48ee-8067-69f04736c583 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Image File Integrity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Image File Integrity |
Cisco IOS Software Integrity Assurance - Secure Boot
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Secure Boot. Retrieved October 19, 2020.
Internal MISP references
UUID 4f6f686e-bcda-480a-88a1-ad7b00084c13 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Secure Boot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Secure Boot |
Cisco IOS Software Integrity Assurance - TACACS
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - TACACS. Retrieved October 19, 2020.
Internal MISP references
UUID 54506dc2-6496-4edb-a5bf-fe64bf235ac0 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - TACACS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - TACACS |
Cisco Traffic Mirroring
Cisco. (n.d.). Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x. Retrieved October 19, 2020.
Internal MISP references
UUID 1a5c86ad-d3b1-408b-a6b4-14ca0e572020 which can be used as unique global reference for Cisco Traffic Mirroring in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x |
Talos - Cisco Attack 2022
Nick Biasini. (2022, August 10). Cisco Talos shares insights related to recent cyber attack on Cisco. Retrieved March 9, 2023.
Internal MISP references
UUID 143182ad-6a16-5a0d-a5c4-7dae721a9e26 which can be used as unique global reference for Talos - Cisco Attack 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-09T00:00:00Z |
| date_published | 2022-08-10T00:00:00Z |
| source | MITRE |
| title | Cisco Talos shares insights related to recent cyber attack on Cisco |
Citrix Bulletin CVE-2023-3519
Citrix. (2023, July 18). Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467. Retrieved July 24, 2023.
Internal MISP references
UUID 245ef1b7-778d-4df2-99a9-b51c95c57580 which can be used as unique global reference for Citrix Bulletin CVE-2023-3519 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-24T00:00:00Z |
| date_published | 2023-07-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 |
Malwarebytes Citrix Bleed November 24 2023
Pieter Arntz. (2023, November 24). Citrix Bleed widely exploited, warn government agencies. Retrieved November 30, 2023.
Internal MISP references
UUID fdc86cea-0015-48d1-934f-b22244de6306 which can be used as unique global reference for Malwarebytes Citrix Bleed November 24 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-30T00:00:00Z |
| date_published | 2023-11-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Citrix Bleed widely exploited, warn government agencies |
Cyble April 28 2023
Cybleinc. (2023, April 28). Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo. Retrieved May 7, 2023.
Internal MISP references
UUID 2d6bea2c-cc19-4ff7-873f-151f1ff354cb which can be used as unique global reference for Cyble April 28 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2023-04-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo |
Cyble April 03 2023
Cybleinc. (2023, April 3). Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide. Retrieved May 25, 2023.
Internal MISP references
UUID 8c7815c4-ed8d-47c3-84af-b7cdabd49652 which can be used as unique global reference for Cyble April 03 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-25T00:00:00Z |
| date_published | 2023-04-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide |
Talent-Jump Clambling February 2020
Chen, T. and Chen, Z. (2020, February 17). CLAMBLING - A New Backdoor Base On Dropbox. Retrieved November 12, 2021.
Internal MISP references
UUID 51144a8a-0cd4-4d5d-826b-21c2dc8422be which can be used as unique global reference for Talent-Jump Clambling February 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-12T00:00:00Z |
| date_published | 2020-02-17T00:00:00Z |
| source | MITRE |
| title | CLAMBLING - A New Backdoor Base On Dropbox |
FireEye Clandestine Fox Part 2
Scott, M.. (2014, June 10). Clandestine Fox, Part Deux. Retrieved January 14, 2016.
Internal MISP references
UUID 82500741-984d-4039-8f53-b303845c2849 which can be used as unique global reference for FireEye Clandestine Fox Part 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2014-06-10T00:00:00Z |
| source | MITRE |
| title | Clandestine Fox, Part Deux |
Microsoft Clear-EventLog
Microsoft. (n.d.). Clear-EventLog. Retrieved July 2, 2018.
Internal MISP references
UUID 35944ff0-2bbd-4055-8e8a-cfff27241a8a which can be used as unique global reference for Microsoft Clear-EventLog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-02T00:00:00Z |
| source | MITRE |
| title | Clear-EventLog |
Clearing quarantine attribute
Rich Trouton. (2012, November 20). Clearing the quarantine extended attribute from downloaded applications. Retrieved July 5, 2017.
Internal MISP references
UUID 4115ab53-751c-4016-9151-a55eab7d6ddf which can be used as unique global reference for Clearing quarantine attribute in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2012-11-20T00:00:00Z |
| source | MITRE |
| title | Clearing the quarantine extended attribute from downloaded applications |
NPPSPY - Huntress
Dray Agha. (2022, August 16). Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY. Retrieved March 30, 2023.
Internal MISP references
UUID df1f7379-38c3-5ca9-8333-d684022c000c which can be used as unique global reference for NPPSPY - Huntress in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY |
Huntress NPPSPY 2022
Dray Agha. (2022, August 16). Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY. Retrieved May 17, 2024.
Internal MISP references
UUID 833c22ac-4f65-521a-9eda-8d22e255577e which can be used as unique global reference for Huntress NPPSPY 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-17T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY |
Binary Defense December 10 2024
John Dwyer. (2024, December 10). Cleo MFT Mass Exploitation Payload Analysis . Retrieved December 13, 2024.
Internal MISP references
UUID 3fc33142-b596-46e9-b829-5c62734cdc3e which can be used as unique global reference for Binary Defense December 10 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-13T00:00:00Z |
| date_published | 2024-12-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cleo MFT Mass Exploitation Payload Analysis |
Arctic Wolf Networks December 12 2024
Stefan Hostetler; Julian Tuin; Aaron Diaz; Jon Grimm; Cole Bosma. (2024, December 12). Cleopatra's Shadow A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software - Arctic Wolf. Retrieved December 23, 2024.
Internal MISP references
UUID 7b450552-7407-4cf1-9bd8-7e04ca683d0f which can be used as unique global reference for Arctic Wolf Networks December 12 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-23T00:00:00Z |
| date_published | 2024-12-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cleopatra's Shadow A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software - Arctic Wolf |
Www.huntress.com December 1 2024
Team Huntress. (2024, December 1). Cleo Software Actively Being Exploited in the Wild CVE-2024-50623 . Retrieved December 11, 2024.
Internal MISP references
UUID 23f0739f-9245-4585-98c3-d0a89bb163a4 which can be used as unique global reference for Www.huntress.com December 1 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-11T00:00:00Z |
| date_published | 2024-12-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cleo Software Actively Being Exploited in the Wild CVE-2024-50623 |
Microsoft Learn ClickOnce and Authenticode
Microsoft. (2023, March 9). ClickOnce and Authenticode. Retrieved September 9, 2024.
Internal MISP references
UUID 5e5c02cf-02fe-591a-b597-778999ab31c4 which can be used as unique global reference for Microsoft Learn ClickOnce and Authenticode in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-09T00:00:00Z |
| date_published | 2023-03-09T00:00:00Z |
| source | MITRE |
| title | ClickOnce and Authenticode |
Burke/CISA ClickOnce BlackHat
William Joseph Burke III. (2019, August 7). CLICKONCE AND YOU’RE IN: When .appref-ms abuse is operating as intended. Retrieved September 9, 2024.
Internal MISP references
UUID 5a1b4ee9-1c22-5f12-9fd9-723cc0055f4b which can be used as unique global reference for Burke/CISA ClickOnce BlackHat in MISP communities and other software using the MISP galaxy
External references
- https://i.blackhat.com/USA-19/Wednesday/us-19-Burke-ClickOnce-And-Youre-In-When-Appref-Ms-Abuse-Is-Operating-As-Intended.pdf?_gl=116njas6_gcl_auNjAyMzkzMjc3LjE3MjQ4MDk4OTQ._gaMTk5OTA3ODkwMC4xNzI0ODA5ODk0_ga_K4JK67TFYV*MTcyNDgwOTg5NC4xLjEuMTcyNDgwOTk1Ny4wLjAuMA..&_ga=2.253743689.1512103758.1724809895-1999078900.1724809894 - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-09T00:00:00Z |
| date_published | 2019-08-07T00:00:00Z |
| source | MITRE |
| title | CLICKONCE AND YOU’RE IN: When .appref-ms abuse is operating as intended |
Microsoft Learn ClickOnce
Microsoft. (2023, September 14). ClickOnce security and deployment. Retrieved September 9, 2024.
Internal MISP references
UUID 2e91b430-81e7-54e1-8e8c-763f71146e0c which can be used as unique global reference for Microsoft Learn ClickOnce in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-09T00:00:00Z |
| date_published | 2023-09-14T00:00:00Z |
| source | MITRE |
| title | ClickOnce security and deployment |
NCC Group Everest Ransomware July 13 2022
Michael Mullen, Nikolaos Pantazopoulos. (2022, July 13). Climbing Mount Everest: Black-Byte Bytes Back?. Retrieved June 9, 2025.
Internal MISP references
UUID 33effb32-5c39-4bde-953d-12dc7be4db07 which can be used as unique global reference for NCC Group Everest Ransomware July 13 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-09T00:00:00Z |
| date_published | 2022-07-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Climbing Mount Everest: Black-Byte Bytes Back? |
CL_Invocation.ps1 - LOLBAS Project
LOLBAS. (2018, May 25). CL_Invocation.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID a53e093a-973c-491d-91e3-bc7804d87b8b which can be used as unique global reference for CL_Invocation.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CL_Invocation.ps1 |
clip_win_server
Microsoft, JasonGerend, et al. (2023, February 3). clip. Retrieved June 21, 2022.
Internal MISP references
UUID 8a961fa1-def0-5efe-8599-62e884d4ea22 which can be used as unique global reference for clip_win_server in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-21T00:00:00Z |
| date_published | 2023-02-03T00:00:00Z |
| source | MITRE |
| title | clip |
Red Canary Silver Sparrow Feb2021
Tony Lambert. (2021, February 18). Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight. Retrieved April 20, 2021.
Internal MISP references
UUID f08a856d-6c3e-49e2-b7ba-399831c637e5 which can be used as unique global reference for Red Canary Silver Sparrow Feb2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-20T00:00:00Z |
| date_published | 2021-02-18T00:00:00Z |
| source | MITRE |
| title | Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight |
CL_LoadAssembly.ps1 - LOLBAS Project
LOLBAS. (2021, September 26). CL_LoadAssembly.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 31a14027-1181-49b9-87bf-78a65a551312 which can be used as unique global reference for CL_LoadAssembly.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CL_LoadAssembly.ps1 |
CL_Mutexverifiers.ps1 - LOLBAS Project
LOLBAS. (2018, May 25). CL_Mutexverifiers.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 75b89502-21ed-4920-95cc-212eaf17f281 which can be used as unique global reference for CL_Mutexverifiers.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CL_Mutexverifiers.ps1 |
Google Cloud June 18 2024
Mandiant. (2024, June 18). Cloaked and Covert Uncovering UNC3886 Espionage Operations . Retrieved June 25, 2024.
Internal MISP references
UUID 6dcd59f6-135b-497a-a277-ddc6c77c53ee which can be used as unique global reference for Google Cloud June 18 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-25T00:00:00Z |
| date_published | 2024-06-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cloaked and Covert Uncovering UNC3886 Espionage Operations |
Google Cloud Mandiant UNC3886 2024
Punsaen Boonyakarn, Shawn Chew, Logeswaran Nadarajan, Mathew Potaczek, Jakub Jozwiak, and Alex Marvi. (2024, June 18). Cloaked and Covert: Uncovering UNC3886 Espionage Operations. Retrieved September 24, 2024.
Internal MISP references
UUID 77b32efe-b936-5541-b0fb-aa442a7d11b7 which can be used as unique global reference for Google Cloud Mandiant UNC3886 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-24T00:00:00Z |
| date_published | 2024-06-18T00:00:00Z |
| source | MITRE |
| title | Cloaked and Covert: Uncovering UNC3886 Espionage Operations |
Cybereason Clop Dec 2020
Cybereason Nocturnus. (2020, December 23). Cybereason vs. Clop Ransomware. Retrieved May 11, 2021.
Internal MISP references
UUID f54d682d-100e-41bb-96be-6a79ea422066 which can be used as unique global reference for Cybereason Clop Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-11T00:00:00Z |
| source | MITRE |
| title | Clop Ransomware |
Mcafee Clop Aug 2019
Mundo, A. (2019, August 1). Clop Ransomware. Retrieved May 10, 2021.
Internal MISP references
UUID 458141bd-7dd2-41fd-82e8-7ea2e4a477ab which can be used as unique global reference for Mcafee Clop Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-10T00:00:00Z |
| date_published | 2019-08-01T00:00:00Z |
| source | MITRE |
| title | Clop Ransomware |
Bleeping Computer Clop February 2023
Sergiu Gatlan. (2023, February 10). Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day. Retrieved May 8, 2023.
Internal MISP references
UUID ccfa7e78-1ee9-4d46-9f03-137eb12cf474 which can be used as unique global reference for Bleeping Computer Clop February 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-08T00:00:00Z |
| date_published | 2023-02-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day |
Kaspersky Cloud Atlas December 2014
GReAT. (2014, December 10). Cloud Atlas: RedOctober APT is back in style. Retrieved May 8, 2020.
Internal MISP references
UUID 41a9b3e3-0953-4bde-9e1d-c2f51de1120e which can be used as unique global reference for Kaspersky Cloud Atlas December 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-08T00:00:00Z |
| date_published | 2014-12-10T00:00:00Z |
| source | MITRE |
| title | Cloud Atlas: RedOctober APT is back in style |
Kandji 4 8 2024
Adam Kohler; Christopher Lopez. (2024, April 8). CloudChat Infostealer How It Works, What It Does. Retrieved April 19, 2024.
Internal MISP references
UUID f2e74613-f578-4408-bc76-144ec671808b which can be used as unique global reference for Kandji 4 8 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-19T00:00:00Z |
| date_published | 2024-04-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CloudChat Infostealer How It Works, What It Does |
Rhino Labs Cloud Backdoor September 2019
Rhino Labs. (2019, September). Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.
Internal MISP references
UUID ac31b781-dbe4-49c2-b7af-dfb23d435ce8 which can be used as unique global reference for Rhino Labs Cloud Backdoor September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| date_published | 2019-09-01T00:00:00Z |
| source | MITRE |
| title | Cloud Container Attack Tool (CCAT) |
Google Cloud Storage
Google. (n.d.). Cloud Storage. Retrieved October 13, 2021.
Internal MISP references
UUID 5fe51b4e-9b82-4e97-bb65-73708349538a which can be used as unique global reference for Google Cloud Storage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Cloud Storage |
Office 265 Azure Domain Availability
Microsoft. (2017, January 23). (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure. Retrieved May 27, 2022.
Internal MISP references
UUID dddf33ea-d074-4bc4-98d2-39b7e843e37d which can be used as unique global reference for Office 265 Azure Domain Availability in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2017-01-23T00:00:00Z |
| source | MITRE |
| title | (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure |
Datadog S3 Lifecycle CloudTrail Logs
Stratus Red Team. (n.d.). CloudTrail Logs Impairment Through S3 Lifecycle Rule. Retrieved September 25, 2024.
Internal MISP references
UUID 08efef52-40f6-5c76-a1b6-76ac1b7f423b which can be used as unique global reference for Datadog S3 Lifecycle CloudTrail Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-25T00:00:00Z |
| source | MITRE |
| title | CloudTrail Logs Impairment Through S3 Lifecycle Rule |
Mandiant Cloudy Logs 2023
Pany, D. & Hanley, C. (2023, May 3). Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations. Retrieved October 16, 2023.
Internal MISP references
UUID a9835fe9-8227-5310-a728-1d09f19342b3 which can be used as unique global reference for Mandiant Cloudy Logs 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-16T00:00:00Z |
| date_published | 2023-05-03T00:00:00Z |
| source | MITRE |
| title | Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations |
win_clsid_key
Microsoft. (2018, May 31). CLSID Key. Retrieved September 24, 2021.
Internal MISP references
UUID 239bb629-2733-4da3-87c2-47a7ab55433f which can be used as unique global reference for win_clsid_key in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-24T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | CLSID Key |
Kube Cluster Admin
kubernetes. (2021, January 16). Cluster Administration. Retrieved October 13, 2021.
Internal MISP references
UUID 6c5f2465-1db3-46cc-8d2a-9763c21aa8cc which can be used as unique global reference for Kube Cluster Admin in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| date_published | 2021-01-16T00:00:00Z |
| source | MITRE |
| title | Cluster Administration |
Kube Cluster Info
kubernetes. (n.d.). cluster-info. Retrieved October 13, 2021.
Internal MISP references
UUID 0f8b5d79-2393-45a2-b6d4-df394e513e39 which can be used as unique global reference for Kube Cluster Info in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | cluster-info |
TechNet Cmd
Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.
Internal MISP references
UUID dbfc01fe-c300-4c27-ab9a-a20508c1e04b which can be used as unique global reference for TechNet Cmd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-18T00:00:00Z |
| source | MITRE |
| title | Cmd |
Cmd.exe - LOLBAS Project
LOLBAS. (2019, June 26). Cmd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 887aa9af-3f0e-42bb-8c40-39149f34b922 which can be used as unique global reference for Cmd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-06-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cmd.exe |
Cmdkey.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cmdkey.exe. Retrieved December 4, 2023.
Internal MISP references
UUID c9ca075a-8327-463d-96ec-adddf6f1a7bb which can be used as unique global reference for Cmdkey.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cmdkey.exe |
cmdl32.exe - LOLBAS Project
LOLBAS. (2021, August 26). cmdl32.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2628e452-caa1-4058-a405-7c4657fa3245 which can be used as unique global reference for cmdl32.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | cmdl32.exe |
Cmstp.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cmstp.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 86c21dcd-464a-4870-8aae-25fcaccc889d which can be used as unique global reference for Cmstp.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cmstp.exe |
Twitter CMSTP Jan 2018
Tyrer, N. (2018, January 30). CMSTP.exe - remote .sct execution applocker bypass. Retrieved September 12, 2024.
Internal MISP references
UUID 3847149c-1463-4d94-be19-0a8cf1db0b58 which can be used as unique global reference for Twitter CMSTP Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2018-01-30T00:00:00Z |
| source | MITRE |
| title | CMSTP.exe - remote .sct execution applocker bypass |
Secureworks COBALT DICKENS September 2019
Counter Threat Unit Research Team. (2019, September 11). COBALT DICKENS Goes Back to School…Again. Retrieved February 3, 2021.
Internal MISP references
UUID 45815e4d-d678-4823-8315-583893e263e6 which can be used as unique global reference for Secureworks COBALT DICKENS September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-03T00:00:00Z |
| date_published | 2019-09-11T00:00:00Z |
| source | MITRE |
| title | COBALT DICKENS Goes Back to School…Again |
Morphisec Cobalt Gang Oct 2018
Gorelik, M. (2018, October 08). Cobalt Group 2.0. Retrieved November 5, 2018.
Internal MISP references
UUID 0a0bdd4b-a680-4a38-967d-3ad92f04d619 which can be used as unique global reference for Morphisec Cobalt Gang Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2018-10-08T00:00:00Z |
| source | MITRE |
| title | Cobalt Group 2.0 |
Secureworks COBALT GYPSY Threat Profile
Secureworks. (n.d.). COBALT GYPSY Threat Profile. Retrieved April 14, 2021.
Internal MISP references
UUID f1c21834-7536-430b-8539-e68373718b4d which can be used as unique global reference for Secureworks COBALT GYPSY Threat Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| source | MITRE |
| title | COBALT GYPSY Threat Profile |
Secureworks COBALT ILLUSION Threat Profile
Secureworks. (n.d.). COBALT ILLUSION Threat Profile. Retrieved April 14, 2021.
Internal MISP references
UUID 8d9a5b77-2516-4ad5-9710-4c8165df2882 which can be used as unique global reference for Secureworks COBALT ILLUSION Threat Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| source | MITRE |
| title | COBALT ILLUSION Threat Profile |
PTSecurity Cobalt Dec 2016
Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018.
Internal MISP references
UUID 2de4d38f-c99d-4149-89e6-0349a4902aa2 which can be used as unique global reference for PTSecurity Cobalt Dec 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-09T00:00:00Z |
| date_published | 2016-12-16T00:00:00Z |
| source | MITRE |
| title | Cobalt Snatch |
CobaltStrike Daddy May 2017
Mudge, R. (2017, May 23). Cobalt Strike 3.8 – Who’s Your Daddy?. Retrieved June 4, 2019.
Internal MISP references
UUID 056ef3cd-885d-41d6-9547-a2a575b03662 which can be used as unique global reference for CobaltStrike Daddy May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2017-05-23T00:00:00Z |
| source | MITRE |
| title | Cobalt Strike 3.8 – Who’s Your Daddy? |
Cobalt Strike Manual 4.3 November 2020
Strategic Cyber LLC. (2020, November 5). Cobalt Strike: Advanced Threat Tactics for Penetration Testers. Retrieved April 13, 2021.
Internal MISP references
UUID eb7abdb2-b270-46ae-a950-5a93d09b3565 which can be used as unique global reference for Cobalt Strike Manual 4.3 November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2020-11-05T00:00:00Z |
| source | MITRE |
| title | Cobalt Strike: Advanced Threat Tactics for Penetration Testers |
Malleable-C2-U42
Chris Navarrete Durgesh Sangvikar Andrew Guan Yu Fu Yanhui Jia Siddhart Shibiraj. (2022, March 16). Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect. Retrieved September 24, 2024.
Internal MISP references
UUID 49cf201e-d3da-5ba9-98df-edc50514a612 which can be used as unique global reference for Malleable-C2-U42 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-24T00:00:00Z |
| date_published | 2022-03-16T00:00:00Z |
| source | MITRE |
| title | Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect |
cobaltstrike manual
Strategic Cyber LLC. (2017, March 14). Cobalt Strike Manual. Retrieved May 24, 2017.
Internal MISP references
UUID 43277d05-0aa4-4cee-ac41-6f03a49851a9 which can be used as unique global reference for cobaltstrike manual in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-24T00:00:00Z |
| date_published | 2017-03-14T00:00:00Z |
| source | MITRE |
| title | Cobalt Strike Manual |
TrendMicro Cobalt Group Nov 2017
Giagone, R., Bermejo, L., and Yarochkin, F. (2017, November 20). Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks. Retrieved March 7, 2019.
Internal MISP references
UUID 81847e06-fea0-4d90-8a9e-5bc99a2bf3f0 which can be used as unique global reference for TrendMicro Cobalt Group Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-07T00:00:00Z |
| date_published | 2017-11-20T00:00:00Z |
| source | MITRE |
| title | Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks |
PTSecurity Cobalt Group Aug 2017
Positive Technologies. (2017, August 16). Cobalt Strikes Back: An Evolving Multinational Threat to Finance. Retrieved September 5, 2018.
Internal MISP references
UUID f4ce1b4d-4f01-4083-8bc6-931cbac9ac38 which can be used as unique global reference for PTSecurity Cobalt Group Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-05T00:00:00Z |
| date_published | 2017-08-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Cobalt Strikes Back: An Evolving Multinational Threat to Finance |
Zscaler Cobian Aug 2017
Yadav, A., et al. (2017, August 31). Cobian RAT – A backdoored RAT. Retrieved November 13, 2018.
Internal MISP references
UUID 46541bb9-15cb-4a7c-a624-48a1c7e838e3 which can be used as unique global reference for Zscaler Cobian Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2017-08-31T00:00:00Z |
| source | MITRE |
| title | Cobian RAT – A backdoored RAT |
therecord.media April 26 2022
therecord.media. (2022, April 26). Coca-Cola investigating claims of hack after ransomware group hawks stolen data. Retrieved April 4, 2025.
Internal MISP references
UUID 6a67f91a-e2f7-4950-aa26-a63388be59c5 which can be used as unique global reference for therecord.media April 26 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-04T00:00:00Z |
| date_published | 2022-04-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Coca-Cola investigating claims of hack after ransomware group hawks stolen data |
MACOS Cocoa
Apple. (2015, September 16). Cocoa Application Layer. Retrieved June 25, 2020.
Internal MISP references
UUID 6ada4c6a-23dc-4469-a3a1-1d3b4935db97 which can be used as unique global reference for MACOS Cocoa in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2015-09-16T00:00:00Z |
| source | MITRE |
| title | Cocoa Application Layer |
code.exe - LOLBAS Project
LOLBAS. (2023, February 1). code.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4a93063b-f3a3-4726-870d-b8f744651363 which can be used as unique global reference for code.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-02-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | code.exe |
Ars Technica VMWare Code Execution Vulnerability 2021
Dan Goodin . (2021, February 25). Code-execution flaw in VMware has a severity rating of 9.8 out of 10. Retrieved April 8, 2025.
Internal MISP references
UUID 838e7a7d-ed1e-59bb-b81f-e9e407dc9e38 which can be used as unique global reference for Ars Technica VMWare Code Execution Vulnerability 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-08T00:00:00Z |
| date_published | 2021-02-25T00:00:00Z |
| source | MITRE |
| title | Code-execution flaw in VMware has a severity rating of 9.8 out of 10 |
Dark Reading Code Spaces Cyber Attack
Brian Prince. (2014, June 20). Code Hosting Service Shuts Down After Cyber Attack. Retrieved March 21, 2023.
Internal MISP references
UUID e5a3028a-f4cc-537c-9ddd-769792ab33be which can be used as unique global reference for Dark Reading Code Spaces Cyber Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-21T00:00:00Z |
| date_published | 2014-06-20T00:00:00Z |
| source | MITRE |
| title | Code Hosting Service Shuts Down After Cyber Attack |
Medium Ptrace JUL 2018
Jain, S. (2018, July 25). Code injection in running process using ptrace. Retrieved February 21, 2020.
Internal MISP references
UUID 6dbfe4b5-9430-431b-927e-e8e775874cd9 which can be used as unique global reference for Medium Ptrace JUL 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2018-07-25T00:00:00Z |
| source | MITRE |
| title | Code injection in running process using ptrace |
Wikipedia Code Signing
Wikipedia. (2015, November 10). Code Signing. Retrieved March 31, 2016.
Internal MISP references
UUID 363e860d-e14c-4fcd-985f-f76353018908 which can be used as unique global reference for Wikipedia Code Signing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-31T00:00:00Z |
| date_published | 2015-11-10T00:00:00Z |
| source | MITRE |
| title | Code Signing |
SpectorOps Code Signing Dec 2017
Graeber, M. (2017, December 22). Code Signing Certificate Cloning Attacks and Defenses. Retrieved April 3, 2018.
Internal MISP references
UUID 3efc5ae9-c63a-4a07-bbbd-d7324acdbaf5 which can be used as unique global reference for SpectorOps Code Signing Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-12-22T00:00:00Z |
| source | MITRE |
| title | Code Signing Certificate Cloning Attacks and Defenses |
CoinLoader: A Sophisticated Malware Loader Campaign
Avira. (2019, November 28). CoinLoader: A Sophisticated Malware Loader Campaign. Retrieved June 5, 2023.
Internal MISP references
UUID 83469ab3-0199-5679-aa25-7b6885019552 which can be used as unique global reference for CoinLoader: A Sophisticated Malware Loader Campaign in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-05T00:00:00Z |
| date_published | 2019-11-28T00:00:00Z |
| source | MITRE |
| title | CoinLoader: A Sophisticated Malware Loader Campaign |
Ahn Lab CoinMiner 2023
Ahn Lab. (2023, April 24). CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers. Retrieved April 4, 2025.
Internal MISP references
UUID 1bbd4454-7db9-52b9-8367-42eac88d7da8 which can be used as unique global reference for Ahn Lab CoinMiner 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-04T00:00:00Z |
| date_published | 2023-04-24T00:00:00Z |
| source | MITRE |
| title | CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers |
The DFIR Report AutoHotKey 2023
The DFIR Report. (2023, February 6). Collect, Exfiltrate, Sleep, Repeat. Retrieved April 3, 2025.
Internal MISP references
UUID 131bdea1-7255-5dbf-8b1a-8e328585cac5 which can be used as unique global reference for The DFIR Report AutoHotKey 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-03T00:00:00Z |
| date_published | 2023-02-06T00:00:00Z |
| source | MITRE |
| title | Collect, Exfiltrate, Sleep, Repeat |
TrendMicro Tropic Trooper December 14 2021
Nick Dai, Ted Lee, Vickie Su. (2021, December 14). Collecting In the Dark: Tropic Trooper Targets Transportation and Government. Retrieved March 26, 2025.
Internal MISP references
UUID 0d4aea26-56ac-48cf-9b5a-d878bf30c503 which can be used as unique global reference for TrendMicro Tropic Trooper December 14 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2021-12-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Collecting In the Dark: Tropic Trooper Targets Transportation and Government |
NYT-Colonial
Nicole Perlroth. (2021, May 13). Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.. Retrieved August 18, 2023.
Internal MISP references
UUID 58900911-ab4b-5157-968c-67fa69cc122d which can be used as unique global reference for NYT-Colonial in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2021-05-13T00:00:00Z |
| source | MITRE |
| title | Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers. |
Colorcpl.exe - LOLBAS Project
LOLBAS. (2023, June 26). Colorcpl.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 53ff662d-a0b3-41bd-ab9e-a9bb8bbdea25 which can be used as unique global reference for Colorcpl.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-06-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Colorcpl.exe |
mod_rewrite
Bluescreenofjeff.com. (2015, April 12). Combatting Incident Responders with Apache mod_rewrite. Retrieved February 13, 2024.
Internal MISP references
UUID 3568b09c-7368-5fc2-85b3-d16ee9b9c686 which can be used as unique global reference for mod_rewrite in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-13T00:00:00Z |
| date_published | 2015-04-12T00:00:00Z |
| source | MITRE |
| title | Combatting Incident Responders with Apache mod_rewrite |
sentinelone shlayer to zshlayer
Phil Stokes. (2020, September 8). Coming Out of Your Shell: From Shlayer to ZShlayer. Retrieved September 13, 2021.
Internal MISP references
UUID 17277b12-af29-475a-bc9a-0731bbe0bae2 which can be used as unique global reference for sentinelone shlayer to zshlayer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2020-09-08T00:00:00Z |
| source | MITRE |
| title | Coming Out of Your Shell: From Shlayer to ZShlayer |
University of Birmingham C2
Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.
Internal MISP references
UUID 113ce14e-147f-4a86-8b83-7b49b43a4e88 which can be used as unique global reference for University of Birmingham C2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| date_published | 2014-02-01T00:00:00Z |
| source | MITRE |
| title | Command & Control Understanding, Denying and Detecting |
Microsoft Command-line Logging
Mathers, B. (2017, March 7). Command line process auditing. Retrieved April 21, 2017.
Internal MISP references
UUID 4a58170b-906c-4df4-ad1e-0e5bc15366fa which can be used as unique global reference for Microsoft Command-line Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-21T00:00:00Z |
| date_published | 2017-03-07T00:00:00Z |
| source | MITRE |
| title | Command line process auditing |
Microsoft Netdom Trust Sept 2012
Microsoft. (2012, September 11). Command-Line Reference - Netdom Trust. Retrieved November 30, 2017.
Internal MISP references
UUID 380dc9fe-d490-4914-9595-05d765b27a85 which can be used as unique global reference for Microsoft Netdom Trust Sept 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| date_published | 2012-09-11T00:00:00Z |
| source | MITRE |
| title | Command-Line Reference - Netdom Trust |
Microsoft msxsl.exe
Microsoft. (n.d.). Command Line Transformation Utility (msxsl.exe). Retrieved July 3, 2018.
Internal MISP references
UUID a25d664c-d109-466f-9b6a-7e9ea8c57895 which can be used as unique global reference for Microsoft msxsl.exe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| source | MITRE |
| title | Command Line Transformation Utility (msxsl.exe) |
Kettle CSV DDE Aug 2014
Kettle, J. (2014, August 29). Comma Separated Vulnerabilities. Retrieved November 22, 2017.
Internal MISP references
UUID 2badfb63-19a3-4829-bbb5-7c3dfab877d5 which can be used as unique global reference for Kettle CSV DDE Aug 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| date_published | 2014-08-29T00:00:00Z |
| source | MITRE |
| title | Comma Separated Vulnerabilities |
Microsoft CLR Integration 2017
Microsoft. (2017, June 19). Common Language Runtime Integration. Retrieved July 8, 2019.
Internal MISP references
UUID 83fc7522-5eb1-4710-8391-090389948686 which can be used as unique global reference for Microsoft CLR Integration 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-08T00:00:00Z |
| date_published | 2017-06-19T00:00:00Z |
| source | MITRE |
| title | Common Language Runtime Integration |
Palo Alto Comnie
Grunzweig, J. (2018, January 31). Comnie Continues to Target Organizations in East Asia. Retrieved June 7, 2018.
Internal MISP references
UUID ff3cc105-2798-45de-8561-983bf57eb9d9 which can be used as unique global reference for Palo Alto Comnie in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-07T00:00:00Z |
| date_published | 2018-01-31T00:00:00Z |
| source | MITRE |
| title | Comnie Continues to Target Organizations in East Asia |
GDATA COM Hijacking
G DATA. (2014, October). COM Object hijacking: the discreet way of persistence. Retrieved August 13, 2016.
Internal MISP references
UUID 98e88505-b916-430d-aef6-616ba7ddd88e which can be used as unique global reference for GDATA COM Hijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-13T00:00:00Z |
| date_published | 2014-10-01T00:00:00Z |
| source | MITRE |
| title | COM Object hijacking: the discreet way of persistence |
AP-NotPetya
FRANK BAJAK AND RAPHAEL SATTER. (2017, June 30). Companies still hobbled from fearsome cyberattack. Retrieved August 18, 2023.
Internal MISP references
UUID 7f1af58a-33fd-538f-b092-789a8776780c which can be used as unique global reference for AP-NotPetya in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2017-06-30T00:00:00Z |
| source | MITRE |
| title | Companies still hobbled from fearsome cyberattack |
Microsoft COM
Microsoft. (n.d.). Component Object Model (COM). Retrieved November 22, 2017.
Internal MISP references
UUID edcd917d-ca5b-4e5c-b3be-118e828abe97 which can be used as unique global reference for Microsoft COM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | Component Object Model (COM) |
Unit 42 12 8 2022
Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials Case Studies From the Wild. Retrieved April 17, 2024.
Internal MISP references
UUID e7a4a0cf-ffa2-48cc-9b21-a2333592c773 which can be used as unique global reference for Unit 42 12 8 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-17T00:00:00Z |
| date_published | 2022-12-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Compromised Cloud Compute Credentials Case Studies From the Wild |
Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022
Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials: Case Studies From the Wild. Retrieved March 9, 2023.
Internal MISP references
UUID af755ba2-97c2-5152-ab00-2e24740f69f3 which can be used as unique global reference for Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-09T00:00:00Z |
| date_published | 2022-12-08T00:00:00Z |
| source | MITRE |
| title | Compromised Cloud Compute Credentials: Case Studies From the Wild |
US-CERT Alert TA15-314A Web Shells
US-CERT. (2015, November 13). Compromised Web Servers and Web Shells - Threat Awareness and Guidance. Retrieved June 8, 2016.
Internal MISP references
UUID 61ceb0c4-62f6-46cd-b42b-5736c869421f which can be used as unique global reference for US-CERT Alert TA15-314A Web Shells in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-08T00:00:00Z |
| date_published | 2015-11-13T00:00:00Z |
| source | MITRE |
| title | Compromised Web Servers and Web Shells - Threat Awareness and Guidance |
ComputerDefaults.exe - LOLBAS Project
LOLBAS. (2024, September 24). ComputerDefaults.exe. Retrieved May 19, 2025.
Internal MISP references
UUID 48a081b8-18ff-43b8-ba95-5856aacc6afa which can be used as unique global reference for ComputerDefaults.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-19T00:00:00Z |
| date_published | 2024-09-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ComputerDefaults.exe |
Comsvcs.dll - LOLBAS Project
LOLBAS. (2019, August 30). Comsvcs.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 2eb2756d-5a49-4df3-9e2f-104c41c645cd which can be used as unique global reference for Comsvcs.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-08-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Comsvcs.dll |
Condi-Botnet-binaries
Joie Salvio and Roy Tay. (2023, June 20). Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389. Retrieved September 5, 2023.
Internal MISP references
UUID a92b0d6c-b3e8-56a4-b1b4-1d117e59db84 which can be used as unique global reference for Condi-Botnet-binaries in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-05T00:00:00Z |
| date_published | 2023-06-20T00:00:00Z |
| source | MITRE |
| title | Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389 |
Okta Conditional Access Policies
Okta. (2023, November 30). Conditional Access Based on Device Security Posture. Retrieved January 2, 2024.
Internal MISP references
UUID c914578c-dcc2-539e-bb3d-50bf7a0e7101 which can be used as unique global reference for Okta Conditional Access Policies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-02T00:00:00Z |
| date_published | 2023-11-30T00:00:00Z |
| source | MITRE |
| title | Conditional Access Based on Device Security Posture |
Microsoft Common Conditional Access Policies
Microsoft. (2022, December 14). Conditional Access templates. Retrieved February 21, 2023.
Internal MISP references
UUID 9ed9870b-d09a-511d-96f9-4956f26d46bf which can be used as unique global reference for Microsoft Common Conditional Access Policies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-12-14T00:00:00Z |
| source | MITRE |
| title | Conditional Access templates |
Microsoft Token Protection 2023
Microsoft. (2023, October 23). Conditional Access: Token protection (preview). Retrieved January 2, 2024.
Internal MISP references
UUID aa4629cf-f11f-5921-9f72-5a8d3f752603 which can be used as unique global reference for Microsoft Token Protection 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-02T00:00:00Z |
| date_published | 2023-10-23T00:00:00Z |
| source | MITRE |
| title | Conditional Access: Token protection (preview) |
Trend Micro Conficker
Trend Micro. (2014, March 18). Conficker. Retrieved February 18, 2021.
Internal MISP references
UUID 62cf7f3a-9011-45eb-a7d9-91c76a2177e9 which can be used as unique global reference for Trend Micro Conficker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-18T00:00:00Z |
| date_published | 2014-03-18T00:00:00Z |
| source | MITRE |
| title | Conficker |
ConfigSecurityPolicy.exe - LOLBAS Project
LOLBAS. (2020, September 4). ConfigSecurityPolicy.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 30b8a5d8-596c-4ab3-b3db-b799cc8923e1 which can be used as unique global reference for ConfigSecurityPolicy.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-09-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ConfigSecurityPolicy.exe |
Microsoft SAML Token Lifetimes
Microsoft. (2020, December 14). Configurable token lifetimes in Microsoft Identity Platform. Retrieved December 22, 2020.
Internal MISP references
UUID 8b810f7c-1f26-420b-9014-732f1469f145 which can be used as unique global reference for Microsoft SAML Token Lifetimes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-22T00:00:00Z |
| date_published | 2020-12-14T00:00:00Z |
| source | MITRE |
| title | Configurable token lifetimes in Microsoft Identity Platform |
Apple Developer Configuration Profile
Apple. (2019, May 3). Configuration Profile Reference. Retrieved September 23, 2021.
Internal MISP references
UUID 8453f06d-5007-4e53-a9a2-1c0edb99be3d which can be used as unique global reference for Apple Developer Configuration Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2019-05-03T00:00:00Z |
| source | MITRE |
| title | Configuration Profile Reference |
MDMProfileConfigMacOS
Apple. (2019, May 3). Configuration Profile Reference, Developer. Retrieved April 15, 2022.
Internal MISP references
UUID a7078eee-5478-4a93-9a7e-8db1d020e1da which can be used as unique global reference for MDMProfileConfigMacOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-15T00:00:00Z |
| date_published | 2019-05-03T00:00:00Z |
| source | MITRE |
| title | Configuration Profile Reference, Developer |
Azure Storage Lifecycles
Microsoft Azure. (2024, July 3). Configure a lifecycle management policy. Retrieved September 25, 2024.
Internal MISP references
UUID 7ac4c481-7798-53b3-b7ad-bc09a40f99b7 which can be used as unique global reference for Azure Storage Lifecycles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-25T00:00:00Z |
| date_published | 2024-07-03T00:00:00Z |
| source | MITRE |
| title | Configure a lifecycle management policy |
Azure Just in Time Access 2023
Microsoft. (2023, August 29). Configure and approve just-in-time access for Azure Managed Applications. Retrieved September 21, 2023.
Internal MISP references
UUID ee35e13f-ca39-5faf-81ae-230d33329a28 which can be used as unique global reference for Azure Just in Time Access 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| date_published | 2023-08-29T00:00:00Z |
| source | MITRE |
| title | Configure and approve just-in-time access for Azure Managed Applications |
capture_embedded_packet_on_software
Cisco. (2022, August 17). Configure and Capture Embedded Packet on Software. Retrieved July 13, 2022.
Internal MISP references
UUID 5d973180-a28a-5c8f-b13a-45d21331700f which can be used as unique global reference for capture_embedded_packet_on_software in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-17T00:00:00Z |
| source | MITRE |
| title | Configure and Capture Embedded Packet on Software |
Microsoft Dev Tunnels Group Policy Mitigation
Derek Bekoe, Carolina Uribe. (2023, March 28). Configure and deploy Group Policy Administrative Templates for Dev Tunnels. Retrieved March 24, 2025.
Internal MISP references
UUID 27221a52-6a65-5fd8-9ca1-3b7e4fb4278e which can be used as unique global reference for Microsoft Dev Tunnels Group Policy Mitigation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-24T00:00:00Z |
| date_published | 2023-03-28T00:00:00Z |
| source | MITRE |
| title | Configure and deploy Group Policy Administrative Templates for Dev Tunnels |
Kubernetes Security Context
Kubernetes. (n.d.). Configure a Security Context for a Pod or Container. Retrieved March 8, 2023.
Internal MISP references
UUID bd91ec00-95bb-572f-9452-8040ec633e00 which can be used as unique global reference for Kubernetes Security Context in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| source | MITRE |
| title | Configure a Security Context for a Pod or Container |
Microsoft SharePoint Logging
Microsoft. (2017, July 19). Configure audit settings for a site collection. Retrieved April 4, 2018.
Internal MISP references
UUID 9a6a08c0-94f2-4dbc-a0b3-01d5234e7753 which can be used as unique global reference for Microsoft SharePoint Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-04T00:00:00Z |
| date_published | 2017-07-19T00:00:00Z |
| source | MITRE |
| title | Configure audit settings for a site collection |
Microsoft Entra Configure OAuth Consent
Microsoft Entra. (2024, September 16). Configure how users consent to applications. Retrieved March 20, 2025.
Internal MISP references
UUID 05ccb66b-b4fc-52f2-aa39-d1608458b8e4 which can be used as unique global reference for Microsoft Entra Configure OAuth Consent in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-20T00:00:00Z |
| date_published | 2024-09-16T00:00:00Z |
| source | MITRE |
| title | Configure how users consent to applications |
TechNet RDP NLA
Microsoft. (n.d.). Configure Network Level Authentication for Remote Desktop Services Connections. Retrieved June 6, 2016.
Internal MISP references
UUID 39e28cae-a35a-4cf2-a281-c35f4ebd16ba which can be used as unique global reference for TechNet RDP NLA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-06T00:00:00Z |
| source | MITRE |
| title | Configure Network Level Authentication for Remote Desktop Services Connections |
Microsoft Security Alerts for Azure AD Roles
Microsoft. (2022, November 14). Configure security alerts for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.
Internal MISP references
UUID 7bde8cd2-6c10-5342-9a4b-a45e84a861b6 which can be used as unique global reference for Microsoft Security Alerts for Azure AD Roles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-11-14T00:00:00Z |
| source | MITRE |
| title | Configure security alerts for Azure AD roles in Privileged Identity Management |
Kubernetes Service Accounts
Kubernetes. (2022, February 26). Configure Service Accounts for Pods. Retrieved April 1, 2022.
Internal MISP references
UUID a74ffa28-8a2e-4bfd-bc66-969b463bebd9 which can be used as unique global reference for Kubernetes Service Accounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2022-02-26T00:00:00Z |
| source | MITRE |
| title | Configure Service Accounts for Pods |
Microsoft Learn ClickOnce Config
Microsoft. (2023, August 4). Configure the ClickOnce trust prompt behavior. Retrieved September 9, 2024.
Internal MISP references
UUID 3a75c7d6-b3f3-5f25-bbcb-e0a18982dfed which can be used as unique global reference for Microsoft Learn ClickOnce Config in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-09T00:00:00Z |
| date_published | 2023-08-04T00:00:00Z |
| source | MITRE |
| title | Configure the ClickOnce trust prompt behavior |
Windows RDP Sessions
Microsoft. (n.d.). Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions. Retrieved December 11, 2017.
Internal MISP references
UUID ccd0d241-4ff7-4a15-b2b4-06945980c6bf which can be used as unique global reference for Windows RDP Sessions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-11T00:00:00Z |
| source | MITRE |
| title | Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions |
Broadcom VMCI Firewall
Broadcom. (2025, March 24). Configure Virtual Machine Communication Interface Firewall. Retrieved March 31, 2025.
Internal MISP references
UUID c76b9d10-5bb9-5869-abc2-82218f2c3696 which can be used as unique global reference for Broadcom VMCI Firewall in MISP communities and other software using the MISP galaxy
External references
- https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/vsphere-virtual-machine-administration-guide-7-0/configuring-virtual-machine-hardwarevm-admin/virtual-machine-network-configurationvm-admin/serial-port-configurationvm-admin/configure-the-virtual-machine-communication-interface-firewallvm-admin.html - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-31T00:00:00Z |
| date_published | 2025-03-24T00:00:00Z |
| source | MITRE |
| title | Configure Virtual Machine Communication Interface Firewall |
Microsoft LSA Protection Mar 2014
Microsoft. (2014, March 12). Configuring Additional LSA Protection. Retrieved November 27, 2017.
Internal MISP references
UUID da3f1d7d-188f-4500-9bc6-3299ba043b5c which can be used as unique global reference for Microsoft LSA Protection Mar 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| date_published | 2014-03-12T00:00:00Z |
| source | MITRE |
| title | Configuring Additional LSA Protection |
Microsoft LSA
Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved February 13, 2015.
Internal MISP references
UUID 3ad49746-4e42-4663-a49e-ae64152b9463 which can be used as unique global reference for Microsoft LSA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-02-13T00:00:00Z |
| date_published | 2013-07-31T00:00:00Z |
| source | MITRE |
| title | Configuring Additional LSA Protection |
Microsoft Configure LSA
Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved June 24, 2015.
Internal MISP references
UUID 4adfc72b-cd32-46a6-bdf4-a4c2c6cffa73 which can be used as unique global reference for Microsoft Configure LSA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-06-24T00:00:00Z |
| date_published | 2013-07-31T00:00:00Z |
| source | MITRE |
| title | Configuring Additional LSA Protection |
Configuring Data Access audit logs
Google. (n.d.). Configuring Data Access audit logs. Retrieved October 16, 2020.
Internal MISP references
UUID bd310606-f472-4eda-a696-50a3a25f07b3 which can be used as unique global reference for Configuring Data Access audit logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| source | MITRE |
| title | Configuring Data Access audit logs |
cisco dhcp snooping
Cisco. (n.d.). Configuring DHCP Snooping. Retrieved September 17, 2024.
Internal MISP references
UUID cc5eda1b-5e64-52e8-b98f-8df2f3e10475 which can be used as unique global reference for cisco dhcp snooping in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-17T00:00:00Z |
| source | MITRE |
| title | Configuring DHCP Snooping |
Microsoft SID Filtering Quarantining Jan 2009
Microsoft. (n.d.). Configuring SID Filter Quarantining on External Trusts. Retrieved November 30, 2017.
Internal MISP references
UUID 134169f1-7bd3-4d04-81a8-f01e1407a4b6 which can be used as unique global reference for Microsoft SID Filtering Quarantining Jan 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Configuring SID Filter Quarantining on External Trusts |
Broadcom Configuring syslog on ESXi
Broadcom. (n.d.). Configuring syslog on ESXi. Retrieved March 27, 2025.
Internal MISP references
UUID be3c3d52-f3bc-5001-bfac-5360a5fbe83d which can be used as unique global reference for Broadcom Configuring syslog on ESXi in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| source | MITRE |
| title | Configuring syslog on ESXi |
TechRepublic Wireless GPO FEB 2009
Schauland, D. (2009, February 24). Configuring Wireless settings via Group Policy. Retrieved July 26, 2018.
Internal MISP references
UUID b62415f8-76bd-4585-ae81-a4d04ccfc703 which can be used as unique global reference for TechRepublic Wireless GPO FEB 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-26T00:00:00Z |
| date_published | 2009-02-24T00:00:00Z |
| source | MITRE |
| title | Configuring Wireless settings via Group Policy |
ZDNet Dtrack
Catalin Cimpanu. (2019, October 30). Confirmed: North Korean malware found on Indian nuclear plant's network. Retrieved January 20, 2021.
Internal MISP references
UUID 6e6e02da-b805-47d7-b410-343a1b5da042 which can be used as unique global reference for ZDNet Dtrack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-20T00:00:00Z |
| date_published | 2019-10-30T00:00:00Z |
| source | MITRE |
| title | Confirmed: North Korean malware found on Indian nuclear plant's network |
Uptycs Confucius APT Jan 2021
Uptycs Threat Research Team. (2021, January 12). Confucius APT deploys Warzone RAT. Retrieved December 17, 2021.
Internal MISP references
UUID d74f2c25-cd53-4587-b087-7ba0b8427dc4 which can be used as unique global reference for Uptycs Confucius APT Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-17T00:00:00Z |
| date_published | 2021-01-12T00:00:00Z |
| source | MITRE |
| title | Confucius APT deploys Warzone RAT |
TrendMicro Confucius APT Aug 2021
Lunghi, D. (2021, August 17). Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military. Retrieved December 26, 2021.
Internal MISP references
UUID 5c16aae9-d253-463b-8bbc-f14402ce77e4 which can be used as unique global reference for TrendMicro Confucius APT Aug 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-26T00:00:00Z |
| date_published | 2021-08-17T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military |
Conhost.exe - LOLBAS Project
LOLBAS. (2022, April 5). Conhost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5ed807c1-15d1-48aa-b497-8cd74fe5b299 which can be used as unique global reference for Conhost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-04-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Conhost.exe |
EC2 Instance Connect
AWS. (2023, June 2). Connect using EC2 Instance Connect. Retrieved June 2, 2023.
Internal MISP references
UUID deefa5b7-5a28-524c-b500-bc5574aa9920 which can be used as unique global reference for EC2 Instance Connect in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-02T00:00:00Z |
| date_published | 2023-06-02T00:00:00Z |
| source | MITRE |
| title | Connect using EC2 Instance Connect |
Sophos News 2 23 2024
Andrew Brandt. (2024, February 23). ConnectWise ScreenConnect attacks deliver malware. Retrieved February 23, 2024.
Internal MISP references
UUID 3d342acf-a451-4473-82ac-8afee61bc984 which can be used as unique global reference for Sophos News 2 23 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-23T00:00:00Z |
| date_published | 2024-02-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ConnectWise ScreenConnect attacks deliver malware |
Arctic Wolf FortiGate Exploit Campaign January 10 2025
Stefan Hostetler, Julian Tuin, Trevor Daher, Jon Grimm, Alyssa Newbury, Joe Wedderspoon, Markus Neis. (2025, January 10). Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls. Retrieved January 27, 2025.
Internal MISP references
UUID a323ff4a-3708-4f53-b3bf-5e7be6197388 which can be used as unique global reference for Arctic Wolf FortiGate Exploit Campaign January 10 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-27T00:00:00Z |
| date_published | 2025-01-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls |
Silent Push Contagious Interview April 24 2025
Silent Push. (2025, April 24). Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie. Retrieved May 23, 2025.
Internal MISP references
UUID 7062304e-91e9-45bf-84b4-c42bdad99e23 which can be used as unique global reference for Silent Push Contagious Interview April 24 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-23T00:00:00Z |
| date_published | 2025-04-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie |
Unit 42 October 9 2024
Unit 42. (2024, October 9). Contagious Interview DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware. Retrieved May 6, 2025.
Internal MISP references
UUID 401f99c1-e451-4483-85fd-9f087b43ad88 which can be used as unique global reference for Unit 42 October 9 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-06T00:00:00Z |
| date_published | 2024-10-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Contagious Interview DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware |
Docker Docs Container
docker docs. (n.d.). Containers. Retrieved October 13, 2021.
Internal MISP references
UUID 3475b705-3ab8-401d-bee6-e187c43ad3c2 which can be used as unique global reference for Docker Docs Container in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Containers |
DigitalShadows CDN
Swisscom & Digital Shadows. (2017, September 6). Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It. Retrieved October 20, 2020.
Internal MISP references
UUID 183a070f-6c8c-46e3-915b-6edc58bb5e91 which can be used as unique global reference for DigitalShadows CDN in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2017-09-06T00:00:00Z |
| source | MITRE |
| title | Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It |
Content trust in Azure Container Registry
Microsoft. (2019, September 5). Content trust in Azure Container Registry. Retrieved October 16, 2019.
Internal MISP references
UUID fcd211a1-ac81-4ebc-b395-c8fa2a4d614a which can be used as unique global reference for Content trust in Azure Container Registry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-16T00:00:00Z |
| date_published | 2019-09-05T00:00:00Z |
| source | MITRE |
| title | Content trust in Azure Container Registry |
Content trust in Docker
Docker. (2019, October 10). Content trust in Docker. Retrieved October 16, 2019.
Internal MISP references
UUID 57691166-5a22-44a0-8724-6b3b19658c3b which can be used as unique global reference for Content trust in Docker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-16T00:00:00Z |
| date_published | 2019-10-10T00:00:00Z |
| source | MITRE |
| title | Content trust in Docker |
Microsoft File Folder Exclusions
Microsoft. (2024, February 27). Contextual file and folder exclusions. Retrieved March 29, 2024.
Internal MISP references
UUID 7a511f0d-8feb-5370-87db-b33b96ea2367 which can be used as unique global reference for Microsoft File Folder Exclusions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-29T00:00:00Z |
| date_published | 2024-02-27T00:00:00Z |
| source | MITRE |
| title | Contextual file and folder exclusions |
Arctic Wolf Akira 2023
Steven Campbell, Akshay Suthar, & Connor Belfiorre. (2023, July 26). Conti and Akira: Chained Together. Retrieved February 20, 2024.
Internal MISP references
UUID aa34f2a1-a398-5dc4-b898-cdc02afeca5d which can be used as unique global reference for Arctic Wolf Akira 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-20T00:00:00Z |
| date_published | 2023-07-26T00:00:00Z |
| source | MITRE |
| title | Conti and Akira: Chained Together |
Arctic Wolf Conti Akira July 26 2023
Steven Campbell, Akshay Suthar, Connor Belfiore, Arctic Wolf Labs Team. (2023, July 26). Conti and Akira: Chained Together. Retrieved March 13, 2024.
Internal MISP references
UUID 72e1b75b-edf7-45b0-9c14-14776a146d0e which can be used as unique global reference for Arctic Wolf Conti Akira July 26 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-13T00:00:00Z |
| date_published | 2023-07-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Conti and Akira: Chained Together |
RecordedFuture RedEcho 2022
Recorded Future Insikt Group. (2022, April 6). Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group. Retrieved November 21, 2024.
Internal MISP references
UUID 3bd1c189-8cb8-5e87-9d3a-15d24a8df16f which can be used as unique global reference for RecordedFuture RedEcho 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-21T00:00:00Z |
| date_published | 2022-04-06T00:00:00Z |
| source | MITRE |
| title | Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group |
DFIR Conti Bazar Nov 2021
DFIR Report. (2021, November 29). CONTInuing the Bazar Ransomware Story. Retrieved September 29, 2022.
Internal MISP references
UUID a6f1a15d-448b-41d4-81f0-ee445cba83bd which can be used as unique global reference for DFIR Conti Bazar Nov 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-29T00:00:00Z |
| date_published | 2021-11-29T00:00:00Z |
| source | MITRE |
| title | CONTInuing the Bazar Ransomware Story |
Cybereason Conti Jan 2021
Rochberger, L. (2021, January 12). Cybereason vs. Conti Ransomware. Retrieved February 17, 2021.
Internal MISP references
UUID 3c0e82a2-41ab-4e63-ac10-bd691c786234 which can be used as unique global reference for Cybereason Conti Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-17T00:00:00Z |
| source | MITRE |
| title | Conti Ransomware |
Cybleinc Conti January 2020
Cybleinc. (2021, January 21). Conti Ransomware Resurfaces, Targeting Government & Large Organizations. Retrieved April 13, 2021.
Internal MISP references
UUID 5ef0ad9d-f34d-4771-a595-7ee4994f6c91 which can be used as unique global reference for Cybleinc Conti January 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2021-01-21T00:00:00Z |
| source | MITRE |
| title | Conti Ransomware Resurfaces, Targeting Government & Large Organizations |
Microsoft Developer Support Power Apps Conditional Access
Microsoft Developer Support. (2020, May 9). Control Access to Power Apps and Power Automate with Azure AD Conditional Access Policies. Retrieved July 1, 2024.
Internal MISP references
UUID d198608c-2676-5f44-bbc8-5455c2b36cdb which can be used as unique global reference for Microsoft Developer Support Power Apps Conditional Access in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-01T00:00:00Z |
| date_published | 2020-05-09T00:00:00Z |
| source | MITRE |
| title | Control Access to Power Apps and Power Automate with Azure AD Conditional Access Policies |
Control.exe - LOLBAS Project
LOLBAS. (2018, May 25). Control.exe. Retrieved December 4, 2023.
Internal MISP references
UUID d0c821b9-7d37-4158-89fa-0dabe6e06800 which can be used as unique global reference for Control.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Control.exe |
Wikipedia Control Flow Integrity
Wikipedia. (2018, January 11). Control-flow integrity. Retrieved March 12, 2018.
Internal MISP references
UUID a9b2f525-d812-4dea-b4a6-c0d057d5f071 which can be used as unique global reference for Wikipedia Control Flow Integrity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-12T00:00:00Z |
| date_published | 2018-01-11T00:00:00Z |
| source | MITRE |
| title | Control-flow integrity |
Kubernetes API Control Access
The Kubernetes Authors. (n.d.). Controlling Access to The Kubernetes API. Retrieved March 29, 2021.
Internal MISP references
UUID fd4577b6-0085-44c0-b4c3-4d66dcb39fe7 which can be used as unique global reference for Kubernetes API Control Access in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Controlling Access to The Kubernetes API |
TrendMicro CPL Malware Dec 2013
Bernardino, J. (2013, December 17). Control Panel Files Used As Malicious Attachments. Retrieved January 18, 2018.
Internal MISP references
UUID fd38f1fd-37e9-4173-b319-3f92c2743055 which can be used as unique global reference for TrendMicro CPL Malware Dec 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-18T00:00:00Z |
| date_published | 2013-12-17T00:00:00Z |
| source | MITRE |
| title | Control Panel Files Used As Malicious Attachments |
GitHub Conveigh
Robertson, K. (2016, August 28). Conveigh. Retrieved November 17, 2017.
Internal MISP references
UUID 4deb8c8e-2da1-4634-bf04-5ccf620a2143 which can be used as unique global reference for GitHub Conveigh in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| date_published | 2016-08-28T00:00:00Z |
| source | MITRE |
| title | Conveigh |
MITRE Copernicus
Butterworth, J. (2013, July 30). Copernicus: Question Your Assumptions about BIOS Security. Retrieved December 11, 2015.
Internal MISP references
UUID 55d139fe-f5e5-4b5e-9123-8133b459ea72 which can be used as unique global reference for MITRE Copernicus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-11T00:00:00Z |
| date_published | 2013-07-30T00:00:00Z |
| source | MITRE |
| title | Copernicus: Question Your Assumptions about BIOS Security |
Secureworks COPPER FIELDSTONE Profile
Secureworks. (n.d.). COPPER FIELDSTONE. Retrieved October 6, 2021.
Internal MISP references
UUID d7f5f154-3638-47c1-8e1e-a30a6504a735 which can be used as unique global reference for Secureworks COPPER FIELDSTONE Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-06T00:00:00Z |
| source | MITRE |
| title | COPPER FIELDSTONE |
TechNet Copy
Microsoft. (n.d.). Copy. Retrieved April 26, 2016.
Internal MISP references
UUID 4e0d4b94-6b4c-4104-86e6-499b6aa7ba78 which can be used as unique global reference for TechNet Copy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-26T00:00:00Z |
| source | MITRE |
| title | Copy |
copy_cmd_cisco
Cisco. (2022, August 16). copy - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.
Internal MISP references
UUID 88138372-550f-5da5-be5e-b5ba0fe32f64 which can be used as unique global reference for copy_cmd_cisco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | copy - Cisco IOS Configuration Fundamentals Command Reference |
CopyKittens Nov 2015
Minerva Labs LTD and ClearSky Cyber Security. (2015, November 23). CopyKittens Attack Group. Retrieved November 17, 2024.
Internal MISP references
UUID 04e3ce40-5487-4931-98db-f55da83f412e which can be used as unique global reference for CopyKittens Nov 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2015-11-23T00:00:00Z |
| source | MITRE |
| title | CopyKittens Attack Group |
coregen.exe - LOLBAS Project
LOLBAS. (2020, October 9). coregen.exe. Retrieved December 4, 2023.
Internal MISP references
UUID f24d4cf5-9ca9-46bd-bd43-86b37e2a638a which can be used as unique global reference for coregen.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-10-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | coregen.exe |
Apple Core Services
Apple. (n.d.). Core Services. Retrieved June 25, 2020.
Internal MISP references
UUID 0ef05e47-1305-4715-a677-67f1b55b24a3 which can be used as unique global reference for Apple Core Services in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| source | MITRE |
| title | Core Services |
Microsoft IoT Compromises August 05 2019
MSRC Team. (2019, August 5). Corporate IoT - a path to intrusion. Retrieved August 24, 2023.
Internal MISP references
UUID 037ace78-e997-40f3-a891-916bc596a9c0 which can be used as unique global reference for Microsoft IoT Compromises August 05 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-24T00:00:00Z |
| date_published | 2019-08-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Corporate IoT - a path to intrusion |
Microsoft STRONTIUM Aug 2019
MSRC Team. (2019, August 5). Corporate IoT – a path to intrusion. Retrieved August 16, 2019.
Internal MISP references
UUID 7efd3c8d-5e69-4b6f-8edb-9186abdf0e1a which can be used as unique global reference for Microsoft STRONTIUM Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-16T00:00:00Z |
| date_published | 2019-08-05T00:00:00Z |
| source | MITRE |
| title | Corporate IoT – a path to intrusion |
Palo Alto ARP
Palo Alto Networks. (2021, November 24). Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe. Retrieved December 7, 2021.
Internal MISP references
UUID 96ce4324-57d2-422b-8403-f5d4f3ce410c which can be used as unique global reference for Palo Alto ARP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-07T00:00:00Z |
| date_published | 2021-11-24T00:00:00Z |
| source | MITRE |
| title | Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe |
WeLiveSecurity CosmicBeetle September 10 2024
Jakub Souček. (2024, September 10). CosmicBeetle steps up: Probation period at RansomHub. Retrieved September 13, 2024.
Internal MISP references
UUID 8debba29-4d6d-41d2-8772-f97c7d49056b which can be used as unique global reference for WeLiveSecurity CosmicBeetle September 10 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-13T00:00:00Z |
| date_published | 2024-09-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CosmicBeetle steps up: Probation period at RansomHub |
F-Secure Cosmicduke
F-Secure Labs. (2014, July). COSMICDUKE Cosmu with a twist of MiniDuke. Retrieved July 3, 2014.
Internal MISP references
UUID d0d5ecbe-1051-4ceb-b558-b8b451178358 which can be used as unique global reference for F-Secure Cosmicduke in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-07-03T00:00:00Z |
| date_published | 2014-07-01T00:00:00Z |
| source | MITRE |
| title | COSMICDUKE Cosmu with a twist of MiniDuke |
Costin Raiu IAmTheKing October 2020
Costin Raiu. (2020, October 2). Costin Raiu Twitter IAmTheKing SlothfulMedia. Retrieved September 12, 2024.
Internal MISP references
UUID 2be88843-ed3a-460e-87c1-85aa50e827c8 which can be used as unique global reference for Costin Raiu IAmTheKing October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2020-10-02T00:00:00Z |
| source | MITRE |
| title | Costin Raiu Twitter IAmTheKing SlothfulMedia |
Google Iran Threats October 2021
Bash, A. (2021, October 14). Countering threats from Iran. Retrieved January 4, 2023.
Internal MISP references
UUID 6d568141-eb54-5001-b880-ae8ac1156746 which can be used as unique global reference for Google Iran Threats October 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-04T00:00:00Z |
| date_published | 2021-10-14T00:00:00Z |
| source | MITRE |
| title | Countering threats from Iran |
Github Covenant
cobbr. (2021, April 21). Covenant. Retrieved September 4, 2024.
Internal MISP references
UUID b717c3ae-8ae0-53c9-90ba-a34cf7694f3c which can be used as unique global reference for Github Covenant in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-04T00:00:00Z |
| date_published | 2021-04-21T00:00:00Z |
| source | MITRE |
| title | Covenant |
Cisco DNSMessenger March 2017
Brumaghin, E. and Grady, C.. (2017, March 2). Covert Channels and Poor Decisions: The Tale of DNSMessenger. Retrieved March 8, 2017.
Internal MISP references
UUID 49f22ba2-5aca-4204-858e-c2499a7050ae which can be used as unique global reference for Cisco DNSMessenger March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-08T00:00:00Z |
| date_published | 2017-03-02T00:00:00Z |
| source | MITRE |
| title | Covert Channels and Poor Decisions: The Tale of DNSMessenger |
Juniper IcedID June 2020
Kimayong, P. (2020, June 18). COVID-19 and FMLA Campaigns used to install new IcedID banking malware. Retrieved July 14, 2020.
Internal MISP references
UUID 426886d0-cdf2-4af7-a0e4-366c1b0a1942 which can be used as unique global reference for Juniper IcedID June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-14T00:00:00Z |
| date_published | 2020-06-18T00:00:00Z |
| source | MITRE |
| title | COVID-19 and FMLA Campaigns used to install new IcedID banking malware |
PTSecurity Higaisa 2020
PT ESC Threat Intelligence. (2020, June 4). COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group. Retrieved March 2, 2021.
Internal MISP references
UUID cf8f3d9c-0d21-4587-a707-46848a15bd46 which can be used as unique global reference for PTSecurity Higaisa 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-02T00:00:00Z |
| date_published | 2020-06-04T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group |
F-Secure CozyDuke
F-Secure Labs. (2015, April 22). CozyDuke: Malware Analysis. Retrieved December 10, 2015.
Internal MISP references
UUID 08e1d233-0580-484e-b737-af091e2aa9ea which can be used as unique global reference for F-Secure CozyDuke in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-10T00:00:00Z |
| date_published | 2015-04-22T00:00:00Z |
| source | MITRE |
| title | CozyDuke: Malware Analysis |
TrendMicro CPL Malware Jan 2014
Mercês, F. (2014, January 27). CPL Malware - Malicious Control Panel Items. Retrieved January 18, 2018.
Internal MISP references
UUID 9549f9b6-b771-4500-bd82-426c7abdfd8f which can be used as unique global reference for TrendMicro CPL Malware Jan 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-18T00:00:00Z |
| date_published | 2014-01-27T00:00:00Z |
| source | MITRE |
| title | CPL Malware - Malicious Control Panel Items |
Trend Micro CPL
Merces, F. (2014). CPL Malware Malicious Control Panel Items. Retrieved November 1, 2017.
Internal MISP references
UUID d90a33aa-8f20-49cb-aa27-771249cb65eb which can be used as unique global reference for Trend Micro CPL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-01T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | CPL Malware Malicious Control Panel Items |
SANS Brute Ratel October 2022
Thomas, W. (2022, October 5). Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground. Retrieved February 6, 2023.
Internal MISP references
UUID 9544e762-6f72-59e7-8384-5bbef13bfe96 which can be used as unique global reference for SANS Brute Ratel October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-06T00:00:00Z |
| date_published | 2022-10-05T00:00:00Z |
| source | MITRE |
| title | Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground |
Stealthbits Cracking AS-REP Roasting Jun 2019
Jeff Warren. (2019, June 27). Cracking Active Directory Passwords with AS-REP Roasting. Retrieved August 24, 2020.
Internal MISP references
UUID 3af06034-8384-4de8-9356-e9aaa35b95a2 which can be used as unique global reference for Stealthbits Cracking AS-REP Roasting Jun 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-24T00:00:00Z |
| date_published | 2019-06-27T00:00:00Z |
| source | MITRE |
| title | Cracking Active Directory Passwords with AS-REP Roasting |
AdSecurity Cracking Kerberos Dec 2015
Metcalf, S. (2015, December 31). Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain. Retrieved March 22, 2018.
Internal MISP references
UUID 1b018fc3-515a-4ec4-978f-6d5649ceb0c5 which can be used as unique global reference for AdSecurity Cracking Kerberos Dec 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-22T00:00:00Z |
| date_published | 2015-12-31T00:00:00Z |
| source | MITRE |
| title | Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain |
Symantec Crambus OCT 2023
Symantec Threat Hunter Team. (2023, October 19). Crambus: New Campaign Targets Middle Eastern Government. Retrieved November 27, 2024.
Internal MISP references
UUID ecfdd6e1-caa0-5611-a1f5-d96873cf2222 which can be used as unique global reference for Symantec Crambus OCT 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-27T00:00:00Z |
| date_published | 2023-10-19T00:00:00Z |
| source | MITRE |
| title | Crambus: New Campaign Targets Middle Eastern Government |
Dragos Crashoverride 2017
Dragos Inc.. (2017, June 13). CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Retrieved December 18, 2020.
Internal MISP references
UUID c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce which can be used as unique global reference for Dragos Crashoverride 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2017-06-13T00:00:00Z |
| source | MITRE |
| title | CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations |
Unit 42 ATOM Crawling Taurus
Unit 42. (n.d.). Crawling Taurus. Retrieved September 14, 2023.
Internal MISP references
UUID 75098b2c-4928-4e3f-9bcc-b4f6b8de96f8 which can be used as unique global reference for Unit 42 ATOM Crawling Taurus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Crawling Taurus |
Microsoft Image
Microsoft. (2021, August 23). Create a managed image of a generalized VM in Azure. Retrieved October 13, 2021.
Internal MISP references
UUID 5317c625-d0be-45eb-9321-0cc9aa295cc9 which can be used as unique global reference for Microsoft Image in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| date_published | 2021-08-23T00:00:00Z |
| source | MITRE |
| title | Create a managed image of a generalized VM in Azure |
Microsoft Snapshot
Microsoft. (2021, September 16). Create a snapshot of a virtual hard disk. Retrieved October 13, 2021.
Internal MISP references
UUID 693549da-d9b9-4b67-a1bb-c8ea4a099842 which can be used as unique global reference for Microsoft Snapshot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| date_published | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Create a snapshot of a virtual hard disk |
Microsoft Create Token
Brower, N., Lich, B. (2017, April 19). Create a token object. Retrieved December 19, 2017.
Internal MISP references
UUID d36d4f06-007e-4ff0-8660-4c65721d0b92 which can be used as unique global reference for Microsoft Create Token in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | Create a token object |
GCP Create Cloud Identity Users
Google. (n.d.). Create Cloud Identity user accounts. Retrieved January 29, 2020.
Internal MISP references
UUID e91748b2-1432-4203-a1fe-100aa70458d2 which can be used as unique global reference for GCP Create Cloud Identity Users in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-29T00:00:00Z |
| source | MITRE |
| title | Create Cloud Identity user accounts |
Createdump.exe - LOLBAS Project
LOLBAS. (2022, January 20). Createdump.exe. Retrieved December 4, 2023.
Internal MISP references
UUID f3ccacc1-3b42-4042-9a5c-f5b483a5e801 which can be used as unique global reference for Createdump.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Createdump.exe |
Google Cloud Kubernetes IAM
Google Cloud. (n.d.). Create IAM policies. Retrieved July 14, 2023.
Internal MISP references
UUID e8ee3ac6-ae7c-5fd3-a339-b579a419dd96 which can be used as unique global reference for Google Cloud Kubernetes IAM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-14T00:00:00Z |
| source | MITRE |
| title | Create IAM policies |
Microsoft CreateMutexA
Microsoft. (2023, February 8). CreateMutexA function (synchapi.h). Retrieved September 19, 2024.
Internal MISP references
UUID 20939374-30c1-515a-b672-28a030bf0c64 which can be used as unique global reference for Microsoft CreateMutexA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-19T00:00:00Z |
| date_published | 2023-02-08T00:00:00Z |
| source | MITRE |
| title | CreateMutexA function (synchapi.h) |
Microsoft CreateProcess
Microsoft. (n.d.). CreateProcess function. Retrieved September 12, 2024.
Internal MISP references
UUID aa336e3a-464d-48ce-bebb-760b73764610 which can be used as unique global reference for Microsoft CreateProcess in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| source | MITRE |
| title | CreateProcess function |
Microsoft CLI Create Subscription
Microsoft . (n.d.). Create subscription. Retrieved August 4, 2023.
Internal MISP references
UUID 1331b524-7d6f-59d9-a2bd-78ff7b3e371f which can be used as unique global reference for Microsoft CLI Create Subscription in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| source | MITRE |
| title | Create subscription |
create_sym_links
Microsoft. (2021, October 28). Create symbolic links. Retrieved April 27, 2022.
Internal MISP references
UUID 06bfdf8f-8671-47f7-9d0c-baf234c7ae96 which can be used as unique global reference for create_sym_links in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-27T00:00:00Z |
| date_published | 2021-10-28T00:00:00Z |
| source | MITRE |
| title | Create symbolic links |
GCP - Creating and Starting a VM
Google. (2020, April 23). Creating and Starting a VM instance. Retrieved May 1, 2020.
Internal MISP references
UUID c1b87a56-115a-46d7-9117-80442091ac3c which can be used as unique global reference for GCP - Creating and Starting a VM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-01T00:00:00Z |
| date_published | 2020-04-23T00:00:00Z |
| source | MITRE |
| title | Creating and Starting a VM instance |
AWS Create IAM User
AWS. (n.d.). Creating an IAM User in Your AWS Account. Retrieved January 29, 2020.
Internal MISP references
UUID bb474e88-b7bb-4b92-837c-95fe7bdd03f7 which can be used as unique global reference for AWS Create IAM User in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-29T00:00:00Z |
| source | MITRE |
| title | Creating an IAM User in Your AWS Account |
GNU Fork
Free Software Foundation, Inc.. (2020, June 18). Creating a Process. Retrieved June 25, 2020.
Internal MISP references
UUID c46331cb-328a-46e3-89c4-e43fa345d6e8 which can be used as unique global reference for GNU Fork in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2020-06-18T00:00:00Z |
| source | MITRE |
| title | Creating a Process |
AppleDocs Launch Agent Daemons
Apple. (n.d.). Creating Launch Daemons and Agents. Retrieved July 10, 2017.
Internal MISP references
UUID 310d18f8-6f9a-48b7-af12-6b921209d1ab which can be used as unique global reference for AppleDocs Launch Agent Daemons in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-10T00:00:00Z |
| source | MITRE |
| title | Creating Launch Daemons and Agents |
TechNet Logon Scripts
Microsoft. (2005, January 21). Creating logon scripts. Retrieved April 27, 2016.
Internal MISP references
UUID 896cf5dd-3fe7-44ab-bbaf-d8b2b9980dca which can be used as unique global reference for TechNet Logon Scripts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-27T00:00:00Z |
| date_published | 2005-01-21T00:00:00Z |
| source | MITRE |
| title | Creating logon scripts |
Google Cloud Service Account Credentials
Google Cloud. (2022, March 31). Creating short-lived service account credentials. Retrieved April 1, 2022.
Internal MISP references
UUID c4befa09-3c7f-49f3-bfcc-4fcbb7bace22 which can be used as unique global reference for Google Cloud Service Account Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2022-03-31T00:00:00Z |
| source | MITRE |
| title | Creating short-lived service account credentials |
creatingXPCservices
Apple. (2016, September 9). Creating XPC Services. Retrieved April 19, 2022.
Internal MISP references
UUID 029acdee-95d6-47a7-86de-0f6b925cef9c which can be used as unique global reference for creatingXPCservices in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-19T00:00:00Z |
| date_published | 2016-09-09T00:00:00Z |
| source | MITRE |
| title | Creating XPC Services |
GitHub Creddump7
Flathers, R. (2018, February 19). creddump7. Retrieved April 11, 2018.
Internal MISP references
UUID 276975da-7b5f-49aa-975e-4ac9bc527cf2 which can be used as unique global reference for GitHub Creddump7 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-02-19T00:00:00Z |
| source | MITRE |
| title | creddump7 |
Microsoft Midnight Blizzard Replay Attack
Microsoft Threat Intelligence. (2023, June 21). Credential Attacks. Retrieved September 12, 2024.
Internal MISP references
UUID 5af0008b-0ced-5d1d-bbc9-6c9d60835071 which can be used as unique global reference for Microsoft Midnight Blizzard Replay Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2023-06-21T00:00:00Z |
| source | MITRE |
| title | Credential Attacks |
Anomali Template Injection MAR 2018
Intel_Acquisition_Team. (2018, March 1). Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection. Retrieved July 20, 2018.
Internal MISP references
UUID 3cdeb2a2-9582-4725-a132-6503dbe04e1d which can be used as unique global reference for Anomali Template Injection MAR 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-20T00:00:00Z |
| date_published | 2018-03-01T00:00:00Z |
| source | MITRE |
| title | Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection |
Microsoft Credential Locker
Microsoft. (2013, October 23). Credential Locker Overview. Retrieved November 24, 2020.
Internal MISP references
UUID 77505354-bb08-464c-9176-d0015a62c7c9 which can be used as unique global reference for Microsoft Credential Locker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-24T00:00:00Z |
| date_published | 2013-10-23T00:00:00Z |
| source | MITRE |
| title | Credential Locker Overview |
Microsoft CredEnumerate
Microsoft. (2018, December 5). CredEnumarateA function (wincred.h). Retrieved November 24, 2020.
Internal MISP references
UUID ec3e7b3f-99dd-4f2f-885b-09d66b01fe3e which can be used as unique global reference for Microsoft CredEnumerate in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-24T00:00:00Z |
| date_published | 2018-12-05T00:00:00Z |
| source | MITRE |
| title | CredEnumarateA function (wincred.h) |
SentinelLabs Intermittent Encryption September 08 2022
Aleksandar Milenkoski, Jim Walter. (2022, September 8). Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection. Retrieved August 10, 2023.
Internal MISP references
UUID 09cae6de-e026-43a5-a8bc-7ff8e8205232 which can be used as unique global reference for SentinelLabs Intermittent Encryption September 08 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-10T00:00:00Z |
| date_published | 2022-09-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Crimeware Trends |
TrendmicroHideoutsLease
Max Goncharov. (2015, July 15). Criminal Hideouts for Lease: Bulletproof Hosting Services. Retrieved March 6, 2017.
Internal MISP references
UUID 527de869-3c76-447c-98c4-c37a2acf75e2 which can be used as unique global reference for TrendmicroHideoutsLease in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2015-07-15T00:00:00Z |
| source | MITRE |
| title | Criminal Hideouts for Lease: Bulletproof Hosting Services |
IC3-AI24
IC3. (2024, December 3). Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud. Retrieved March 18, 2025.
Internal MISP references
UUID f8f6643d-26f3-5eb9-9074-ca9683fdbe71 which can be used as unique global reference for IC3-AI24 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-18T00:00:00Z |
| date_published | 2024-12-03T00:00:00Z |
| source | MITRE |
| title | Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud |
BleepingComputer June 6 2025
Sergiu Gatlan. (2025, June 6). Critical Fortinet flaws now exploited in Qilin ransomware attacks. Retrieved June 9, 2025.
Internal MISP references
UUID 2572c252-f3a7-4e0f-bf87-2c92f7379397 which can be used as unique global reference for BleepingComputer June 6 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-09T00:00:00Z |
| date_published | 2025-06-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Critical Fortinet flaws now exploited in Qilin ransomware attacks |
doppelpaymer_crowdstrike
Hurley, S. (2021, December 7). Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes. Retrieved January 26, 2022.
Internal MISP references
UUID 54b5d8af-21f0-4d1c-ada8-b87db85dd742 which can be used as unique global reference for doppelpaymer_crowdstrike in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-26T00:00:00Z |
| date_published | 2021-12-07T00:00:00Z |
| source | MITRE |
| title | Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes |
CISA AA24-038A PRC Critical Infrastructure February 2024
CISA et al.. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved May 15, 2024.
Internal MISP references
UUID bfa16dc6-f075-5bd3-9d9d-255df8789298 which can be used as unique global reference for CISA AA24-038A PRC Critical Infrastructure February 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-15T00:00:00Z |
| source | MITRE |
| title | Critical Infrastructure |
Critical Vulnerabilities in PaperCut Print Management Software
Team Huntress. (2023, April 21). Critical Vulnerabilities in PaperCut Print Management Software. Retrieved May 8, 2023.
Internal MISP references
UUID 874f40f9-146d-4a52-93fd-9b2e7981b6da which can be used as unique global reference for Critical Vulnerabilities in PaperCut Print Management Software in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-08T00:00:00Z |
| date_published | 2023-04-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Critical Vulnerabilities in PaperCut Print Management Software |
Security Affairs SILENTTRINITY July 2019
Paganini, P. (2019, July 7). Croatia government agencies targeted with news SilentTrinity malware. Retrieved March 23, 2022.
Internal MISP references
UUID b4945fc0-b89b-445c-abfb-14959deba3d0 which can be used as unique global reference for Security Affairs SILENTTRINITY July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-23T00:00:00Z |
| date_published | 2019-07-07T00:00:00Z |
| source | MITRE |
| title | Croatia government agencies targeted with news SilentTrinity malware |
Die.net Linux crontab Man Page
Paul Vixie. (n.d.). crontab(5) - Linux man page. Retrieved December 19, 2017.
Internal MISP references
UUID 0339c2ab-7a08-4976-90eb-1637c23c5644 which can be used as unique global reference for Die.net Linux crontab Man Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| source | MITRE |
| title | crontab(5) - Linux man page |
Symantec Frutas Feb 2013
Bingham, J. (2013, February 11). Cross-Platform Frutas RAT Builder and Back Door. Retrieved April 23, 2019.
Internal MISP references
UUID 8d9f88be-9ddf-485b-9333-7e41704ec64f which can be used as unique global reference for Symantec Frutas Feb 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2013-02-11T00:00:00Z |
| source | MITRE |
| title | Cross-Platform Frutas RAT Builder and Back Door |
Bishop Fox Sliver Framework August 2019
Kervella, R. (2019, August 4). Cross-platform General Purpose Implant Framework Written in Golang. Retrieved July 30, 2021.
Internal MISP references
UUID 51e67e37-2d61-4228-999b-bec6f80cf106 which can be used as unique global reference for Bishop Fox Sliver Framework August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-30T00:00:00Z |
| date_published | 2019-08-04T00:00:00Z |
| source | MITRE |
| title | Cross-platform General Purpose Implant Framework Written in Golang |
Okta Cross-Tenant Impersonation
Okta Defensive Cyber Operations. (2023, August 31). Cross-Tenant Impersonation: Prevention and Detection. Retrieved March 4, 2024.
Internal MISP references
UUID 77dbd22f-ce57-50f7-9c6b-8dc874a4d80d which can be used as unique global reference for Okta Cross-Tenant Impersonation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-04T00:00:00Z |
| date_published | 2023-08-31T00:00:00Z |
| source | MITRE |
| title | Cross-Tenant Impersonation: Prevention and Detection |
Okta Cross-Tenant Impersonation 2023
Okta Defensive Cyber Operations. (2023, August 31). Cross-Tenant Impersonation: Prevention and Detection. Retrieved February 15, 2024.
Internal MISP references
UUID d54188b5-86eb-52a0-8384-823c45431762 which can be used as unique global reference for Okta Cross-Tenant Impersonation 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-15T00:00:00Z |
| date_published | 2023-08-31T00:00:00Z |
| source | MITRE |
| title | Cross-Tenant Impersonation: Prevention and Detection |
Crowdstrike CrowdCast Oct 2013
Crowdstrike. (2013, October 16). CrowdCasts Monthly: You Have an Adversary Problem. Retrieved November 17, 2024.
Internal MISP references
UUID 2062a229-58b3-4610-99cb-8907e7fbb350 which can be used as unique global reference for Crowdstrike CrowdCast Oct 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2013-10-16T00:00:00Z |
| source | MITRE |
| title | CrowdCasts Monthly: You Have an Adversary Problem |
Crowdstrike Global Threat Report Feb 2018
CrowdStrike. (2018, February 26). CrowdStrike 2018 Global Threat Report. Retrieved October 10, 2018.
Internal MISP references
UUID 6c1ace5b-66b2-4c56-9301-822aad2c3c16 which can be used as unique global reference for Crowdstrike Global Threat Report Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-10T00:00:00Z |
| date_published | 2018-02-26T00:00:00Z |
| source | MITRE |
| title | CrowdStrike 2018 Global Threat Report |
CrowdStrike GTR 2021 June 2021
CrowdStrike. (2021, June 7). CrowdStrike 2021 Global Threat Report. Retrieved September 29, 2021.
Internal MISP references
UUID ec58e524-6de5-4cbb-a5d3-984b9b652f26 which can be used as unique global reference for CrowdStrike GTR 2021 June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2021-06-07T00:00:00Z |
| source | MITRE |
| title | CrowdStrike 2021 Global Threat Report |
CrowdStrike 2023 Threat Hunting Report
CrowdStrike. (2023, September 8). CrowdStrike 2023 Threat Hunting Report. Retrieved March 10, 2025.
Internal MISP references
UUID de69b138-4b4d-4eef-98af-0fd96f8036a1 which can be used as unique global reference for CrowdStrike 2023 Threat Hunting Report in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-10T00:00:00Z |
| date_published | 2023-09-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CrowdStrike 2023 Threat Hunting Report |
CrowdStrike 2025 Global Threat Report
CrowdStrike. (2025, February 27). CrowdStrike 2025 Global Threat Report. Retrieved February 27, 2025.
Internal MISP references
UUID a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4 which can be used as unique global reference for CrowdStrike 2025 Global Threat Report in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-27T00:00:00Z |
| date_published | 2025-02-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CrowdStrike 2025 Global Threat Report |
CrowdStrike Adversary Carbon Spider
CrowdStrike. (2022, June 01). CrowdStrike Adversary Carbon Spider. Retrieved June 01, 2022.
Internal MISP references
UUID 9e28d375-c4a7-405f-9fff-7374c19f3af7 which can be used as unique global reference for CrowdStrike Adversary Carbon Spider in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Carbon Spider |
CrowdStrike Adversary Cozy Bear
CrowdStrike. (2022, May 4). CrowdStrike Adversary Cozy Bear. Retrieved May 4, 2022.
Internal MISP references
UUID 0998ad7a-b4aa-44af-a665-dc58a3a6f800 which can be used as unique global reference for CrowdStrike Adversary Cozy Bear in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-04T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Cozy Bear |
CrowdStrike Labyrinth Chollima Feb 2022
CrowdStrike. (2022, February 1). CrowdStrike Adversary Labyrinth Chollima. Retrieved February 1, 2022.
Internal MISP references
UUID ffe31bbf-a40d-4285-96a0-53c54298a680 which can be used as unique global reference for CrowdStrike Labyrinth Chollima Feb 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-01T00:00:00Z |
| date_published | 2022-02-01T00:00:00Z |
| source | MITRE |
| title | CrowdStrike Adversary Labyrinth Chollima |
CrowdStrike Adversary Ocean Buffalo
CrowdStrike. (2022, June 25). CrowdStrike Adversary Ocean Bufallo. Retrieved June 25, 2022.
Internal MISP references
UUID 466795cb-0269-4d0c-a48c-d71e9dfd9a3c which can be used as unique global reference for CrowdStrike Adversary Ocean Buffalo in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-25T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Ocean Buffalo |
CrowdStrike Adversary Venomous Bear
CrowdStrike. (2022, May 4). CrowdStrike Adversary Venomous Bear. Retrieved May 4, 2022.
Internal MISP references
UUID 8c04f2b8-74ba-44a5-9580-96eabdbbcda9 which can be used as unique global reference for CrowdStrike Adversary Venomous Bear in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-04T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Venomous Bear |
CrowdStrike Adversary Wizard Spider
CrowdStrike. (2022, June 23). CrowdStrike Adversary Wizard Spider. Retrieved June 23, 2022.
Internal MISP references
UUID 05f382c4-5163-49e0-a8a0-cf3a5992ef18 which can be used as unique global reference for CrowdStrike Adversary Wizard Spider in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-23T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Wizard Spider |
Crowdstrike DriveSlayer February 2022
Thomas, W. et al. (2022, February 25). CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks. Retrieved March 25, 2022.
Internal MISP references
UUID 4f01e901-58f8-4fdb-ac8c-ef4b6bfd068e which can be used as unique global reference for Crowdstrike DriveSlayer February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-02-25T00:00:00Z |
| source | MITRE |
| title | CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks |
CrowdStrike Putter Panda
Crowdstrike Global Intelligence Team. (2014, June 9). CrowdStrike Intelligence Report: Putter Panda. Retrieved January 22, 2016.
Internal MISP references
UUID 413962d0-bd66-4000-a077-38c2677995d1 which can be used as unique global reference for CrowdStrike Putter Panda in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-22T00:00:00Z |
| date_published | 2014-06-09T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | CrowdStrike Intelligence Report: Putter Panda |
Checkpoint WannaCry 2017
Pal, P. (2017, May 16). CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry. Retrieved November 22, 2024.
Internal MISP references
UUID f0023677-e862-5647-9863-a27c222bc641 which can be used as unique global reference for Checkpoint WannaCry 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-22T00:00:00Z |
| date_published | 2017-05-16T00:00:00Z |
| source | MITRE |
| title | CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry |
ANYRUN CryptBot January 26 2023
ANYRUN. (2023, January 26). CryptBot Infostealer: Malware Analysis. Retrieved February 13, 2025.
Internal MISP references
UUID 93a43526-0b6b-4201-a274-eb9a482c1d24 which can be used as unique global reference for ANYRUN CryptBot January 26 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-13T00:00:00Z |
| date_published | 2023-01-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CryptBot Infostealer: Malware Analysis |
Softpedia MinerC
Cimpanu, C.. (2016, September 9). Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives. Retrieved September 12, 2024.
Internal MISP references
UUID 087b9bf1-bd9e-4cd6-a386-d9d2c812c927 which can be used as unique global reference for Softpedia MinerC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2016-09-09T00:00:00Z |
| source | MITRE |
| title | Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives |
Microsoft Cryptojacking 2023
Microsoft Threat Intelligence. (2023, July 25). Cryptojacking: Understanding and defending against cloud compute resource abuse. Retrieved September 5, 2023.
Internal MISP references
UUID e2dbc963-b913-5a44-bb61-88a3f0d8d8a3 which can be used as unique global reference for Microsoft Cryptojacking 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-05T00:00:00Z |
| date_published | 2023-07-25T00:00:00Z |
| source | MITRE |
| title | Cryptojacking: Understanding and defending against cloud compute resource abuse |
Microsoft CryptUnprotectData April 2018
Microsoft. (2018, April 12). CryptUnprotectData function. Retrieved June 18, 2019.
Internal MISP references
UUID 258088ae-96c2-4520-8eb5-1a7e540a9a24 which can be used as unique global reference for Microsoft CryptUnprotectData April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-18T00:00:00Z |
| date_published | 2018-04-12T00:00:00Z |
| source | MITRE |
| title | CryptUnprotectData function |
Csc.exe - LOLBAS Project
LOLBAS. (2018, May 25). Csc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 276c9e55-4673-426d-8f49-06edee2e3b30 which can be used as unique global reference for Csc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Csc.exe |
Cscript.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cscript.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 428b6223-63b7-497f-b13a-e472b4583a9f which can be used as unique global reference for Cscript.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cscript.exe |
csi.exe - LOLBAS Project
LOLBAS. (2018, May 25). csi.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b810ee91-de4e-4c7b-8fa8-24dca95133e5 which can be used as unique global reference for csi.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | csi.exe |
OWASP CSV Injection
Albinowax Timo Goosen. (n.d.). CSV Injection. Retrieved February 7, 2022.
Internal MISP references
UUID 0cdde66c-a7ae-48a2-8ade-067643de304d which can be used as unique global reference for OWASP CSV Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-07T00:00:00Z |
| source | MITRE |
| title | CSV Injection |
Elastic CUBA Ransomware 2022
Daniel Stepanic, Derek Ditch, Seth Goodwin, Salim Bitam, Andrew Pease. (2022, September 7). CUBA Ransomware Campaign Analysis. Retrieved August 5, 2024.
Internal MISP references
UUID 79299d27-dbbf-56d0-87fd-15e3f9167cf8 which can be used as unique global reference for Elastic CUBA Ransomware 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-05T00:00:00Z |
| date_published | 2022-09-07T00:00:00Z |
| source | MITRE |
| title | CUBA Ransomware Campaign Analysis |
Elastic September 7 2022
Daniel Stepanic, Derek Ditch, Seth Goodwin, Salim Bitam, Andrew Pease. (2022, September 7). CUBA Ransomware Campaign Analysis. Retrieved February 20, 2025.
Internal MISP references
UUID a995a1f3-8420-4bbf-91c6-0b11049138c0 which can be used as unique global reference for Elastic September 7 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-20T00:00:00Z |
| date_published | 2022-09-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CUBA Ransomware Campaign Analysis |
cybereason.com January 24 2024
Cybereason Security Services Team. (2024, January 24). CUCKOO SPEAR Part 1 Analyzing NOOPDOOR from an IR Perspective. Retrieved September 14, 2024.
Internal MISP references
UUID 40d57c84-9cc9-49b4-a0cb-8884a2318ffd which can be used as unique global reference for cybereason.com January 24 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-14T00:00:00Z |
| date_published | 2024-01-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CUCKOO SPEAR Part 1 Analyzing NOOPDOOR from an IR Perspective |
Microsoft Subkey
Microsoft. (n.d.). CurrentControlSet\Services Subkey Entries. Retrieved November 30, 2014.
Internal MISP references
UUID be233077-7bb4-48be-aecf-03258931527d which can be used as unique global reference for Microsoft Subkey in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-30T00:00:00Z |
| source | MITRE |
| title | CurrentControlSet\Services Subkey Entries |
Microsoft SolarWinds Customer Guidance
MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 17, 2020.
Internal MISP references
UUID b486ae40-a854-4998-bf1b-aaf6ea2047ed which can be used as unique global reference for Microsoft SolarWinds Customer Guidance in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2020-12-13T00:00:00Z |
| source | MITRE |
| title | Customer Guidance on Recent Nation-State Cyber Attacks |
Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks
MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 30, 2020.
Internal MISP references
UUID 47031992-841f-4ef4-87c6-bb4c077fb8dc which can be used as unique global reference for Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-30T00:00:00Z |
| date_published | 2020-12-13T00:00:00Z |
| source | MITRE |
| title | Customer Guidance on Recent Nation-State Cyber Attacks |
Bleeping Computer Bank Hack 2020
Ionut Ilascu. (2020, January 16). Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII. Retrieved July 1, 2024.
Internal MISP references
UUID 027b281d-79d5-50aa-9ff3-d6f4e647d477 which can be used as unique global reference for Bleeping Computer Bank Hack 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-01T00:00:00Z |
| date_published | 2020-01-16T00:00:00Z |
| source | MITRE |
| title | Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII |
Login Scripts Apple Dev
Apple. (2016, September 13). Customizing Login and Logout. Retrieved April 1, 2022.
Internal MISP references
UUID 9c0094b6-a8e3-4f4d-8d2e-33b408d44a06 which can be used as unique global reference for Login Scripts Apple Dev in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | Customizing Login and Logout |
TechNet Screensaver GP
Microsoft. (n.d.). Customizing the Desktop. Retrieved December 5, 2017.
Internal MISP references
UUID 7cf8056e-6d3b-4930-9d2c-160d7d9636ac which can be used as unique global reference for TechNet Screensaver GP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-05T00:00:00Z |
| source | MITRE |
| title | Customizing the Desktop |
CustomShellHost.exe - LOLBAS Project
LOLBAS. (2021, November 14). CustomShellHost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 96324ab1-7eb8-42dc-b19a-fa1d9f85e239 which can be used as unique global reference for CustomShellHost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-11-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CustomShellHost.exe |
Mandiant Cutting Edge Part 2 January 2024
Lin, M. et al. (2024, January 31). Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation. Retrieved February 27, 2024.
Internal MISP references
UUID 5209d259-4293-58c0-bbdc-f30ff77d57f7 which can be used as unique global reference for Mandiant Cutting Edge Part 2 January 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-27T00:00:00Z |
| date_published | 2024-01-31T00:00:00Z |
| source | MITRE |
| title | Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation |
Mandiant Cutting Edge Part 3 February 2024
Lin, M. et al. (2024, February 27). Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts. Retrieved March 1, 2024.
Internal MISP references
UUID 49e5b125-5503-5cb0-9a56-a93f82b55753 which can be used as unique global reference for Mandiant Cutting Edge Part 3 February 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-01T00:00:00Z |
| date_published | 2024-02-27T00:00:00Z |
| source | MITRE |
| title | Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts |
Google Cloud April 4 2024
Mandiant. (2024, April 4). Cutting Edge, Part 4 Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies . Retrieved April 29, 2024.
Internal MISP references
UUID 5179ba93-fab1-48b9-81e7-c9a79cf9402f which can be used as unique global reference for Google Cloud April 4 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-29T00:00:00Z |
| date_published | 2024-04-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cutting Edge, Part 4 Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies |
Mandiant Cutting Edge January 2024
McLellan, T. et al. (2024, January 12). Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation. Retrieved February 27, 2024.
Internal MISP references
UUID 9d9ec923-89c1-5155-ae6e-98d4776d4250 which can be used as unique global reference for Mandiant Cutting Edge January 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-27T00:00:00Z |
| date_published | 2024-01-12T00:00:00Z |
| source | MITRE |
| title | Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation |
Symantec Naid in the Wild June 2012
Symantec Security Response. (2012, June 18). CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid). Retrieved February 22, 2018.
Internal MISP references
UUID e1531171-709c-4043-9e3a-af9e37f3ac57 which can be used as unique global reference for Symantec Naid in the Wild June 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-22T00:00:00Z |
| date_published | 2012-06-18T00:00:00Z |
| source | MITRE |
| title | CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid) |
NVD CVE-2014-7169
National Vulnerability Database. (2017, September 24). CVE-2014-7169 Detail. Retrieved April 3, 2018.
Internal MISP references
UUID c3aab918-51c6-4773-8677-a89b27a00eb1 which can be used as unique global reference for NVD CVE-2014-7169 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-09-24T00:00:00Z |
| source | MITRE |
| title | CVE-2014-7169 Detail |
NVD CVE-2016-6662
National Vulnerability Database. (2017, February 2). CVE-2016-6662 Detail. Retrieved April 3, 2018.
Internal MISP references
UUID 1813c26d-da68-4a82-a959-27351dd5e51b which can be used as unique global reference for NVD CVE-2016-6662 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-02-02T00:00:00Z |
| source | MITRE |
| title | CVE-2016-6662 Detail |
NVD CVE-2017-0176
National Vulnerability Database. (2017, June 22). CVE-2017-0176 Detail. Retrieved April 3, 2018.
Internal MISP references
UUID 82602351-0ab0-48d7-90dd-f4536b4d009b which can be used as unique global reference for NVD CVE-2017-0176 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE |
| title | CVE-2017-0176 Detail |
FireEye Attacks Leveraging HTA
Berry, A., Galang, L., Jiang, G., Leathery, J., Mohandas, R. (2017, April 11). CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler. Retrieved October 27, 2017.
Internal MISP references
UUID 1876a476-b2ff-4605-a78b-89443d21b063 which can be used as unique global reference for FireEye Attacks Leveraging HTA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-27T00:00:00Z |
| date_published | 2017-04-11T00:00:00Z |
| source | MITRE |
| title | CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler |
Microsoft CVE-2017-8625 Aug 2017
Microsoft. (2017, August 8). CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability. Retrieved October 3, 2018.
Internal MISP references
UUID 402cb526-ef57-4d27-b96b-f98008abe716 which can be used as unique global reference for Microsoft CVE-2017-8625 Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| date_published | 2017-08-08T00:00:00Z |
| source | MITRE |
| title | CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability |
NVD CVE-2019-3610
National Vulnerability Database. (2019, October 9). CVE-2019-3610 Detail. Retrieved April 14, 2021.
Internal MISP references
UUID 889b742e-7572-4aad-8944-7f071483b613 which can be used as unique global reference for NVD CVE-2019-3610 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| date_published | 2019-10-09T00:00:00Z |
| source | MITRE |
| title | CVE-2019-3610 Detail |
CVMServer Vuln
Mickey Jin. (2021, June 3). CVE-2021-30724: CVMServer Vulnerability in macOS and iOS. Retrieved October 12, 2021.
Internal MISP references
UUID 6f83da0c-d2ce-4923-ba32-c6886eb22587 which can be used as unique global reference for CVMServer Vuln in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2021-06-03T00:00:00Z |
| source | MITRE |
| title | CVE-2021-30724: CVMServer Vulnerability in macOS and iOS |
Crowdstrike Kubernetes Container Escape
Manoj Ahuje. (2022, January 31). CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit. Retrieved July 6, 2022.
Internal MISP references
UUID 84d5f015-9014-417c-b2a9-f650fe19d448 which can be used as unique global reference for Crowdstrike Kubernetes Container Escape in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-06T00:00:00Z |
| date_published | 2022-01-31T00:00:00Z |
| source | MITRE |
| title | CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit |
Trend Micro March 13 2024
Peter Girnus; Aliakbar Zahravi; Simon Zuckerbraun Read time. (2024, March 13). CVE-2024-21412 DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign. Retrieved March 14, 2024.
Internal MISP references
UUID 0574a0a7-694b-4858-b053-8f7911c8ce54 which can be used as unique global reference for Trend Micro March 13 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-14T00:00:00Z |
| date_published | 2024-03-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CVE-2024-21412 DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign |
AttackerKB December 16 2024
AttackerKB. (2024, December 16). CVE-2024-55956 . Retrieved December 16, 2024.
Internal MISP references
UUID b8970cef-ddda-4a72-94ed-e2c911a20e18 which can be used as unique global reference for AttackerKB December 16 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-16T00:00:00Z |
| date_published | 2024-12-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CVE-2024-55956 |
CCCS ArcaneDoor 2024
Canadian Centre for Cyber Security. (2024, April 24). Cyber Activity Impacting CISCO ASA VPNs. Retrieved January 6, 2025.
Internal MISP references
UUID 904b6c9a-8ab9-572e-aa9a-90f840c8ff82 which can be used as unique global reference for CCCS ArcaneDoor 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-06T00:00:00Z |
| date_published | 2024-04-24T00:00:00Z |
| source | MITRE |
| title | Cyber Activity Impacting CISCO ASA VPNs |
CyberArk Labs Safe Mode 2016
Naim, D.. (2016, September 15). CyberArk Labs: From Safe Mode to Domain Compromise. Retrieved June 23, 2021.
Internal MISP references
UUID bd9c14dd-0e2a-447b-a245-f548734d2400 which can be used as unique global reference for CyberArk Labs Safe Mode 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-23T00:00:00Z |
| date_published | 2016-09-15T00:00:00Z |
| source | MITRE |
| title | CyberArk Labs: From Safe Mode to Domain Compromise |
PJ Cyber Army of Russia 2023
PJ04857920. (2023, November 30). Cyber Army of Russia — DDoS Tool. Retrieved April 30, 2024.
Internal MISP references
UUID 3e42ff96-fc7e-418e-8d8b-076a1a47981e which can be used as unique global reference for PJ Cyber Army of Russia 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-30T00:00:00Z |
| date_published | 2023-11-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cyber Army of Russia — DDoS Tool |
CERT-UA Alert June 20 2022
CERT-UA. (2022, June 20). Cyberattack by the UAC-0098 group on critical infrastructure facilities in Ukraine. Retrieved February 14, 2025.
Internal MISP references
UUID f1db497b-a8df-4f24-bc17-35c7ec2b332c which can be used as unique global reference for CERT-UA Alert June 20 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-14T00:00:00Z |
| date_published | 2022-06-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cyberattack by the UAC-0098 group on critical infrastructure facilities in Ukraine |
CERT-UA Alert April 28 2022
CERT-UA. (2022, April 28). Cyberattack by the UAC-0098 group on Ukrainian government agencies using the Metasploit framework. Retrieved February 14, 2025.
Internal MISP references
UUID ebea04a5-d21b-4174-a12b-b398c8054a9f which can be used as unique global reference for CERT-UA Alert April 28 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-14T00:00:00Z |
| date_published | 2022-04-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cyberattack by the UAC-0098 group on Ukrainian government agencies using the Metasploit framework |
Cyware Ngrok May 2019
Cyware. (2019, May 29). Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems. Retrieved September 15, 2020.
Internal MISP references
UUID 583a01b6-cb4e-41e7-aade-ac2fd19bda4e which can be used as unique global reference for Cyware Ngrok May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-15T00:00:00Z |
| date_published | 2019-05-29T00:00:00Z |
| source | MITRE |
| title | Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems |
The Record RansomHub June 3 2024
Jonathan Greig. (2024, June 3). Cyberattack on telecom giant Frontier claimed by RansomHub. Retrieved June 7, 2024.
Internal MISP references
UUID 1e474240-bd12-4472-8e69-1631b0e4c102 which can be used as unique global reference for The Record RansomHub June 3 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-07T00:00:00Z |
| date_published | 2024-06-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cyberattack on telecom giant Frontier claimed by RansomHub |
Microsoft Phosphorus Oct 2020
Burt, T. (2020, October 28). Cyberattacks target international conference attendees. Retrieved March 8, 2021.
Internal MISP references
UUID 8986c21c-16a0-4a53-8e37-9935bbbfaa4b which can be used as unique global reference for Microsoft Phosphorus Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-08T00:00:00Z |
| date_published | 2020-10-28T00:00:00Z |
| source | MITRE |
| title | Cyberattacks target international conference attendees |
Check Point Mid-Year Report 2022
Check Point Software. (2022, August 3). Cyber Attack Trends: Check Point's 2022 Mid-Year Report. Retrieved May 18, 2022.
Internal MISP references
UUID e929cd86-9903-481c-a841-ba387831cb77 which can be used as unique global reference for Check Point Mid-Year Report 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-18T00:00:00Z |
| date_published | 2022-08-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cyber Attack Trends: Check Point's 2022 Mid-Year Report |
Talos Seduploader Oct 2017
Mercer, W., et al. (2017, October 22). "Cyber Conflict" Decoy Document Used in Real Cyber Conflict. Retrieved November 2, 2018.
Internal MISP references
UUID 2db77619-72df-461f-84bf-2d1c3499a5c0 which can be used as unique global reference for Talos Seduploader Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-02T00:00:00Z |
| date_published | 2017-10-22T00:00:00Z |
| source | MITRE |
| title | "Cyber Conflict" Decoy Document Used in Real Cyber Conflict |
Google Cybercrime Report February 11 2025
Google Threat Intelligence Group. (2025, February 11). Cybercrime: A Multifaceted National Security Threat. Retrieved February 11, 2025.
Internal MISP references
UUID 17685d5c-4255-445e-a546-e0dfb92378c2 which can be used as unique global reference for Google Cybercrime Report February 11 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-11T00:00:00Z |
| date_published | 2025-02-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cybercrime: A Multifaceted National Security Threat |
Resecurity Remote Access Compromise March 13 2024
Resecurity. (2024, March 13). Cybercriminals Evolve Tooling for Remote Access Compromise. Retrieved April 9, 2025.
Internal MISP references
UUID eb3fc217-44b7-496f-b5d1-68b40f476ce3 which can be used as unique global reference for Resecurity Remote Access Compromise March 13 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-09T00:00:00Z |
| date_published | 2024-03-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cybercriminals Evolve Tooling for Remote Access Compromise |
FBI-search
FBI. (2022, December 21). Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users. Retrieved February 21, 2023.
Internal MISP references
UUID deea5b42-bfab-50af-8d85-cc04fd317a82 which can be used as unique global reference for FBI-search in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-12-21T00:00:00Z |
| source | MITRE |
| title | Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users |
Resecurity GXC Team January 3 2024
Resecurity. (2024, January 3). Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud. Retrieved September 9, 2024.
Internal MISP references
UUID 6d55aa2c-3f52-4bff-8003-f78b386a4952 which can be used as unique global reference for Resecurity GXC Team January 3 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-09T00:00:00Z |
| date_published | 2024-01-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud |
Secureworks GOLD KINGSWOOD September 2018
CTU. (2018, September 27). Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish. Retrieved September 20, 2021.
Internal MISP references
UUID cda529b2-e152-4ff0-a6b3-d0305b09fef9 which can be used as unique global reference for Secureworks GOLD KINGSWOOD September 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2018-09-27T00:00:00Z |
| source | MITRE |
| title | Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish |
Cybereason OSX Pirrit
Amit Serper. (2016). Cybereason Lab Analysis OSX.Pirrit. Retrieved December 10, 2021.
Internal MISP references
UUID ebdf09ed-6eec-450f-aaea-067504ec25ca which can be used as unique global reference for Cybereason OSX Pirrit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-10T00:00:00Z |
| date_published | 2016-01-01T00:00:00Z |
| source | MITRE |
| title | Cybereason Lab Analysis OSX.Pirrit |
Cybereason Quantum Ransomware May 9 2022
Cybereason Nocturnus. (2022, May 9). Cybereason vs. Quantum Locker Ransomware. Retrieved June 28, 2024.
Internal MISP references
UUID 19027620-216a-4921-8d78-f56377778a12 which can be used as unique global reference for Cybereason Quantum Ransomware May 9 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-28T00:00:00Z |
| date_published | 2022-05-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cybereason vs. Quantum Locker Ransomware |
Zdnet Kimsuky Dec 2018
Cimpanu, C.. (2018, December 5). Cyber-espionage group uses Chrome extension to infect victims. Retrieved August 26, 2019.
Internal MISP references
UUID b17acdc3-0163-4c98-b5fb-a457a7e6b58d which can be used as unique global reference for Zdnet Kimsuky Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-26T00:00:00Z |
| date_published | 2018-12-05T00:00:00Z |
| source | MITRE |
| title | Cyber-espionage group uses Chrome extension to infect victims |
FireEye APT32 May 2017
Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017.
Internal MISP references
UUID b72d017b-a70f-4003-b3d9-90d79aca812d which can be used as unique global reference for FireEye APT32 May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-18T00:00:00Z |
| date_published | 2017-05-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations |
Shadowserver Strategic Web Compromise
Adair, S., Moran, N. (2012, May 15). Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results. Retrieved March 13, 2018.
Internal MISP references
UUID cf531866-ac3c-4078-b847-5b4af7eb161f which can be used as unique global reference for Shadowserver Strategic Web Compromise in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-13T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results |
CyberKnow Tweet July 7 2022
Cyberknow20. (2022, July 7). CyberKnow Tweet July 7 2022. Retrieved October 10, 2023.
Internal MISP references
UUID a37564a4-ff83-4ce0-818e-80750172f302 which can be used as unique global reference for CyberKnow Tweet July 7 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2022-07-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CyberKnow Tweet July 7 2022 |
Cyber Safety Review Board: Lapsus
CISA. (2023, August). Cyber Safety Review Board: Lapsus. Retrieved January 5, 2024.
Internal MISP references
UUID 4b713738-d767-5243-b9af-4d7ac7b0b349 which can be used as unique global reference for Cyber Safety Review Board: Lapsus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-05T00:00:00Z |
| date_published | 2023-08-01T00:00:00Z |
| source | MITRE |
| title | Cyber Safety Review Board: Lapsus |
CISA Scattered Spider Advisory November 2023
CISA. (2023, November 16). Cybersecurity Advisory: Scattered Spider (AA23-320A). Retrieved March 18, 2024.
Internal MISP references
UUID deae8b2c-39dd-5252-b846-88e1cab099c2 which can be used as unique global reference for CISA Scattered Spider Advisory November 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-18T00:00:00Z |
| date_published | 2023-11-16T00:00:00Z |
| source | MITRE |
| title | Cybersecurity Advisory: Scattered Spider (AA23-320A) |
NSA NCSC Turla OilRig
NSA/NCSC. (2019, October 21). Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims. Retrieved October 16, 2020.
Internal MISP references
UUID 3e86a807-5188-4278-9a58-babd23b86410 which can be used as unique global reference for NSA NCSC Turla OilRig in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| date_published | 2019-10-21T00:00:00Z |
| source | MITRE |
| title | Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims |
OPM Leak
Cybersecurity Resource Center. (n.d.). CYBERSECURITY INCIDENTS. Retrieved September 16, 2024.
Internal MISP references
UUID b67ed4e9-ed44-460a-bd59-c978bdfda32f which can be used as unique global reference for OPM Leak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-16T00:00:00Z |
| source | MITRE |
| title | CYBERSECURITY INCIDENTS |
ExpressVPN PATH env Windows 2021
ExpressVPN Security Team. (2021, November 16). Cybersecurity lessons: A PATH vulnerability in Windows. Retrieved September 28, 2023.
Internal MISP references
UUID 26096485-1dd6-512a-a2a1-27dbbfb6fde0 which can be used as unique global reference for ExpressVPN PATH env Windows 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-28T00:00:00Z |
| date_published | 2021-11-16T00:00:00Z |
| source | MITRE |
| title | Cybersecurity lessons: A PATH vulnerability in Windows |
SCILabs Malteiro 2021
SCILabs. (2021, December 23). Cyber Threat Profile Malteiro. Retrieved March 13, 2024.
Internal MISP references
UUID c6948dfc-b133-556b-a8ac-b3a4dba09c0e which can be used as unique global reference for SCILabs Malteiro 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-13T00:00:00Z |
| date_published | 2021-12-23T00:00:00Z |
| source | MITRE |
| title | Cyber Threat Profile Malteiro |
Cyber Threat Profile MALTEIRO – Sciblog
blog.scilabs.mx. (2021, December 23). Cyber Threat Profile MALTEIRO – Sciblog. Retrieved May 17, 2023.
Internal MISP references
UUID 1f46872c-6255-4ce0-a6c3-2bfa9e767765 which can be used as unique global reference for Cyber Threat Profile MALTEIRO – Sciblog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-17T00:00:00Z |
| date_published | 2021-12-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cyber Threat Profile MALTEIRO – Sciblog |
DoublePulsar Cyber Toufan
Kevin Beaumont. (2023, December 28). Cyber Toufan goes Oprah mode with free Linux system wipes of over 100 organisations. Retrieved August 8, 2024.
Internal MISP references
UUID 2fc1f6de-e01c-4225-bd29-8d547bf91e9e which can be used as unique global reference for DoublePulsar Cyber Toufan in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-08T00:00:00Z |
| date_published | 2023-12-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cyber Toufan goes Oprah mode with free Linux system wipes of over 100 organisations |
SentinelOne November 25 2024
Jim Walter. (2024, November 25). CyberVolk . Retrieved April 9, 2025.
Internal MISP references
UUID 71c8e60c-a72a-4bff-aae3-f3f155fa22ee which can be used as unique global reference for SentinelOne November 25 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-09T00:00:00Z |
| date_published | 2024-11-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CyberVolk |
Nozomi BUSTLEBERM 2024
Nozomi Networks Labs. (2024, July 24). Cyberwarfare Targeting OT: Protecting Against FrostyGoop/BUSTLEBERM Malware. Retrieved November 20, 2024.
Internal MISP references
UUID d8a5e49e-7d1c-54eb-92dc-273adb930c20 which can be used as unique global reference for Nozomi BUSTLEBERM 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-20T00:00:00Z |
| date_published | 2024-07-24T00:00:00Z |
| source | MITRE |
| title | Cyberwarfare Targeting OT: Protecting Against FrostyGoop/BUSTLEBERM Malware |
NCSC Cyclops Blink February 2022
NCSC. (2022, February 23). Cyclops Blink Malware Analysis Report. Retrieved March 3, 2022.
Internal MISP references
UUID 91ed6adf-f066-49e4-8ec7-1989bc6615a6 which can be used as unique global reference for NCSC Cyclops Blink February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-03T00:00:00Z |
| date_published | 2022-02-23T00:00:00Z |
| source | MITRE |
| title | Cyclops Blink Malware Analysis Report |
Trend Micro Cyclops Blink March 2022
Haquebord, F. et al. (2022, March 17). Cyclops Blink Sets Sights on Asus Routers. Retrieved March 17, 2022.
Internal MISP references
UUID 64e9a24f-f386-4774-9874-063e0ebfb8e1 which can be used as unique global reference for Trend Micro Cyclops Blink March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-17T00:00:00Z |
| date_published | 2022-03-17T00:00:00Z |
| source | MITRE |
| title | Cyclops Blink Sets Sights on Asus Routers |
CYJAX Initial Access Broker Report June 2024
CYJAX. (2024, June 1). CYJAX Initial Access Broker Report. Retrieved April 9, 2025.
Internal MISP references
UUID 5a20c423-c4c0-4601-9e4d-028df0297568 which can be used as unique global reference for CYJAX Initial Access Broker Report June 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-09T00:00:00Z |
| date_published | 2024-06-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CYJAX Initial Access Broker Report |
Cynet Ragnar Apr 2020
Gold, B. (2020, April 27). Cynet Detection Report: Ragnar Locker Ransomware. Retrieved June 29, 2020.
Internal MISP references
UUID aeb637ea-0b83-42a0-8f68-9fdc59aa462a which can be used as unique global reference for Cynet Ragnar Apr 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-29T00:00:00Z |
| date_published | 2020-04-27T00:00:00Z |
| source | MITRE |
| title | Cynet Detection Report: Ragnar Locker Ransomware |
Microsoft DACL May 2018
Microsoft. (2018, May 30). DACLs and ACEs. Retrieved August 19, 2018.
Internal MISP references
UUID 32a250ca-a7eb-4d7f-af38-f3e6a09540e2 which can be used as unique global reference for Microsoft DACL May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-19T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | DACLs and ACEs |
Apple Developer Doco Archive Launchd
Apple. (2016, September 13). Daemons and Services Programming Guide - Creating Launch Daemons and Agents. Retrieved February 24, 2021.
Internal MISP references
UUID 41311827-3d81-422a-9b07-ee8ddc2fc7f1 which can be used as unique global reference for Apple Developer Doco Archive Launchd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-24T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | Daemons and Services Programming Guide - Creating Launch Daemons and Agents |
Kubernetes DaemonSet
Kubernetes. (n.d.). DaemonSet. Retrieved February 15, 2024.
Internal MISP references
UUID 4e4668bd-9bef-597e-ad41-8afe1974b7f6 which can be used as unique global reference for Kubernetes DaemonSet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-15T00:00:00Z |
| source | MITRE |
| title | DaemonSet |
Symantec Daggerfly 2023
Threat Hunter Team. (2023, April 20). Daggerfly: APT Actor Targets Telecoms Company in Africa. Retrieved July 25, 2024.
Internal MISP references
UUID cb0a51f5-fe5b-5dd0-8f55-4e7536cb61a4 which can be used as unique global reference for Symantec Daggerfly 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-25T00:00:00Z |
| date_published | 2023-04-20T00:00:00Z |
| source | MITRE |
| title | Daggerfly: APT Actor Targets Telecoms Company in Africa |
Symantec Daggerfly 2024
Threat Hunter Team. (2024, July 23). Daggerfly: Espionage Group Makes Major Update to Toolset. Retrieved July 25, 2024.
Internal MISP references
UUID 1dadd09e-e7b0-50a1-ba3d-413780dbeb80 which can be used as unique global reference for Symantec Daggerfly 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-25T00:00:00Z |
| date_published | 2024-07-23T00:00:00Z |
| source | MITRE |
| title | Daggerfly: Espionage Group Makes Major Update to Toolset |
Picus Daixin Team October 24 2022
Huseyin Can Yuceel. (2022, October 24). Daixin Team Targets Healthcare Organizations with Ransomware Attacks. Retrieved December 1, 2023.
Internal MISP references
UUID eba3b1b9-d0a0-4c03-8c14-21f7bbcc8a02 which can be used as unique global reference for Picus Daixin Team October 24 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-01T00:00:00Z |
| date_published | 2022-10-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Daixin Team Targets Healthcare Organizations with Ransomware Attacks |
Proofpoint January 26 2021
Dennis Schwarz; Axel F; Brandon Murphy. (2021, January 26). DanaBot Malware New Year, New Version . Retrieved February 7, 2025.
Internal MISP references
UUID f1ff9d11-d59c-423b-aff0-5eb8e3545ffc which can be used as unique global reference for Proofpoint January 26 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-07T00:00:00Z |
| date_published | 2021-01-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DanaBot Malware New Year, New Version |
Medium Eli Salem GuLoader April 2021
Salem, E. (2021, April 19). Dancing With Shellcodes: Cracking the latest version of Guloader. Retrieved July 7, 2021.
Internal MISP references
UUID 87c5e84a-b96d-489d-aa10-db95b78c5a93 which can be used as unique global reference for Medium Eli Salem GuLoader April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-07T00:00:00Z |
| date_published | 2021-04-19T00:00:00Z |
| source | MITRE |
| title | Dancing With Shellcodes: Cracking the latest version of Guloader |
Lookout Dark Caracal Jan 2018
Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.
Internal MISP references
UUID c558f5db-a426-4041-b883-995ec56e7155 which can be used as unique global reference for Lookout Dark Caracal Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-01-18T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Dark Caracal: Cyber-espionage at a Global Scale |
Dark Clouds_Usenix_Mulazzani_08_2011
Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar Weippl. (2011, August). Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space. Retrieved July 14, 2022.
Internal MISP references
UUID ee5d2c9c-c704-4f35-baeb-055a35dd04b5 which can be used as unique global reference for Dark Clouds_Usenix_Mulazzani_08_2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| date_published | 2011-08-01T00:00:00Z |
| source | MITRE |
| title | Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space |
TrendMicro DarkComet Sept 2014
TrendMicro. (2014, September 03). DARKCOMET. Retrieved November 6, 2018.
Internal MISP references
UUID fb365600-4961-43ed-8292-1c07cbc530ef which can be used as unique global reference for TrendMicro DarkComet Sept 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-06T00:00:00Z |
| date_published | 2014-09-03T00:00:00Z |
| source | MITRE |
| title | DARKCOMET |
Splunk October 18 2022
Splunk Threat Research Team. (2022, October 18). Dark Crystal RAT Agent Deep Dive . Retrieved February 12, 2025.
Internal MISP references
UUID 78bccfce-ac5c-4413-9f6b-3be2762d7882 which can be used as unique global reference for Splunk October 18 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-12T00:00:00Z |
| date_published | 2022-10-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dark Crystal RAT Agent Deep Dive |
DarkGate Loader delivered via Teams - Truesec
Jakob Nordenlund. (2023, September 6). DarkGate Loader delivered via Teams - Truesec. Retrieved October 20, 2023.
Internal MISP references
UUID 4222a06f-9528-4076-8037-a27012c2930c which can be used as unique global reference for DarkGate Loader delivered via Teams - Truesec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2023-09-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DarkGate Loader delivered via Teams - Truesec |
gbhackers Darkgate Malware 2024
Divya. (2024, April 30). Darkgate Malware Leveraging Autohotkey Following Teams. Retrieved November 22, 2024.
Internal MISP references
UUID 7c219b64-25e6-5f4e-b637-7eedaa6ccfe9 which can be used as unique global reference for gbhackers Darkgate Malware 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-22T00:00:00Z |
| date_published | 2024-04-30T00:00:00Z |
| source | MITRE |
| title | Darkgate Malware Leveraging Autohotkey Following Teams |
Bleeping Computer DarkGate October 14 2023
Sergiu Gatlan. (2023, October 14). DarkGate malware spreads through compromised Skype accounts. Retrieved October 20, 2023.
Internal MISP references
UUID 313e5558-d8f9-4457-9004-810d9fa5340c which can be used as unique global reference for Bleeping Computer DarkGate October 14 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2023-10-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DarkGate malware spreads through compromised Skype accounts |
Trend Micro DarkGate October 12 2023
Trent Bessell, Ryan Maglaque, Aira Marcelo, Jack Walsh, David Walsh. (2023, October 12). DarkGate Opens Organizations for Attack via Skype, Teams. Retrieved October 20, 2023.
Internal MISP references
UUID 81650f5b-628b-4e76-80d6-2c15cf70d37a which can be used as unique global reference for Trend Micro DarkGate October 12 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2023-10-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DarkGate Opens Organizations for Attack via Skype, Teams |
DarkGate - Threat Breakdown Journey
0xToxin. (n.d.). DarkGate - Threat Breakdown Journey. Retrieved October 20, 2023.
Internal MISP references
UUID 8a1ac4b8-05f6-4be9-a866-e3026bc92c7f which can be used as unique global reference for DarkGate - Threat Breakdown Journey in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DarkGate - Threat Breakdown Journey |
Kaspersky Tomiris Sep 2021
Kwiatkoswki, I. and Delcher, P. (2021, September 29). DarkHalo After SolarWinds: the Tomiris connection. Retrieved December 27, 2021.
Internal MISP references
UUID a881a7e4-a1df-4ad2-b67f-ef03caddb721 which can be used as unique global reference for Kaspersky Tomiris Sep 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-27T00:00:00Z |
| date_published | 2021-09-29T00:00:00Z |
| source | MITRE |
| title | DarkHalo After SolarWinds: the Tomiris connection |
Volexity SolarWinds
Cash, D. et al. (2020, December 14). Dark Halo Leverages SolarWinds Compromise to Breach Organizations. Retrieved December 29, 2020.
Internal MISP references
UUID 355cecf8-ef3e-4a6e-a652-3bf26fe46d88 which can be used as unique global reference for Volexity SolarWinds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-29T00:00:00Z |
| date_published | 2020-12-14T00:00:00Z |
| source | MITRE |
| title | Dark Halo Leverages SolarWinds Compromise to Breach Organizations |
Securelist Darkhotel Aug 2015
Kaspersky Lab's Global Research & Analysis Team. (2015, August 10). Darkhotel's attacks in 2015. Retrieved November 2, 2018.
Internal MISP references
UUID 5a45be49-f5f1-4d5b-b7da-0a2f38194ec1 which can be used as unique global reference for Securelist Darkhotel Aug 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-02T00:00:00Z |
| date_published | 2015-08-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Darkhotel's attacks in 2015 |
Unit42 DarkHydrus Jan 2019
Lee, B., Falcone, R. (2019, January 18). DarkHydrus delivers new Trojan that can use Google Drive for C2 communications. Retrieved April 17, 2019.
Internal MISP references
UUID eb235504-d142-4c6d-9ffd-3c0b0dd23e80 which can be used as unique global reference for Unit42 DarkHydrus Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2019-01-18T00:00:00Z |
| source | MITRE |
| title | DarkHydrus delivers new Trojan that can use Google Drive for C2 communications |
Unit 42 Phishery Aug 2018
Falcone, R. (2018, August 07). DarkHydrus Uses Phishery to Harvest Credentials in the Middle East. Retrieved August 10, 2018.
Internal MISP references
UUID ab9d59c1-8ea5-4f9c-b733-b16223ffe84a which can be used as unique global reference for Unit 42 Phishery Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-10T00:00:00Z |
| date_published | 2018-08-07T00:00:00Z |
| source | MITRE |
| title | DarkHydrus Uses Phishery to Harvest Credentials in the Middle East |
Darkside Ransomware Cybereason
Cybereason Nocturnus. (2021, April 1). Cybereason vs. Darkside Ransomware. Retrieved August 18, 2021.
Internal MISP references
UUID eded380e-33e9-4fdc-8e1f-b51d650b9731 which can be used as unique global reference for Darkside Ransomware Cybereason in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-18T00:00:00Z |
| source | MITRE |
| title | Darkside Ransomware |
DarkSide Ransomware Gang
Ramarcus Baylor. (2021, May 12). DarkSide Ransomware Gang: An Overview. Retrieved August 30, 2022.
Internal MISP references
UUID 5f8d49e8-22da-425f-b63b-a799b97ec2b5 which can be used as unique global reference for DarkSide Ransomware Gang in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-30T00:00:00Z |
| date_published | 2021-05-12T00:00:00Z |
| source | MITRE |
| title | DarkSide Ransomware Gang: An Overview |
Secureworks DarkTortilla Aug 2022
Secureworks Counter Threat Unit Research Team. (2022, August 17). DarkTortilla Malware Analysis. Retrieved November 3, 2022.
Internal MISP references
UUID 4b48cc22-55ac-5b61-b183-9008f7db37fd which can be used as unique global reference for Secureworks DarkTortilla Aug 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-11-03T00:00:00Z |
| date_published | 2022-08-17T00:00:00Z |
| source | MITRE |
| title | DarkTortilla Malware Analysis |
Securelist DarkVishnya Dec 2018
Golovanov, S. (2018, December 6). DarkVishnya: Banks attacked through direct connection to local network. Retrieved May 15, 2020.
Internal MISP references
UUID da9ac5a7-c644-45fa-ab96-30ac6bfc9f81 which can be used as unique global reference for Securelist DarkVishnya Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-15T00:00:00Z |
| date_published | 2018-12-06T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | DarkVishnya: Banks attacked through direct connection to local network |
Prevailion DarkWatchman 2021
Smith, S., Stafford, M. (2021, December 14). DarkWatchman: A new evolution in fileless techniques. Retrieved January 10, 2022.
Internal MISP references
UUID 449e7b5c-7c62-4a63-a676-80026a597fc9 which can be used as unique global reference for Prevailion DarkWatchman 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-10T00:00:00Z |
| date_published | 2021-12-14T00:00:00Z |
| source | MITRE |
| title | DarkWatchman: A new evolution in fileless techniques |
Dark Web Informer LinkedIn Cat Scientist January 2025
Dark Web Informer. (2025, January 9). Dark Web Informer LinkedIn Cat Scientist. Retrieved April 9, 2025.
Internal MISP references
UUID 4678131f-7079-4a5f-ac47-06faa3052d8f which can be used as unique global reference for Dark Web Informer LinkedIn Cat Scientist January 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-09T00:00:00Z |
| date_published | 2025-01-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dark Web Informer LinkedIn Cat Scientist |
SOCRadar APT42 December 12 2022
SOCRadar Research. (2022, December 12). Dark Web Profile: APT42 – Iranian Cyber Espionage Group. Retrieved August 30, 2024.
Internal MISP references
UUID 6077faed-b162-4850-969a-2abedc842198 which can be used as unique global reference for SOCRadar APT42 December 12 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-30T00:00:00Z |
| date_published | 2022-12-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dark Web Profile: APT42 – Iranian Cyber Espionage Group |
SOCRadar Cyber Toufan Profile
SOCRadar. (2023, December 20). Dark Web Profile: Cyber Toufan Al-aqsa. Retrieved August 8, 2024.
Internal MISP references
UUID a9aa6361-8c4d-4456-bb3f-c64ca5260695 which can be used as unique global reference for SOCRadar Cyber Toufan Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-08T00:00:00Z |
| date_published | 2023-12-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dark Web Profile: Cyber Toufan Al-aqsa |
SocRadar Hunt3r Kill3rs May 24 2024
SocRadar. (2024, May 24). Dark Web Profile: Hunt3r Kill3rs. Retrieved January 17, 2025.
Internal MISP references
UUID d7337128-e4e1-43b0-a787-4d166b7cd8ab which can be used as unique global reference for SocRadar Hunt3r Kill3rs May 24 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-17T00:00:00Z |
| date_published | 2024-05-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dark Web Profile: Hunt3r Kill3rs |
SOCRadar INC Ransom January 2024
SOCRadar. (2024, January 24). Dark Web Profile: INC Ransom. Retrieved June 5, 2024.
Internal MISP references
UUID 6c78b422-7d46-58a4-a403-421db0531147 which can be used as unique global reference for SOCRadar INC Ransom January 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-05T00:00:00Z |
| date_published | 2024-01-24T00:00:00Z |
| source | MITRE |
| title | Dark Web Profile: INC Ransom |
SocRadar KillSec November 7 2024
SocRadar. (2024, November 7). Dark Web Profile: KillSec. Retrieved November 24, 2024.
Internal MISP references
UUID 9ca8207e-e543-4b67-8123-c1f8b2d78502 which can be used as unique global reference for SocRadar KillSec November 7 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-24T00:00:00Z |
| date_published | 2024-11-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dark Web Profile: KillSec |
Moran 2014
Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwin’s Favorite APT Group [Blog]. Retrieved November 12, 2014.
Internal MISP references
UUID 15ef155b-7628-4b18-bc53-1d30be4eac5d which can be used as unique global reference for Moran 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-09-03T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Darwin’s Favorite APT Group [Blog] |
AWS Data Perimeters
AWS. (n.d.). Data perimeters on AWS. Retrieved October 16, 2024.
Internal MISP references
UUID de628ad0-9608-5af0-8c93-21a1d5cd4998 which can be used as unique global reference for AWS Data Perimeters in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-16T00:00:00Z |
| source | MITRE |
| title | Data perimeters on AWS |
DataSvcUtil.exe - LOLBAS Project
LOLBAS. (2020, December 1). DataSvcUtil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 0c373780-3202-4036-8c83-f3d468155b35 which can be used as unique global reference for DataSvcUtil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DataSvcUtil.exe |
Operation Emmental
botconf eu. (2014, December 31). David Sancho - Finding Holes in Banking 2FA: Operation Emmental. Retrieved January 4, 2024.
Internal MISP references
UUID 36443369-4fa9-4802-8b21-68cc382b949f which can be used as unique global reference for Operation Emmental in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-04T00:00:00Z |
| date_published | 2014-12-31T00:00:00Z |
| source | MITRE |
| title | David Sancho - Finding Holes in Banking 2FA: Operation Emmental |
Hijacking VNC
Z3RO. (2019, March 10). Day 70: Hijacking VNC (Enum, Brute, Access and Crack). Retrieved September 20, 2021.
Internal MISP references
UUID 7a58938f-058b-4c84-aa95-9c37dcdda1fb which can be used as unique global reference for Hijacking VNC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2019-03-10T00:00:00Z |
| source | MITRE |
| title | Day 70: Hijacking VNC (Enum, Brute, Access and Crack) |
DBatLoader Actively Distributing Malwares Targeting European Businesses
Zscaler. (2023, March 27). DBatLoader Actively Distributing Malwares Targeting European Businesses. Retrieved May 7, 2023.
Internal MISP references
UUID 42ee2e91-4dac-41ce-b2ec-fde21c258a28 which can be used as unique global reference for DBatLoader Actively Distributing Malwares Targeting European Businesses in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2023-03-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DBatLoader Actively Distributing Malwares Targeting European Businesses |
Microsoft COM ACL
Microsoft. (n.d.). DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1. Retrieved November 22, 2017.
Internal MISP references
UUID 88769217-57f1-46d4-977c-2cb2969db437 which can be used as unique global reference for Microsoft COM ACL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 |
DCShadow Blog
Delpy, B. & LE TOUX, V. (n.d.). DCShadow. Retrieved March 20, 2018.
Internal MISP references
UUID 37514816-b8b3-499f-842b-2d8cce9e140b which can be used as unique global reference for DCShadow Blog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-20T00:00:00Z |
| source | MITRE |
| title | DCShadow |
GitHub DCSYNCMonitor
Spencer S. (2018, February 22). DCSYNCMonitor. Retrieved March 30, 2018.
Internal MISP references
UUID be03c794-d9f3-4678-8198-257abf6dcdbd which can be used as unique global reference for GitHub DCSYNCMonitor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| date_published | 2018-02-22T00:00:00Z |
| source | MITRE |
| title | DCSYNCMonitor |
DD Man
Kerrisk, M. (2020, February 2). DD(1) User Commands. Retrieved February 21, 2020.
Internal MISP references
UUID f64bee0d-e37d-45d5-9968-58e622e89bfe which can be used as unique global reference for DD Man in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2020-02-02T00:00:00Z |
| source | MITRE |
| title | DD(1) User Commands |
NETSCOUT October 17 2024
Richard Hummel. (2024, October 17). DDoS Attacks Against Japan . Retrieved December 12, 2024.
Internal MISP references
UUID ec2e5084-5e96-4fc9-936c-1595c0dfd5f6 which can be used as unique global reference for NETSCOUT October 17 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-12T00:00:00Z |
| date_published | 2024-10-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DDoS Attacks Against Japan |
Arbor SSLDoS April 2012
ASERT Team, Netscout Arbor. (2012, April 24). DDoS Attacks on SSL: Something Old, Something New. Retrieved April 22, 2019.
Internal MISP references
UUID b5de4376-0deb-45de-83a0-09df98480464 which can be used as unique global reference for Arbor SSLDoS April 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2012-04-24T00:00:00Z |
| source | MITRE |
| title | DDoS Attacks on SSL: Something Old, Something New |
Avast Threat Labs January 11 2023
Martin Chlumecký. (2023, January 11). DDosia Project Volunteers Carrying out NoName(057)16’s Dirty Work - Avast Threat Labs. Retrieved December 12, 2024.
Internal MISP references
UUID bf09f587-2c3f-4030-83fe-3cb6cc413c95 which can be used as unique global reference for Avast Threat Labs January 11 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-12T00:00:00Z |
| date_published | 2023-01-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DDosia Project Volunteers Carrying out NoName(057)16’s Dirty Work - Avast Threat Labs |
CERT-EU DDoS March 2017
Meintanis, S., Revuelto, V., Socha, K.. (2017, March 10). DDoS Overview and Response Guide. Retrieved April 24, 2019.
Internal MISP references
UUID 64341348-f448-4e56-bf78-442b92e6d435 which can be used as unique global reference for CERT-EU DDoS March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-24T00:00:00Z |
| date_published | 2017-03-10T00:00:00Z |
| source | MITRE |
| title | DDoS Overview and Response Guide |
Unit42 Sofacy Dec 2018
Lee, B., Falcone, R. (2018, December 12). Dear Joohn: The Sofacy Group’s Global Campaign. Retrieved April 19, 2019.
Internal MISP references
UUID 540c4c33-d4c2-4324-94cd-f57646666e32 which can be used as unique global reference for Unit42 Sofacy Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| date_published | 2018-12-12T00:00:00Z |
| source | MITRE |
| title | Dear Joohn: The Sofacy Group’s Global Campaign |
Death by 1000 installers; it's all broken!
Patrick Wardle. (2017). Death by 1000 installers; it's all broken!. Retrieved August 8, 2019.
Internal MISP references
UUID 2ae99e9b-cd00-4e60-ba9e-bcc50e709e88 which can be used as unique global reference for Death by 1000 installers; it's all broken! in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-08T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | Death by 1000 installers; it's all broken! |
SpecterOps Lateral Movement from Azure to On-Prem AD 2020
Andy Robbins. (2020, August 17). Death from Above: Lateral Movement from Azure to On-Prem AD. Retrieved March 13, 2023.
Internal MISP references
UUID eb97d3d6-21cb-5f27-9a78-1e8576acecdc which can be used as unique global reference for SpecterOps Lateral Movement from Azure to On-Prem AD 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2020-08-17T00:00:00Z |
| source | MITRE |
| title | Death from Above: Lateral Movement from Azure to On-Prem AD |
Microsoft PowerShell SilentlyContinue
Microsoft. (2023, March 2). $DebugPreference. Retrieved August 30, 2023.
Internal MISP references
UUID ece52a64-1c8d-547d-aedc-ff43d7418cd2 which can be used as unique global reference for Microsoft PowerShell SilentlyContinue in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-30T00:00:00Z |
| date_published | 2023-03-02T00:00:00Z |
| source | MITRE |
| title | $DebugPreference |
virtualization.info 2006
virtualization.info. (Interviewer) & Liguori, A. (Interviewee). (2006, August 11). Debunking Blue Pill myth [Interview transcript]. Retrieved November 13, 2014.
Internal MISP references
UUID 8ff8fb53-e468-4df7-b7e3-b344be1507ae which can be used as unique global reference for virtualization.info 2006 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-13T00:00:00Z |
| date_published | 2006-08-11T00:00:00Z |
| source | MITRE |
| title | Debunking Blue Pill myth [Interview transcript] |
Fortinet LummaStealer 2024
Cara Lin, Fortinet. (2024, January 8). Deceptive Cracked Software Spreads Lumma Variant on YouTube. Retrieved March 22, 2025.
Internal MISP references
UUID 3a2ead89-2e03-5c4f-b59a-c75aec54da22 which can be used as unique global reference for Fortinet LummaStealer 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-22T00:00:00Z |
| date_published | 2024-01-08T00:00:00Z |
| source | MITRE |
| title | Deceptive Cracked Software Spreads Lumma Variant on YouTube |
ESET DeceptiveDevelopment February 20 2025
Matěj Havránek. (2025, February 20). DeceptiveDevelopment targets freelance developers. Retrieved May 30, 2025.
Internal MISP references
UUID 60710414-29ea-4778-b9b2-95eed436ede2 which can be used as unique global reference for ESET DeceptiveDevelopment February 20 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-30T00:00:00Z |
| date_published | 2025-02-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DeceptiveDevelopment targets freelance developers |
TrendMicro Confucius APT Feb 2018
Lunghi, D and Horejsi, J. (2018, February 13). Deciphering Confucius: A Look at the Group's Cyberespionage Operations. Retrieved December 26, 2021.
Internal MISP references
UUID d1d5a708-75cb-4d41-b2a3-d035a14ac956 which can be used as unique global reference for TrendMicro Confucius APT Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-26T00:00:00Z |
| date_published | 2018-02-13T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Deciphering Confucius: A Look at the Group's Cyberespionage Operations |
Elastic Security Labs Pumakit 2024
Remco Sprooten and Ruben Groenewoud. (2024, December 11). Declawing PUMAKIT. Retrieved March 24, 2025.
Internal MISP references
UUID f0158df3-24df-52e6-8957-066a89f2c3e3 which can be used as unique global reference for Elastic Security Labs Pumakit 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-24T00:00:00Z |
| date_published | 2024-12-11T00:00:00Z |
| source | MITRE |
| title | Declawing PUMAKIT |
Ciberseguridad Decoding malicious RTF files
Pedrero, R.. (2021, July). Decoding malicious RTF files. Retrieved November 16, 2021.
Internal MISP references
UUID 82d2451b-300f-4891-b1e7-ade53dff1126 which can be used as unique global reference for Ciberseguridad Decoding malicious RTF files in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-16T00:00:00Z |
| date_published | 2021-07-01T00:00:00Z |
| source | MITRE |
| title | Decoding malicious RTF files |
Nccgroup Gh0st April 2018
Pantazopoulos, N. (2018, April 17). Decoding network data from a Gh0st RAT variant. Retrieved November 2, 2018.
Internal MISP references
UUID 4476aa0a-b1ef-4ac6-9e44-5721a0b3e92b which can be used as unique global reference for Nccgroup Gh0st April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-02T00:00:00Z |
| date_published | 2018-04-17T00:00:00Z |
| source | MITRE |
| title | Decoding network data from a Gh0st RAT variant |
Morphisec September 3 2024
Michael Gorelik. (2024, September 3). Decoding the Puzzle Cicada3301 Ransomware Threat Analysis. Retrieved September 5, 2024.
Internal MISP references
UUID 90549699-8815-45e8-820c-4f5a7fc584b8 which can be used as unique global reference for Morphisec September 3 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-05T00:00:00Z |
| date_published | 2024-09-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Decoding the Puzzle Cicada3301 Ransomware Threat Analysis |
MalwareBytes Template Injection OCT 2017
Segura, J. (2017, October 13). Decoy Microsoft Word document delivers malware through a RAT. Retrieved July 21, 2018.
Internal MISP references
UUID 7ef0ab1f-c7d6-46fe-b489-fab4db623e0a which can be used as unique global reference for MalwareBytes Template Injection OCT 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-21T00:00:00Z |
| date_published | 2017-10-13T00:00:00Z |
| source | MITRE |
| title | Decoy Microsoft Word document delivers malware through a RAT |
Crowdstrike PartyTicket March 2022
Crowdstrike. (2022, March 1). Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities. Retrieved March 1, 2022.
Internal MISP references
UUID 8659fea7-7d65-4ee9-8ceb-cf41204b57e0 which can be used as unique global reference for Crowdstrike PartyTicket March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-01T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities |
Fortinet Emotet May 2017
Xiaopeng Zhang. (2017, May 3). Deep Analysis of New Emotet Variant – Part 1. Retrieved April 1, 2019.
Internal MISP references
UUID 2b8b6ab4-906f-4732-94f8-eaac5ec0151d which can be used as unique global reference for Fortinet Emotet May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-01T00:00:00Z |
| date_published | 2017-05-03T00:00:00Z |
| source | MITRE |
| title | Deep Analysis of New Emotet Variant – Part 1 |
Aqua TeamTNT August 2020
Kol, Roi. Morag, A. (2020, August 25). Deep Analysis of TeamTNT Techniques Using Container Images to Attack. Retrieved September 22, 2021.
Internal MISP references
UUID ca10ad0d-1a47-4006-8f76-c2246aee7752 which can be used as unique global reference for Aqua TeamTNT August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2020-08-25T00:00:00Z |
| source | MITRE |
| title | Deep Analysis of TeamTNT Techniques Using Container Images to Attack |
Bitdefender FIN8 July 2021
Martin Zugec. (2021, July 27). Deep Dive Into a FIN8 Attack - A Forensic Investigation. Retrieved September 1, 2021.
Internal MISP references
UUID aee3179e-1536-40ab-9965-1c10bdaa6dff which can be used as unique global reference for Bitdefender FIN8 July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-01T00:00:00Z |
| date_published | 2021-07-27T00:00:00Z |
| source | MITRE |
| title | Deep Dive Into a FIN8 Attack - A Forensic Investigation |
Cyble Ragnar Locker January 20 2022
Cybleinc. (2022, January 20). Deep dive into Ragnar_locker Ransomware Gang. Retrieved September 29, 2023.
Internal MISP references
UUID 390b3063-8d7b-4dee-b5f7-bfd0804f2e30 which can be used as unique global reference for Cyble Ragnar Locker January 20 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-29T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Deep dive into Ragnar_locker Ransomware Gang |
Sophos Pikabot June 12 2023
Karl Ackerman. (2023, June 12). Deep dive into the Pikabot cyber threat. Retrieved January 11, 2024.
Internal MISP references
UUID f10c37d8-2efe-4d9e-8987-8978beef7e9d which can be used as unique global reference for Sophos Pikabot June 12 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-11T00:00:00Z |
| date_published | 2023-06-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Deep dive into the Pikabot cyber threat |
Microsoft Deep Dive Solorigate January 2021
MSTIC, CDOC, 365 Defender Research Team. (2021, January 20). Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop . Retrieved January 22, 2021.
Internal MISP references
UUID ddd70eef-ab94-45a9-af43-c396c9e3fbc6 which can be used as unique global reference for Microsoft Deep Dive Solorigate January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-22T00:00:00Z |
| date_published | 2021-01-20T00:00:00Z |
| source | MITRE |
| title | Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop |
AADInternals - Device Registration
Dr. Nestori Syynimaa. (2021, March 3). Deep-dive to Azure AD device join. Retrieved March 9, 2022.
Internal MISP references
UUID 978b408d-f9e9-422c-b2d7-741f6cc298d4 which can be used as unique global reference for AADInternals - Device Registration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-09T00:00:00Z |
| date_published | 2021-03-03T00:00:00Z |
| source | MITRE |
| title | Deep-dive to Azure AD device join |
Alperovitch 2014
Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.
Internal MISP references
UUID 72e19be9-35dd-4199-bc07-bd9d0c664df6 which can be used as unique global reference for Alperovitch 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-07-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Deep in Thought: Chinese Targeting of National Security Think Tanks |
DefaultPack.EXE - LOLBAS Project
LOLBAS. (2020, October 1). DefaultPack.EXE. Retrieved December 4, 2023.
Internal MISP references
UUID 106efc3e-5816-44ae-a384-5e026e68ab89 which can be used as unique global reference for DefaultPack.EXE - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DefaultPack.EXE |
Lastline DarkHotel Just In Time Decryption Nov 2015
Arunpreet Singh, Clemens Kolbitsch. (2015, November 5). Defeating Darkhotel Just-In-Time Decryption. Retrieved April 15, 2021.
Internal MISP references
UUID e43341ae-178f-43ba-9d66-f4d0380d2c59 which can be used as unique global reference for Lastline DarkHotel Just In Time Decryption Nov 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-15T00:00:00Z |
| date_published | 2015-11-05T00:00:00Z |
| source | MITRE |
| title | Defeating Darkhotel Just-In-Time Decryption |
piazza launch agent mitigation
Antonio Piazza (4n7m4n). (2021, November 23). Defeating Malicious Launch Persistence. Retrieved April 19, 2022.
Internal MISP references
UUID 8a3591f2-34b0-4914-bb42-d4621966faed which can be used as unique global reference for piazza launch agent mitigation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-19T00:00:00Z |
| date_published | 2021-11-23T00:00:00Z |
| source | MITRE |
| title | Defeating Malicious Launch Persistence |
Inversecos Timestomping 2022
Lina Lau. (2022, April 28). Defence Evasion Technique: Timestomping Detection – NTFS Forensics. Retrieved September 30, 2024.
Internal MISP references
UUID 48bc7943-0384-5b6e-a0c5-854b6a08203f which can be used as unique global reference for Inversecos Timestomping 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-30T00:00:00Z |
| date_published | 2022-04-28T00:00:00Z |
| source | MITRE |
| title | Defence Evasion Technique: Timestomping Detection – NTFS Forensics |
VectorSec ForFiles Aug 2017
vector_sec. (2017, August 11). Defenders watching launches of cmd? What about forfiles?. Retrieved September 12, 2024.
Internal MISP references
UUID 8088d15d-9512-4d12-a99a-c76ad9dc3390 which can be used as unique global reference for VectorSec ForFiles Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2017-08-11T00:00:00Z |
| source | MITRE |
| title | Defenders watching launches of cmd? What about forfiles? |
Black Hat 2015 App Shim
Pierce, Sean. (2015, November). Defending Against Malicious Application Compatibility Shims. Retrieved June 22, 2017.
Internal MISP references
UUID 19e3cddb-b077-40cf-92e0-131b12efa4f7 which can be used as unique global reference for Black Hat 2015 App Shim in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-22T00:00:00Z |
| date_published | 2015-11-01T00:00:00Z |
| source | MITRE |
| title | Defending Against Malicious Application Compatibility Shims |
TechNet O365 Outlook Rules
Koeller, B.. (2018, February 21). Defending Against Rules and Forms Injection. Retrieved November 5, 2019.
Internal MISP references
UUID c7f9bd2f-254a-4254-8a92-a3ab02455fcb which can be used as unique global reference for TechNet O365 Outlook Rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-05T00:00:00Z |
| date_published | 2018-02-21T00:00:00Z |
| source | MITRE |
| title | Defending Against Rules and Forms Injection |
Defending Against Scheduled Task Attacks in Windows Environments
Harshal Tupsamudre. (2022, June 20). Defending Against Scheduled Tasks. Retrieved July 5, 2022.
Internal MISP references
UUID 111d21df-5531-4927-a173-fac9cd7672b3 which can be used as unique global reference for Defending Against Scheduled Task Attacks in Windows Environments in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-05T00:00:00Z |
| date_published | 2022-06-20T00:00:00Z |
| source | MITRE |
| title | Defending Against Scheduled Tasks |
Rapid7 HAFNIUM Mar 2021
Eoin Miller. (2021, March 23). Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange. Retrieved October 27, 2022.
Internal MISP references
UUID cf05d229-c2ba-54f2-a79d-4b7c9185c663 which can be used as unique global reference for Rapid7 HAFNIUM Mar 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-27T00:00:00Z |
| date_published | 2021-03-23T00:00:00Z |
| source | MITRE |
| title | Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange |
Microsoft SQL Server
Microsoft Threat Intelligence. (2023, October 3). Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement. Retrieved October 3, 2023.
Internal MISP references
UUID a904fde8-b8f9-5411-ab46-0dacf39cc81f which can be used as unique global reference for Microsoft SQL Server in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-03T00:00:00Z |
| date_published | 2023-10-03T00:00:00Z |
| source | MITRE |
| title | Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement |
hhs-email-bombing
U.S. Department of Health and Human Services. (2024, March 12). Defense and Mitigations from E-mail Bombing. Retrieved January 31, 2025.
Internal MISP references
UUID 30f58736-50eb-5a94-ae8b-0cc9f39db31b which can be used as unique global reference for hhs-email-bombing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-31T00:00:00Z |
| date_published | 2024-03-12T00:00:00Z |
| source | MITRE |
| title | Defense and Mitigations from E-mail Bombing |
rundll32.exe defense evasion
Ariel silver. (2022, February 1). Defense Evasion Techniques. Retrieved April 8, 2022.
Internal MISP references
UUID 0f31f0ff-9ddb-4ea9-88d0-7b3b688764af which can be used as unique global reference for rundll32.exe defense evasion in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-08T00:00:00Z |
| date_published | 2022-02-01T00:00:00Z |
| source | MITRE |
| title | Defense Evasion Techniques |
def_ev_win_event_logging
Chandel, R. (2021, April 22). Defense Evasion: Windows Event Logging (T1562.002). Retrieved September 14, 2021.
Internal MISP references
UUID 166e3a8a-047a-4798-b6cb-5aa36903a764 which can be used as unique global reference for def_ev_win_event_logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2021-04-22T00:00:00Z |
| source | MITRE |
| title | Defense Evasion: Windows Event Logging (T1562.002) |
Kaspersky DeftTorero October 3 2022
Global Research & Analysis Team. (2022, October 3). DeftTorero: tactics, techniques and procedures of intrusions revealed. Retrieved October 25, 2023.
Internal MISP references
UUID f6b43988-4d8b-455f-865e-3150e43d4f11 which can be used as unique global reference for Kaspersky DeftTorero October 3 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| date_published | 2022-10-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DeftTorero: tactics, techniques and procedures of intrusions revealed |
TechNet Del
Microsoft. (n.d.). Del. Retrieved April 22, 2016.
Internal MISP references
UUID 01fc44b9-0eb3-4fd2-b755-d611825374ae which can be used as unique global reference for TechNet Del in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-22T00:00:00Z |
| source | MITRE |
| title | Del |
Hunters Domain Wide Delegation Google Workspace 2023
Yonatan Khanashvilli. (2023, November 28). DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover. Retrieved January 16, 2024.
Internal MISP references
UUID 290cebe1-a2fd-5ccd-8ef6-afa9d4c3c9df which can be used as unique global reference for Hunters Domain Wide Delegation Google Workspace 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-16T00:00:00Z |
| date_published | 2023-11-28T00:00:00Z |
| source | MITRE |
| title | DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover |
Azure Shared Access Signature
Delegate access with a shared access signature. (2019, December 18). Delegate access with a shared access signature. Retrieved March 2, 2022.
Internal MISP references
UUID f6ffe1ef-13f3-4225-b714-cfb89aaaf3fa which can be used as unique global reference for Azure Shared Access Signature in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-02T00:00:00Z |
| date_published | 2019-12-18T00:00:00Z |
| source | MITRE |
| title | Delegate access with a shared access signature |
Register Deloitte
Thomson, I. (2017, September 26). Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'. Retrieved October 19, 2020.
Internal MISP references
UUID e6b10687-8666-4c9c-ac77-1988378e096d which can be used as unique global reference for Register Deloitte in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2017-09-26T00:00:00Z |
| source | MITRE |
| title | Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' |
Talos Micropsia June 2017
Rascagneres, P., Mercer, W. (2017, June 19). Delphi Used To Score Against Palestine. Retrieved November 13, 2018.
Internal MISP references
UUID c727152c-079a-4ff9-a0e5-face919cf59b which can be used as unique global reference for Talos Micropsia June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2017-06-19T00:00:00Z |
| source | MITRE |
| title | Delphi Used To Score Against Palestine |
TrendMicro EarthLusca 2022
Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.
Internal MISP references
UUID f6e1bffd-e35b-4eae-b9bf-c16a82bf7004 which can be used as unique global reference for TrendMicro EarthLusca 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-01T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | Delving Deep: An Analysis of Earth Lusca’s Operations |
Demiguise Guardrail Router Logo
Warren, R. (2017, August 2). Demiguise: virginkey.js. Retrieved January 17, 2019.
Internal MISP references
UUID 2e55d33a-fe75-4397-b6f0-a28d397b4c24 which can be used as unique global reference for Demiguise Guardrail Router Logo in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-17T00:00:00Z |
| date_published | 2017-08-02T00:00:00Z |
| source | MITRE |
| title | Demiguise: virginkey.js |
FireEye Hacking Team
FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016.
Internal MISP references
UUID c1e798b8-6771-4ba7-af25-69c640321e40 which can be used as unique global reference for FireEye Hacking Team in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-25T00:00:00Z |
| date_published | 2015-07-13T00:00:00Z |
| source | MITRE |
| title | Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak |
Demystifying Azure AD Service Principals
Bellavance, Ned. (2019, July 16). Demystifying Azure AD Service Principals. Retrieved January 19, 2020.
Internal MISP references
UUID 3e285884-2191-4773-9243-74100ce177c8 which can be used as unique global reference for Demystifying Azure AD Service Principals in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-19T00:00:00Z |
| date_published | 2019-07-16T00:00:00Z |
| source | MITRE |
| title | Demystifying Azure AD Service Principals |
demystifying_ryuk
Tran, T. (2020, November 24). Demystifying Ransomware Attacks Against Microsoft Defender Solution. Retrieved January 26, 2022.
Internal MISP references
UUID 3dc684c7-14de-4dc0-9f11-79160c4f5038 which can be used as unique global reference for demystifying_ryuk in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-26T00:00:00Z |
| date_published | 2020-11-24T00:00:00Z |
| source | MITRE |
| title | Demystifying Ransomware Attacks Against Microsoft Defender Solution |
DOJ Iran Indictments September 2020
DOJ. (2020, September 17). Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community. Retrieved December 10, 2020.
Internal MISP references
UUID f30a77dd-d1d0-41b8-b82a-461dd6cd126f which can be used as unique global reference for DOJ Iran Indictments September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-10T00:00:00Z |
| date_published | 2020-09-17T00:00:00Z |
| source | MITRE |
| title | Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community |
Microsoft GitHub Device Guard CI Policies
Microsoft. (2017, June 16). Deploy code integrity policies: steps. Retrieved June 28, 2017.
Internal MISP references
UUID 9646af1a-19fe-44c9-96ca-3c8ec097c3db which can be used as unique global reference for Microsoft GitHub Device Guard CI Policies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-28T00:00:00Z |
| date_published | 2017-06-16T00:00:00Z |
| source | MITRE |
| title | Deploy code integrity policies: steps |
Microsoft Deploying AD Federation
Microsoft. (n.d.). Deploying Active Directory Federation Services in Azure. Retrieved March 13, 2020.
Internal MISP references
UUID beeb460e-4dba-42fb-8109-0861cd0df562 which can be used as unique global reference for Microsoft Deploying AD Federation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| source | MITRE |
| title | Deploying Active Directory Federation Services in Azure |
Apple Kernel Extension Deprecation
Apple. (n.d.). Deprecated Kernel Extensions and System Extension Alternatives. Retrieved November 4, 2020.
Internal MISP references
UUID 86053c5a-f2dd-4eb3-9dc2-6a6a4e1c2ae5 which can be used as unique global reference for Apple Kernel Extension Deprecation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-04T00:00:00Z |
| source | MITRE |
| title | Deprecated Kernel Extensions and System Extension Alternatives |
Black Lotus Raptor Train September 18 2024
Black Lotus Labs. (2024, September 18). Derailing the Raptor Train. Retrieved September 19, 2024.
Internal MISP references
UUID 21e26577-887b-4b8c-a3f8-4ab8868bed69 which can be used as unique global reference for Black Lotus Raptor Train September 18 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-19T00:00:00Z |
| date_published | 2024-09-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Derailing the Raptor Train |
Amazon Describe Instance
Amazon. (n.d.). describe-instance-information. Retrieved March 3, 2020.
Internal MISP references
UUID c0b6a8a4-0d94-414d-b5ab-cf5485240dee which can be used as unique global reference for Amazon Describe Instance in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-03T00:00:00Z |
| source | MITRE |
| title | describe-instance-information |
Amazon Describe Instances API
Amazon. (n.d.). DescribeInstances. Retrieved May 26, 2020.
Internal MISP references
UUID 95629746-43d2-4f41-87da-4bd44a43ef4a which can be used as unique global reference for Amazon Describe Instances API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| source | MITRE |
| title | DescribeInstances |
DescribeSecurityGroups - Amazon Elastic Compute Cloud
Amazon Web Services, Inc. . (2022). DescribeSecurityGroups. Retrieved January 28, 2022.
Internal MISP references
UUID aa953df5-40b5-42d2-9e33-a227a093497f which can be used as unique global reference for DescribeSecurityGroups - Amazon Elastic Compute Cloud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-28T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | DescribeSecurityGroups |
Microsoft RunOnceEx APR 2018
Microsoft. (2018, August 20). Description of the RunOnceEx Registry Key. Retrieved June 29, 2018.
Internal MISP references
UUID f80bb86f-ce75-4778-bdee-777cf37a6de7 which can be used as unique global reference for Microsoft RunOnceEx APR 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-29T00:00:00Z |
| date_published | 2018-08-20T00:00:00Z |
| source | MITRE |
| title | Description of the RunOnceEx Registry Key |
Designing Daemons Apple Dev
Apple. (n.d.). Retrieved October 12, 2021.
Internal MISP references
UUID 4baac228-1f6a-4c65-ae98-5a542600dfc6 which can be used as unique global reference for Designing Daemons Apple Dev in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| source | MITRE |
| title | Designing Daemons Apple Dev |
Desk.cpl - LOLBAS Project
LOLBAS. (2022, April 21). Desk.cpl. Retrieved December 4, 2023.
Internal MISP references
UUID 487a54d9-9f90-478e-b305-bd041af55e12 which can be used as unique global reference for Desk.cpl - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-04-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Desk.cpl |
Free Desktop Application Autostart Feb 2006
Free Desktop. (2006, February 13). Desktop Application Autostart Specification. Retrieved September 12, 2019.
Internal MISP references
UUID 0885434e-3908-4425-9597-ce6abe531ca5 which can be used as unique global reference for Free Desktop Application Autostart Feb 2006 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| date_published | 2006-02-13T00:00:00Z |
| source | MITRE |
| title | Desktop Application Autostart Specification |
Desktopimgdownldr.exe - LOLBAS Project
LOLBAS. (2020, June 28). Desktopimgdownldr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 1df3aacf-76c4-472a-92c8-2a85ae9e2860 which can be used as unique global reference for Desktopimgdownldr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-06-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Desktopimgdownldr.exe |
CISA AA22-057A Destructive Malware February 2022
CISA. (2022, February 26). Destructive Malware Targeting Organizations in Ukraine. Retrieved March 25, 2022.
Internal MISP references
UUID 18684085-c156-4610-8b1f-cc9646f2c06e which can be used as unique global reference for CISA AA22-057A Destructive Malware February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-02-26T00:00:00Z |
| source | MITRE |
| title | Destructive Malware Targeting Organizations in Ukraine |
Microsoft WhisperGate January 2022
MSTIC. (2022, January 15). Destructive malware targeting Ukrainian organizations. Retrieved March 10, 2022.
Internal MISP references
UUID e0c1fcd3-b7a8-42af-8984-873a6f969975 which can be used as unique global reference for Microsoft WhisperGate January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-10T00:00:00Z |
| date_published | 2022-01-15T00:00:00Z |
| source | MITRE |
| title | Destructive malware targeting Ukrainian organizations |
S2W DarkGate January 16 2024
S2W. (2024, January 16). Detailed Analysis of DarkGate. Retrieved July 12, 2024.
Internal MISP references
UUID 62d6a280-06df-4b96-85c8-13174e496256 which can be used as unique global reference for S2W DarkGate January 16 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-12T00:00:00Z |
| date_published | 2024-01-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Detailed Analysis of DarkGate |
NSA and ASD Detect and Prevent Web Shells 2020
NSA and ASD. (2020, April 3). Detect and Prevent Web Shell Malware. Retrieved July 23, 2021.
Internal MISP references
UUID e9a882a5-1a88-4fdf-9349-205f4fa167c9 which can be used as unique global reference for NSA and ASD Detect and Prevent Web Shells 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-23T00:00:00Z |
| date_published | 2020-04-03T00:00:00Z |
| source | MITRE |
| title | Detect and Prevent Web Shell Malware |
URI Unique
Australian Cyber Security Centre. National Security Agency. (2020, April 21). Detect and Prevent Web Shell Malware. Retrieved February 9, 2024.
Internal MISP references
UUID b91963c4-07ea-5e36-9cc8-8a2149ee7473 which can be used as unique global reference for URI Unique in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-09T00:00:00Z |
| date_published | 2020-04-21T00:00:00Z |
| source | MITRE |
| title | Detect and Prevent Web Shell Malware |
Microsoft Detect Outlook Forms
Fox, C., Vangel, D. (2018, April 22). Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365. Retrieved February 4, 2019.
Internal MISP references
UUID fd63775c-8482-477d-ab41-8c64ca17b602 which can be used as unique global reference for Microsoft Detect Outlook Forms in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-04T00:00:00Z |
| date_published | 2018-04-22T00:00:00Z |
| source | MITRE |
| title | Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365 |
ADDSecurity DCShadow Feb 2018
Lucand,G. (2018, February 18). Detect DCShadow, impossible?. Retrieved March 30, 2018.
Internal MISP references
UUID c1cd4767-b5a1-4821-8574-b5782a83920f which can be used as unique global reference for ADDSecurity DCShadow Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| date_published | 2018-02-18T00:00:00Z |
| source | MITRE |
| title | Detect DCShadow, impossible? |
Lacework LLMJacking 2024
Lacework Labs. (2024, June 6). Detecting AI resource-hijacking with Composite Alerts. Retrieved September 25, 2024.
Internal MISP references
UUID 4742569e-80ed-5d70-948b-9457d9371ca8 which can be used as unique global reference for Lacework LLMJacking 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-25T00:00:00Z |
| date_published | 2024-06-06T00:00:00Z |
| source | MITRE |
| title | Detecting AI resource-hijacking with Composite Alerts |
Pace University Detecting DGA May 2017
Chen, L., Wang, T.. (2017, May 5). Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods . Retrieved April 26, 2019.
Internal MISP references
UUID 7a4e7e05-986b-4549-a021-8c3c729bd3cc which can be used as unique global reference for Pace University Detecting DGA May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-26T00:00:00Z |
| date_published | 2017-05-05T00:00:00Z |
| source | MITRE |
| title | Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods |
MDSec Detecting DOTNET
MDSec Research. (n.d.). Detecting and Advancing In-Memory .NET Tradecraft. Retrieved October 4, 2021.
Internal MISP references
UUID a7952f0e-6690-48de-ad93-9922d6d6989c which can be used as unique global reference for MDSec Detecting DOTNET in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| source | MITRE |
| title | Detecting and Advancing In-Memory .NET Tradecraft |
Cisco DoSdetectNetflow
Cisco. (n.d.). Detecting and Analyzing Network Threats With NetFlow. Retrieved April 25, 2019.
Internal MISP references
UUID ce447063-ec9a-4729-aaec-64ec123077ce which can be used as unique global reference for Cisco DoSdetectNetflow in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-25T00:00:00Z |
| source | MITRE |
| title | Detecting and Analyzing Network Threats With NetFlow |
RSA2017 Detect and Respond Adair
Adair, S. (2017, February 17). Detecting and Responding to Advanced Threats within Exchange Environments. Retrieved November 17, 2024.
Internal MISP references
UUID 005a276c-3369-4d29-bf0e-c7fa4e7d90bb which can be used as unique global reference for RSA2017 Detect and Respond Adair in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2017-02-17T00:00:00Z |
| source | MITRE |
| title | Detecting and Responding to Advanced Threats within Exchange Environments |
Nmap Firewalls NIDS
Nmap. (n.d.). Chapter 10. Detecting and Subverting Firewalls and Intrusion Detection Systems. Retrieved October 20, 2020.
Internal MISP references
UUID c696ac8c-2c7a-4708-a369-0832a493e0a6 which can be used as unique global reference for Nmap Firewalls NIDS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Detecting and Subverting Firewalls and Intrusion Detection Systems |
Medium Detecting Attempts to Steal Passwords from Memory
French, D. (2018, October 2). Detecting Attempts to Steal Passwords from Memory. Retrieved October 11, 2019.
Internal MISP references
UUID 63955204-3cf9-4628-88d2-361de4dae94f which can be used as unique global reference for Medium Detecting Attempts to Steal Passwords from Memory in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2018-10-02T00:00:00Z |
| source | MITRE |
| title | Detecting Attempts to Steal Passwords from Memory |
Merces BPFDOOR 2023
Fernando Merces. (2023, July 13). Detecting BPFDoor Backdoor Variants Abusing BPF Filters. Retrieved September 23, 2024.
Internal MISP references
UUID bf4f5736-0506-5ecf-a73e-86ab18c2b71b which can be used as unique global reference for Merces BPFDOOR 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-23T00:00:00Z |
| date_published | 2023-07-13T00:00:00Z |
| source | MITRE |
| title | Detecting BPFDoor Backdoor Variants Abusing BPF Filters |
Endurant CMSTP July 2018
Seetharaman, N. (2018, July 7). Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon.. Retrieved November 17, 2024.
Internal MISP references
UUID d67901a4-8774-42d3-98de-c20158f88eb6 which can be used as unique global reference for Endurant CMSTP July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2018-07-07T00:00:00Z |
| source | MITRE |
| title | Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon. |
Red Canary COR_PROFILER May 2020
Brown, J. (2020, May 7). Detecting COR_PROFILER manipulation for persistence. Retrieved June 24, 2020.
Internal MISP references
UUID 3d8cb4d3-1cbe-416a-95b5-15003cbc2beb which can be used as unique global reference for Red Canary COR_PROFILER May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| date_published | 2020-05-07T00:00:00Z |
| source | MITRE |
| title | Detecting COR_PROFILER manipulation for persistence |
NVisio Labs DDE Detection Oct 2017
NVISO Labs. (2017, October 11). Detecting DDE in MS Office documents. Retrieved November 21, 2017.
Internal MISP references
UUID 75ccde9a-2d51-4492-9a8a-02fce30f9167 which can be used as unique global reference for NVisio Labs DDE Detection Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-10-11T00:00:00Z |
| source | MITRE |
| title | Detecting DDE in MS Office documents |
Zhang 2013
Zhang, H., Papadopoulos, C., & Massey, D. (2013, April). Detecting encrypted botnet traffic. Retrieved August 19, 2015.
Internal MISP references
UUID 29edb7ad-3b3a-4fdb-9c4e-bb99fc2a1c67 which can be used as unique global reference for Zhang 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-08-19T00:00:00Z |
| date_published | 2013-04-01T00:00:00Z |
| source | MITRE |
| title | Detecting encrypted botnet traffic |
ADSecurity Detecting Forged Tickets
Metcalf, S. (2015, May 03). Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory. Retrieved December 23, 2015.
Internal MISP references
UUID 4c328a1a-6a83-4399-86c5-d6e1586da8a3 which can be used as unique global reference for ADSecurity Detecting Forged Tickets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-23T00:00:00Z |
| date_published | 2015-05-03T00:00:00Z |
| source | MITRE |
| title | Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory |
Microsoft Detecting Kerberoasting Feb 2018
Bani, M. (2018, February 23). Detecting Kerberoasting activity using Azure Security Center. Retrieved March 23, 2018.
Internal MISP references
UUID b36d82a8-82ca-4f22-85c0-ee82be3b6940 which can be used as unique global reference for Microsoft Detecting Kerberoasting Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-23T00:00:00Z |
| date_published | 2018-02-23T00:00:00Z |
| source | MITRE |
| title | Detecting Kerberoasting activity using Azure Security Center |
Medium Detecting Lateral Movement
French, D. (2018, September 30). Detecting Lateral Movement Using Sysmon and Splunk. Retrieved October 11, 2019.
Internal MISP references
UUID 91bea3c2-df54-424e-8667-035e6e15fe38 which can be used as unique global reference for Medium Detecting Lateral Movement in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2018-09-30T00:00:00Z |
| source | MITRE |
| title | Detecting Lateral Movement Using Sysmon and Splunk |
Inversecos Linux Timestomping
inversecos. (2022, August 4). Detecting Linux Anti-Forensics: Timestomping. Retrieved March 26, 2025.
Internal MISP references
UUID 12779efe-2dd3-50b5-b0e6-9f356467a66d which can be used as unique global reference for Inversecos Linux Timestomping in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2022-08-04T00:00:00Z |
| source | MITRE |
| title | Detecting Linux Anti-Forensics: Timestomping |
macOS root VNC login without authentication
Nick Miles. (2017, November 30). Detecting macOS High Sierra root account without authentication. Retrieved September 20, 2021.
Internal MISP references
UUID 4dc6ea85-a41b-4218-a9ae-e1eea841f2f2 which can be used as unique global reference for macOS root VNC login without authentication in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Detecting macOS High Sierra root account without authentication |
Sans Virtual Jan 2016
Keragala, D. (2016, January 16). Detecting Malware and Sandbox Evasion Techniques. Retrieved April 17, 2019.
Internal MISP references
UUID 5d3d567c-dc25-44c1-8d2a-71ae00b60dbe which can be used as unique global reference for Sans Virtual Jan 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2016-01-16T00:00:00Z |
| source | MITRE |
| title | Detecting Malware and Sandbox Evasion Techniques |
Mandiant Azure AD Backdoors
Mike Burns. (2020, September 30). Detecting Microsoft 365 and Azure Active Directory Backdoors. Retrieved September 28, 2022.
Internal MISP references
UUID 7b4502ff-a45c-4ba7-b00e-ca9f6e9c2ac8 which can be used as unique global reference for Mandiant Azure AD Backdoors in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2020-09-30T00:00:00Z |
| source | MITRE |
| title | Detecting Microsoft 365 and Azure Active Directory Backdoors |
CounterCept PPID Spoofing Dec 2018
Loh, I. (2018, December 21). Detecting Parent PID Spoofing. Retrieved June 3, 2019.
Internal MISP references
UUID a1fdb8db-4c5f-4fb9-a013-b232cd8471f8 which can be used as unique global reference for CounterCept PPID Spoofing Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-03T00:00:00Z |
| date_published | 2018-12-21T00:00:00Z |
| source | MITRE |
| title | Detecting Parent PID Spoofing |
CISA SolarWinds Cloud Detection
CISA. (2021, January 8). Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments. Retrieved January 8, 2021.
Internal MISP references
UUID b8fd5fe3-dbfa-4f28-a9b5-39f1d7db9e62 which can be used as unique global reference for CISA SolarWinds Cloud Detection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-08T00:00:00Z |
| date_published | 2021-01-08T00:00:00Z |
| source | MITRE |
| title | Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments |
Detecting Rclone
Aaron Greetham. (2021, May 27). Detecting Rclone – An Effective Tool for Exfiltration. Retrieved August 30, 2022.
Internal MISP references
UUID 2e44290c-32f5-4e7f-96de-9874df79fe89 which can be used as unique global reference for Detecting Rclone in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-30T00:00:00Z |
| date_published | 2021-05-27T00:00:00Z |
| source | MITRE |
| title | Detecting Rclone – An Effective Tool for Exfiltration |
Medium Detecting WMI Persistence
French, D. (2018, October 9). Detecting & Removing an Attacker’s WMI Persistence. Retrieved October 11, 2019.
Internal MISP references
UUID 539e7cd0-d1e9-46ba-96fe-d8a1061c857e which can be used as unique global reference for Medium Detecting WMI Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2018-10-09T00:00:00Z |
| source | MITRE |
| title | Detecting & Removing an Attacker’s WMI Persistence |
Okta Scatter Swine 2022
Okta. (2022, August 25). Detecting Scatter Swine: Insights into a Relentless Phishing Campaign. Retrieved February 24, 2023.
Internal MISP references
UUID 66d1b6e2-c069-5832-b549-fc5f0edeed40 which can be used as unique global reference for Okta Scatter Swine 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-24T00:00:00Z |
| date_published | 2022-08-25T00:00:00Z |
| source | MITRE |
| title | Detecting Scatter Swine: Insights into a Relentless Phishing Campaign |
Splunk Supernova Jan 2021
Stoner, J. (2021, January 21). Detecting Supernova Malware: SolarWinds Continued. Retrieved February 22, 2021.
Internal MISP references
UUID 7e43bda5-0978-46aa-b3b3-66ffb62b9fdb which can be used as unique global reference for Splunk Supernova Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2021-01-21T00:00:00Z |
| source | MITRE |
| title | Detecting Supernova Malware: SolarWinds Continued |
Microsoft Winnti Jan 2017
Cap, P., et al. (2017, January 25). Detecting threat actors in recent German industrial attacks with Windows Defender ATP. Retrieved February 8, 2017.
Internal MISP references
UUID 6b63fac9-4bde-4fc8-a016-e77c8485fab7 which can be used as unique global reference for Microsoft Winnti Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-08T00:00:00Z |
| date_published | 2017-01-25T00:00:00Z |
| source | MITRE |
| title | Detecting threat actors in recent German industrial attacks with Windows Defender ATP |
Chokepoint preload rootkits
stderr. (2014, February 14). Detecting Userland Preload Rootkits. Retrieved December 20, 2017.
Internal MISP references
UUID 16c00830-eade-40e2-9ee6-6e1af4b58e5d which can be used as unique global reference for Chokepoint preload rootkits in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2014-02-14T00:00:00Z |
| source | MITRE |
| title | Detecting Userland Preload Rootkits |
Sygnia Golden SAML
Sygnia. (2020, December). Detection and Hunting of Golden SAML Attack. Retrieved November 17, 2024.
Internal MISP references
UUID 1a6673b0-2a30-481e-a2a4-9e17e2676c5d which can be used as unique global reference for Sygnia Golden SAML in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | Detection and Hunting of Golden SAML Attack |
FireEye Exchange Zero Days March 2021
Bromiley, M. et al. (2021, March 4). Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities. Retrieved March 9, 2021.
Internal MISP references
UUID 5e5452a4-c3f5-4802-bcb4-198612cc8282 which can be used as unique global reference for FireEye Exchange Zero Days March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-09T00:00:00Z |
| date_published | 2021-03-04T00:00:00Z |
| source | MITRE |
| title | Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities |
Google Cloud Threat Intelligence ESXi Hardening 2023
Alex Marvi, Greg Blaum, and Ron Craft. (2023, June 28). Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts. Retrieved March 26, 2025.
Internal MISP references
UUID 05e44d3d-9170-550c-90b7-60ba30a87dda which can be used as unique global reference for Google Cloud Threat Intelligence ESXi Hardening 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2023-06-28T00:00:00Z |
| source | MITRE |
| title | Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts |
Splunk Detect Renamed PSExec
Splunk. (2025, February 24). Detection: Detect Renamed PSExec. Retrieved April 3, 2025.
Internal MISP references
UUID 6c87cbfd-7cb2-5703-af97-042b8610904e which can be used as unique global reference for Splunk Detect Renamed PSExec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-03T00:00:00Z |
| date_published | 2025-02-24T00:00:00Z |
| source | MITRE |
| title | Detection: Detect Renamed PSExec |
Microsoft DEV-0139 December 6 2022
Microsoft Threat Intelligence. (2022, December 6). DEV-0139 launches targeted attacks against the cryptocurrency industry. Retrieved September 30, 2024.
Internal MISP references
UUID f9c070f1-aa83-45a3-bffb-c90f4caf5926 which can be used as unique global reference for Microsoft DEV-0139 December 6 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-30T00:00:00Z |
| date_published | 2022-12-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DEV-0139 launches targeted attacks against the cryptocurrency industry |
Microsoft DEV-0537
Microsoft. (2022, March 22). DEV-0537 criminal actor targeting organizations for data exfiltration and destruction. Retrieved March 23, 2022.
Internal MISP references
UUID 2f7a59f3-620d-4e2e-8595-af96cd4e16c3 which can be used as unique global reference for Microsoft DEV-0537 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-23T00:00:00Z |
| date_published | 2022-03-22T00:00:00Z |
| source | MITRE |
| title | DEV-0537 criminal actor targeting organizations for data exfiltration and destruction |
MSTIC DEV-0537 Mar 2022
MSTIC, DART, M365 Defender. (2022, March 24). DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction. Retrieved May 17, 2022.
Internal MISP references
UUID a9ce7e34-6e7d-4681-9869-8e8f2b5b0390 which can be used as unique global reference for MSTIC DEV-0537 Mar 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-17T00:00:00Z |
| date_published | 2022-03-24T00:00:00Z |
| source | MITRE |
| title | DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction |
Microsoft Royal ransomware November 2022
MSTIC. (2022, November 17). DEV-0569 finds new ways to deliver Royal ransomware, various payloads. Retrieved March 30, 2023.
Internal MISP references
UUID 91efc6bf-e15c-514a-96c1-e838268d222f which can be used as unique global reference for Microsoft Royal ransomware November 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2022-11-17T00:00:00Z |
| source | MITRE |
| title | DEV-0569 finds new ways to deliver Royal ransomware, various payloads |
MSTIC DEV-0832 October 25 2022
Microsoft Threat Intelligence. (2022, October 25). DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector. Retrieved September 19, 2024.
Internal MISP references
UUID 5b667611-649d-44d5-86e0-a79527608b3c which can be used as unique global reference for MSTIC DEV-0832 October 25 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-19T00:00:00Z |
| date_published | 2022-10-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector |
Cisco IOS Forensics Developments
Felix 'FX' Lindner. (2008, February). Developments in Cisco IOS Forensics. Retrieved October 21, 2020.
Internal MISP references
UUID 95fdf251-f40d-4f7a-bb12-8762e9c961b9 which can be used as unique global reference for Cisco IOS Forensics Developments in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| date_published | 2008-02-01T00:00:00Z |
| source | MITRE |
| title | Developments in Cisco IOS Forensics |
DeviceCredentialDeployment.exe - LOLBAS Project
LOLBAS. (2021, August 16). DeviceCredentialDeployment.exe. Retrieved December 4, 2023.
Internal MISP references
UUID fef281e8-8138-4420-b11b-66d1e6a19805 which can be used as unique global reference for DeviceCredentialDeployment.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DeviceCredentialDeployment.exe |
GitHub mattifestation DeviceGuardBypass
Graeber, M. (2016, November 13). DeviceGuardBypassMitigationRules. Retrieved November 30, 2016.
Internal MISP references
UUID 4ecd64b4-8014-447a-91d2-a431f4adbfcd which can be used as unique global reference for GitHub mattifestation DeviceGuardBypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-30T00:00:00Z |
| date_published | 2016-11-13T00:00:00Z |
| source | MITRE |
| title | DeviceGuardBypassMitigationRules |
Devinit.exe - LOLBAS Project
LOLBAS. (2022, January 20). Devinit.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 27343583-c17d-4c11-a7e3-14d725756556 which can be used as unique global reference for Devinit.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Devinit.exe |
Devtoolslauncher.exe - LOLBAS Project
LOLBAS. (2019, October 4). Devtoolslauncher.exe. Retrieved December 4, 2023.
Internal MISP references
UUID cb263978-019c-40c6-b6de-61db0e7a8941 which can be used as unique global reference for Devtoolslauncher.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-10-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Devtoolslauncher.exe |
devtunnel.exe - LOLBAS Project
LOLBAS. (2023, September 16). devtunnel.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 657c8b4c-1eee-4997-8461-c7592eaed9e8 which can be used as unique global reference for devtunnel.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-09-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | devtunnel.exe |
Dfshim.dll - LOLBAS Project
LOLBAS. (2018, May 25). Dfshim.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 30503e42-6047-46a9-8189-e6caa5f4deb0 which can be used as unique global reference for Dfshim.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dfshim.dll |
LOLBAS /Dfsvc.exe
LOLBAS. (n.d.). /Dfsvc.exe. Retrieved September 9, 2024.
Internal MISP references
UUID caef4593-a7ac-57f7-9e06-b6ace2c9623d which can be used as unique global reference for LOLBAS /Dfsvc.exe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-09T00:00:00Z |
| source | MITRE |
| title | /Dfsvc.exe |
Dfsvc.exe - LOLBAS Project
LOLBAS. (2018, May 25). Dfsvc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7f3a78c0-68b2-4a9d-ae6a-6e63e8ddac3f which can be used as unique global reference for Dfsvc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dfsvc.exe |
dhcp_serv_op_events
Microsoft. (2006, August 31). DHCP Server Operational Events. Retrieved March 7, 2022.
Internal MISP references
UUID e2b1e810-2a78-4553-8927-38ed5fba0f38 which can be used as unique global reference for dhcp_serv_op_events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-07T00:00:00Z |
| date_published | 2006-08-31T00:00:00Z |
| source | MITRE |
| title | DHCP Server Operational Events |
Microsoft DiamondSleet 2023
Microsoft Threat Intelligence. (2023, November 22). Diamond Sleet supply chain compromise distributes a modified CyberLink installer. Retrieved March 28, 2025.
Internal MISP references
UUID 854f2dcf-d807-55b4-b819-6f8f20491883 which can be used as unique global reference for Microsoft DiamondSleet 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-28T00:00:00Z |
| date_published | 2023-11-22T00:00:00Z |
| source | MITRE |
| title | Diamond Sleet supply chain compromise distributes a modified CyberLink installer |
GitHub Diamorphine
Mello, V. (2018, March 8). Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64). Retrieved April 9, 2018.
Internal MISP references
UUID 92993055-d2e6-46b2-92a3-ad70b62e4cc0 which can be used as unique global reference for GitHub Diamorphine in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2018-03-08T00:00:00Z |
| source | MITRE |
| title | Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64) |
diantz.exe_lolbas
Living Off The Land Binaries, Scripts and Libraries (LOLBAS). (n.d.). Diantz.exe. Retrieved October 25, 2021.
Internal MISP references
UUID 66652db8-5594-414f-8a6b-83d708a0c1fa which can be used as unique global reference for diantz.exe_lolbas in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-25T00:00:00Z |
| source | MITRE |
| title | Diantz.exe |
Fortinet Diavol July 2021
Neeamni, D., Rubinfeld, A.. (2021, July 1). Diavol - A New Ransomware Used By Wizard Spider?. Retrieved November 12, 2021.
Internal MISP references
UUID 28c650f2-8ce8-4c78-ab4a-cae56c1548ed which can be used as unique global reference for Fortinet Diavol July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-12T00:00:00Z |
| date_published | 2021-07-01T00:00:00Z |
| source | MITRE |
| title | Diavol - A New Ransomware Used By Wizard Spider? |
DFIR Diavol Ransomware December 2021
DFIR Report. (2021, December 13). Diavol Ransomware. Retrieved March 9, 2022.
Internal MISP references
UUID eb89f18d-684c-4220-b2a8-967f1f8f9162 which can be used as unique global reference for DFIR Diavol Ransomware December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-09T00:00:00Z |
| date_published | 2021-12-13T00:00:00Z |
| source | MITRE |
| title | Diavol Ransomware |
Überwachung APT28 Forfiles June 2015
Guarnieri, C. (2015, June 19). Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag. Retrieved January 22, 2018.
Internal MISP references
UUID 3b85fff0-88d8-4df6-af0b-66e57492732e which can be used as unique global reference for Überwachung APT28 Forfiles June 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2015-06-19T00:00:00Z |
| source | MITRE |
| title | Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag |
Microsoft DSE June 2017
Microsoft. (2017, June 1). Digital Signatures for Kernel Modules on Windows. Retrieved April 22, 2021.
Internal MISP references
UUID 451bdfe3-0b30-425c-97a0-44727b70c1da which can be used as unique global reference for Microsoft DSE June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| date_published | 2017-06-01T00:00:00Z |
| source | MITRE |
| title | Digital Signatures for Kernel Modules on Windows |
Microsoft East Asia Threats September 2023
Microsoft Threat Intelligence. (2023, September). Digital threats from East Asia increase in breadth and effectiveness. Retrieved February 5, 2024.
Internal MISP references
UUID 31f2c61e-cefe-5df7-9c2b-780bf03c88ec which can be used as unique global reference for Microsoft East Asia Threats September 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-05T00:00:00Z |
| date_published | 2023-09-01T00:00:00Z |
| source | MITRE |
| title | Digital threats from East Asia increase in breadth and effectiveness |
ESET Turla Mosquito Jan 2018
ESET, et al. (2018, January). Diplomats in Eastern Europe bitten by a Turla mosquito. Retrieved July 3, 2018.
Internal MISP references
UUID cd177c2e-ef22-47be-9926-61e25fd5f33b which can be used as unique global reference for ESET Turla Mosquito Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2018-01-01T00:00:00Z |
| source | MITRE |
| title | Diplomats in Eastern Europe bitten by a Turla mosquito |
TechNet Dir
Microsoft. (n.d.). Dir. Retrieved April 18, 2016.
Internal MISP references
UUID f1eb8631-6bea-4688-a5ff-a388b1fdceb0 which can be used as unique global reference for TechNet Dir in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-18T00:00:00Z |
| source | MITRE |
| title | Dir |
Frisk DMA August 2016
Ulf Frisk. (2016, August 5). Direct Memory Attack the Kernel. Retrieved March 30, 2018.
Internal MISP references
UUID c504485b-2daa-4159-96da-481a0b97a979 which can be used as unique global reference for Frisk DMA August 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| date_published | 2016-08-05T00:00:00Z |
| source | MITRE |
| title | Direct Memory Attack the Kernel |
Redops Syscalls
Feichter, D. (2023, June 30). Direct Syscalls vs Indirect Syscalls. Retrieved September 27, 2023.
Internal MISP references
UUID dd8c2edd-b5ba-5a41-b65d-c3a2951d07b8 which can be used as unique global reference for Redops Syscalls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2023-06-30T00:00:00Z |
| source | MITRE |
| title | Direct Syscalls vs Indirect Syscalls |
GitHub Disable DDEAUTO Oct 2017
Dormann, W. (2017, October 20). Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016. Retrieved February 3, 2018.
Internal MISP references
UUID eea0dd34-4efa-4093-bd11-a59d1601868f which can be used as unique global reference for GitHub Disable DDEAUTO Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-03T00:00:00Z |
| date_published | 2017-10-20T00:00:00Z |
| source | MITRE |
| title | Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016 |
Disable automount for ISO
wordmann. (2022, February 8). Disable Disc Imgage. Retrieved February 8, 2022.
Internal MISP references
UUID 2155591e-eacf-4575-b7a6-f031675ef1b3 which can be used as unique global reference for Disable automount for ISO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-08T00:00:00Z |
| date_published | 2022-02-08T00:00:00Z |
| source | MITRE |
| title | Disable Disc Imgage |
Disable_Win_Event_Logging
dmcxblue. (n.d.). Disable Windows Event Logging. Retrieved September 10, 2021.
Internal MISP references
UUID 0fa5e507-33dc-40ea-b960-bcd9aa024ab1 which can be used as unique global reference for Disable_Win_Event_Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-10T00:00:00Z |
| source | MITRE |
| title | Disable Windows Event Logging |
GitHub MOTW
wdormann. (2019, August 29). Disable Windows Explorer file associations for Disc Image Mount. Retrieved April 16, 2022.
Internal MISP references
UUID 044aa74a-9320-496a-9d15-37d8b934c244 which can be used as unique global reference for GitHub MOTW in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-16T00:00:00Z |
| date_published | 2019-08-29T00:00:00Z |
| source | MITRE |
| title | Disable Windows Explorer file associations for Disc Image Mount |
Apple Disable SIP
Apple. (n.d.). Disabling and Enabling System Integrity Protection. Retrieved April 22, 2021.
Internal MISP references
UUID d7545e0c-f0b7-4be4-800b-06a02240385e which can be used as unique global reference for Apple Disable SIP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| source | MITRE |
| title | Disabling and Enabling System Integrity Protection |
Microsoft GPO Bluetooth FEB 2009
Microsoft. (2009, February 9). Disabling Bluetooth and Infrared Beaming. Retrieved July 26, 2018.
Internal MISP references
UUID 27573597-5269-4894-87fb-24afcdb8f30a which can be used as unique global reference for Microsoft GPO Bluetooth FEB 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-26T00:00:00Z |
| date_published | 2009-02-09T00:00:00Z |
| source | MITRE |
| title | Disabling Bluetooth and Infrared Beaming |
ITSyndicate Disabling PHP functions
Kondratiev, A. (n.d.). Disabling dangerous PHP functions. Retrieved July 26, 2021.
Internal MISP references
UUID 6e91f485-5777-4a06-94a3-cdc4718a8e39 which can be used as unique global reference for ITSyndicate Disabling PHP functions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-26T00:00:00Z |
| source | MITRE |
| title | Disabling dangerous PHP functions |
disable_notif_synology_ransom
TheDFIRReport. (2022, March 1). Disabling notifications on Synology servers before ransom. Retrieved September 12, 2024.
Internal MISP references
UUID d53e8f89-df78-565b-a316-cf2644c5ed36 which can be used as unique global reference for disable_notif_synology_ransom in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | Disabling notifications on Synology servers before ransom |
Krebs Discord Bookmarks 2023
Brian Krebs. (2023, May 30). Discord Admins Hacked by Malicious Bookmarks. Retrieved January 2, 2024.
Internal MISP references
UUID 1d0a21f4-9a8e-5514-894a-3d55263ff973 which can be used as unique global reference for Krebs Discord Bookmarks 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-02T00:00:00Z |
| date_published | 2023-05-30T00:00:00Z |
| source | MITRE |
| title | Discord Admins Hacked by Malicious Bookmarks |
Diskshadow
Microsoft Windows Server. (2023, February 3). Diskshadow. Retrieved November 21, 2023.
Internal MISP references
UUID 9e8b57a5-7e31-5add-ac3e-8b9c0f7f27aa which can be used as unique global reference for Diskshadow in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-21T00:00:00Z |
| date_published | 2023-02-03T00:00:00Z |
| source | MITRE |
| title | Diskshadow |
Diskshadow.exe - LOLBAS Project
LOLBAS. (2018, May 25). Diskshadow.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 27a3f0b4-e699-4319-8b52-8eae4581faa2 which can be used as unique global reference for Diskshadow.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Diskshadow.exe |
Elastic Security Labs
Joe Desimone. (2024, August 5). Dismantling Smart App Control. Retrieved March 21, 2025.
Internal MISP references
UUID 85bae892-d121-5db7-90e6-533868266ebb which can be used as unique global reference for Elastic Security Labs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-21T00:00:00Z |
| date_published | 2024-08-05T00:00:00Z |
| source | MITRE |
| title | Dismantling Smart App Control |
Microsoft On the Issues February 27 2025
Steven Masada. (2025, February 27). Disrupting a Global Cybercrime Network Abusing Generative AI. Retrieved February 28, 2025.
Internal MISP references
UUID 701c3b9f-235a-429d-9d94-b4b4ac720fe3 which can be used as unique global reference for Microsoft On the Issues February 27 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-28T00:00:00Z |
| date_published | 2025-02-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Disrupting a Global Cybercrime Network Abusing Generative AI |
Microsoft Lumma Stealer Disruption May 21 2025
Steve Masada. (2025, May 21). Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool. Retrieved May 22, 2025.
Internal MISP references
UUID bc7580b8-a686-4f90-a833-55592c62894b which can be used as unique global reference for Microsoft Lumma Stealer Disruption May 21 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-22T00:00:00Z |
| date_published | 2025-05-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool |
OpenAI-CTI
OpenAI. (2024, February 14). Disrupting malicious uses of AI by state-affiliated threat actors. Retrieved September 12, 2024.
Internal MISP references
UUID d8f576cb-0afc-54a7-a449-570c4311ef7a which can be used as unique global reference for OpenAI-CTI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2024-02-14T00:00:00Z |
| source | MITRE |
| title | Disrupting malicious uses of AI by state-affiliated threat actors |
OpenAI CTI Update June 2025
Ben Nimmo, Albert Zhang, Sophia Farquhar, Max Murphy, Kimo Bumanglag. (2025, June 5). Disrupting malicious uses of AI: June 2025. Retrieved June 9, 2025.
Internal MISP references
UUID 05da33ac-e25a-4ad3-8146-d015d7494bb9 which can be used as unique global reference for OpenAI CTI Update June 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-09T00:00:00Z |
| date_published | 2025-06-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Disrupting malicious uses of AI: June 2025 |
OpenAI CTI Update February 2025
OpenAI. (2025, February 1). Disrupting malicious uses of our models - an update February 2025. Retrieved February 27, 2025.
Internal MISP references
UUID 0318c7c7-9c12-46ce-bb91-c986f7e5f73b which can be used as unique global reference for OpenAI CTI Update February 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-27T00:00:00Z |
| date_published | 2025-02-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Disrupting malicious uses of our models - an update February 2025 |
Microsoft Star Blizzard August 2022
Microsoft Threat Intelligence. (2022, August 15). Disrupting SEABORGIUM’s ongoing phishing operations. Retrieved June 13, 2024.
Internal MISP references
UUID d5fc25ad-2337-55f5-9eac-050178a533d6 which can be used as unique global reference for Microsoft Star Blizzard August 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-13T00:00:00Z |
| date_published | 2022-08-15T00:00:00Z |
| source | MITRE |
| title | Disrupting SEABORGIUM’s ongoing phishing operations |
Bitdefender FunnyDream Campaign November 2020
Vrabie, V. (2020, November). Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. Retrieved September 19, 2022.
Internal MISP references
UUID b62a9f2c-02ca-4dfa-95fc-5dc6ad9568de which can be used as unique global reference for Bitdefender FunnyDream Campaign November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-19T00:00:00Z |
| date_published | 2020-11-01T00:00:00Z |
| source | MITRE |
| title | Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions |
FireEye NETWIRE March 2019
Maniath, S. and Kadam P. (2019, March 19). Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing. Retrieved January 7, 2021.
Internal MISP references
UUID 404d4f7e-62de-4483-9320-a90fb255e783 which can be used as unique global reference for FireEye NETWIRE March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-07T00:00:00Z |
| date_published | 2019-03-19T00:00:00Z |
| source | MITRE |
| title | Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing |
Cybereason Dissecting DGAs
Sternfeld, U. (2016). Dissecting Domain Generation Algorithms: Eight Real World DGA Variants. Retrieved February 18, 2019.
Internal MISP references
UUID 9888cdb6-fe85-49b4-937c-75005ac9660d which can be used as unique global reference for Cybereason Dissecting DGAs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2016-01-01T00:00:00Z |
| source | MITRE |
| title | Dissecting Domain Generation Algorithms: Eight Real World DGA Variants |
FireEye POSHSPY April 2017
Dunwoody, M.. (2017, April 3). Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY). Retrieved April 5, 2017.
Internal MISP references
UUID b1271e05-80d7-4761-a13f-b6f0db7d7e5a which can be used as unique global reference for FireEye POSHSPY April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-05T00:00:00Z |
| date_published | 2017-04-03T00:00:00Z |
| source | MITRE |
| title | Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY) |
Bleeping Computer Stealer Logs 2023
Flare. (2023, June 6). Dissecting the Dark Web Supply Chain: Stealer Logs in Context. Retrieved October 10, 2024.
Internal MISP references
UUID 3bcbc294-91f1-56af-9eb9-9ce556c09602 which can be used as unique global reference for Bleeping Computer Stealer Logs 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-10T00:00:00Z |
| date_published | 2023-06-06T00:00:00Z |
| source | MITRE |
| title | Dissecting the Dark Web Supply Chain: Stealer Logs in Context |
Canadian Centre for Cyber Security September 15 2023
Communications Security Establishment Canada. (2023, September 15). Distributed Denial of Service campaign targeting multiple Canadian sectors - Canadian Centre for Cyber Security. Retrieved December 12, 2024.
Internal MISP references
UUID 9ea7b125-ed3a-41a1-9010-4893e0164710 which can be used as unique global reference for Canadian Centre for Cyber Security September 15 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-12T00:00:00Z |
| date_published | 2023-09-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Distributed Denial of Service campaign targeting multiple Canadian sectors - Canadian Centre for Cyber Security |
Microsoft DTC
Microsoft. (2011, January 12). Distributed Transaction Coordinator. Retrieved February 25, 2016.
Internal MISP references
UUID d2a1aab3-a4c9-4583-9cf8-170eeb77d828 which can be used as unique global reference for Microsoft DTC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-25T00:00:00Z |
| date_published | 2011-01-12T00:00:00Z |
| source | MITRE |
| title | Distributed Transaction Coordinator |
Mandiant UNC4841 August 29 2023
Austin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Michael Raggi. (2023, August 29). Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation. Retrieved October 24, 2024.
Internal MISP references
UUID f990745d-06c1-4b0a-8394-66c7a3cf0818 which can be used as unique global reference for Mandiant UNC4841 August 29 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-24T00:00:00Z |
| date_published | 2023-08-29T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation |
Microsoft AppLocker DLL
Microsoft. (2024, October 1). DLL rules in AppLocker. Retrieved April 10, 2025.
Internal MISP references
UUID 40e61aec-04e5-5916-a1b1-450b38990ce3 which can be used as unique global reference for Microsoft AppLocker DLL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-10T00:00:00Z |
| date_published | 2024-10-01T00:00:00Z |
| source | MITRE |
| title | DLL rules in AppLocker |
FireEye DLL Search Order Hijacking
Nick Harbour. (2010, September 1). DLL Search Order Hijacking Revisited. Retrieved March 13, 2020.
Internal MISP references
UUID 0ba2675d-4d7f-406a-81fa-b87e62d7a539 which can be used as unique global reference for FireEye DLL Search Order Hijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2010-09-01T00:00:00Z |
| source | MITRE |
| title | DLL Search Order Hijacking Revisited |
Mandiant Search Order
Mandiant. (2010, August 31). DLL Search Order Hijacking Revisited. Retrieved December 5, 2014.
Internal MISP references
UUID 2f602a6c-0305-457c-b329-a17b55d8e094 which can be used as unique global reference for Mandiant Search Order in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| date_published | 2010-08-31T00:00:00Z |
| source | MITRE |
| title | DLL Search Order Hijacking Revisited |
Stewart 2014
Stewart, A. (2014). DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry. Retrieved November 12, 2014.
Internal MISP references
UUID 813905b5-7aa5-4bab-b2ac-eaafdea55805 which can be used as unique global reference for Stewart 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry |
DMARC-overview
DMARC. (n.d.). Retrieved March 24, 2025.
Internal MISP references
UUID 330fd090-565f-50c1-9c1e-522f336abca7 which can be used as unique global reference for DMARC-overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-24T00:00:00Z |
| source | MITRE |
| title | DMARC-overview |
Dnscmd.exe - LOLBAS Project
LOLBAS. (2018, May 25). Dnscmd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3571ca9d-3388-4e74-8b30-dd92ef2b5f10 which can be used as unique global reference for Dnscmd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dnscmd.exe |
Dnscmd Microsoft
Microsoft. (2023, February 3). Dnscmd Microsoft. Retrieved July 11, 2023.
Internal MISP references
UUID 24b1cb7b-357f-470f-9715-fa0ec3958cbb which can be used as unique global reference for Dnscmd Microsoft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-11T00:00:00Z |
| date_published | 2023-02-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dnscmd Microsoft |
DNS Dumpster
Hacker Target. (n.d.). DNS Dumpster. Retrieved October 20, 2020.
Internal MISP references
UUID 0bbe1e50-28af-4265-a493-4bb4fd693bad which can be used as unique global reference for DNS Dumpster in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | DNS Dumpster |
Talos DNSpionage Nov 2018
Mercer, W., Rascagneres, P. (2018, November 27). DNSpionage Campaign Targets Middle East. Retrieved October 9, 2020.
Internal MISP references
UUID d597ad7d-f808-4289-b42a-79807248c2d6 which can be used as unique global reference for Talos DNSpionage Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-09T00:00:00Z |
| date_published | 2018-11-27T00:00:00Z |
| source | MITRE |
| title | DNSpionage Campaign Targets Middle East |
DNS-msft
Microsoft. (2022). DNS Policies Overview. Retrieved June 6, 2024.
Internal MISP references
UUID bb420420-d03c-53b9-8bd9-e4357df8930a which can be used as unique global reference for DNS-msft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-06T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | DNS Policies Overview |
Unit42 DNS Mar 2019
Hinchliffe, A. (2019, March 15). DNS Tunneling: how DNS can be (ab)used by malicious actors. Retrieved October 3, 2020.
Internal MISP references
UUID e41fde80-5ced-4f66-9852-392d1ef79520 which can be used as unique global reference for Unit42 DNS Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-03T00:00:00Z |
| date_published | 2019-03-15T00:00:00Z |
| source | MITRE |
| title | DNS Tunneling: how DNS can be (ab)used by malicious actors |
DNS-CISA
CISA. (2016, September 29). DNS Zone Transfer AXFR Requests May Leak Domain Information. Retrieved June 5, 2024.
Internal MISP references
UUID bc24500a-500c-5e08-90ec-6fbb39b0b74c which can be used as unique global reference for DNS-CISA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-05T00:00:00Z |
| date_published | 2016-09-29T00:00:00Z |
| source | MITRE |
| title | DNS Zone Transfer AXFR Requests May Leak Domain Information |
dnx.exe - LOLBAS Project
LOLBAS. (2018, May 25). dnx.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 50652a27-c47b-41d4-a2eb-2ebf74e5bd09 which can be used as unique global reference for dnx.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | dnx.exe |
GTFOBins Docker
GTFOBins. (n.d.). docker. Retrieved February 15, 2024.
Internal MISP references
UUID c4fa5825-85f9-5ab1-a59d-a86b20ef0570 which can be used as unique global reference for GTFOBins Docker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-15T00:00:00Z |
| source | MITRE |
| title | docker |
Docker Daemon CLI
Docker. (n.d.). DockerD CLI. Retrieved March 29, 2021.
Internal MISP references
UUID ea86eae4-6ad4-4d79-9dd3-dd965a7feb5c which can be used as unique global reference for Docker Daemon CLI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | DockerD CLI |
Docker API
Docker. (n.d.). Docker Engine API v1.41 Reference. Retrieved March 31, 2021.
Internal MISP references
UUID b8ec1e37-7286-40e8-9577-ff9c54801086 which can be used as unique global reference for Docker API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-31T00:00:00Z |
| source | MITRE |
| title | Docker Engine API v1.41 Reference |
Docker Build Image
Docker. ( null). Docker Engine API v1.41 Reference - Build an Image. Retrieved March 30, 2021.
Internal MISP references
UUID ee708b64-57f3-4b47-af05-1e26b698c21f which can be used as unique global reference for Docker Build Image in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | Docker Engine API v1.41 Reference - Build an Image |
Docker Containers API
Docker. (n.d.). Docker Engine API v1.41 Reference - Container. Retrieved March 29, 2021.
Internal MISP references
UUID 2351cb32-23d6-4557-9c52-e6e228402bab which can be used as unique global reference for Docker Containers API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Docker Engine API v1.41 Reference - Container |
Docker Exec
Docker. (n.d.). Docker Exec. Retrieved March 29, 2021.
Internal MISP references
UUID 5f1ace27-6584-4585-98de-52cb71d419c1 which can be used as unique global reference for Docker Exec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Docker Exec |
Docker Images
Docker. (n.d.). Docker Images. Retrieved April 6, 2021.
Internal MISP references
UUID 9b4d1e80-61e9-4557-a562-5eda66d0bbf7 which can be used as unique global reference for Docker Images in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-06T00:00:00Z |
| source | MITRE |
| title | Docker Images |
Docker Overview
Docker. (n.d.). Docker Overview. Retrieved March 30, 2021.
Internal MISP references
UUID 52954bb1-16b0-4717-a72c-8a6dec97610b which can be used as unique global reference for Docker Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | Docker Overview |
Docker Entrypoint
Docker. (n.d.). Docker run reference. Retrieved March 29, 2021.
Internal MISP references
UUID c80ad3fd-d7fc-4a7a-8565-da3feaa4a915 which can be used as unique global reference for Docker Entrypoint in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Docker run reference |
TechNet Server Operator Scheduled Task
Microsoft. (2012, November 15). Domain controller: Allow server operators to schedule tasks. Retrieved December 18, 2017.
Internal MISP references
UUID a9497afa-42c8-499e-a6b6-4231b1c22f6e which can be used as unique global reference for TechNet Server Operator Scheduled Task in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2012-11-15T00:00:00Z |
| source | MITRE |
| title | Domain controller: Allow server operators to schedule tasks |
Cisco Umbrella DGA
Scarfo, A. (2016, October 10). Domain Generation Algorithms – Why so effective?. Retrieved February 18, 2019.
Internal MISP references
UUID 5dbe2bcb-40b9-4ff8-a37a-0893a7a6cb58 which can be used as unique global reference for Cisco Umbrella DGA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2016-10-10T00:00:00Z |
| source | MITRE |
| title | Domain Generation Algorithms – Why so effective? |
Microsoft GetAllTrustRelationships
Microsoft. (n.d.). Domain.GetAllTrustRelationships Method. Retrieved February 14, 2019.
Internal MISP references
UUID 571086ce-42d3-4416-9521-315f694647a6 which can be used as unique global reference for Microsoft GetAllTrustRelationships in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-14T00:00:00Z |
| source | MITRE |
| title | Domain.GetAllTrustRelationships Method |
ICANNDomainNameHijacking
ICANN Security and Stability Advisory Committee. (2005, July 12). Domain Name Hijacking: Incidents, Threats, Risks and Remediation. Retrieved November 17, 2024.
Internal MISP references
UUID 96c5ec6c-d53d-49c3-bca1-0b6abe0080e6 which can be used as unique global reference for ICANNDomainNameHijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2005-07-12T00:00:00Z |
| source | MITRE |
| title | Domain Name Hijacking: Incidents, Threats, Risks and Remediation |
Palo Alto Unit 42 Domain Shadowing 2022
Janos Szurdi, Rebekah Houser and Daiping Liu. (2022, September 21). Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime. Retrieved March 7, 2023.
Internal MISP references
UUID ec460017-fd25-5975-b697-c8c11fee960d which can be used as unique global reference for Palo Alto Unit 42 Domain Shadowing 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-09-21T00:00:00Z |
| source | MITRE |
| title | Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime |
ASERT Donot March 2018
Schwarz, D., Sopko J. (2018, March 08). Donot Team Leverages New Modular Malware Framework in South Asia. Retrieved June 11, 2018.
Internal MISP references
UUID a1b987cc-7789-411c-9673-3cf6357b207c which can be used as unique global reference for ASERT Donot March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-11T00:00:00Z |
| date_published | 2018-03-08T00:00:00Z |
| source | MITRE |
| title | Donot Team Leverages New Modular Malware Framework in South Asia |
Sophos News August 13 2024
Paul Jacobs. (2024, August 13). Don't get Mad, get wise. Retrieved August 26, 2024.
Internal MISP references
UUID 3e1ae9e8-2547-4b37-bce4-9f3eda66b445 which can be used as unique global reference for Sophos News August 13 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-26T00:00:00Z |
| date_published | 2024-08-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Don't get Mad, get wise |
Mandiant URL Obfuscation 2023
Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved August 4, 2023.
Internal MISP references
UUID b63f5934-2ace-5326-89be-7a850469a563 which can be used as unique global reference for Mandiant URL Obfuscation 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| date_published | 2023-05-22T00:00:00Z |
| source | MITRE |
| title | Don't @ Me: URL Obfuscation Through Schema Abuse |
mandiant-masking
Simonian, Nick. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved January 17, 2024.
Internal MISP references
UUID d5ed4c98-6d37-5000-bba0-9aada295a50c which can be used as unique global reference for mandiant-masking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-17T00:00:00Z |
| date_published | 2023-05-22T00:00:00Z |
| source | MITRE |
| title | Don't @ Me: URL Obfuscation Through Schema Abuse |
Schema-abuse
Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved February 13, 2024.
Internal MISP references
UUID 75b860d9-a48d-57de-ba1e-b0db970abb1b which can be used as unique global reference for Schema-abuse in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-13T00:00:00Z |
| date_published | 2023-05-22T00:00:00Z |
| source | MITRE |
| title | Don't @ Me: URL Obfuscation Through Schema Abuse |
Donut Github
TheWover. (2019, May 9). donut. Retrieved March 25, 2022.
Internal MISP references
UUID 5f28c41f-6903-4779-93d4-3de99e031b70 which can be used as unique global reference for Donut Github in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2019-05-09T00:00:00Z |
| source | MITRE |
| title | donut |
Introducing Donut
The Wover. (2019, May 9). Donut - Injecting .NET Assemblies as Shellcode. Retrieved October 4, 2021.
Internal MISP references
UUID 8fd099c6-e002-44d0-8b7f-65f290a42c07 which can be used as unique global reference for Introducing Donut in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2019-05-09T00:00:00Z |
| source | MITRE |
| title | Donut - Injecting .NET Assemblies as Shellcode |
Dotnet.exe - LOLBAS Project
LOLBAS. (2019, November 12). Dotnet.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 8abe21ad-88d1-4a5c-b79e-8216b4b06862 which can be used as unique global reference for Dotnet.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-11-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dotnet.exe |
cyberproof-double-bounce
Itkin, Liora. (2022, September 1). Double-bounced attacks with email spoofing . Retrieved February 24, 2023.
Internal MISP references
UUID 4406d688-c392-5244-b438-6995f38dfc61 which can be used as unique global reference for cyberproof-double-bounce in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-24T00:00:00Z |
| date_published | 2022-09-01T00:00:00Z |
| source | MITRE |
| title | Double-bounced attacks with email spoofing |
FireEye APT41 Aug 2019
Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.
Internal MISP references
UUID 20f8e252-0a95-4ebd-857c-d05b0cde0904 which can be used as unique global reference for FireEye APT41 Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-23T00:00:00Z |
| date_published | 2019-08-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Double DragonAPT41, a dual espionage and cyber crime operation APT41 |
FireEye APT41 2019
FireEye. (2019). Double DragonAPT41, a dual espionage andcyber crime operationAPT41. Retrieved September 23, 2019.
Internal MISP references
UUID daa31f35-15a6-413b-9319-80d6921d1598 which can be used as unique global reference for FireEye APT41 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-23T00:00:00Z |
| date_published | 2019-01-01T00:00:00Z |
| source | MITRE |
| title | Double DragonAPT41, a dual espionage andcyber crime operationAPT41 |
Malwarebytes IssacWiper CaddyWiper March 2022
Threat Intelligence Team. (2022, March 18). Double header: IsaacWiper and CaddyWiper . Retrieved April 11, 2022.
Internal MISP references
UUID 931aed95-a629-4f94-8762-aad580f5d3e2 which can be used as unique global reference for Malwarebytes IssacWiper CaddyWiper March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-11T00:00:00Z |
| date_published | 2022-03-18T00:00:00Z |
| source | MITRE |
| title | Double header: IsaacWiper and CaddyWiper |
Crowdstrike-leaks
Crowdstrike. (2020, September 24). Double Trouble: Ransomware with Data Leak Extortion, Part 1. Retrieved December 6, 2023.
Internal MISP references
UUID a91c3252-94b8-52a8-bb0d-cadac6afa161 which can be used as unique global reference for Crowdstrike-leaks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-06T00:00:00Z |
| date_published | 2020-09-24T00:00:00Z |
| source | MITRE |
| title | Double Trouble: Ransomware with Data Leak Extortion, Part 1 |
tlseminar_downgrade_att
Team Cinnamon. (2017, February 3). Downgrade Attacks. Retrieved December 9, 2021.
Internal MISP references
UUID 8b5d46bf-fb4e-4ecd-b8a9-9c084c1864a3 which can be used as unique global reference for tlseminar_downgrade_att in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-09T00:00:00Z |
| date_published | 2017-02-03T00:00:00Z |
| source | MITRE |
| title | Downgrade Attacks |
LogRhythm Do You Trust Oct 2014
Foss, G. (2014, October 3). Do You Trust Your Computer?. Retrieved December 17, 2018.
Internal MISP references
UUID 88a84f9a-e077-4fdd-9936-30fc7b290476 which can be used as unique global reference for LogRhythm Do You Trust Oct 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-17T00:00:00Z |
| date_published | 2014-10-03T00:00:00Z |
| source | MITRE |
| title | Do You Trust Your Computer? |
VNC Vulnerabilities
Sergiu Gatlan. (2019, November 22). Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions. Retrieved September 20, 2021.
Internal MISP references
UUID 3ec5440a-cb3b-4aa9-8e0e-0f92525ef51c which can be used as unique global reference for VNC Vulnerabilities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2019-11-22T00:00:00Z |
| source | MITRE |
| title | Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions |
Accenture Dragonfish Jan 2018
Accenture Security. (2018, January 27). DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES. Retrieved November 17, 2024.
Internal MISP references
UUID f692c6fa-7b3a-4d1d-9002-b1a59f7116f4 which can be used as unique global reference for Accenture Dragonfish Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2018-01-27T00:00:00Z |
| source | MITRE |
| title | DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES |
Symantec Dragonfly
Symantec Security Response. (2014, June 30). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.
Internal MISP references
UUID 9514c5cd-2ed6-4dbf-aa9e-1c425e969226 which can be used as unique global reference for Symantec Dragonfly in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-08T00:00:00Z |
| date_published | 2014-06-30T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Dragonfly: Cyberespionage Attacks Against Energy Suppliers |
Symantec Dragonfly 2.0 October 2017
Symantec. (2017, October 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved April 19, 2022.
Internal MISP references
UUID a0439d4a-a3ea-4be5-9a01-f223ca259681 which can be used as unique global reference for Symantec Dragonfly 2.0 October 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-19T00:00:00Z |
| date_published | 2017-10-07T00:00:00Z |
| source | MITRE |
| title | Dragonfly: Western energy sector targeted by sophisticated attack group |
Symantec Dragonfly Sept 2017
Symantec Security Response. (2014, July 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 9, 2017.
Internal MISP references
UUID 11bbeafc-ed5d-4d2b-9795-a0a9544fb64e which can be used as unique global reference for Symantec Dragonfly Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-09T00:00:00Z |
| date_published | 2014-07-07T00:00:00Z |
| source | MITRE |
| title | Dragonfly: Western energy sector targeted by sophisticated attack group |
Sophos DragonForce Attack May 27 2025
Anthony Bradshaw, Hunter Neal, Morgan Demboski, Sean Gallagher. (2025, May 27). DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers. Retrieved June 2, 2025.
Internal MISP references
UUID edb4359f-f12a-4ab1-9116-9c4b3220120d which can be used as unique global reference for Sophos DragonForce Attack May 27 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-02T00:00:00Z |
| date_published | 2025-05-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers |
Cisco Talos Blog September 10 2024
Joey Chen. (2024, September 10). DragonRank, a Chinese-speaking SEO manipulator service provider. Retrieved September 11, 2024.
Internal MISP references
UUID c8ea888b-c87c-49eb-a1be-3a269292c414 which can be used as unique global reference for Cisco Talos Blog September 10 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-11T00:00:00Z |
| date_published | 2024-09-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DragonRank, a Chinese-speaking SEO manipulator service provider |
Kaspersky Dridex May 2017
Slepogin, N. (2017, May 25). Dridex: A History of Evolution. Retrieved May 31, 2019.
Internal MISP references
UUID 52c48bc3-2b53-4214-85c3-7e5dd036c969 which can be used as unique global reference for Kaspersky Dridex May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-31T00:00:00Z |
| date_published | 2017-05-25T00:00:00Z |
| source | MITRE |
| title | Dridex: A History of Evolution |
Dell Dridex Oct 2015
Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, October 13). Dridex (Bugat v5) Botnet Takeover Operation. Retrieved May 31, 2019.
Internal MISP references
UUID f81ce947-d875-4631-9709-b54c8b5d25bc which can be used as unique global reference for Dell Dridex Oct 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-31T00:00:00Z |
| date_published | 2015-10-13T00:00:00Z |
| source | MITRE |
| title | Dridex (Bugat v5) Botnet Takeover Operation |
Red Canary Dridex Threat Report 2021
Red Canary. (2021, February 9). Dridex - Red Canary Threat Detection Report. Retrieved August 3, 2023.
Internal MISP references
UUID 3be25132-6655-5fa9-92cb-772d02f49d2b which can be used as unique global reference for Red Canary Dridex Threat Report 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-03T00:00:00Z |
| date_published | 2021-02-09T00:00:00Z |
| source | MITRE |
| title | Dridex - Red Canary Threat Detection Report |
volexity_0day_sophos_FW
Adair, S., Lancaster, T., Volexity Threat Research. (2022, June 15). DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach. Retrieved July 1, 2022.
Internal MISP references
UUID 85bee18e-216d-4ea6-b34e-b071e3f63382 which can be used as unique global reference for volexity_0day_sophos_FW in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-01T00:00:00Z |
| date_published | 2022-06-15T00:00:00Z |
| source | MITRE |
| title | DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach |
Google Drive Log Events
Google. (n.d.). Drive log events. Retrieved March 4, 2024.
Internal MISP references
UUID f546898e-3639-58f4-85a2-6268dfaab207 which can be used as unique global reference for Google Drive Log Events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-04T00:00:00Z |
| source | MITRE |
| title | Drive log events |
Microsoft Driverquery
Microsoft. (n.d.). driverquery. Retrieved March 28, 2023.
Internal MISP references
UUID 7302dc00-a75a-5787-a04c-88ef4922ac09 which can be used as unique global reference for Microsoft Driverquery in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| source | MITRE |
| title | driverquery |
Dropbox Malware Sync
David Talbot. (2013, August 21). Dropbox and Similar Services Can Sync Malware. Retrieved May 31, 2023.
Internal MISP references
UUID 06ca63fa-8c6c-501c-96d3-5e7e45ca1e04 which can be used as unique global reference for Dropbox Malware Sync in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-31T00:00:00Z |
| date_published | 2013-08-21T00:00:00Z |
| source | MITRE |
| title | Dropbox and Similar Services Can Sync Malware |
Cyberreason Anchor December 2019
Dahan, A. et al. (2019, December 11). DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE. Retrieved September 10, 2020.
Internal MISP references
UUID a8dc5598-9963-4a1d-a473-bee8d2c72c57 which can be used as unique global reference for Cyberreason Anchor December 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-10T00:00:00Z |
| date_published | 2019-12-11T00:00:00Z |
| source | MITRE |
| title | DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE |
Samba DRSUAPI
SambaWiki. (n.d.). DRSUAPI. Retrieved December 4, 2017.
Internal MISP references
UUID 79e8f598-9962-4124-b884-eb10f86885af which can be used as unique global reference for Samba DRSUAPI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| source | MITRE |
| title | DRSUAPI |
dsdbutil.exe - LOLBAS Project
LOLBAS. (2023, May 31). dsdbutil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID fc982faf-a37d-4d0b-949c-f7a27adc3030 which can be used as unique global reference for dsdbutil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-05-31T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | dsdbutil.exe |
TechNet Dsquery
Microsoft. (n.d.). Dsquery. Retrieved April 18, 2016.
Internal MISP references
UUID bbbb4a45-2963-4f04-901a-fb2752800e12 which can be used as unique global reference for TechNet Dsquery in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-18T00:00:00Z |
| source | MITRE |
| title | Dsquery |
CyberBit Dtrack
Hod Gavriel. (2019, November 21). Dtrack: In-depth analysis of APT on a nuclear power plant. Retrieved January 20, 2021.
Internal MISP references
UUID 1ac944f4-868c-4312-8b5d-1580fd6542a0 which can be used as unique global reference for CyberBit Dtrack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-20T00:00:00Z |
| date_published | 2019-11-21T00:00:00Z |
| source | MITRE |
| title | Dtrack: In-depth analysis of APT on a nuclear power plant |
Kaspersky Dtrack
Kaspersky Global Research and Analysis Team. (2019, September 23). DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers. Retrieved January 20, 2021.
Internal MISP references
UUID 0122ee35-938d-493f-a3bb-bc75fc808f62 which can be used as unique global reference for Kaspersky Dtrack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-20T00:00:00Z |
| date_published | 2019-09-23T00:00:00Z |
| source | MITRE |
| title | DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers |
dtutil.exe - LOLBAS Project
LOLBAS. (2024, June 17). dtutil.exe. Retrieved May 19, 2025.
Internal MISP references
UUID dc76db65-5a5a-43ab-8e84-6cd38a4524a7 which can be used as unique global reference for dtutil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-19T00:00:00Z |
| date_published | 2024-06-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | dtutil.exe |
Crowdstrike Qakbot October 2020
CS. (2020, October 7). Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2. Retrieved September 27, 2021.
Internal MISP references
UUID 636a9b94-8260-45cc-bd74-a764cd8f50b0 which can be used as unique global reference for Crowdstrike Qakbot October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| date_published | 2020-10-07T00:00:00Z |
| source | MITRE |
| title | Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2 |
Dump64.exe - LOLBAS Project
LOLBAS. (2021, November 16). Dump64.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b0186447-a6d5-40d7-a11d-ab2e9fb93087 which can be used as unique global reference for Dump64.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-11-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dump64.exe |
dump_pwd_dcsync
Metcalf, S. (2015, November 22). Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync. Retrieved November 15, 2021.
Internal MISP references
UUID bd1d7e75-feee-47fd-abfb-7e3dfc648a72 which can be used as unique global reference for dump_pwd_dcsync in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-15T00:00:00Z |
| date_published | 2015-11-22T00:00:00Z |
| source | MITRE |
| title | Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync |
ired mscache
Mantvydas Baranauskas. (2019, November 16). Dumping and Cracking mscash - Cached Domain Credentials. Retrieved February 21, 2020.
Internal MISP references
UUID 5b643e7d-1ace-4517-88c2-96115cac1209 which can be used as unique global reference for ired mscache in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2019-11-16T00:00:00Z |
| source | MITRE |
| title | Dumping and Cracking mscash - Cached Domain Credentials |
ired Dumping LSA Secrets
Mantvydas Baranauskas. (2019, November 16). Dumping LSA Secrets. Retrieved February 21, 2020.
Internal MISP references
UUID cf883397-11e9-4f94-977a-bbe46e3107f5 which can be used as unique global reference for ired Dumping LSA Secrets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2019-11-16T00:00:00Z |
| source | MITRE |
| title | Dumping LSA Secrets |
DumpMinitool.exe - LOLBAS Project
LOLBAS. (2022, January 20). DumpMinitool.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4634e025-c005-46fe-b97c-5d7dda455ba0 which can be used as unique global reference for DumpMinitool.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DumpMinitool.exe |
DuplicateToken function
Microsoft. (2021, October 12). DuplicateToken function (securitybaseapi.h). Retrieved January 8, 2024.
Internal MISP references
UUID fbf31bc2-7883-56fa-975f-d083288464dc which can be used as unique global reference for DuplicateToken function in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-08T00:00:00Z |
| date_published | 2021-10-12T00:00:00Z |
| source | MITRE |
| title | DuplicateToken function (securitybaseapi.h) |
Wikipedia Duqu
Wikipedia. (2017, December 29). Duqu. Retrieved April 10, 2018.
Internal MISP references
UUID 5cf0101e-c036-4c1c-b322-48f04e2aef0b which can be used as unique global reference for Wikipedia Duqu in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-10T00:00:00Z |
| date_published | 2017-12-29T00:00:00Z |
| source | MITRE |
| title | Duqu |
The Record Laundry Bear May 27 2025
Alexander Martin. (2025, May 27). Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear'. Retrieved June 2, 2025.
Internal MISP references
UUID 2136e140-13fc-4b3e-b2e8-9f3ff87caa2a which can be used as unique global reference for The Record Laundry Bear May 27 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-06-02T00:00:00Z |
| date_published | 2025-05-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear' |
Dxcap.exe - LOLBAS Project
LOLBAS. (2018, May 25). Dxcap.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7611eb7a-46b7-4c76-9728-67c1fbf20e17 which can be used as unique global reference for Dxcap.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dxcap.exe |
TheEvilBit DYLD_INSERT_LIBRARIES
Fitzl, C. (2019, July 9). DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX. Retrieved March 26, 2020.
Internal MISP references
UUID bd27026c-81eb-480e-b092-f861472ac775 which can be used as unique global reference for TheEvilBit DYLD_INSERT_LIBRARIES in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-26T00:00:00Z |
| date_published | 2019-07-09T00:00:00Z |
| source | MITRE |
| title | DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX |
Wardle Dylib Hijacking OSX 2015
Patrick Wardle. (2015, March 1). Dylib Hijacking on OS X. Retrieved March 29, 2021.
Internal MISP references
UUID c78d8c94-4fe3-4aa9-b879-f0b0e9d2714b which can be used as unique global reference for Wardle Dylib Hijacking OSX 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| date_published | 2015-03-01T00:00:00Z |
| source | MITRE |
| title | Dylib Hijacking on OS X |
Dragos DYMALLOY
Dragos. (n.d.). DYMALLOY. Retrieved August 20, 2020.
Internal MISP references
UUID d2785c6e-e0d1-4e90-a2d5-2c302176d5d3 which can be used as unique global reference for Dragos DYMALLOY in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-20T00:00:00Z |
| source | MITRE |
| title | DYMALLOY |
MWRInfoSecurity Dynamic Hooking 2015
Hillman, M. (2015, August 8). Dynamic Hooking Techniques: User Mode. Retrieved December 20, 2017.
Internal MISP references
UUID 3cb6d0b1-4d6b-4f2d-bd7d-e4b2dcde081d which can be used as unique global reference for MWRInfoSecurity Dynamic Hooking 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2015-08-08T00:00:00Z |
| source | MITRE |
| title | Dynamic Hooking Techniques: User Mode |
rfc2131
Droms, R. (1997, March). Dynamic Host Configuration Protocol. Retrieved March 9, 2022.
Internal MISP references
UUID b16bd2d5-162b-44cb-a812-7becd6684021 which can be used as unique global reference for rfc2131 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-09T00:00:00Z |
| date_published | 1997-03-01T00:00:00Z |
| source | MITRE |
| title | Dynamic Host Configuration Protocol |
rfc3315
J. Bound, et al. (2003, July). Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Retrieved June 27, 2022.
Internal MISP references
UUID 9349f864-79e9-4481-ad77-44099621795a which can be used as unique global reference for rfc3315 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-27T00:00:00Z |
| date_published | 2003-07-01T00:00:00Z |
| source | MITRE |
| title | Dynamic Host Configuration Protocol for IPv6 (DHCPv6) |
Microsoft redirection
Microsoft. (2023, October 12). Dynamic-link library redirection. Retrieved January 30, 2025.
Internal MISP references
UUID 89063089-c96a-5816-b64b-bd56c8950e4b which can be used as unique global reference for Microsoft redirection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-30T00:00:00Z |
| date_published | 2023-10-12T00:00:00Z |
| source | MITRE |
| title | Dynamic-link library redirection |
Microsoft DLL Redirection
Microsoft. (n.d.). Dynamic-Link Library Redirection. Retrieved December 5, 2014.
Internal MISP references
UUID ac60bb28-cb14-4ff9-bc05-df48273a28a9 which can be used as unique global reference for Microsoft DLL Redirection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Redirection |
Microsoft Dynamic-Link Library Redirection
Microsoft. (2018, May 31). Dynamic-Link Library Redirection. Retrieved March 13, 2020.
Internal MISP references
UUID 72458590-ee1b-4447-adb8-ca4f486d1db5 which can be used as unique global reference for Microsoft Dynamic-Link Library Redirection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Redirection |
Microsoft Dynamic Link Library Search Order
Microsoft. (2018, May 31). Dynamic-Link Library Search Order. Retrieved November 30, 2014.
Internal MISP references
UUID 7b1f945b-2547-4bc6-98bf-30248bdf3587 which can be used as unique global reference for Microsoft Dynamic Link Library Search Order in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-30T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Search Order |
Microsoft DLL Search
Microsoft. (n.d.). Dynamic-Link Library Search Order. Retrieved November 30, 2014.
Internal MISP references
UUID c157444d-bf2b-4806-b069-519122b7a459 which can be used as unique global reference for Microsoft DLL Search in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-30T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Search Order |
Microsoft Dynamic-Link Library Security
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.
Internal MISP references
UUID e087442a-0a53-4cc8-9fd6-772cbd0295d5 which can be used as unique global reference for Microsoft Dynamic-Link Library Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-25T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Security |
MSDN DLL Security
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.
Internal MISP references
UUID 5d1d1916-cef4-49d1-b8e2-a6d18fb297f6 which can be used as unique global reference for MSDN DLL Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-25T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Security |
Microsoft DLL Security
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved November 27, 2017.
Internal MISP references
UUID 584490c7-b155-4f62-b68d-a5a2a1799e60 which can be used as unique global reference for Microsoft DLL Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Security |
Symantec Dyre June 2015
Symantec Security Response. (2015, June 23). Dyre: Emerging threat on financial fraud landscape. Retrieved August 23, 2018.
Internal MISP references
UUID a9780bb0-302f-44c2-8252-b53d94da24e6 which can be used as unique global reference for Symantec Dyre June 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-23T00:00:00Z |
| date_published | 2015-06-23T00:00:00Z |
| source | MITRE |
| title | Dyre: Emerging threat on financial fraud landscape |
EA Hacked via Slack - June 2021
Anthony Spadafora. (2021, June 11). EA hack reportedly used stolen cookies and Slack to target gaming giant. Retrieved May 31, 2022.
Internal MISP references
UUID 3362e1df-cfb9-4281-a0a1-9a3710d76945 which can be used as unique global reference for EA Hacked via Slack - June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-31T00:00:00Z |
| date_published | 2021-06-11T00:00:00Z |
| source | MITRE |
| title | EA hack reportedly used stolen cookies and Slack to target gaming giant |
CrowdStrike StellarParticle January 2022
CrowdStrike. (2022, January 27). Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign. Retrieved February 7, 2022.
Internal MISP references
UUID 149c1446-d6a1-4a63-9420-def9272d6cb9 which can be used as unique global reference for CrowdStrike StellarParticle January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-07T00:00:00Z |
| date_published | 2022-01-27T00:00:00Z |
| source | MITRE |
| title | Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign |
Trend Micro Earth Estries August 30 2023
Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, Gilbert Sison. (2023, August 30). Earth Estries Targets Government, Tech for Cyberespionage. Retrieved November 13, 2024.
Internal MISP references
UUID d3b71f80-4dd5-43d6-9522-9d8a83469109 which can be used as unique global reference for Trend Micro Earth Estries August 30 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-13T00:00:00Z |
| date_published | 2023-08-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Earth Estries Targets Government, Tech for Cyberespionage |
Trend Micro September 9 2024
Lenart Bermejo; Sunny Lu; Ted Lee Read time. (2024, September 9). Earth Preta Evolves its Attacks with New Malware and Strategies. Retrieved September 10, 2024.
Internal MISP references
UUID 0fdc9ee2-5be2-43e0-afb9-c9a94fde3867 which can be used as unique global reference for Trend Micro September 9 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-10T00:00:00Z |
| date_published | 2024-09-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Earth Preta Evolves its Attacks with New Malware and Strategies |
Trend Micro Earth Simnavaz October 2024
Fahmy, M. et al. (2024, October 11). Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East. Retrieved November 27, 2024.
Internal MISP references
UUID aff9097b-43ea-50aa-88ed-62b98f2d58ce which can be used as unique global reference for Trend Micro Earth Simnavaz October 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-27T00:00:00Z |
| date_published | 2024-10-11T00:00:00Z |
| source | MITRE |
| title | Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East |
Trend Micro Muddy Water March 2021
Peretz, A. and Theck, E. (2021, March 5). Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East. Retrieved March 18, 2021.
Internal MISP references
UUID 16b4b834-2f44-4bac-b810-f92080c41f09 which can be used as unique global reference for Trend Micro Muddy Water March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-18T00:00:00Z |
| date_published | 2021-03-05T00:00:00Z |
| source | MITRE |
| title | Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East |
Earthworm English Project Page
rootkiter. (2019, March 9). Earthworm. Retrieved July 7, 2023.
Internal MISP references
UUID 88170ef5-03ac-42f2-9b03-2ce204b5d45c which can be used as unique global reference for Earthworm English Project Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-07T00:00:00Z |
| date_published | 2019-03-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Earthworm |
ESET Ebury May 2024
Marc-Etienne M.Léveillé. (2024, May 1). Ebury is alive but unseen. Retrieved May 21, 2024.
Internal MISP references
UUID 7df9b7ed-ecac-5432-9fc2-8961fc315415 which can be used as unique global reference for ESET Ebury May 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-21T00:00:00Z |
| date_published | 2024-05-01T00:00:00Z |
| source | MITRE |
| title | Ebury is alive but unseen |
Wikimedia Foundation Inc. June 25 2004
Wikimedia Foundation Inc.. (2004, June 25). echo (command) - Wikipedia. Retrieved December 19, 2024.
Internal MISP references
UUID 0291041b-70ba-460c-8a59-4c0799604f46 which can be used as unique global reference for Wikimedia Foundation Inc. June 25 2004 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2004-06-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | echo (command) - Wikipedia |
SEC EDGAR Search
U.S. SEC. (n.d.). EDGAR - Search and Access. Retrieved November 17, 2024.
Internal MISP references
UUID 97958143-80c5-41f6-9fa6-4748e90e9f12 which can be used as unique global reference for SEC EDGAR Search in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| source | MITRE |
| title | EDGAR - Search and Access |
Intrinsec Egregor Nov 2020
Bichet, J. (2020, November 12). Egregor – Prolock: Fraternal Twins ?. Retrieved January 6, 2021.
Internal MISP references
UUID e55604da-b419-411a-85cf-073f2d78e0c1 which can be used as unique global reference for Intrinsec Egregor Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2020-11-12T00:00:00Z |
| source | MITRE |
| title | Egregor – Prolock: Fraternal Twins ? |
Cybereason Egregor Nov 2020
Rochberger, L. (2020, November 26). Cybereason vs. Egregor Ransomware. Retrieved December 30, 2020.
Internal MISP references
UUID c36b38d4-cfa2-4f1e-a410-6d629a24be62 which can be used as unique global reference for Cybereason Egregor Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-30T00:00:00Z |
| source | MITRE |
| title | Egregor Ransomware |
Cyble Egregor Oct 2020
Cybleinc. (2020, October 31). Egregor Ransomware – A Deep Dive Into Its Activities and Techniques. Retrieved December 29, 2020.
Internal MISP references
UUID 545a131d-88fc-4b34-923c-0b759b45fc7f which can be used as unique global reference for Cyble Egregor Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-29T00:00:00Z |
| date_published | 2020-10-31T00:00:00Z |
| source | MITRE |
| title | Egregor Ransomware – A Deep Dive Into Its Activities and Techniques |
NHS Digital Egregor Nov 2020
NHS Digital. (2020, November 26). Egregor Ransomware The RaaS successor to Maze. Retrieved December 29, 2020.
Internal MISP references
UUID 92f74037-2a20-4667-820d-2ccc0e4dbd3d which can be used as unique global reference for NHS Digital Egregor Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-29T00:00:00Z |
| date_published | 2020-11-26T00:00:00Z |
| source | MITRE |
| title | Egregor Ransomware The RaaS successor to Maze |
Security Boulevard Egregor Oct 2020
Meskauskas, T.. (2020, October 29). Egregor: Sekhmet’s Cousin. Retrieved January 6, 2021.
Internal MISP references
UUID cd37a000-9e15-45a3-a7c9-bb508c10e55d which can be used as unique global reference for Security Boulevard Egregor Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2020-10-29T00:00:00Z |
| source | MITRE |
| title | Egregor: Sekhmet’s Cousin |
U.S. CISA Trends June 30 2020
Cybersecurity and Infrastructure Security Agency. (2020, June 30). EINSTEIN Data Trends – 30-day Lookback. Retrieved October 25, 2023.
Internal MISP references
UUID b97e9a02-4cc5-4845-8058-0be4c566cd7c which can be used as unique global reference for U.S. CISA Trends June 30 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| date_published | 2020-06-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | EINSTEIN Data Trends – 30-day Lookback |
Dragos EKANS
Dragos. (2020, February 3). EKANS Ransomware and ICS Operations. Retrieved February 9, 2021.
Internal MISP references
UUID c8a018c5-caa3-4af1-b210-b65bbf94c8b2 which can be used as unique global reference for Dragos EKANS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-09T00:00:00Z |
| date_published | 2020-02-03T00:00:00Z |
| source | MITRE |
| title | EKANS Ransomware and ICS Operations |
Dark Reading July 9 2024
Nathan Eddy; Contributing Writer. (2024, July 9). Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi. Retrieved July 15, 2024.
Internal MISP references
UUID cec05996-84a1-4c07-86eb-d72f8c6d9362 which can be used as unique global reference for Dark Reading July 9 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-15T00:00:00Z |
| date_published | 2024-07-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi |
Group-IB July 3 2024
Nikolay Kichatov Cyber Intelligence Analyst; Group-IB. (2024, July 3). Eldorado Ransomware The New Golden Empire of Cybercrime . Retrieved July 15, 2024.
Internal MISP references
UUID 50148a85-314c-4b29-bdfc-913ab647dadf which can be used as unique global reference for Group-IB July 3 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-15T00:00:00Z |
| date_published | 2024-07-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Eldorado Ransomware The New Golden Empire of Cybercrime |
EldoS RawDisk ITpro
Edwards, M. (2007, March 14). EldoS Provides Raw Disk Access for Vista and XP. Retrieved March 26, 2019.
Internal MISP references
UUID a6cf3d1d-2310-42bb-9324-495b4e94d329 which can be used as unique global reference for EldoS RawDisk ITpro in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-26T00:00:00Z |
| date_published | 2007-03-14T00:00:00Z |
| source | MITRE |
| title | EldoS Provides Raw Disk Access for Vista and XP |
Microsoft Targeting Elections September 2020
Burt, T. (2020, September 10). New cyberattacks targeting U.S. elections. Retrieved March 24, 2021.
Internal MISP references
UUID 1d7070fd-01be-4776-bb21-13368a6173b1 which can be used as unique global reference for Microsoft Targeting Elections September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | elections |
Secureworks IRON RITUAL USAID Phish May 2021
Secureworks CTU. (2021, May 28). USAID-Themed Phishing Campaign Leverages U.S. Elections Lure. Retrieved February 24, 2022.
Internal MISP references
UUID 0d42c329-5847-4970-9580-2318a566df4e which can be used as unique global reference for Secureworks IRON RITUAL USAID Phish May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-24T00:00:00Z |
| source | MITRE |
| title | Elections Lure |
Electron Security
ElectronJS.org. (n.d.). Retrieved March 7, 2024.
Internal MISP references
UUID e44c8abf-77c1-5e19-93e6-99397d7eaa41 which can be used as unique global reference for Electron Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-07T00:00:00Z |
| source | MITRE |
| title | Electron Security |
Dragos-Sandworm-Ukraine-2022
Dragos, Inc.. (2023, December 11). ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022. Retrieved March 28, 2024.
Internal MISP references
UUID a17aa1b1-cda4-5aeb-b401-f4fd47d29f93 which can be used as unique global reference for Dragos-Sandworm-Ukraine-2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-28T00:00:00Z |
| date_published | 2023-12-11T00:00:00Z |
| source | MITRE |
| title | ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022 |
Dragos ELECTRUM
Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.
Internal MISP references
UUID 494f7056-7a39-4fa0-958d-fb1172d01852 which can be used as unique global reference for Dragos ELECTRUM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | ELECTRUM Threat Profile |
Symantec Elfin Mar 2019
Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.
Internal MISP references
UUID 55671ede-f309-4924-a1b4-3d597517b27e which can be used as unique global reference for Symantec Elfin Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-10T00:00:00Z |
| date_published | 2019-03-27T00:00:00Z |
| source | MITRE |
| title | Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. |
Backtrace VDSO
backtrace. (2016, April 22). ELF SHARED LIBRARY INJECTION FORENSICS. Retrieved November 17, 2024.
Internal MISP references
UUID 1c8fa804-6579-4e68-a0b3-d16e0bee5654 which can be used as unique global reference for Backtrace VDSO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2016-04-22T00:00:00Z |
| source | MITRE |
| title | ELF SHARED LIBRARY INJECTION FORENSICS |
Securelist Machete Aug 2014
Kaspersky Global Research and Analysis Team. (2014, August 20). El Machete. Retrieved September 13, 2019.
Internal MISP references
UUID fc7be240-bd15-4ec4-bc01-f8891d7210d9 which can be used as unique global reference for Securelist Machete Aug 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-13T00:00:00Z |
| date_published | 2014-08-20T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | El Machete |
Cylance Machete Mar 2017
The Cylance Threat Research Team. (2017, March 22). El Machete's Malware Attacks Cut Through LATAM. Retrieved September 13, 2019.
Internal MISP references
UUID 92a9a311-1e0b-4819-9856-2dfc8dbfc08d which can be used as unique global reference for Cylance Machete Mar 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-13T00:00:00Z |
| date_published | 2017-03-22T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | El Machete's Malware Attacks Cut Through LATAM |
Sophos News September 24 2020
Sophos News. (2020, September 24). Email-delivered MoDi RAT attack pastes PowerShell commands. Retrieved May 7, 2023.
Internal MISP references
UUID 8cfa3dc4-a6b4-4204-b1e5-5b325955936d which can be used as unique global reference for Sophos News September 24 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2020-09-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Email-delivered MoDi RAT attack pastes PowerShell commands |
Power Automate Email Exfiltration Controls
Microsoft. (2022, February 15). Email exfiltration controls for connectors. Retrieved May 27, 2022.
Internal MISP references
UUID 79eeaadf-5c1e-4608-84a5-6c903966a7f3 which can be used as unique global reference for Power Automate Email Exfiltration Controls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2022-02-15T00:00:00Z |
| source | MITRE |
| title | Email exfiltration controls for connectors |
HackersArise Email
Hackers Arise. (n.d.). Email Scraping and Maltego. Retrieved October 20, 2020.
Internal MISP references
UUID b6aefd99-fd97-4ca0-b717-f9dc147c9413 which can be used as unique global reference for HackersArise Email in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Email Scraping and Maltego |
Elastic - Koadiac Detection with EQL
Stepanic, D.. (2020, January 13). Embracing offensive tooling: Building detections against Koadic using EQL. Retrieved November 17, 2024.
Internal MISP references
UUID 689b71f4-f8e5-455f-91c2-c599c8650f11 which can be used as unique global reference for Elastic - Koadiac Detection with EQL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2020-01-13T00:00:00Z |
| source | MITRE |
| title | Embracing offensive tooling: Building detections against Koadic using EQL |
Nccgroup Emissary Panda May 2018
Pantazopoulos, N., Henry T. (2018, May 18). Emissary Panda – A potential new malicious tool. Retrieved June 25, 2018.
Internal MISP references
UUID e279c308-fabc-47d3-bdeb-296266c80988 which can be used as unique global reference for Nccgroup Emissary Panda May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-25T00:00:00Z |
| date_published | 2018-05-18T00:00:00Z |
| source | MITRE |
| title | Emissary Panda – A potential new malicious tool |
Unit42 Emissary Panda May 2019
Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.
Internal MISP references
UUID 3a3ec86c-88da-40ab-8e5f-a7d5102c026b which can be used as unique global reference for Unit42 Emissary Panda May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-09T00:00:00Z |
| date_published | 2019-05-28T00:00:00Z |
| source | MITRE |
| title | Emissary Panda Attacks Middle East Government Sharepoint Servers |
Emissary Trojan Feb 2016
Falcone, R. and Miller-Osborn, J. (2016, February 3). Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?. Retrieved February 15, 2016.
Internal MISP references
UUID 580ce22f-b76b-4a92-9fab-26ce8f449ab6 which can be used as unique global reference for Emissary Trojan Feb 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-15T00:00:00Z |
| date_published | 2016-02-03T00:00:00Z |
| source | MITRE |
| title | Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? |
orangecyberdefense.com August 14 2024
orangecyberdefense.com. (2024, August 14). Emmenhtal a little-known loader distributing commodity infostealers worldwide. Retrieved August 25, 2024.
Internal MISP references
UUID 138a6cd4-36f9-41fd-a724-2b600dc6bf85 which can be used as unique global reference for orangecyberdefense.com August 14 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-25T00:00:00Z |
| date_published | 2024-08-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Emmenhtal a little-known loader distributing commodity infostealers worldwide |
Sophos Emotet Apr 2019
Brandt, A.. (2019, May 5). Emotet 101, stage 4: command and control. Retrieved April 16, 2019.
Internal MISP references
UUID 0bd01e6c-6fb5-4bae-9fe9-395de061c1da which can be used as unique global reference for Sophos Emotet Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-05-05T00:00:00Z |
| source | MITRE |
| title | Emotet 101, stage 4: command and control |
Deep Instinct March 10 2023
Deep Instinct. (2023, March 10). Emotet Again! The First Malspam Wave of 2023 | Deep Instinct. Retrieved May 7, 2023.
Internal MISP references
UUID 8016eca2-f702-4081-83ba-06262c29e6c2 which can be used as unique global reference for Deep Instinct March 10 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2023-03-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Emotet Again! The First Malspam Wave of 2023 |
CIS Emotet Apr 2017
CIS. (2017, April 28). Emotet Changes TTPs and Arrives in United States. Retrieved January 17, 2019.
Internal MISP references
UUID 8dc7653f-84ef-4f0a-91f6-9b10ff50b756 which can be used as unique global reference for CIS Emotet Apr 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-17T00:00:00Z |
| date_published | 2017-04-28T00:00:00Z |
| source | MITRE |
| title | Emotet Changes TTPs and Arrives in United States |
Binary Defense Emotes Wi-Fi Spreader
Binary Defense. (n.d.). Emotet Evolves With new Wi-Fi Spreader. Retrieved September 8, 2023.
Internal MISP references
UUID 05e624ee-c53d-5cd1-8fd2-6b2d38344bfd which can be used as unique global reference for Binary Defense Emotes Wi-Fi Spreader in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| source | MITRE |
| title | Emotet Evolves With new Wi-Fi Spreader |
ESET Emotet Nov 2018
ESET . (2018, November 9). Emotet launches major new spam campaign. Retrieved March 25, 2019.
Internal MISP references
UUID e954c9aa-4995-452c-927e-11d0a6e2f442 which can be used as unique global reference for ESET Emotet Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2018-11-09T00:00:00Z |
| source | MITRE |
| title | Emotet launches major new spam campaign |
emotet_hc3_nov2023
Office of Information Security, Health Sector Cybersecurity Coordination Center. (2023, November 16). Emotet Malware: The Enduring and Persistent Threat to the Health Sector. Retrieved June 19, 2024.
Internal MISP references
UUID 36b41ab3-2a3d-5f5f-86ad-bc4cf810b4ba which can be used as unique global reference for emotet_hc3_nov2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-19T00:00:00Z |
| date_published | 2023-11-16T00:00:00Z |
| source | MITRE |
| title | Emotet Malware: The Enduring and Persistent Threat to the Health Sector |
Trend Micro Emotet 2020
Cybercrime & Digital Threat Team. (2020, February 13). Emotet Now Spreads via Wi-Fi. Retrieved February 16, 2022.
Internal MISP references
UUID 150327e6-db4b-4588-8cf2-ee131569150b which can be used as unique global reference for Trend Micro Emotet 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-16T00:00:00Z |
| date_published | 2020-02-13T00:00:00Z |
| source | MITRE |
| title | Emotet Now Spreads via Wi-Fi |
Talos Emotet Jan 2019
Brumaghin, E.. (2019, January 15). Emotet re-emerges after the holidays. Retrieved March 25, 2019.
Internal MISP references
UUID 83180391-89b6-4431-87f4-2703b47cb81b which can be used as unique global reference for Talos Emotet Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2019-01-15T00:00:00Z |
| source | MITRE |
| title | Emotet re-emerges after the holidays |
Cybersécurité - INTRINSEC January 09 2023
Equipe cti. (2023, January 9). Emotet returns and deploys loaders. Retrieved May 7, 2023.
Internal MISP references
UUID 6d39aba3-ae77-4a95-8242-7dacae8c89d8 which can be used as unique global reference for Cybersécurité - INTRINSEC January 09 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2023-01-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Emotet returns and deploys loaders |
emotet_trendmicro_mar2023
Kenefick, I. (2023, March 13). Emotet Returns, Now Adopts Binary Padding for Evasion. Retrieved June 19, 2024.
Internal MISP references
UUID 6f9050d9-e960-50dd-86a9-aee5fd100d9c which can be used as unique global reference for emotet_trendmicro_mar2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-19T00:00:00Z |
| date_published | 2023-03-13T00:00:00Z |
| source | MITRE |
| title | Emotet Returns, Now Adopts Binary Padding for Evasion |
Emotet shutdown
The DFIR Report. (2022, November 8). Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware. Retrieved March 6, 2023.
Internal MISP references
UUID 02e6c7bf-f81c-53a3-b771-fd77d4cdb5a0 which can be used as unique global reference for Emotet shutdown in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-06T00:00:00Z |
| date_published | 2022-11-08T00:00:00Z |
| source | MITRE |
| title | Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware |
Carbon Black Emotet Apr 2019
Lee, S.. (2019, April 24). Emotet Using WMI to Launch PowerShell Encoded Code. Retrieved May 24, 2019.
Internal MISP references
UUID db8fe753-d674-4668-9ee5-c1269085a7a1 which can be used as unique global reference for Carbon Black Emotet Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-24T00:00:00Z |
| date_published | 2019-04-24T00:00:00Z |
| source | MITRE |
| title | Emotet Using WMI to Launch PowerShell Encoded Code |
DanielManea Emotet May 2017
Manea, D.. (2019, May 25). Emotet v4 Analysis. Retrieved April 16, 2019.
Internal MISP references
UUID 578e44f2-9ff5-4bed-8dee-a992711df8ce which can be used as unique global reference for DanielManea Emotet May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-05-25T00:00:00Z |
| source | MITRE |
| title | Emotet v4 Analysis |
Empire Keychain Decrypt
Empire. (2018, March 8). Empire keychaindump_decrypt Module. Retrieved April 14, 2022.
Internal MISP references
UUID 41075230-73a2-4195-b716-379f9e5ae93b which can be used as unique global reference for Empire Keychain Decrypt in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-14T00:00:00Z |
| date_published | 2018-03-08T00:00:00Z |
| source | MITRE |
| title | Empire keychaindump_decrypt Module |
Github EmpireProject CreateHijacker Dylib
Wardle, P., Ross, C. (2018, April 8). EmpireProject Create Dylib Hijacker. Retrieved April 1, 2021.
Internal MISP references
UUID 2908418d-54cf-4245-92c6-63f616b04e91 which can be used as unique global reference for Github EmpireProject CreateHijacker Dylib in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2018-04-08T00:00:00Z |
| source | MITRE |
| title | EmpireProject Create Dylib Hijacker |
Github EmpireProject HijackScanner
Wardle, P., Ross, C. (2017, September 21). Empire Project Dylib Hijack Vulnerability Scanner. Retrieved April 1, 2021.
Internal MISP references
UUID c83e8833-9648-4178-b5be-6fa0af8f737f which can be used as unique global reference for Github EmpireProject HijackScanner in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2017-09-21T00:00:00Z |
| source | MITRE |
| title | Empire Project Dylib Hijack Vulnerability Scanner |
Microsoft ASR Nov 2017
Brower, N. & D'Souza-Wiltshire, I. (2017, November 9). Enable Attack surface reduction. Retrieved February 3, 2018.
Internal MISP references
UUID 1cb445f6-a366-4ae6-a698-53da6c61b4c9 which can be used as unique global reference for Microsoft ASR Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-03T00:00:00Z |
| date_published | 2017-11-09T00:00:00Z |
| source | MITRE |
| title | Enable Attack surface reduction |
Microsoft TESTSIGNING Feb 2021
Microsoft. (2021, February 15). Enable Loading of Test Signed Drivers. Retrieved April 22, 2021.
Internal MISP references
UUID c04153f9-d4c7-4349-9bef-3f883eec0028 which can be used as unique global reference for Microsoft TESTSIGNING Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| date_published | 2021-02-15T00:00:00Z |
| source | MITRE |
| title | Enable Loading of Test Signed Drivers |
Microsoft Disable DCOM
Microsoft. (n.d.). Enable or Disable DCOM. Retrieved November 22, 2017.
Internal MISP references
UUID 1aeac4da-f5fd-4fa3-9cc0-b1a50427c121 which can be used as unique global reference for Microsoft Disable DCOM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | Enable or Disable DCOM |
Microsoft Disable Macros
Microsoft. (n.d.). Enable or disable macros in Office files. Retrieved September 13, 2018.
Internal MISP references
UUID cfe592a1-c06d-4555-a30f-c5d533dfd73e which can be used as unique global reference for Microsoft Disable Macros in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-13T00:00:00Z |
| source | MITRE |
| title | Enable or disable macros in Office files |
Microsoft Remote
Microsoft. (n.d.). Enable the Remote Registry Service. Retrieved May 1, 2015.
Internal MISP references
UUID 331d59e3-ce7f-483c-b77d-001c8a9ae1df which can be used as unique global reference for Microsoft Remote in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-05-01T00:00:00Z |
| source | MITRE |
| title | Enable the Remote Registry Service |
Broadcom ESXi Lockdown Mode
Broadcom. (2025, February 12). Enabling or disabling Lockdown mode on an ESXi host. Retrieved March 27, 2025.
Internal MISP references
UUID b6574aa6-2703-5447-98bf-e76b2f0f82fd which can be used as unique global reference for Broadcom ESXi Lockdown Mode in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| date_published | 2025-02-12T00:00:00Z |
| source | MITRE |
| title | Enabling or disabling Lockdown mode on an ESXi host |
PCMag DoubleExtension
PCMag. (n.d.). Encyclopedia: double extension. Retrieved August 4, 2021.
Internal MISP references
UUID a729519d-8c9f-477c-b992-434076a9d294 which can be used as unique global reference for PCMag DoubleExtension in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-04T00:00:00Z |
| source | MITRE |
| title | Encyclopedia: double extension |
Microsoft Entra ID App Passwords
Microsoft. (2023, October 23). Enforce Microsoft Entra multifactor authentication with legacy applications using app passwords. Retrieved May 28, 2024.
Internal MISP references
UUID 7787289d-f636-5a26-b182-cd1015879007 which can be used as unique global reference for Microsoft Entra ID App Passwords in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-28T00:00:00Z |
| date_published | 2023-10-23T00:00:00Z |
| source | MITRE |
| title | Enforce Microsoft Entra multifactor authentication with legacy applications using app passwords |
FireEye Periscope March 2018
FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018.
Internal MISP references
UUID 8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f which can be used as unique global reference for FireEye Periscope March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| source | MITRE |
| title | Engineering and Maritime Industries |
NCCIC AR-17-20045 February 2017
NCCIC. (2017, February 10). Enhanced Analysis of GRIZZLY STEPPE Activity. Retrieved April 12, 2021.
Internal MISP references
UUID b930e838-649b-42ab-86dc-0443667276de which can be used as unique global reference for NCCIC AR-17-20045 February 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-12T00:00:00Z |
| date_published | 2017-02-10T00:00:00Z |
| source | MITRE |
| title | Enhanced Analysis of GRIZZLY STEPPE Activity |
ESET Sednit Part 1
ESET. (2016, October). En Route with Sednit - Part 1: Approaching the Target. Retrieved November 8, 2016.
Internal MISP references
UUID a2016103-ead7-46b3-bae5-aa97c45a12b7 which can be used as unique global reference for ESET Sednit Part 1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-08T00:00:00Z |
| date_published | 2016-10-01T00:00:00Z |
| source | MITRE |
| title | En Route with Sednit - Part 1: Approaching the Target |
ESET Sednit Part 2
ESET. (2016, October). En Route with Sednit - Part 2: Observing the Comings and Goings. Retrieved November 21, 2016.
Internal MISP references
UUID aefb9eda-df5a-437f-af2a-ec1b6c04628b which can be used as unique global reference for ESET Sednit Part 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-21T00:00:00Z |
| date_published | 2016-10-01T00:00:00Z |
| source | MITRE |
| title | En Route with Sednit - Part 2: Observing the Comings and Goings |
ESET Sednit Part 3
ESET. (2016, October). En Route with Sednit - Part 3: A Mysterious Downloader. Retrieved November 21, 2016.
Internal MISP references
UUID 7c2be444-a947-49bc-b5f6-8f6bec870c6a which can be used as unique global reference for ESET Sednit Part 3 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-21T00:00:00Z |
| date_published | 2016-10-01T00:00:00Z |
| source | MITRE |
| title | En Route with Sednit - Part 3: A Mysterious Downloader |
Google Ensuring Your Information is Safe
Google. (2011, June 1). Ensuring your information is safe online. Retrieved April 1, 2022.
Internal MISP references
UUID ad3eda19-08eb-4d59-a2c9-3b5ed8302205 which can be used as unique global reference for Google Ensuring Your Information is Safe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2011-06-01T00:00:00Z |
| source | MITRE |
| title | Ensuring your information is safe online |
Ensilo Darkgate 2018
Adi Zeligson & Rotem Kerner. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved February 9, 2024.
Internal MISP references
UUID 31796564-4154-54c0-958a-7d6802dfefad which can be used as unique global reference for Ensilo Darkgate 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-09T00:00:00Z |
| date_published | 2018-11-13T00:00:00Z |
| source | MITRE |
| title | Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign |
Fortinet Blog November 13 2018
Fortinet Blog. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved October 20, 2023.
Internal MISP references
UUID 1b9b5c48-d504-4c73-aedc-37e935c47f17 which can be used as unique global reference for Fortinet Blog November 13 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2018-11-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign |
Splunk DarkGate
Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved March 29, 2024.
Internal MISP references
UUID adc6384c-e0d7-547f-a1e3-2c57ff0525ae which can be used as unique global reference for Splunk DarkGate in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-29T00:00:00Z |
| date_published | 2024-01-17T00:00:00Z |
| source | MITRE |
| title | Enter The Gates: An Analysis of the DarkGate AutoIt Loader |
Splunk DarkGate January 17 2024
Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved January 24, 2024.
Internal MISP references
UUID a45a920c-3bda-4442-8650-4ad78f950283 which can be used as unique global reference for Splunk DarkGate January 17 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-24T00:00:00Z |
| date_published | 2024-01-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Enter The Gates: An Analysis of the DarkGate AutoIt Loader |
Portcullis Labs September 16 2008
MRL. (2008, September 16). enum4linux - Portcullis Labs. Retrieved December 19, 2024.
Internal MISP references
UUID 2d227339-250d-468c-b6da-a034754bc995 which can be used as unique global reference for Portcullis Labs September 16 2008 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2008-09-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | enum4linux - Portcullis Labs |
Microsoft EnumDeviceDrivers
Microsoft. (2021, October 12). EnumDeviceDrivers function (psapi.h). Retrieved March 28, 2023.
Internal MISP references
UUID 647ffc70-8eab-5f2f-abf4-9bbf42554043 which can be used as unique global reference for Microsoft EnumDeviceDrivers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| date_published | 2021-10-12T00:00:00Z |
| source | MITRE |
| title | EnumDeviceDrivers function (psapi.h) |
EK Clueless Agents
Riordan, J., Schneier, B. (1998, June 18). Environmental Key Generation towards Clueless Agents. Retrieved January 18, 2019.
Internal MISP references
UUID ef7409d2-af39-4ad8-8469-76f0165687bd which can be used as unique global reference for EK Clueless Agents in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-18T00:00:00Z |
| date_published | 1998-06-18T00:00:00Z |
| source | MITRE |
| title | Environmental Key Generation towards Clueless Agents |
Deloitte Environment Awareness
Torello, A. & Guibernau, F. (n.d.). Environment Awareness. Retrieved September 13, 2024.
Internal MISP references
UUID af842a1f-8f39-4b4f-b4d2-0bbb810e6c31 which can be used as unique global reference for Deloitte Environment Awareness in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-13T00:00:00Z |
| source | MITRE |
| title | Environment Awareness |
Microsoft Environment Property
Microsoft. (2011, October 24). Environment Property. Retrieved July 27, 2016.
Internal MISP references
UUID 64598969-864d-4bc7-805e-c289cccb7bc6 which can be used as unique global reference for Microsoft Environment Property in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-27T00:00:00Z |
| date_published | 2011-10-24T00:00:00Z |
| source | MITRE |
| title | Environment Property |
MSDN Environment Property
Microsoft. (n.d.). Environment Property. Retrieved July 27, 2016.
Internal MISP references
UUID 79ea888c-2dd7-40cb-9149-e2469a35ea3a which can be used as unique global reference for MSDN Environment Property in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-27T00:00:00Z |
| source | MITRE |
| title | Environment Property |
Envoy Panda Profile
CrowdStrike. (n.d.). Envoy Panda Profile. Retrieved February 28, 2025.
Internal MISP references
UUID 44879a86-9eda-4934-bfc4-cbc643ab113a which can be used as unique global reference for Envoy Panda Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Envoy Panda Profile |
Kaspersky Equation QA
Kaspersky Lab's Global Research and Analysis Team. (2015, February). Equation Group: Questions and Answers. Retrieved December 21, 2015.
Internal MISP references
UUID 34674802-fbd9-4cdb-8611-c58665c430e5 which can be used as unique global reference for Kaspersky Equation QA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-21T00:00:00Z |
| date_published | 2015-02-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Equation Group: Questions and Answers |
erase_cmd_cisco
Cisco. (2022, August 16). erase - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.
Internal MISP references
UUID 4c90eba9-118e-5d50-ad58-27bcb0e1e228 which can be used as unique global reference for erase_cmd_cisco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | erase - Cisco IOS Configuration Fundamentals Command Reference |
Container Escape
0xn3va. (n.d.). Escaping. Retrieved May 27, 2022.
Internal MISP references
UUID 8248917a-9afd-4ec6-a086-1a97a68deff1 which can be used as unique global reference for Container Escape in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| source | MITRE |
| title | Escaping |
Microsoft Esentutl
Microsoft. (2016, August 30). Esentutl. Retrieved September 3, 2019.
Internal MISP references
UUID 08fb9e84-495f-4710-bd1e-417eb8191a10 which can be used as unique global reference for Microsoft Esentutl in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-03T00:00:00Z |
| date_published | 2016-08-30T00:00:00Z |
| source | MITRE |
| title | Esentutl |
LOLBAS Esentutl
LOLBAS. (n.d.). Esentutl.exe. Retrieved September 3, 2019.
Internal MISP references
UUID 691b4907-3544-4ad0-989c-b5c845e0330f which can be used as unique global reference for LOLBAS Esentutl in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-03T00:00:00Z |
| source | MITRE |
| title | Esentutl.exe |
ESET APT Activity Report Q4 2023-Q1 2024
ESET Research. (2024, May 14). ESET APT Activity Report Q4 2023-Q1 2024. Retrieved September 1, 2024.
Internal MISP references
UUID 896cc899-b667-4f9d-ba90-8650fb978535 which can be used as unique global reference for ESET APT Activity Report Q4 2023-Q1 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-01T00:00:00Z |
| date_published | 2024-05-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ESET APT Activity Report Q4 2023-Q1 2024 |
ESET Twitter Ida Pro Nov 2021
Cherepanov, Anton. (2019, November 10). ESETresearch discovered a trojanized IDA Pro installer. Retrieved September 12, 2024.
Internal MISP references
UUID 6d079207-a7c0-4023-b504-1010dd538221 which can be used as unique global reference for ESET Twitter Ida Pro Nov 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2019-11-10T00:00:00Z |
| source | MITRE |
| title | ESETresearch discovered a trojanized IDA Pro installer |
ESET PowerPool Code October 2020
ESET Research. (2020, October 1). ESET Research Tweet Linking Slothfulmedia and PowerPool. Retrieved September 12, 2024.
Internal MISP references
UUID d583b409-35bd-45ea-8f2a-c0d566a6865b which can be used as unique global reference for ESET PowerPool Code October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | ESET Research Tweet Linking Slothfulmedia and PowerPool |
ESET FinFisher Jan 2018
Kafka, F. (2018, January). ESET's Guide to Deobfuscating and Devirtualizing FinFisher. Retrieved August 12, 2019.
Internal MISP references
UUID be169308-19e8-4ee9-8ff6-e08eb9291ef8 which can be used as unique global reference for ESET FinFisher Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-12T00:00:00Z |
| date_published | 2018-01-01T00:00:00Z |
| source | MITRE |
| title | ESET's Guide to Deobfuscating and Devirtualizing FinFisher |
ESET Trickbot Oct 2020
Boutin, J. (2020, October 12). ESET takes part in global operation to disrupt Trickbot. Retrieved March 15, 2021.
Internal MISP references
UUID c3320c11-4631-4e02-8025-5c1e5b54e521 which can be used as unique global reference for ESET Trickbot Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-15T00:00:00Z |
| date_published | 2020-10-12T00:00:00Z |
| source | MITRE |
| title | ESET takes part in global operation to disrupt Trickbot |
WeLiveSecurity April 19 2022
Jean-Ian Boutin, Tomáš Procházka. (2022, April 19). ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity. Retrieved May 10, 2023.
Internal MISP references
UUID f86845b9-03c4-446b-845f-b31b79b247ee which can be used as unique global reference for WeLiveSecurity April 19 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-10T00:00:00Z |
| date_published | 2022-04-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ESET takes part in global operation to disrupt Zloader botnets |
Riskiq Remcos Jan 2018
Klijnsma, Y. (2018, January 23). Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors. Retrieved November 6, 2018.
Internal MISP references
UUID a641a41c-dcd8-47e5-9b29-109dd2eb7f1e which can be used as unique global reference for Riskiq Remcos Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-06T00:00:00Z |
| date_published | 2018-01-23T00:00:00Z |
| source | MITRE |
| title | Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors |
EventLog_Core_Technologies
Core Technologies. (2021, May 24). Essential Windows Services: EventLog / Windows Event Log. Retrieved September 14, 2021.
Internal MISP references
UUID 2a1f452f-57b6-4764-b474-befa7787642d which can be used as unique global reference for EventLog_Core_Technologies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2021-05-24T00:00:00Z |
| source | MITRE |
| title | Essential Windows Services: EventLog / Windows Event Log |
Establishing persistence using extended attributes on Linux
kernel Community. (2024). Establishing persistence using extended attributes on Linux. Retrieved March 27, 2025.
Internal MISP references
UUID ebcabcff-0408-5e6c-b93c-af794a9ffbec which can be used as unique global reference for Establishing persistence using extended attributes on Linux in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| date_published | 2024-01-01T00:00:00Z |
| source | MITRE |
| title | Establishing persistence using extended attributes on Linux |
ESXCLI Overview
Vmware. (n.d.). ESXCLI Overview. Retrieved December 19, 2024.
Internal MISP references
UUID 1b612b14-8fcd-4e2a-ac4d-41190289471d which can be used as unique global reference for ESXCLI Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ESXCLI Overview |
Broadcom ESXCLI Reference
Broadcom. (n.d.). ESXCLI Reference. Retrieved March 27, 2025.
Internal MISP references
UUID 456fc128-8d88-560d-8221-397b6dcfe134 which can be used as unique global reference for Broadcom ESXCLI Reference in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| source | MITRE |
| title | ESXCLI Reference |
Recorded Future ESXiArgs Ransomware 2023
German Hoeffner, Aaron Soehnen and Gianni Perez. (2023, February 7). ESXiArgs Ransomware Targets Publicly-Exposed ESXi OpenSLP Servers. Retrieved March 26, 2025.
Internal MISP references
UUID cefcfd52-712e-549e-a4af-365ead492dca which can be used as unique global reference for Recorded Future ESXiArgs Ransomware 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-26T00:00:00Z |
| date_published | 2023-02-07T00:00:00Z |
| source | MITRE |
| title | ESXiArgs Ransomware Targets Publicly-Exposed ESXi OpenSLP Servers |
Elastic ESXI Discovery via Find
Elastic. (n.d.). ESXI Discovery via Find. Retrieved March 27, 2025.
Internal MISP references
UUID bb10b99f-af95-52fd-bf85-09d698d9b680 which can be used as unique global reference for Elastic ESXI Discovery via Find in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| source | MITRE |
| title | ESXI Discovery via Find |
Elastic ESXI Discovery via Grep
Elastic. (n.d.). ESXI Discovery via Grep. Retrieved March 27, 2025.
Internal MISP references
UUID bf9f968a-106b-543c-816f-74df7f18fe9b which can be used as unique global reference for Elastic ESXI Discovery via Grep in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| source | MITRE |
| title | ESXI Discovery via Grep |
Sygnia ESXi Ransomware 2024
Nital Ruzin and Omer Kidron. (2024, May 15). ESXi Ransomware Attacks: Evolution, Impact, and Defense Strategy. Retrieved April 4, 2025.
Internal MISP references
UUID f7d98c0a-b327-50b0-ac41-86becdb3b898 which can be used as unique global reference for Sygnia ESXi Ransomware 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-04T00:00:00Z |
| date_published | 2024-05-15T00:00:00Z |
| source | MITRE |
| title | ESXi Ransomware Attacks: Evolution, Impact, and Defense Strategy |
Sygnia ESXi Ransomware 2025
Zhongyuan Hau (Aaron), Ren Jie Yow, and Yoav Mazor. (2025, January 21). ESXi Ransomware Attacks: Stealthy Persistence through. Retrieved March 27, 2025.
Internal MISP references
UUID 177dd788-33d1-53f8-9419-2af3a78269ba which can be used as unique global reference for Sygnia ESXi Ransomware 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| date_published | 2025-01-21T00:00:00Z |
| source | MITRE |
| title | ESXi Ransomware Attacks: Stealthy Persistence through |
ISACA Malware Tricks
Kolbitsch, C. (2017, November 1). Evasive Malware Tricks: How Malware Evades Detection by Sandboxes. Retrieved March 30, 2021.
Internal MISP references
UUID a071bf02-066b-46e6-a554-f43d0c170807 which can be used as unique global reference for ISACA Malware Tricks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| date_published | 2017-11-01T00:00:00Z |
| source | MITRE |
| title | Evasive Malware Tricks: How Malware Evades Detection by Sandboxes |
ThreatStream Evasion Analysis
Shelmire, A.. (2015, July 6). Evasive Maneuvers. Retrieved January 22, 2016.
Internal MISP references
UUID de6bc044-6275-4cab-80a1-feefebd3c1f0 which can be used as unique global reference for ThreatStream Evasion Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-22T00:00:00Z |
| date_published | 2015-07-06T00:00:00Z |
| source | MITRE |
| title | Evasive Maneuvers |
Anomali Evasive Maneuvers July 2015
Shelmire, A. (2015, July 06). Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels. Retrieved November 15, 2018.
Internal MISP references
UUID 471ae30c-2753-468e-8e4d-6e7a3be599c9 which can be used as unique global reference for Anomali Evasive Maneuvers July 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-15T00:00:00Z |
| date_published | 2015-07-06T00:00:00Z |
| source | MITRE |
| title | Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels |
ESET EvasivePanda 2023
Facundo Muñoz. (2023, April 26). Evasive Panda APT group delivers malware via updates for popular Chinese software. Retrieved July 25, 2024.
Internal MISP references
UUID 08026c7e-cc35-5d51-9536-a02febd1a891 which can be used as unique global reference for ESET EvasivePanda 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-25T00:00:00Z |
| date_published | 2023-04-26T00:00:00Z |
| source | MITRE |
| title | Evasive Panda APT group delivers malware via updates for popular Chinese software |
ESET EvasivePanda 2024
Ahn Ho, Facundo Muñoz, & Marc-Etienne M.Léveillé. (2024, March 7). Evasive Panda leverages Monlam Festival to target Tibetans. Retrieved July 25, 2024.
Internal MISP references
UUID 07e6b866-7119-50ad-8a6e-80c4e0d594bf which can be used as unique global reference for ESET EvasivePanda 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-25T00:00:00Z |
| date_published | 2024-03-07T00:00:00Z |
| source | MITRE |
| title | Evasive Panda leverages Monlam Festival to target Tibetans |
Unit42 OilRig Playbook 2023
Unit42. (2016, May 1). Evasive Serpens Unit 42 Playbook Viewer. Retrieved February 6, 2023.
Internal MISP references
UUID e38902bb-9bab-5beb-817b-668a67a76541 which can be used as unique global reference for Unit42 OilRig Playbook 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-06T00:00:00Z |
| date_published | 2016-05-01T00:00:00Z |
| source | MITRE |
| title | Evasive Serpens Unit 42 Playbook Viewer |
Perception Point
Arthur Vaiselbuh, Peleg Cabra. (2024, November 7). Evasive ZIP Concatenation: Trojan Targets Windows Users. Retrieved March 3, 2025.
Internal MISP references
UUID e44c377a-8c1c-554c-8f0f-7ed6baa313ef which can be used as unique global reference for Perception Point in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-03T00:00:00Z |
| date_published | 2024-11-07T00:00:00Z |
| source | MITRE |
| title | Evasive ZIP Concatenation: Trojan Targets Windows Users |
Microsoft EventLog.Clear
Microsoft. (n.d.). EventLog.Clear Method (). Retrieved July 2, 2018.
Internal MISP references
UUID b2711ad3-981c-4c77-bb64-643b547bfda6 which can be used as unique global reference for Microsoft EventLog.Clear in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-02T00:00:00Z |
| source | MITRE |
| title | EventLog.Clear Method () |
evt_log_tampering
svch0st. (2020, September 30). Event Log Tampering Part 1: Disrupting the EventLog Service. Retrieved September 14, 2021.
Internal MISP references
UUID 7757bbc6-8058-4584-a5aa-14b647d932a6 which can be used as unique global reference for evt_log_tampering in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2020-09-30T00:00:00Z |
| source | MITRE |
| title | Event Log Tampering Part 1: Disrupting the EventLog Service |
Microsoft ETW May 2018
Microsoft. (2018, May 30). Event Tracing. Retrieved September 6, 2018.
Internal MISP references
UUID 876f8690-1874-41c0-bd38-d3bd41c96acc which can be used as unique global reference for Microsoft ETW May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-06T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Event Tracing |
Eventvwr.exe - LOLBAS Project
LOLBAS. (2018, November 1). Eventvwr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 0c09812a-a936-4282-b574-35a00f631857 which can be used as unique global reference for Eventvwr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-11-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Eventvwr.exe |
Secure Ideas SMB Relay
Kuehn, E. (2018, April 11). Ever Run a Relay? Why SMB Relays Should Be On Your Mind. Retrieved February 7, 2019.
Internal MISP references
UUID ac4b2e91-f338-44c3-8950-435102136991 which can be used as unique global reference for Secure Ideas SMB Relay in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-07T00:00:00Z |
| date_published | 2018-04-11T00:00:00Z |
| source | MITRE |
| title | Ever Run a Relay? Why SMB Relays Should Be On Your Mind |
CSV Excel Macro Injection
Ishaq Mohammed . (2021, January 10). Everything about CSV Injection and CSV Excel Macro Injection. Retrieved February 7, 2022.
Internal MISP references
UUID 22c871ff-2701-4809-9f5b-fb29da7481e8 which can be used as unique global reference for CSV Excel Macro Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-07T00:00:00Z |
| date_published | 2021-01-10T00:00:00Z |
| source | MITRE |
| title | Everything about CSV Injection and CSV Excel Macro Injection |
Avertium callback phishing
Avertium. (n.d.). EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING. Retrieved February 2, 2023.
Internal MISP references
UUID abeb1146-e5e5-5ecc-9b70-b348fba097f6 which can be used as unique global reference for Avertium callback phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-02T00:00:00Z |
| source | MITRE |
| title | EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING |
Outpost24 April 5 2023
Alberto MarÃn. (2023, April 5). Everything you need to know about the LummaC2 stealer Leveraging IDA Python and Unicorn to deobfuscate Windows API hashing. Retrieved October 10, 2024.
Internal MISP references
UUID 60bd2e39-744c-44e7-b417-0ef0a768f7b6 which can be used as unique global reference for Outpost24 April 5 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-10T00:00:00Z |
| date_published | 2023-04-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Everything you need to know about the LummaC2 stealer Leveraging IDA Python and Unicorn to deobfuscate Windows API hashing |
Intezer Aurora Sept 2017
Rosenberg, J. (2017, September 20). Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner. Retrieved February 13, 2018.
Internal MISP references
UUID b2999bd7-50d5-4d49-8893-8c0903d49104 which can be used as unique global reference for Intezer Aurora Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-13T00:00:00Z |
| date_published | 2017-09-20T00:00:00Z |
| source | MITRE |
| title | Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner |
Cyphort EvilBunny Dec 2014
Marschalek, M.. (2014, December 16). EvilBunny: Malware Instrumented By Lua. Retrieved June 28, 2019.
Internal MISP references
UUID a0218d0f-3378-4508-9d3c-a7cd3e00a156 which can be used as unique global reference for Cyphort EvilBunny Dec 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-28T00:00:00Z |
| date_published | 2014-12-16T00:00:00Z |
| source | MITRE |
| title | EvilBunny: Malware Instrumented By Lua |
Cyphort EvilBunny
Marschalek, Marion. (2014, December 16). EvilBunny: Malware Instrumented By Lua. Retrieved August 5, 2024.
Internal MISP references
UUID 21536444-7287-55f7-8e11-c97dcb85398d which can be used as unique global reference for Cyphort EvilBunny in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-05T00:00:00Z |
| date_published | 2014-12-16T00:00:00Z |
| source | MITRE |
| title | EvilBunny: Malware Instrumented By Lua |
Evil Clippy May 2019
Hegt, S. (2019, May 5). Evil Clippy: MS Office maldoc assistant. Retrieved September 17, 2020.
Internal MISP references
UUID aafa27e8-5df7-4fc6-9fe5-9a438f2b507a which can be used as unique global reference for Evil Clippy May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-17T00:00:00Z |
| date_published | 2019-05-05T00:00:00Z |
| source | MITRE |
| title | Evil Clippy: MS Office maldoc assistant |
Cyble August 19 2022
Cybleinc. (2022, August 19). EvilCoder Project Selling Multiple Dangerous Tools Online. Retrieved May 10, 2023.
Internal MISP references
UUID 7b5617f8-5d0d-4185-97c7-82acf023f3c3 which can be used as unique global reference for Cyble August 19 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-10T00:00:00Z |
| date_published | 2022-08-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | EvilCoder Project Selling Multiple Dangerous Tools Online |
Evilginx 2 July 2018
Gretzky, K.. (2018, July 26). Evilginx 2 - Next Generation of Phishing 2FA Tokens. Retrieved October 14, 2019.
Internal MISP references
UUID 9099b5aa-25eb-4cb7-9e3a-da4c3244f15a which can be used as unique global reference for Evilginx 2 July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-14T00:00:00Z |
| date_published | 2018-07-26T00:00:00Z |
| source | MITRE |
| title | Evilginx 2 - Next Generation of Phishing 2FA Tokens |
Evilginx Sources & Methods December 2023
Matthew Conway. (2023, December 14). Evilginx Phishing Proxy. Retrieved January 3, 2023.
Internal MISP references
UUID 13bdabb2-5956-492a-baf9-b0c3a0629806 which can be used as unique global reference for Evilginx Sources & Methods December 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-03T00:00:00Z |
| date_published | 2023-12-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Evilginx Phishing Proxy |
SentinelOne EvilQuest Ransomware Spyware 2020
Phil Stokes. (2020, July 8). “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One. Retrieved April 1, 2021.
Internal MISP references
UUID 4dc26c77-d0ce-4836-a4cc-0490b6d7f115 which can be used as unique global reference for SentinelOne EvilQuest Ransomware Spyware 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2020-07-08T00:00:00Z |
| source | MITRE |
| title | “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One |
Kaspersky evil twin
AO Kaspersky Lab. (n.d.). Evil twin attacks and how to prevent them. Retrieved September 17, 2024.
Internal MISP references
UUID 230f15c3-79dd-5272-88b5-e9d5de9556f1 which can be used as unique global reference for Kaspersky evil twin in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-17T00:00:00Z |
| source | MITRE |
| title | Evil twin attacks and how to prevent them |
SaaS Attacks GitHub Evil Twin Integrations
Push Security. (n.d.). Evil twin integrations. Retrieved March 20, 2025.
Internal MISP references
UUID 7c8149ce-e546-594d-bad7-7c7ff463a472 which can be used as unique global reference for SaaS Attacks GitHub Evil Twin Integrations in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-20T00:00:00Z |
| source | MITRE |
| title | Evil twin integrations |
Cisco Synful Knock Evolution
Graham Holmes. (2015, October 8). Evolution of attacks on Cisco IOS devices. Retrieved October 19, 2020.
Internal MISP references
UUID 29301297-8343-4f75-8096-7fe229812f75 which can be used as unique global reference for Cisco Synful Knock Evolution in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2015-10-08T00:00:00Z |
| source | MITRE |
| title | Evolution of attacks on Cisco IOS devices |
SCILabs URSA/Mispadu Evolution 2023
SCILabs. (2023, May 23). Evolution of banking trojan URSA/Mispadu. Retrieved March 13, 2024.
Internal MISP references
UUID a7a0db8d-bc1c-5e89-8c42-a3a6cc2cf28d which can be used as unique global reference for SCILabs URSA/Mispadu Evolution 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-13T00:00:00Z |
| date_published | 2023-05-23T00:00:00Z |
| source | MITRE |
| title | Evolution of banking trojan URSA/Mispadu |
Securelist JSWorm
Fedor Sinitsyn. (2021, May 25). Evolution of JSWorm Ransomware. Retrieved August 18, 2021.
Internal MISP references
UUID c29ca9f2-1e48-4913-b10b-15e558868ed8 which can be used as unique global reference for Securelist JSWorm in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-18T00:00:00Z |
| date_published | 2021-05-25T00:00:00Z |
| source | MITRE |
| title | Evolution of JSWorm Ransomware |
Kaspersky September 4 2024
Fedor Sinitsyn. (2024, September 4). Evolution of Mallox from private ransomware to RaaS. Retrieved September 5, 2024.
Internal MISP references
UUID 0e7d6d6a-00f0-4adf-99de-bb3acdfc7e79 which can be used as unique global reference for Kaspersky September 4 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-05T00:00:00Z |
| date_published | 2024-09-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Evolution of Mallox from private ransomware to RaaS |
S2 Grupo TrickBot June 2017
Salinas, M., Holguin, J. (2017, June). Evolution of Trickbot. Retrieved July 31, 2018.
Internal MISP references
UUID 28faff77-3e68-4f5c-974d-dc7c9d06ce5e which can be used as unique global reference for S2 Grupo TrickBot June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-31T00:00:00Z |
| date_published | 2017-06-01T00:00:00Z |
| source | MITRE |
| title | Evolution of Trickbot |
Unit 42 Valak July 2020
Duncan, B. (2020, July 24). Evolution of Valak, from Its Beginnings to Mass Distribution. Retrieved August 31, 2020.
Internal MISP references
UUID 9a96da13-5795-49bc-ab82-dfd4f964d9d0 which can be used as unique global reference for Unit 42 Valak July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-31T00:00:00Z |
| date_published | 2020-07-24T00:00:00Z |
| source | MITRE |
| title | Evolution of Valak, from Its Beginnings to Mass Distribution |
Microsoft - Device Registration
Microsoft 365 Defender Threat Intelligence Team. (2022, January 26). Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA. Retrieved March 4, 2022.
Internal MISP references
UUID 3f42fc18-2adc-46ef-ae0a-c2d530518435 which can be used as unique global reference for Microsoft - Device Registration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-04T00:00:00Z |
| date_published | 2022-01-26T00:00:00Z |
| source | MITRE |
| title | Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA |
Amnesty OAuth Phishing Attacks, August 2019
Amnesty International. (2019, August 16). Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa. Retrieved October 8, 2019.
Internal MISP references
UUID 0b0f9cf6-f0af-4f86-9699-a63ff36c49e2 which can be used as unique global reference for Amnesty OAuth Phishing Attacks, August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2019-08-16T00:00:00Z |
| source | MITRE |
| title | Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa |
RSAC 2015 Abu Dhabi Stefano Maccaglia
Maccaglia, S. (2015, November 4). Evolving Threats: dissection of a CyberEspionage attack. Retrieved April 4, 2018.
Internal MISP references
UUID a6cb597e-e25b-4f49-bbb0-d270b1ac53f2 which can be used as unique global reference for RSAC 2015 Abu Dhabi Stefano Maccaglia in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-04T00:00:00Z |
| date_published | 2015-11-04T00:00:00Z |
| source | MITRE |
| title | Evolving Threats: dissection of a CyberEspionage attack |
Microsoft Iranian Threat Actor Trends November 2021
MSTIC. (2021, November 16). Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021. Retrieved January 12, 2023.
Internal MISP references
UUID 78d39ee7-1cd5-5cb8-844a-1c3649e367a1 which can be used as unique global reference for Microsoft Iranian Threat Actor Trends November 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-12T00:00:00Z |
| date_published | 2021-11-16T00:00:00Z |
| source | MITRE |
| title | Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 |
Palo Alto Unit 42 VBA Infostealer 2014
Vicky Ray and Rob Downs. (2014, October 29). Examining a VBA-Initiated Infostealer Campaign. Retrieved March 13, 2023.
Internal MISP references
UUID c3eccab6-b12b-513a-9a04-396f7b3dcf63 which can be used as unique global reference for Palo Alto Unit 42 VBA Infostealer 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2014-10-29T00:00:00Z |
| source | MITRE |
| title | Examining a VBA-Initiated Infostealer Campaign |
Trend Micro Black Basta May 2022
Gonzalez, I., Chavez I., et al. (2022, May 9). Examining the Black Basta Ransomware’s Infection Routine. Retrieved March 7, 2023.
Internal MISP references
UUID b0351b0a-112f-543f-8909-f4b4a9f23e2e which can be used as unique global reference for Trend Micro Black Basta May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-05-09T00:00:00Z |
| source | MITRE |
| title | Examining the Black Basta Ransomware’s Infection Routine |
Mandiant Glyer APT 2010
Glyer, C. (2010). Examples of Recent APT Persistence Mechanism. Retrieved December 18, 2020.
Internal MISP references
UUID bb336a6f-d76e-4535-ba81-0c7932ae91e3 which can be used as unique global reference for Mandiant Glyer APT 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2010-01-01T00:00:00Z |
| source | MITRE |
| title | Examples of Recent APT Persistence Mechanism |
Symantec BlackByte 2022
Symantec Threat Hunter Team. (2022, October 21). Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool. Retrieved December 16, 2024.
Internal MISP references
UUID 965503f6-e5f9-5c98-b0c4-1211e44346d9 which can be used as unique global reference for Symantec BlackByte 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-16T00:00:00Z |
| date_published | 2022-10-21T00:00:00Z |
| source | MITRE |
| title | Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool |
Excel.exe - LOLBAS Project
LOLBAS. (2019, July 19). Excel.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9a2458f7-63ca-4eca-8c61-b6098ec0798f which can be used as unique global reference for Excel.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-07-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Excel.exe |
Microsoft Tim McMichael Exchange Mail Forwarding 2
McMichael, T.. (2015, June 8). Exchange and Office 365 Mail Forwarding. Retrieved October 8, 2019.
Internal MISP references
UUID b5bf8e12-0133-46ea-85e3-b48c9901b518 which can be used as unique global reference for Microsoft Tim McMichael Exchange Mail Forwarding 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2015-06-08T00:00:00Z |
| source | MITRE |
| title | Exchange and Office 365 Mail Forwarding |
DFIR Phosphorus November 2021
DFIR Report. (2021, November 15). Exchange Exploit Leads to Domain Wide Ransomware. Retrieved January 5, 2023.
Internal MISP references
UUID 0156d408-a36d-5876-96fd-f0b0cf296ea2 which can be used as unique global reference for DFIR Phosphorus November 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-05T00:00:00Z |
| date_published | 2021-11-15T00:00:00Z |
| source | MITRE |
| title | Exchange Exploit Leads to Domain Wide Ransomware |
Mandiant UNC2596 Cuba Ransomware February 2022
Tyler McLellan, Joshua Shilko, Shambavi Sadayappan. (2022, February 23). (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware. Retrieved May 19, 2023.
Internal MISP references
UUID c03c0f35-3b86-4733-8a2c-71524f0e3d17 which can be used as unique global reference for Mandiant UNC2596 Cuba Ransomware February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| date_published | 2022-02-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware |
ExchangePowerShell Module
Microsoft. (2017, September 25). ExchangePowerShell. Retrieved June 10, 2022.
Internal MISP references
UUID 8af67c2a-15e2-48c9-9ec2-b62ffca0f677 which can be used as unique global reference for ExchangePowerShell Module in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-10T00:00:00Z |
| date_published | 2017-09-25T00:00:00Z |
| source | MITRE |
| title | ExchangePowerShell |
ESET Exchange Mar 2021
Faou, M., Tartare, M., Dupuy, T. (2021, March 10). Exchange servers under siege from at least 10 APT groups. Retrieved May 21, 2021.
Internal MISP references
UUID c83f1810-22bb-4def-ab2f-3f3d67703f47 which can be used as unique global reference for ESET Exchange Mar 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-21T00:00:00Z |
| date_published | 2021-03-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Exchange servers under siege from at least 10 APT groups |
Executable Installers are Vulnerable
Stefan Kanthak. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved December 4, 2014.
Internal MISP references
UUID 5c2791d4-556d-426a-b305-44e23b50f013 which can be used as unique global reference for Executable Installers are Vulnerable in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-04T00:00:00Z |
| date_published | 2015-12-08T00:00:00Z |
| source | MITRE |
| title | Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege |
Seclists Kanthak 7zip Installer
Kanthak, S. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved March 10, 2017.
Internal MISP references
UUID f2ebfc35-1bd9-4bc5-8a54-e2dea4e1caf5 which can be used as unique global reference for Seclists Kanthak 7zip Installer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-10T00:00:00Z |
| date_published | 2015-12-08T00:00:00Z |
| source | MITRE |
| title | Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege |
Redxorblue Remote Template Injection
Hawkins, J. (2018, July 18). Executing Macros From a DOCX With Remote Template Injection. Retrieved October 12, 2018.
Internal MISP references
UUID bce1cd78-b55e-40cf-8a90-64240db867ac which can be used as unique global reference for Redxorblue Remote Template Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-12T00:00:00Z |
| date_published | 2018-07-18T00:00:00Z |
| source | MITRE |
| title | Executing Macros From a DOCX With Remote Template Injection |
Microsoft PSfromCsharp APR 2014
Babinec, K. (2014, April 28). Executing PowerShell scripts from C#. Retrieved April 22, 2019.
Internal MISP references
UUID 83e346d5-1894-4c46-98eb-88a61ce7f003 which can be used as unique global reference for Microsoft PSfromCsharp APR 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2014-04-28T00:00:00Z |
| source | MITRE |
| title | Executing PowerShell scripts from C# |
PAM Creds
Fernández, J. M. (2018, June 27). Exfiltrating credentials via PAM backdoors & DNS requests. Retrieved November 17, 2024.
Internal MISP references
UUID aa9d5bdd-2102-4322-8736-56db8e083fc0 which can be used as unique global reference for PAM Creds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2018-06-27T00:00:00Z |
| source | MITRE |
| title | Exfiltrating credentials via PAM backdoors & DNS requests |
Microsoft Expand Utility
Microsoft. (2017, October 15). Expand. Retrieved February 19, 2019.
Internal MISP references
UUID bf73a375-87b7-4603-8734-9f3d8d11967e which can be used as unique global reference for Microsoft Expand Utility in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-19T00:00:00Z |
| date_published | 2017-10-15T00:00:00Z |
| source | MITRE |
| title | Expand |
LOLBAS Expand
LOLBAS. (n.d.). Expand.exe. Retrieved February 19, 2019.
Internal MISP references
UUID 689b058e-a4ec-45bf-b0f8-8885eb8d8b63 which can be used as unique global reference for LOLBAS Expand in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-19T00:00:00Z |
| source | MITRE |
| title | Expand.exe |
polymorphic-medium
Shellseekercyber. (2024, January 7). Explainer: Packed Malware. Retrieved September 27, 2024.
Internal MISP references
UUID f7ffa0ee-80d4-5ed8-a432-23a33cbf2752 which can be used as unique global reference for polymorphic-medium in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-27T00:00:00Z |
| date_published | 2024-01-07T00:00:00Z |
| source | MITRE |
| title | Explainer: Packed Malware |
Proofpoint WinterVivern 2023
Michael Raggi & The Proofpoint Threat Research Team. (2023, March 30). Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe. Retrieved July 29, 2024.
Internal MISP references
UUID 45f638af-ad10-566e-9e4d-49385a79022f which can be used as unique global reference for Proofpoint WinterVivern 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-07-29T00:00:00Z |
| date_published | 2023-03-30T00:00:00Z |
| source | MITRE |
| title | Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe |
Mandiant CVE-2023-3519 Exploitation
James Nugent, Foti Castelan, Doug Bienstock, Justin Moore, Josh Murchie. (2023, July 21). Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519). Retrieved July 24, 2023.
Internal MISP references
UUID 4404ed65-3020-453d-8c51-2885018ba03b which can be used as unique global reference for Mandiant CVE-2023-3519 Exploitation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-24T00:00:00Z |
| date_published | 2023-07-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519) |
Exploit Database
Offensive Security. (n.d.). Exploit Database. Retrieved October 15, 2020.
Internal MISP references
UUID 38f7b3ea-9959-4dfb-8216-a745d071e7e2 which can be used as unique global reference for Exploit Database in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | Exploit Database |
Rhino Labs Cloud Image Backdoor Technique Sept 2019
Rhino Labs. (2019, August). Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.
Internal MISP references
UUID 8fb46ed8-0c21-4b57-b2a6-89cb28f0abaf which can be used as unique global reference for Rhino Labs Cloud Image Backdoor Technique Sept 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| date_published | 2019-08-01T00:00:00Z |
| source | MITRE |
| title | Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT) |
Azure AD PTA Vulnerabilities
Dr. Nestori Syynimaa. (2022, September 20). Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials. Retrieved September 28, 2022.
Internal MISP references
UUID a0ddb60b-5445-46b3-94c5-b47e76de553d which can be used as unique global reference for Azure AD PTA Vulnerabilities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2022-09-20T00:00:00Z |
| source | MITRE |
| title | Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials |
Exploiting Smartphone USB
Zhaohui Wang & Angelos Stavrou. (n.d.). Exploiting Smart-Phone USB Connectivity For Fun And Profit. Retrieved May 25, 2022.
Internal MISP references
UUID 573796bd-4553-4ae1-884a-9af71b5de873 which can be used as unique global reference for Exploiting Smartphone USB in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-25T00:00:00Z |
| source | MITRE |
| title | Exploiting Smart-Phone USB Connectivity For Fun And Profit |
versprite xpc vpn
VerSprite. (2018, January 24). Exploiting VyprVPN for MacOS. Retrieved April 20, 2022.
Internal MISP references
UUID 5e65d8cc-142b-4724-8a07-8e21558e0f64 which can be used as unique global reference for versprite xpc vpn in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-20T00:00:00Z |
| date_published | 2018-01-24T00:00:00Z |
| source | MITRE |
| title | Exploiting VyprVPN for MacOS |
Explorer.exe - LOLBAS Project
LOLBAS. (2020, June 24). Explorer.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9ba3d54c-02d1-45bd-bfe8-939e84d9d44b which can be used as unique global reference for Explorer.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-06-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Explorer.exe |
Palo Alto Unit 42 Google Workspace Domain Wide Delegation 2023
Zohar Zigdon. (2023, November 30). Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature. Retrieved January 16, 2024.
Internal MISP references
UUID cd76910f-1c15-50fb-a942-f19b6cc1ca69 which can be used as unique global reference for Palo Alto Unit 42 Google Workspace Domain Wide Delegation 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-16T00:00:00Z |
| date_published | 2023-11-30T00:00:00Z |
| source | MITRE |
| title | Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature |
Trend Micro Emotet Jan 2019
Trend Micro. (2019, January 16). Exploring Emotet's Activities . Retrieved March 25, 2019.
Internal MISP references
UUID a81f1dad-5841-4142-80c1-483b240fd67d which can be used as unique global reference for Trend Micro Emotet Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2019-01-16T00:00:00Z |
| source | MITRE |
| title | Exploring Emotet's Activities |
SecurityTrails Google Hacking
Borges, E. (2019, March 5). Exploring Google Hacking Techniques. Retrieved September 12, 2024.
Internal MISP references
UUID 3e7fdeaf-24a7-4cb5-8ed3-6057c9035303 which can be used as unique global reference for SecurityTrails Google Hacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2019-03-05T00:00:00Z |
| source | MITRE |
| title | Exploring Google Hacking Techniques |
Medium SSL Cert
Jain, M. (2019, September 16). Export & Download — SSL Certificate from Server (Site URL). Retrieved October 20, 2020.
Internal MISP references
UUID 6502425f-3435-4162-8c96-9e10a789d362 which can be used as unique global reference for Medium SSL Cert in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-09-16T00:00:00Z |
| source | MITRE |
| title | Export & Download — SSL Certificate from Server (Site URL) |
TrendMicro Exposed Redis 2020
David Fiser and Jaromir Horejsi. (2020, April 21). Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining. Retrieved September 25, 2024.
Internal MISP references
UUID 58e61406-a8ca-52a8-be48-ef6066619a8a which can be used as unique global reference for TrendMicro Exposed Redis 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-25T00:00:00Z |
| date_published | 2020-04-21T00:00:00Z |
| source | MITRE |
| title | Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining |
Magnet Forensics
Magnet Forensics. (2020, August 24). Expose Evidence of Timestomping with the NTFS Timestamp Mismatch Artifact. Retrieved June 20, 2024.
Internal MISP references
UUID 3971c8ac-4fdd-5e19-ac8a-b8d7abbaebe3 which can be used as unique global reference for Magnet Forensics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-20T00:00:00Z |
| date_published | 2020-08-24T00:00:00Z |
| source | MITRE |
| title | Expose Evidence of Timestomping with the NTFS Timestamp Mismatch Artifact |
trendmicro.com May 24 2022
trendmicro.com. (2022, May 24). Exposing Earth Berberoka A Multiplatform APT Campaign Targeting Online Gambling Sites. Retrieved December 19, 2024.
Internal MISP references
UUID 5e14260b-6a81-48da-8190-91f3c05e2c14 which can be used as unique global reference for trendmicro.com May 24 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-19T00:00:00Z |
| date_published | 2022-05-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Exposing Earth Berberoka A Multiplatform APT Campaign Targeting Online Gambling Sites |
Google EXOTIC LILY March 2022
Stolyarov, V. (2022, March 17). Exposing initial access broker with ties to Conti. Retrieved August 18, 2022.
Internal MISP references
UUID 19d2cb48-bdb2-41fe-ba24-0769d7bd4d94 which can be used as unique global reference for Google EXOTIC LILY March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-18T00:00:00Z |
| date_published | 2022-03-17T00:00:00Z |
| source | MITRE |
| title | Exposing initial access broker with ties to Conti |
Microsoft POLONIUM June 2022
Microsoft. (2022, June 2). Exposing POLONIUM activity and infrastructure targeting Israeli organizations. Retrieved July 1, 2022.
Internal MISP references
UUID 689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd which can be used as unique global reference for Microsoft POLONIUM June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-01T00:00:00Z |
| date_published | 2022-06-02T00:00:00Z |
| source | MITRE |
| title | Exposing POLONIUM activity and infrastructure targeting Israeli organizations |
External to DA, the OS X Way
Alex Rymdeko-Harvey, Steve Borosh. (2016, May 14). External to DA, the OS X Way. Retrieved September 12, 2024.
Internal MISP references
UUID b714e6a9-5c12-4a3b-89f9-d379c0284f06 which can be used as unique global reference for External to DA, the OS X Way in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| date_published | 2016-05-14T00:00:00Z |
| source | MITRE |
| title | External to DA, the OS X Way |
Extexport.exe - LOLBAS Project
LOLBAS. (2018, May 25). Extexport.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2aa09a10-a492-4753-bbd8-aacd31e4fee3 which can be used as unique global reference for Extexport.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Extexport.exe |
Extrac32.exe - LOLBAS Project
LOLBAS. (2018, May 25). Extrac32.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ae632afc-336c-488e-81f6-91ffe1829595 which can be used as unique global reference for Extrac32.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Extrac32.exe |
Journey into IR ZeroAccess NTFS EA
Harrell, C. (2012, December 11). Extracting ZeroAccess from NTFS Extended Attributes. Retrieved June 3, 2016.
Internal MISP references
UUID e9dff187-fe7d-469d-81cb-30ad520dbd3d which can be used as unique global reference for Journey into IR ZeroAccess NTFS EA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2012-12-11T00:00:00Z |
| source | MITRE |
| title | Extracting ZeroAccess from NTFS Extended Attributes |
Bizeul 2014
Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.
Internal MISP references
UUID a4617ef4-e6d2-47e7-8f81-68e7380279bf which can be used as unique global reference for Bizeul 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-29T00:00:00Z |
| date_published | 2014-07-11T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Eye of the Tiger |
Facad1ng
Spyboy. (2023). Facad1ng. Retrieved February 13, 2024.
Internal MISP references
UUID bd80f3d7-e653-5f8f-ba8a-00b8780ae935 which can be used as unique global reference for Facad1ng in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-13T00:00:00Z |
| date_published | 2023-01-01T00:00:00Z |
| source | MITRE |
| title | Facad1ng |
ThreatPost Social Media Phishing
O'Donnell, L. (2020, October 20). Facebook: A Top Launching Pad For Phishing Attacks. Retrieved October 20, 2020.
Internal MISP references
UUID 186c1213-d0c5-4eb6-aa0f-0fd61b07a1f7 which can be used as unique global reference for ThreatPost Social Media Phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Facebook: A Top Launching Pad For Phishing Attacks |
Sentinel Labs
Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 30, 2022.
Internal MISP references
UUID 785f7692-2be8-4f5d-921e-51efdfe0c0b9 which can be used as unique global reference for Sentinel Labs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2021-01-11T00:00:00Z |
| source | MITRE |
| title | FADE DEAD |
SentinelLabs reversing run-only applescripts 2021
Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 29, 2022.
Internal MISP references
UUID 34dc9010-e800-420c-ace4-4f426c915d2f which can be used as unique global reference for SentinelLabs reversing run-only applescripts 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-29T00:00:00Z |
| date_published | 2021-01-11T00:00:00Z |
| source | MITRE |
| title | FADE DEAD |
BleepingComputer Fake Chrome Errors June 17 2024
Bill Toulas. (2024, June 17). Fake Google Chrome errors trick you into running malicious PowerShell scripts. Retrieved June 20, 2024.
Internal MISP references
UUID 6efa70e3-d8eb-4260-b0ab-62335681e6fd which can be used as unique global reference for BleepingComputer Fake Chrome Errors June 17 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-20T00:00:00Z |
| date_published | 2024-06-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Fake Google Chrome errors trick you into running malicious PowerShell scripts |
ESET OceanLotus Mar 2019
Dumont, R. (2019, March 20). Fake or Fake: Keeping up with OceanLotus decoys. Retrieved April 1, 2019.
Internal MISP references
UUID b2745f5c-a181-48e1-b1cf-37a1ffe1fdf0 which can be used as unique global reference for ESET OceanLotus Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-01T00:00:00Z |
| date_published | 2019-03-20T00:00:00Z |
| source | MITRE |
| title | Fake or Fake: Keeping up with OceanLotus decoys |
ReversingLabs September 10 2024
Karlo Zanki. (2024, September 10). Fake recruiter coding tests target devs with malicious Python packages. Retrieved September 16, 2024.
Internal MISP references
UUID c4243313-1d54-4d78-bf3b-cf55ff2eb50a which can be used as unique global reference for ReversingLabs September 10 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-16T00:00:00Z |
| date_published | 2024-09-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Fake recruiter coding tests target devs with malicious Python packages |
ZScaler BitB 2020
ZScaler. (2020, February 11). Fake Sites Stealing Steam Credentials. Retrieved March 8, 2023.
Internal MISP references
UUID c2f01a3b-a164-59b7-be5d-5eec4eb69ee5 which can be used as unique global reference for ZScaler BitB 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2020-02-11T00:00:00Z |
| source | MITRE |
| title | Fake Sites Stealing Steam Credentials |
FalconFeedsio Tweet October 9 2023
FalconFeedsio. (2023, October 9). FalconFeedsio Tweet October 9 2023. Retrieved October 10, 2023.
Internal MISP references
UUID e9810a28-f060-468b-b4ea-ffed9403ae8b which can be used as unique global reference for FalconFeedsio Tweet October 9 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-10-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FalconFeedsio Tweet October 9 2023 |
FalconFeedsio Tweet September 28 2023
FalconFeedsio. (2023, September 28). FalconFeedsio Tweet September 28 2023. Retrieved October 10, 2023.
Internal MISP references
UUID 78128031-bcbb-42c2-8bed-4613a10a02ca which can be used as unique global reference for FalconFeedsio Tweet September 28 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-09-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FalconFeedsio Tweet September 28 2023 |
falconoverwatch_blackcat_attack
Falcon OverWatch Team. (2022, March 23). Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack. Retrieved May 5, 2022.
Internal MISP references
UUID 9d0ff77c-09e9-4d58-86f4-e2398f298ca9 which can be used as unique global reference for falconoverwatch_blackcat_attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-05T00:00:00Z |
| date_published | 2022-03-23T00:00:00Z |
| source | MITRE |
| title | Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack |
CitizenLab Tropic Trooper Aug 2018
Alexander, G., et al. (2018, August 8). Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces. Retrieved June 17, 2019.
Internal MISP references
UUID 5c662775-9703-4d01-844b-40a0e5c24fb9 which can be used as unique global reference for CitizenLab Tropic Trooper Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-17T00:00:00Z |
| date_published | 2018-08-08T00:00:00Z |
| source | MITRE |
| title | Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces |
ESET FamousSparrow September 23 2021
Tahseen Bin Taj, Matthieu Faou. (2021, September 23). FamousSparrow: A suspicious hotel guest. Retrieved October 24, 2024.
Internal MISP references
UUID f91d6d8e-22a4-4851-9444-7a066e6b7aa5 which can be used as unique global reference for ESET FamousSparrow September 23 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-10-24T00:00:00Z |
| date_published | 2021-09-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FamousSparrow: A suspicious hotel guest |
CISA AA20-239A BeagleBoyz August 2020
DHS/CISA. (2020, August 26). FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks. Retrieved September 29, 2021.
Internal MISP references
UUID a8a2e3f2-3967-4e82-a36a-2436c654fb3f which can be used as unique global reference for CISA AA20-239A BeagleBoyz August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2020-08-26T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks |
Fast Flux - Welivesecurity
Albors, Josep. (2017, January 12). Fast Flux networks: What are they and how do they work?. Retrieved March 11, 2020.
Internal MISP references
UUID e232d739-663e-4878-b13b-9248cd81e657 which can be used as unique global reference for Fast Flux - Welivesecurity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-11T00:00:00Z |
| date_published | 2017-01-12T00:00:00Z |
| source | MITRE |
| title | Fast Flux networks: What are they and how do they work? |
MehtaFastFluxPt1
Mehta, L. (2014, December 17). Fast Flux Networks Working and Detection, Part 1. Retrieved March 6, 2017.
Internal MISP references
UUID 5f169cae-6b59-4879-9a8f-93fdcea5cc58 which can be used as unique global reference for MehtaFastFluxPt1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2014-12-17T00:00:00Z |
| source | MITRE |
| title | Fast Flux Networks Working and Detection, Part 1 |
MehtaFastFluxPt2
Mehta, L. (2014, December 23). Fast Flux Networks Working and Detection, Part 2. Retrieved March 6, 2017.
Internal MISP references
UUID f8a98e55-c91e-4b5e-b6f3-0065ef07375d which can be used as unique global reference for MehtaFastFluxPt2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2014-12-23T00:00:00Z |
| source | MITRE |
| title | Fast Flux Networks Working and Detection, Part 2 |
FBI-BEC
FBI. (2022). FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud. Retrieved August 18, 2023.
Internal MISP references
UUID 3388bfec-7822-56dc-a384-95aa79f42fe8 which can be used as unique global reference for FBI-BEC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud |
FBI Flash FIN7 USB
The Record. (2022, January 7). FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware. Retrieved January 14, 2022.
Internal MISP references
UUID 42dc957c-007b-4f90-88c6-1afd6d1032e8 which can be used as unique global reference for FBI Flash FIN7 USB in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-14T00:00:00Z |
| date_published | 2022-01-07T00:00:00Z |
| source | MITRE |
| title | FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware |
BleepingComputer USB
Ionut Ilascu. (2020, March 27). FBI: Hackers Sending Malicious USB Drives & Teddy Bears via USPS. Retrieved March 27, 2025.
Internal MISP references
UUID b36a077f-9e47-5bf3-a58a-ed5a08821de7 which can be used as unique global reference for BleepingComputer USB in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-27T00:00:00Z |
| date_published | 2020-03-27T00:00:00Z |
| source | MITRE |
| title | FBI: Hackers Sending Malicious USB Drives & Teddy Bears via USPS |
FBI Lazarus Stake.com Theft Attribution September 2023
FBI National Press Office. (2023, September 6). FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com. Retrieved September 13, 2023.
Internal MISP references
UUID d753c01c-c0f6-4382-ae79-5605a28c94d5 which can be used as unique global reference for FBI Lazarus Stake.com Theft Attribution September 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-13T00:00:00Z |
| date_published | 2023-09-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com |
VPNFilter Router
Tung, Liam. (2018, May 29). FBI to all router users: Reboot now to neuter Russia's VPNFilter malware. Retrieved March 7, 2024.
Internal MISP references
UUID 191bc704-3314-56c5-8f2d-dbbbb8afea2f which can be used as unique global reference for VPNFilter Router in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-07T00:00:00Z |
| date_published | 2018-05-29T00:00:00Z |
| source | MITRE |
| title | FBI to all router users: Reboot now to neuter Russia's VPNFilter malware |
Hakobyan 2009
Hakobyan, A. (2009, January 8). FDump - Dumping File Sectors Directly from Disk using Logical Offsets. Retrieved November 12, 2014.
Internal MISP references
UUID d92f6dc0-e902-4a4a-9083-8d1667a7003e which can be used as unique global reference for Hakobyan 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2009-01-08T00:00:00Z |
| source | MITRE |
| title | FDump - Dumping File Sectors Directly from Disk using Logical Offsets |
Google Federating GC
Google. (n.d.). Federating Google Cloud with Active Directory. Retrieved March 13, 2020.
Internal MISP references
UUID 4e17ca9b-5c98-409b-9496-7c37fe9ee837 which can be used as unique global reference for Google Federating GC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| source | MITRE |
| title | Federating Google Cloud with Active Directory |
Kaspersky Ferocious Kitten Jun 2021
GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021.
Internal MISP references
UUID b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50 which can be used as unique global reference for Kaspersky Ferocious Kitten Jun 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-06-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Ferocious Kitten: 6 Years of Covert Surveillance in Iran |
Fidelis njRAT June 2013
Fidelis Cybersecurity. (2013, June 28). Fidelis Threat Advisory #1009: "njRAT" Uncovered. Retrieved June 4, 2019.
Internal MISP references
UUID 6c985470-a923-48fd-82c9-9128b6d59bcb which can be used as unique global reference for Fidelis njRAT June 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2013-06-28T00:00:00Z |
| source | MITRE |
| title | Fidelis Threat Advisory #1009: "njRAT" Uncovered |
Fidelis INOCNATION
Fidelis Cybersecurity. (2015, December 16). Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign. Retrieved November 17, 2024.
Internal MISP references
UUID 9d9c0c71-d5a2-41e4-aa90-d1046e0742c7 which can be used as unique global reference for Fidelis INOCNATION in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2015-12-16T00:00:00Z |
| source | MITRE |
| title | Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign |
Securelist fileless attacks Feb 2017
Kaspersky Lab's Global Research and Analysis Team. (2017, February 8). Fileless attacks against enterprise networks. Retrieved February 8, 2017.
Internal MISP references
UUID b58d9c32-89c5-449a-88e7-1c7dd3f8380e which can be used as unique global reference for Securelist fileless attacks Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-08T00:00:00Z |
| date_published | 2017-02-08T00:00:00Z |
| source | MITRE |
| title | Fileless attacks against enterprise networks |
Airbus Security Kovter Analysis
Dove, A. (2016, March 23). Fileless Malware – A Behavioural Analysis Of Kovter Persistence. Retrieved December 5, 2017.
Internal MISP references
UUID a8420828-9e00-45a1-90d7-a37f898204f9 which can be used as unique global reference for Airbus Security Kovter Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-05T00:00:00Z |
| date_published | 2016-03-23T00:00:00Z |
| source | MITRE |
| title | Fileless Malware – A Behavioural Analysis Of Kovter Persistence |
Sysdig Fileless Malware 23022
Nicholas Lang. (2022, May 3). Fileless malware mitigation. Retrieved September 24, 2024.
Internal MISP references
UUID d728b343-3256-55ff-9491-f66b98c16226 which can be used as unique global reference for Sysdig Fileless Malware 23022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-24T00:00:00Z |
| date_published | 2022-05-03T00:00:00Z |
| source | MITRE |
| title | Fileless malware mitigation |
Microsoft Fileless
Microsoft. (2023, February 6). Fileless threats. Retrieved March 23, 2023.
Internal MISP references
UUID 263fc1ab-f928-583f-986d-1e1bae9b3c85 which can be used as unique global reference for Microsoft Fileless in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-23T00:00:00Z |
| date_published | 2023-02-06T00:00:00Z |
| source | MITRE |
| title | Fileless threats |
enigma0x3 Fileless UAC Bypass
Nelson, M. (2016, August 15). "Fileless" UAC Bypass using eventvwr.exe and Registry Hijacking. Retrieved December 27, 2016.
Internal MISP references
UUID 74b16ca4-9494-4f10-97c5-103a8521818f which can be used as unique global reference for enigma0x3 Fileless UAC Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-12-27T00:00:00Z |
| date_published | 2016-08-15T00:00:00Z |
| source | MITRE |
| title | "Fileless" UAC Bypass using eventvwr.exe and Registry Hijacking |
enigma0x3 sdclt bypass
Nelson, M. (2017, March 17). "Fileless" UAC Bypass Using sdclt.exe. Retrieved May 25, 2017.
Internal MISP references
UUID 5e5597e2-ea05-41e0-8752-ca95a89a5aa3 which can be used as unique global reference for enigma0x3 sdclt bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-25T00:00:00Z |
| date_published | 2017-03-17T00:00:00Z |
| source | MITRE |
| title | "Fileless" UAC Bypass Using sdclt.exe |
Microsoft File Mgmt
Microsoft. (2018, May 31). File Management (Local File Systems). Retrieved September 28, 2021.
Internal MISP references
UUID e6d84416-5808-4e7d-891b-ba67dada8726 which can be used as unique global reference for Microsoft File Mgmt in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | File Management (Local File Systems) |
Microsoft File Streams
Microsoft. (n.d.). File Streams. Retrieved September 12, 2024.
Internal MISP references
UUID ef3f58da-e735-4b1d-914c-fafabb7439bf which can be used as unique global reference for Microsoft File Streams in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| source | MITRE |
| title | File Streams |
file_upload_attacks_pt2
YesWeRHackers. (2021, June 16). File Upload Attacks (Part 2). Retrieved August 23, 2022.
Internal MISP references
UUID 4f7c7d6c-ad56-594f-bcb8-79523f436f2c which can be used as unique global reference for file_upload_attacks_pt2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-23T00:00:00Z |
| date_published | 2021-06-16T00:00:00Z |
| source | MITRE |
| title | File Upload Attacks (Part 2) |
Microsoft GPO Security Filtering
Microsoft. (2018, May 30). Filtering the Scope of a GPO. Retrieved March 13, 2019.
Internal MISP references
UUID 327caed7-a53f-4245-8774-a9f170932012 which can be used as unique global reference for Microsoft GPO Security Filtering in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-13T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Filtering the Scope of a GPO |
FireEye FIN10 June 2017
FireEye iSIGHT Intelligence. (2017, June 16). FIN10: Anatomy of a Cyber Extortion Operation. Retrieved November 17, 2024.
Internal MISP references
UUID 9d5c3956-7169-48d5-b4d0-f7a56a742adf which can be used as unique global reference for FireEye FIN10 June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2017-06-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | FIN10: Anatomy of a Cyber Extortion Operation |
Mandiant FIN12 Group Profile October 07 2021
Joshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly. (2021, October 7). FIN12 Group Profile. Retrieved September 22, 2023.
Internal MISP references
UUID 7af84b3d-bbd6-449f-b29b-2f14591c9f05 which can be used as unique global reference for Mandiant FIN12 Group Profile October 07 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-22T00:00:00Z |
| date_published | 2021-10-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN12 Group Profile |
Mandiant FIN12 Oct 2021
Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.
Internal MISP references
UUID 4514d7cc-b999-5711-a398-d90e5d3570f2 which can be used as unique global reference for Mandiant FIN12 Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-15T00:00:00Z |
| date_published | 2021-10-07T00:00:00Z |
| source | MITRE |
| title | FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets |
CERTFR-2023-CTI-007
CERT-FR. (2023, September 18). FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel. Retrieved September 21, 2023.
Internal MISP references
UUID 0f4a03c5-79b3-418e-a77d-305d5a32caca which can be used as unique global reference for CERTFR-2023-CTI-007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| date_published | 2023-09-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel |
Google Cloud Threat Intelligence FIN13 2021
Van Ta, Jake Nicastro, Rufus Brown, and Nick Richard. (2021, December 7). FIN13: A Cybercriminal Threat Actor Focused on Mexico. Retrieved March 18, 2025.
Internal MISP references
UUID 375f6383-cdba-5d93-866e-b0ab062253a4 which can be used as unique global reference for Google Cloud Threat Intelligence FIN13 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-18T00:00:00Z |
| date_published | 2021-12-07T00:00:00Z |
| source | MITRE |
| title | FIN13: A Cybercriminal Threat Actor Focused on Mexico |
Mandiant FIN13 Aug 2022
Ta, V., et al. (2022, August 8). FIN13: A Cybercriminal Threat Actor Focused on Mexico. Retrieved February 9, 2023.
Internal MISP references
UUID ebd9d479-1954-5a4a-b7f0-d5372489733c which can be used as unique global reference for Mandiant FIN13 Aug 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-09T00:00:00Z |
| date_published | 2022-08-08T00:00:00Z |
| source | MITRE |
| title | FIN13: A Cybercriminal Threat Actor Focused on Mexico |
FireEye FIN4 Stealing Insider NOV 2014
Dennesen, K. et al.. (2014, November 30). FIN4: Stealing Insider Information for an Advantage in Stock Trading?. Retrieved November 17, 2024.
Internal MISP references
UUID b27f1040-46e5-411a-b238-0b40f6160680 which can be used as unique global reference for FireEye FIN4 Stealing Insider NOV 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2014-11-30T00:00:00Z |
| source | MITRE |
| title | FIN4: Stealing Insider Information for an Advantage in Stock Trading? |
Visa FIN6 Feb 2019
Visa Public. (2019, February). FIN6 Cybercrime Group Expands Threat to eCommerce Merchants. Retrieved September 16, 2019.
Internal MISP references
UUID 9e9e8811-1d8e-4400-8688-e634f859c4e0 which can be used as unique global reference for Visa FIN6 Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-16T00:00:00Z |
| date_published | 2019-02-01T00:00:00Z |
| source | MITRE |
| title | FIN6 Cybercrime Group Expands Threat to eCommerce Merchants |
SentinelOne FrameworkPOS September 2019
Kremez, V. (2019, September 19). FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals. Retrieved September 8, 2020.
Internal MISP references
UUID 054d7827-3d0c-40a7-b2a0-1428ad7729ea which can be used as unique global reference for SentinelOne FrameworkPOS September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-08T00:00:00Z |
| date_published | 2019-09-19T00:00:00Z |
| source | MITRE |
| title | FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals |
SecureList Griffon May 2019
Namestnikov, Y. and Aime, F. (2019, May 8). FIN7.5: the infamous cybercrime rig “FIN7” continues its activities. Retrieved October 11, 2019.
Internal MISP references
UUID 42e196e4-42a7-427d-a69b-d78fa6375f8c which can be used as unique global reference for SecureList Griffon May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2019-05-08T00:00:00Z |
| source | MITRE |
| title | FIN7.5: the infamous cybercrime rig “FIN7” continues its activities |
Threatpost Lizar May 2021
Seals, T. (2021, May 14). FIN7 Backdoor Masquerades as Ethical Hacking Tool. Retrieved February 2, 2022.
Internal MISP references
UUID 1b89f62f-586d-4dee-b6dd-e5a5cd090a0e which can be used as unique global reference for Threatpost Lizar May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-02T00:00:00Z |
| date_published | 2021-05-14T00:00:00Z |
| source | MITRE |
| title | FIN7 Backdoor Masquerades as Ethical Hacking Tool |
The Hacker News April 2 2025
The Hacker News. (2025, April 2). FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites. Retrieved April 7, 2025.
Internal MISP references
UUID 22857eb3-b5f7-4677-bf5c-bc993f483450 which can be used as unique global reference for The Hacker News April 2 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-07T00:00:00Z |
| date_published | 2025-04-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites |
FireEye FIN7 April 2017
Carr, N., et al. (2017, April 24). FIN7 Evolution and the Phishing LNK. Retrieved April 24, 2017.
Internal MISP references
UUID 6ee27fdb-1753-4fdf-af72-3295b072ff10 which can be used as unique global reference for FireEye FIN7 April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-24T00:00:00Z |
| date_published | 2017-04-24T00:00:00Z |
| source | MITRE |
| title | FIN7 Evolution and the Phishing LNK |
The Hacker News March 7 2025
The Hacker News. (2025, March 7). FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations. Retrieved April 8, 2025.
Internal MISP references
UUID bef86725-c540-4241-bf3b-4b5a81aadebe which can be used as unique global reference for The Hacker News March 7 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-08T00:00:00Z |
| date_published | 2025-03-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations |
Mandiant FIN7 Apr 2022
Abdo, B., et al. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved April 5, 2022.
Internal MISP references
UUID be9919c0-ca52-593b-aea0-c5e9a262b570 which can be used as unique global reference for Mandiant FIN7 Apr 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-05T00:00:00Z |
| date_published | 2022-04-04T00:00:00Z |
| source | MITRE |
| title | FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 |
Mandiant FIN7 April 4 2022
Bryce Abdo, Zander Work, Ioana Teaca, Brendan McKeague. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved May 25, 2023.
Internal MISP references
UUID fbc3ea90-d3d4-440e-964d-6cd2e991df0c which can be used as unique global reference for Mandiant FIN7 April 4 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-25T00:00:00Z |
| date_published | 2022-04-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 |
SentinelOne July 14 2024
Antonio Cocomazzi. (2024, July 14). FIN7 Reboot . Retrieved April 8, 2025.
Internal MISP references
UUID b5453789-65b5-4057-84ce-14097f5215d7 which can be used as unique global reference for SentinelOne July 14 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-08T00:00:00Z |
| date_published | 2024-07-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN7 Reboot |
Gemini FIN7 Oct 2021
Gemini Advisory. (2021, October 21). FIN7 Recruits Talent For Push Into Ransomware. Retrieved February 2, 2022.
Internal MISP references
UUID bbaef178-8577-4398-8e28-604faf0950b4 which can be used as unique global reference for Gemini FIN7 Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-02T00:00:00Z |
| date_published | 2021-10-21T00:00:00Z |
| source | MITRE |
| title | FIN7 Recruits Talent For Push Into Ransomware |
Flashpoint FIN 7 March 2019
Platt, J. and Reeves, J.. (2019, March). FIN7 Revisited: Inside Astra Panel and SQLRat Malware. Retrieved June 18, 2019.
Internal MISP references
UUID b09453a3-c0df-4e96-b399-e7b34e068e9d which can be used as unique global reference for Flashpoint FIN 7 March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-18T00:00:00Z |
| date_published | 2019-03-01T00:00:00Z |
| source | MITRE |
| title | FIN7 Revisited: Inside Astra Panel and SQLRat Malware |
FireEye FIN7 March 2017
Miller, S., et al. (2017, March 7). FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings. Retrieved March 8, 2017.
Internal MISP references
UUID 7987bb91-ec41-42f8-bd2d-dabc26509a08 which can be used as unique global reference for FireEye FIN7 March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-08T00:00:00Z |
| date_published | 2017-03-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings |
Morphisec FIN7 June 2017
Gorelik, M.. (2017, June 9). FIN7 Takes Another Bite at the Restaurant Industry. Retrieved July 13, 2017.
Internal MISP references
UUID 3831173c-7c67-4f16-b652-ad992a7ce411 which can be used as unique global reference for Morphisec FIN7 June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-13T00:00:00Z |
| date_published | 2017-06-09T00:00:00Z |
| source | MITRE |
| title | FIN7 Takes Another Bite at the Restaurant Industry |
Esentire 5 8 2024
Esentire Threat Response Unit. (2024, May 8). FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX…. Retrieved May 14, 2024.
Internal MISP references
UUID 67c3a7ed-e2e2-4566-aca7-61e766f177bf which can be used as unique global reference for Esentire 5 8 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-14T00:00:00Z |
| date_published | 2024-05-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX… |
CyberScoop FIN7 Oct 2017
Waterman, S. (2017, October 16). Fin7 weaponization of DDE is just their latest slick move, say researchers. Retrieved November 21, 2017.
Internal MISP references
UUID e38adff1-7f53-4b0c-9d58-a4640b09b10d which can be used as unique global reference for CyberScoop FIN7 Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | Fin7 weaponization of DDE is just their latest slick move, say researchers |
BitDefender BADHATCH Mar 2021
Vrabie, V., et al. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved September 8, 2021.
Internal MISP references
UUID 958cfc9a-901c-549d-96c2-956272b240e3 which can be used as unique global reference for BitDefender BADHATCH Mar 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-08T00:00:00Z |
| date_published | 2021-03-10T00:00:00Z |
| source | MITRE |
| title | FIN8 Returns with Improved BADHATCH Toolkit |
Bitdefender FIN8 BADHATCH Report
Bitdefender. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved October 30, 2023.
Internal MISP references
UUID 501b6391-e09e-47dc-9cfc-c8ed4c034aca which can be used as unique global reference for Bitdefender FIN8 BADHATCH Report in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-30T00:00:00Z |
| date_published | 2021-03-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN8 Returns with Improved BADHATCH Toolkit |
Bitdefender Sardonic Aug 2021
Budaca, E., et al. (2021, August 25). FIN8 Threat Actor Goes Agile with New Sardonic Backdoor. Retrieved August 9, 2023.
Internal MISP references
UUID 8e9d05c9-6783-5738-ac85-a444810a8074 which can be used as unique global reference for Bitdefender Sardonic Aug 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-09T00:00:00Z |
| date_published | 2021-08-25T00:00:00Z |
| source | MITRE |
| title | FIN8 Threat Actor Goes Agile with New Sardonic Backdoor |
Symantec FIN8 Jul 2023
Symantec Threat Hunter Team. (2023, July 18). FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware. Retrieved August 9, 2023.
Internal MISP references
UUID 9b08b7f0-1a33-5d76-817f-448fac0d165a which can be used as unique global reference for Symantec FIN8 Jul 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-09T00:00:00Z |
| date_published | 2023-07-18T00:00:00Z |
| source | MITRE |
| title | FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware |
Elastic FINALDRAFT February 12 2025
Cyril François, Jia Yu Chan, Salim Bitam, Daniel Stepanic. (2025, February 12). FINALDRAFT Hides in Your Drafts. Retrieved February 14, 2025.
Internal MISP references
UUID ca0b8373-53d0-4367-ad31-05fbcdfd9cff which can be used as unique global reference for Elastic FINALDRAFT February 12 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-14T00:00:00Z |
| date_published | 2025-02-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FINALDRAFT Hides in Your Drafts |
DiginotarCompromise
Fisher, D. (2012, October 31). Final Report on DigiNotar Hack Shows Total Compromise of CA Servers. Retrieved March 6, 2017.
Internal MISP references
UUID 3c9b7b9a-d30a-4865-a96c-6e68d9e20452 which can be used as unique global reference for DiginotarCompromise in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2012-10-31T00:00:00Z |
| source | MITRE |
| title | Final Report on DigiNotar Hack Shows Total Compromise of CA Servers |
FireEye Financial Actors Moving into OT
Brubaker, N. Zafra, D. K. Lunden, K. Proska, K. Hildebrandt, C.. (2020, July 15). Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families. Retrieved February 15, 2021.
Internal MISP references
UUID 4bd514b8-1f79-4946-b001-110ce5cf29a9 which can be used as unique global reference for FireEye Financial Actors Moving into OT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-15T00:00:00Z |
| date_published | 2020-07-15T00:00:00Z |
| source | MITRE |
| title | Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families |
MITRECND FindAPIHash
Jason (jxb5151). (2021, January 28). findapihash.py. Retrieved August 22, 2022.
Internal MISP references
UUID 2260f0a1-2a6c-4373-9e3a-624fd89446e3 which can be used as unique global reference for MITRECND FindAPIHash in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-22T00:00:00Z |
| date_published | 2021-01-28T00:00:00Z |
| source | MITRE |
| title | findapihash.py |
Expel IO Evil in AWS
A. Randazzo, B. Manahan and S. Lipton. (2020, April 28). Finding Evil in AWS. Retrieved June 25, 2020.
Internal MISP references
UUID 4c2424d6-670b-4db0-a752-868b4c954e29 which can be used as unique global reference for Expel IO Evil in AWS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2020-04-28T00:00:00Z |
| source | MITRE |
| title | Finding Evil in AWS |
Evil WMI
Chad Tilbury. (2023, May 22). Finding Evil WMI Event Consumers with Disk Forensics. Retrieved February 9, 2024.
Internal MISP references
UUID ee46fd07-3df3-50f6-b922-263f031ee23f which can be used as unique global reference for Evil WMI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-09T00:00:00Z |
| date_published | 2023-05-22T00:00:00Z |
| source | MITRE |
| title | Finding Evil WMI Event Consumers with Disk Forensics |
SANS Decrypting SSL
Butler, M. (2013, November). Finding Hidden Threats by Decrypting SSL. Retrieved April 5, 2016.
Internal MISP references
UUID d251a79b-8516-41a7-b394-47a761d0ab3b which can be used as unique global reference for SANS Decrypting SSL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-05T00:00:00Z |
| date_published | 2013-11-01T00:00:00Z |
| source | MITRE |
| title | Finding Hidden Threats by Decrypting SSL |
ADSecurity Finding Passwords in SYSVOL
Sean Metcalf. (2015, December 28). Finding Passwords in SYSVOL & Exploiting Group Policy Preferences. Retrieved February 17, 2020.
Internal MISP references
UUID 538def90-5de4-4b8c-b535-0e2570ba1841 which can be used as unique global reference for ADSecurity Finding Passwords in SYSVOL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-17T00:00:00Z |
| date_published | 2015-12-28T00:00:00Z |
| source | MITRE |
| title | Finding Passwords in SYSVOL & Exploiting Group Policy Preferences |
Findstr.exe - LOLBAS Project
LOLBAS. (2018, May 25). Findstr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID fc4b7b28-ac74-4a8f-a39d-ce55df5fca08 which can be used as unique global reference for Findstr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Findstr.exe |
FinFisher Citation
FinFisher. (n.d.). Retrieved September 12, 2024.
Internal MISP references
UUID 6ef0b8d8-ba98-49ce-807d-5a85d111b027 which can be used as unique global reference for FinFisher Citation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-12T00:00:00Z |
| source | MITRE |
| title | FinFisher Citation |
Microsoft FinFisher March 2018
Allievi, A.,Flori, E. (2018, March 01). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved July 9, 2018.
Internal MISP references
UUID 88c97a9a-ef14-4695-bde0-9de2b5f5343b which can be used as unique global reference for Microsoft FinFisher March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-09T00:00:00Z |
| date_published | 2018-03-01T00:00:00Z |
| source | MITRE |
| title | FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines |
FinFisher exposed
Microsoft Defender Security Research Team. (2018, March 1). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved January 27, 2022.
Internal MISP references
UUID b2f4541e-f981-4b25-abf4-1bec92b16faa which can be used as unique global reference for FinFisher exposed in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-27T00:00:00Z |
| date_published | 2018-03-01T00:00:00Z |
| source | MITRE |
| title | FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines |
Finger.exe - LOLBAS Project
LOLBAS. (2021, August 30). Finger.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e32d01eb-d904-43dc-a7e2-bdcf42f3ebb2 which can be used as unique global reference for Finger.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Finger.exe |
FireEye Cyber Threats to Media Industries
FireEye. (n.d.). Retrieved November 17, 2024.
Internal MISP references
UUID 7b9bd753-01b7-4923-9964-19c59123ace2 which can be used as unique global reference for FireEye Cyber Threats to Media Industries in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| source | MITRE |
| title | FireEye Cyber Threats to Media Industries |
FireEye DLL Side-Loading
Amanda Steward. (2014). FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry. Retrieved March 13, 2020.
Internal MISP references
UUID 9d58bcbb-5b96-4e12-8ff2-e0b084c3eb8c which can be used as unique global reference for FireEye DLL Side-Loading in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry |
FireEye Shamoon Nov 2016
FireEye. (2016, November 30). FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region. Retrieved November 17, 2024.
Internal MISP references
UUID 44b2eb6b-4902-4ca0-80e5-7333d620e075 which can be used as unique global reference for FireEye Shamoon Nov 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2016-11-30T00:00:00Z |
| source | MITRE |
| title | FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region |
FireEye Ryuk and Trickbot January 2019
Goody, K., et al (2019, January 11). A Nasty Trick: From Credential Theft Malware to Business Disruption. Retrieved May 12, 2020.
Internal MISP references
UUID b29dc755-f1f0-4206-9ecf-29257a1909ee which can be used as unique global reference for FireEye Ryuk and Trickbot January 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-12T00:00:00Z |
| source | MITRE |
| title | FireEye Ryuk and Trickbot January 2019 |
DarkReading FireEye SolarWinds
Kelly Jackson Higgins. (2021, January 7). FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack. Retrieved April 18, 2022.
Internal MISP references
UUID a662c764-8954-493f-88e5-e022e093a785 which can be used as unique global reference for DarkReading FireEye SolarWinds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-18T00:00:00Z |
| date_published | 2021-01-07T00:00:00Z |
| source | MITRE |
| title | FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack |
FireEye FinSpy Sept 2017
Jiang, G., et al. (2017, September 12). FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY. Retrieved February 15, 2018.
Internal MISP references
UUID 142cf7a3-2ca2-4cf3-b95a-9f4b3bc1cdce which can be used as unique global reference for FireEye FinSpy Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-09-12T00:00:00Z |
| source | MITRE |
| title | FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY |
RiskIQ Cobalt Jan 2018
Klijnsma, Y.. (2018, January 16). First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks. Retrieved October 10, 2018.
Internal MISP references
UUID 7d48b679-d44d-466e-b12b-16f0f9858d15 which can be used as unique global reference for RiskIQ Cobalt Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-10T00:00:00Z |
| date_published | 2018-01-16T00:00:00Z |
| source | MITRE |
| title | First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks |
Chrome Extension Crypto Miner
Brinkmann, M. (2017, September 19). First Chrome extension with JavaScript Crypto Miner detected. Retrieved November 16, 2017.
Internal MISP references
UUID ae28f530-40da-451e-89b8-b472340c3e0a which can be used as unique global reference for Chrome Extension Crypto Miner in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-16T00:00:00Z |
| date_published | 2017-09-19T00:00:00Z |
| source | MITRE |
| title | First Chrome extension with JavaScript Crypto Miner detected |
Aquasec Kubernetes Backdoor 2023
Michael Katchinskiy and Assaf Morag. (2023, April 21). First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. Retrieved March 24, 2025.
Internal MISP references
UUID aadaacda-ac83-533b-b908-4b8a35daa2ce which can be used as unique global reference for Aquasec Kubernetes Backdoor 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-24T00:00:00Z |
| date_published | 2023-04-21T00:00:00Z |
| source | MITRE |
| title | First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters |
Aquasec Kubernetes Attack 2023
Michael Katchinskiy, Assaf Morag. (2023, April 21). First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. Retrieved July 14, 2023.
Internal MISP references
UUID 6d6e2fc8-9806-5480-bfaa-a43a962a4980 which can be used as unique global reference for Aquasec Kubernetes Attack 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-14T00:00:00Z |
| date_published | 2023-04-21T00:00:00Z |
| source | MITRE |
| title | First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters |
ESET-Twitoor
ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.
Internal MISP references
UUID 845896a6-b21d-489d-b75c-1e35b3ec78e0 which can be used as unique global reference for ESET-Twitoor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-12-22T00:00:00Z |
| date_published | 2016-08-24T00:00:00Z |
| source | MITRE |
| title | First Twitter-controlled Android botnet discovered |
Microsoft Azure AD Admin Consent
Baldwin, M., Flores, J., Kess, B.. (2018, June 17). Five steps to securing your identity infrastructure. Retrieved October 4, 2019.
Internal MISP references
UUID 3a0c4458-c8ec-44f9-95cc-0eb136a927cb which can be used as unique global reference for Microsoft Azure AD Admin Consent in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2018-06-17T00:00:00Z |
| source | MITRE |
| title | Five steps to securing your identity infrastructure |
NTT Security Flagpro new December 2021
Hada, H. (2021, December 28). Flagpro The new malware used by BlackTech. Retrieved March 25, 2022.
Internal MISP references
UUID c0f523fa-7f3b-4c85-b48f-19ae770e9f3b which can be used as unique global reference for NTT Security Flagpro new December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2021-12-28T00:00:00Z |
| source | MITRE |
| title | Flagpro The new malware used by BlackTech |
Kaspersky Flame Functionality
Gostev, A. (2012, May 30). Flame: Bunny, Frog, Munch and BeetleJuice…. Retrieved March 1, 2017.
Internal MISP references
UUID c7d030ad-0ecf-458f-85d4-93778d759dc1 which can be used as unique global reference for Kaspersky Flame Functionality in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2012-05-30T00:00:00Z |
| source | MITRE |
| title | Flame: Bunny, Frog, Munch and BeetleJuice… |
Crysys Skywiper
sKyWIper Analysis Team. (2012, May 31). sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks. Retrieved September 6, 2018.
Internal MISP references
UUID ea35f530-b0fd-4e27-a7a9-6ba41566154c which can be used as unique global reference for Crysys Skywiper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-06T00:00:00Z |
| source | MITRE |
| title | Flamer): A complex malware for targeted attacks |
Symantec Beetlejuice
Symantec Security Response. (2012, May 31). Flamer: A Recipe for Bluetoothache. Retrieved February 25, 2017.
Internal MISP references
UUID 691ada65-fe64-4917-b379-1db2573eea32 which can be used as unique global reference for Symantec Beetlejuice in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-25T00:00:00Z |
| date_published | 2012-05-31T00:00:00Z |
| source | MITRE |
| title | Flamer: A Recipe for Bluetoothache |
Microsoft Flax Typhoon August 24 2023
Microsoft Threat Intelligence. (2023, August 24). Flax Typhoon using legitimate software to quietly access Taiwanese organizations. Retrieved August 28, 2023.
Internal MISP references
UUID ec962b72-7b7f-4f7e-b6d6-7c5380b07201 which can be used as unique global reference for Microsoft Flax Typhoon August 24 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-28T00:00:00Z |
| date_published | 2023-08-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Flax Typhoon using legitimate software to quietly access Taiwanese organizations |
fltMC.exe - LOLBAS Project
LOLBAS. (2021, September 18). fltMC.exe. Retrieved December 4, 2023.
Internal MISP references
UUID cf9b4bd3-92f0-405b-85e7-95e65d548b79 which can be used as unique global reference for fltMC.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | fltMC.exe |
IranThreats Kittens Dec 2017
Iran Threats . (2017, December 5). Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code. Retrieved May 28, 2020.
Internal MISP references
UUID 8338ad75-89f2-47d8-b85b-7cbf331bd7cd which can be used as unique global reference for IranThreats Kittens Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-28T00:00:00Z |
| date_published | 2017-12-05T00:00:00Z |
| source | MITRE |
| title | Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code |
MSTIC FoggyWeb September 2021
Ramin Nafisi. (2021, September 27). FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor. Retrieved October 4, 2021.
Internal MISP references
UUID 1ef61100-c5e7-4725-8456-e508c5f6d68a which can be used as unique global reference for MSTIC FoggyWeb September 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2021-09-27T00:00:00Z |
| source | MITRE |
| title | FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor |
Following the CloudTrail: Generating strong AWS security signals with Sumo Logic
Dan Whalen. (2019, September 10). Following the CloudTrail: Generating strong AWS security signals with Sumo Logic. Retrieved October 16, 2020.
Internal MISP references
UUID 96560211-59b3-4eae-b8a3-2f988f6fdca3 which can be used as unique global reference for Following the CloudTrail: Generating strong AWS security signals with Sumo Logic in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| date_published | 2019-09-10T00:00:00Z |
| source | MITRE |
| title | Following the CloudTrail: Generating strong AWS security signals with Sumo Logic |
Group IB RTM August 2019
Skulkin, O. (2019, August 5). Following the RTM Forensic examination of a computer infected with a banking trojan. Retrieved May 11, 2020.
Internal MISP references
UUID 739da2f2-2aea-4f65-bc4d-ec6723f90520 which can be used as unique global reference for Group IB RTM August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-11T00:00:00Z |
| date_published | 2019-08-05T00:00:00Z |
| source | MITRE |
| title | Following the RTM Forensic examination of a computer infected with a banking trojan |
TrendMicro BlackTech June 2017
Bermejo, L., et al. (2017, June 22). Following the Trail of BlackTech’s Cyber Espionage Campaigns. Retrieved May 5, 2020.
Internal MISP references
UUID abb9cb19-d30e-4048-b106-eb29a6dad7fc which can be used as unique global reference for TrendMicro BlackTech June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-05T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Following the Trail of BlackTech’s Cyber Espionage Campaigns |
FireEye FIN6 April 2016
FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved November 17, 2024.
Internal MISP references
UUID 8c0997e1-b285-42dd-9492-75065eac8f8b which can be used as unique global reference for FireEye FIN6 April 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-17T00:00:00Z |
| date_published | 2016-04-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6 |
ESET FontOnLake Analysis 2021
Vladislav Hrčka. (2021, January 1). FontOnLake. Retrieved September 27, 2023.
Internal MISP references
UUID dbcced87-91ee-514f-98c8-29a85d967384 which can be used as unique global reference for ESET FontOnLake Analysis 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | FontOnLake |
amnesty_nso_pegasus
Amnesty International Security Lab. (2021, July 18). Forensic Methodology Report: How to catch NSO Group’s Pegasus. Retrieved February 22, 2022.
Internal MISP references
UUID 9e40d93a-fe91-504a-a6f2-e6546067ba53 which can be used as unique global reference for amnesty_nso_pegasus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-22T00:00:00Z |
| date_published | 2021-07-18T00:00:00Z |
| source | MITRE |
| title | Forensic Methodology Report: How to catch NSO Group’s Pegasus |
Microsoft Forfiles Aug 2016
Microsoft. (2016, August 31). Forfiles. Retrieved January 22, 2018.
Internal MISP references
UUID fd7eaa47-3512-4dbd-b881-bc679d06cd1b which can be used as unique global reference for Microsoft Forfiles Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Forfiles |
Forfiles.exe - LOLBAS Project
LOLBAS. (2018, May 25). Forfiles.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9e2c3833-b667-431c-a9e5-1b412583cc5a which can be used as unique global reference for Forfiles.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Forfiles.exe |
Mandiant Log4Shell March 28 2022
Geoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur. (2022, March 28). Forged in Fire: A Survey of MobileIron Log4Shell Exploitation. Retrieved November 1, 2023.
Internal MISP references
UUID 62d4d685-09c4-47b6-865c-4a6096e551cd which can be used as unique global reference for Mandiant Log4Shell March 28 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-01T00:00:00Z |
| date_published | 2022-03-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Forged in Fire: A Survey of MobileIron Log4Shell Exploitation |
Proofpoint March 24 2023
Proofpoint. (2023, March 24). Fork in the Ice: The New Era of IcedID | Proofpoint US. Retrieved May 10, 2023.
Internal MISP references
UUID 71d5e4ce-3785-48f9-9566-fe5151ad6dc2 which can be used as unique global reference for Proofpoint March 24 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-10T00:00:00Z |
| date_published | 2023-03-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Fork in the Ice: The New Era of IcedID |
Symantec Seaduke 2015
Symantec Security Response. (2015, July 13). “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory. Retrieved July 22, 2015.
Internal MISP references
UUID 5ec05c01-8767-44c1-9855-e1b0e5ee0002 which can be used as unique global reference for Symantec Seaduke 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-07-22T00:00:00Z |
| date_published | 2015-07-13T00:00:00Z |
| source | MITRE |
| title | “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory |
Register Uber
McCarthy, K. (2015, February 28). FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers. Retrieved October 19, 2020.
Internal MISP references
UUID 89b85928-a962-4230-875c-63742b3c9d37 which can be used as unique global reference for Register Uber in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2015-02-28T00:00:00Z |
| source | MITRE |
| title | FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers |
format_cmd_cisco
Cisco. (2022, August 16). format - Cisco IOS Configuration Fundamentals Command Reference. Retrieved July 13, 2022.
Internal MISP references
UUID 9442e08d-0858-5aa5-b642-a6b1e46018bc which can be used as unique global reference for format_cmd_cisco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | format - Cisco IOS Configuration Fundamentals Command Reference |
Quick Heal Blog February 17 2023
Quick Heal Blog. (2023, February 17). FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data. Retrieved May 7, 2023.
Internal MISP references
UUID 02233ce3-abb2-4aed-95b8-56b65c68a665 which can be used as unique global reference for Quick Heal Blog February 17 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2023-02-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data |
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
ALEXANDER MARVI, BRAD SLAYBAUGH, DAN EBREO, TUFAIL AHMED, MUHAMMAD UMAIR, TINA JOHNSON. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved May 15, 2023.
Internal MISP references
UUID a43dd8ce-23d6-5768-8522-6973dc45e1ac which can be used as unique global reference for Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-15T00:00:00Z |
| date_published | 2023-03-16T00:00:00Z |
| source | MITRE |
| title | Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation |
Mandiant Fortinet Zero Day
Marvi, A. et al.. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved March 22, 2023.
Internal MISP references
UUID 7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7 which can be used as unique global reference for Mandiant Fortinet Zero Day in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-22T00:00:00Z |
| date_published | 2023-03-16T00:00:00Z |
| source | MITRE |
| title | Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation |
Fortra Core Certified Exploit Library
Fortra. (n.d.). Fortra Core Certified Exploit Library. Retrieved April 8, 2025.
Internal MISP references
UUID b8a97e81-a415-4689-9698-20ed0691dd6c which can be used as unique global reference for Fortra Core Certified Exploit Library in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Fortra Core Certified Exploit Library |
macOS Foundation
Apple. (n.d.). Foundation. Retrieved July 1, 2020.
Internal MISP references
UUID ea194268-0a8f-4494-be09-ef5f679f68fe which can be used as unique global reference for macOS Foundation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-01T00:00:00Z |
| source | MITRE |
| title | Foundation |
SentinelOne Lazarus macOS July 2020
Stokes, P. (2020, July 27). Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform. Retrieved August 7, 2020.
Internal MISP references
UUID 489c52a2-34cc-47ff-b42b-9d48f83b9e90 which can be used as unique global reference for SentinelOne Lazarus macOS July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-07T00:00:00Z |
| date_published | 2020-07-27T00:00:00Z |
| source | MITRE |
| title | Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform |
DOJ Russia Targeting Critical Infrastructure March 2022
Department of Justice. (2022, March 24). Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide. Retrieved April 5, 2022.
Internal MISP references
UUID 768a0ec6-b767-4044-acad-82834508640f which can be used as unique global reference for DOJ Russia Targeting Critical Infrastructure March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-05T00:00:00Z |
| date_published | 2022-03-24T00:00:00Z |
| source | MITRE |
| title | Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide |
ClearkSky Fox Kitten February 2020
ClearSky. (2020, February 16). Fox Kitten – Widespread Iranian Espionage-Offensive Campaign. Retrieved December 21, 2020.
Internal MISP references
UUID a5ad6321-897a-4adc-9cdd-034a2538e3d6 which can be used as unique global reference for ClearkSky Fox Kitten February 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| date_published | 2020-02-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Fox Kitten – Widespread Iranian Espionage-Offensive Campaign |
Security Affairs ANSSI APT28 OCT 2023
Paganini, P. (2023, October 27). France agency ANSSI warns of Russia-linked APT28 attacks on French entities. Retrieved December 3, 2024.
Internal MISP references
UUID 5189bf11-876d-54f2-8f3c-f6b2bfb2e7c6 which can be used as unique global reference for Security Affairs ANSSI APT28 OCT 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-03T00:00:00Z |
| date_published | 2023-10-27T00:00:00Z |
| source | MITRE |
| title | France agency ANSSI warns of Russia-linked APT28 attacks on French entities |
FSISAC FraudNetDoS September 2012
FS-ISAC. (2012, September 17). Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud. Retrieved September 23, 2024.
Internal MISP references
UUID 9c8772eb-6d1d-4742-a2db-a5e1006effaa which can be used as unique global reference for FSISAC FraudNetDoS September 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-23T00:00:00Z |
| date_published | 2012-09-17T00:00:00Z |
| source | MITRE |
| title | Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud |
MalwareBytes Ngrok February 2020
Segura, J. (2020, February 26). Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server. Retrieved September 15, 2020.
Internal MISP references
UUID 531206c7-11ec-46bf-a35c-0464244a58c9 which can be used as unique global reference for MalwareBytes Ngrok February 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-15T00:00:00Z |
| date_published | 2020-02-26T00:00:00Z |
| source | MITRE |
| title | Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server |
WSJ-Vishing-AI24
Catherine Stupp. (2019, August 30). Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime Case. Retrieved March 18, 2025.
Internal MISP references
UUID 6b4b1fa8-e84b-58f7-b9d6-05af143049fe which can be used as unique global reference for WSJ-Vishing-AI24 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-03-18T00:00:00Z |
| date_published | 2019-08-30T00:00:00Z |
| source | MITRE |
| title | Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime Case |
Secureworks North Korea IT Workers October 16 2024
Counter Threat Unit Research Team. (2024, October 16). Fraudulent North Korean IT Worker Schemes: From Insider Threats to Extortion. Retrieved May 29, 2025.
Internal MISP references
UUID 0eff6062-2b77-414b-a26e-fb0c2958d80d which can be used as unique global reference for Secureworks North Korea IT Workers October 16 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-29T00:00:00Z |
| date_published | 2024-10-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Fraudulent North Korean IT Worker Schemes: From Insider Threats to Extortion |
Microsoft Frequent freeloader part II
Microsoft Threat Intelligence. (2024, December 11). Frequent freeloader part II. Retrieved February 12, 2025.
Internal MISP references
UUID ac413fbf-766c-41f4-8a48-2ade5913e6ea which can be used as unique global reference for Microsoft Frequent freeloader part II in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-02-12T00:00:00Z |
| date_published | 2024-12-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Frequent freeloader part II |
Akami Frog4Shell 2024
Ori David. (2024, February 1). Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal. Retrieved September 24, 2024.
Internal MISP references
UUID c67a2ccb-7abf-5409-a216-503e661a6b1c which can be used as unique global reference for Akami Frog4Shell 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-09-24T00:00:00Z |
| date_published | 2024-02-01T00:00:00Z |
| source | MITRE |
| title | Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal |
ESET ComRAT May 2020
Faou, M. (2020, May). From Agent.btz to ComRAT v4: A ten-year journey. Retrieved June 15, 2020.
Internal MISP references
UUID cd9043b8-4d14-449b-a6b2-2e9b99103bb0 which can be used as unique global reference for ESET ComRAT May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2020-05-01T00:00:00Z |
| source | MITRE |
| title | From Agent.btz to ComRAT v4: A ten-year journey |
Azure AD to AD
Sean Metcalf. (2020, May 27). From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path. Retrieved September 28, 2022.
Internal MISP references
UUID 087d07a9-0d33-4253-b7c1-d55be13c0467 which can be used as unique global reference for Azure AD to AD in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2020-05-27T00:00:00Z |
| source | MITRE |
| title | From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path |
blackmatter_blackcat
Pereira, T. Huey, C. (2022, March 17). From BlackMatter to BlackCat: Analyzing two attacks from one affiliate. Retrieved May 5, 2022.
Internal MISP references
UUID 605b58ea-9544-49b8-b3c8-0a97b2b155dc which can be used as unique global reference for blackmatter_blackcat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-05T00:00:00Z |
| date_published | 2022-03-17T00:00:00Z |
| source | MITRE |
| title | From BlackMatter to BlackCat: Analyzing two attacks from one affiliate |
Proofpoint June 17 2024
Tommy Madjar, Dusty Miller, Selena Larson, The Proofpoint Threat Research Team. (2024, June 17). From Clipboard to Compromise A PowerShell Self-Pwn . Retrieved June 20, 2024.
Internal MISP references
UUID a65d7492-04a4-46d4-85ed-134786c6828b which can be used as unique global reference for Proofpoint June 17 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-06-20T00:00:00Z |
| date_published | 2024-06-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | From Clipboard to Compromise A PowerShell Self-Pwn |
proofpoint-selfpwn
Tommy Madjar, Dusty Miller, Selena Larson. (2024, June 17). From Clipboard to Compromise: A PowerShell Self-Pwn. Retrieved August 2, 2024.
Internal MISP references
UUID 8f00ffc0-7094-5fd9-8ed4-9c129fd93c05 which can be used as unique global reference for proofpoint-selfpwn in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-08-02T00:00:00Z |
| date_published | 2024-06-17T00:00:00Z |
| source | MITRE |
| title | From Clipboard to Compromise: A PowerShell Self-Pwn |
Sekoia.io Blog March 31 2025
Amaury G; Coline Chavane; Felix Aimé; Sekoia TDR; Nbsp; And. (2025, March 31). From Contagious to ClickFake Interview Lazarus leveraging the ClickFix tactic. Retrieved May 6, 2025.
Internal MISP references
UUID 73b12dcd-1697-4c99-8049-a7cf2a223ea5 which can be used as unique global reference for Sekoia.io Blog March 31 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-05-06T00:00:00Z |
| date_published | 2025-03-31T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | From Contagious to ClickFake Interview Lazarus leveraging the ClickFix tactic |
Sekoia ClickFake 2025
Amaury G., Coline Chavane, Felix Aimé and Sekoia TDR. (2025, March 31). From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic. Retrieved April 1, 2025.
Internal MISP references
UUID 80c9681e-11bb-598c-86fd-45e13311c629 which can be used as unique global reference for Sekoia ClickFake 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-04-01T00:00:00Z |
| date_published | 2025-03-31T00:00:00Z |
| source | MITRE |
| title | From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic |
Unit42 Malware Roundup December 29 2023
Samantha Stallings, Brad Duncan. (2023, December 29). From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence. Retrieved January 11, 2024.
Internal MISP references
UUID a18e19b5-9046-4c2c-bd94-2cd5061064bf which can be used as unique global reference for Unit42 Malware Roundup December 29 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-11T00:00:00Z |
| date_published | 2023-12-29T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence |
Reaqta Mavinject
Reaqta. (2017, December 16). From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector. Retrieved September 22, 2021.
Internal MISP references
UUID 5c0e0c84-2992-4098-8913-66a20ca61bf4 which can be used as unique global reference for Reaqta Mavinject in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2017-12-16T00:00:00Z |
| source | MITRE |
| title | From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector |
IBM MegaCortex
Del Fierro, C. Kessem, L.. (2020, January 8). From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications. Retrieved February 15, 2021.
Internal MISP references
UUID 3d70d9b7-88e4-411e-a59a-bc862da965a7 which can be used as unique global reference for IBM MegaCortex in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-15T00:00:00Z |
| date_published | 2020-01-08T00:00:00Z |
| source | MITRE |
| title | From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications |
BiZone Lizar May 2021
BI.ZONE Cyber Threats Research Team. (2021, May 13). From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit. Retrieved February 2, 2022.
Internal MISP references
UUID 315f47e1-69e5-4dcb-94b2-59583e91dd26 which can be used as unique global reference for BiZone Lizar May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-02T00:00:00Z |
| date_published | 2021-05-13T00:00:00Z |
| source | MITRE |
| title | From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit |
Zscaler November 4 2024
Seongsu Park. (2024, November 4). From Pyongyang to Your Payroll The Rise of North Korean Remote Workers in the West. Retrieved November 5, 2024.
Internal MISP references
UUID 404bef37-83a1-40bd-9c69-39951710d8ef which can be used as unique global reference for Zscaler November 4 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-11-05T00:00:00Z |
| date_published | 2024-11-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | From Pyongyang to Your Payroll The Rise of North Korean Remote Workers in the West |
Kaspersky StoneDrill 2017
Kaspersky Lab. (2017, March 7). From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond. Retrieved March 14, 2019.
Internal MISP references
UUID e2637cb3-c449-4609-af7b-ac78a900cc8b which can be used as unique global reference for Kaspersky StoneDrill 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-14T00:00:00Z |
| date_published | 2017-03-07T00:00:00Z |
| source | MITRE |
| title | From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond |
Proofpoint TA427 April 2024
Lesnewich, G. et al. (2024, April 16). From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering. Retrieved May 3, 2024.
Internal MISP references
UUID 620f5ff7-26c0-55c4-9b1b-c56ad2e1316b which can be used as unique global reference for Proofpoint TA427 April 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-03T00:00:00Z |
| date_published | 2024-04-16T00:00:00Z |
| source | MITRE |
| title | From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering |
SentinelOne Agrius 2021
Amitai Ben & Shushan Ehrlich. (2021, May). From Wiper to Ransomware: The Evolution of Agrius. Retrieved May 21, 2024.
Internal MISP references
UUID b5b433a1-5d12-5644-894b-c42d995c9ba5 which can be used as unique global reference for SentinelOne Agrius 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-05-21T00:00:00Z |
| date_published | 2021-05-01T00:00:00Z |
| source | MITRE |
| title | From Wiper to Ransomware: The Evolution of Agrius |
FsiAnyCpu.exe - LOLBAS Project
LOLBAS. (2021, September 26). FsiAnyCpu.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 87031d31-b6d7-4860-b11b-5a0dc8774d92 which can be used as unique global reference for FsiAnyCpu.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FsiAnyCpu.exe |
Fsi.exe - LOLBAS Project
LOLBAS. (2021, September 26). Fsi.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4e14e87f-2ad9-4959-8cb2-8585b67931c0 which can be used as unique global reference for Fsi.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Fsi.exe |
fsutil_behavior
Microsoft. (2021, September 27). fsutil behavior. Retrieved January 14, 2022.
Internal MISP references
UUID 07712696-b1fd-4704-b157-9e420840fb2c which can be used as unique global reference for fsutil_behavior in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-14T00:00:00Z |
| date_published | 2021-09-27T00:00:00Z |
| source | MITRE |
| title | fsutil behavior |
Fsutil.exe - LOLBAS Project
LOLBAS. (2021, August 16). Fsutil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e2305dac-4245-4fac-8813-69cb210e9cd3 which can be used as unique global reference for Fsutil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Fsutil.exe |
Microsoft FTP
Microsoft. (2021, July 21). ftp. Retrieved February 25, 2022.
Internal MISP references
UUID 970f8d16-f5b7-44e2-b81f-738b931c60d9 which can be used as unique global reference for Microsoft FTP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-25T00:00:00Z |
| date_published | 2021-07-21T00:00:00Z |
| source | MITRE |
| title | ftp |
Linux FTP
N/A. (n.d.). ftp(1) - Linux man page. Retrieved February 25, 2022.
Internal MISP references
UUID 021ea6bc-abff-48de-a6bb-315dbbfa6147 which can be used as unique global reference for Linux FTP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-25T00:00:00Z |
| source | MITRE |
| title | ftp(1) - Linux man page |
Ftp.exe - LOLBAS Project
LOLBAS. (2018, December 10). Ftp.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3b51993d-6062-4138-bfc6-a2c0fc5d039a which can be used as unique global reference for Ftp.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-12-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ftp.exe |
Check Point Research January 10 2025
Stcpresearch. (2025, January 10). FunkSec - Alleged Top Ransomware Group Powered by AI. Retrieved January 13, 2025.
Internal MISP references
UUID 8f64819e-dc3d-48da-a84d-14eaacb0d61e which can be used as unique global reference for Check Point Research January 10 2025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2025-01-13T00:00:00Z |
| date_published | 2025-01-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FunkSec - Alleged Top Ransomware Group Powered by AI |
Microsoft WMI Filters
Microsoft. (2008, September 11). Fun with WMI Filters in Group Policy. Retrieved March 13, 2019.
Internal MISP references
UUID 2894c3bf-6f8d-4338-8206-4dc873e3bb8d which can be used as unique global reference for Microsoft WMI Filters in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-13T00:00:00Z |
| date_published | 2008-09-11T00:00:00Z |
| source | MITRE |
| title | Fun with WMI Filters in Group Policy |
Cybersecurity Advisory SVR TTP May 2021
NCSC, CISA, FBI, NSA. (2021, May 7). Further TTPs associated with SVR cyber actors. Retrieved July 29, 2021.
Internal MISP references
UUID e18c1b56-f29d-4ea9-a425-a6af8ac6a347 which can be used as unique global reference for Cybersecurity Advisory SVR TTP May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-29T00:00:00Z |
| date_published | 2021-05-07T00:00:00Z |
| source | MITRE |
| title | Further TTPs associated with SVR cyber actors |
RiskIQ Cobalt Nov 2017
Klijnsma, Y.. (2017, November 28). Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions. Retrieved October 10, 2018.
Internal MISP references
UUID ebf961c5-bd68-42f3-8fd3-000946c7ae9c which can be used as unique global reference for RiskIQ Cobalt Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-10T00:00:00Z |
| date_published | 2017-11-28T00:00:00Z |
| source | MITRE |
| title | Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions |
Unit 42 PingPull Jun 2022
Unit 42. (2022, June 13). GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool. Retrieved August 7, 2022.
Internal MISP references
UUID ac6491ab-6ef1-4091-8a15-50e2cbafe157 which can be used as unique global reference for Unit 42 PingPull Jun 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-07T00:00:00Z |
| date_published | 2022-06-13T00:00:00Z |
| source | MITRE |
| title | GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool |
Microsoft GALLIUM December 2019
MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.
Internal MISP references
UUID 5bc76b47-ff68-4031-a347-f2dc0daba203 which can be used as unique global reference for Microsoft GALLIUM December 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-13T00:00:00Z |
| date_published | 2019-12-12T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | GALLIUM: Targeting global telecom |
Symantec Gallmaker Oct 2018
Symantec Security Response. (2018, October 10). Gallmaker: New Attack Group Eschews Malware to Live off the Land. Retrieved November 27, 2018.
Internal MISP references
UUID f47b3e2b-acdd-4487-88b9-de5cbe45cf33 which can be used as unique global reference for Symantec Gallmaker Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-27T00:00:00Z |
| date_published | 2018-10-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Gallmaker: New Attack Group Eschews Malware to Live off the Land |
TrendMicro Gamaredon April 2020
Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.
Internal MISP references
UUID 3800cfc2-0260-4b36-b629-7a336b9f9f10 which can be used as unique global reference for TrendMicro Gamaredon April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-19T00:00:00Z |
| date_published | 2020-04-17T00:00:00Z |
| source | MITRE |
| title | Gamaredon APT Group Use Covid-19 Lure in Campaigns |
ESET Gamaredon June 2020
Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.
Internal MISP references
UUID 6532664d-2311-4b38-8960-f43762471729 which can be used as unique global reference for ESET Gamaredon June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-16T00:00:00Z |
| date_published | 2020-06-11T00:00:00Z |
| source | MITRE |
| title | Gamaredon group grows its game |
CERT-EE Gamaredon January 2021
CERT-EE. (2021, January 27). Gamaredon Infection: From Dropper to Entry. Retrieved February 17, 2022.
Internal MISP references
UUID fec320ed-29c1-40db-ad2e-701fda428922 which can be used as unique global reference for CERT-EE Gamaredon January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-17T00:00:00Z |
| date_published | 2021-01-27T00:00:00Z |
| source | MITRE |
| title | Gamaredon Infection: From Dropper to Entry |
Trend Micro November 25 2024
Leon M Chang; Theo Chen; Lenart Bermejo; Ted Lee Read time. (2024, November 25). Game of Emperor Unveiling Long Term Earth Estries Cyber Intrusions. Retrieved December 2, 2024.
Internal MISP references
UUID 8bf807bc-5103-4962-9a19-c12396cdb767 which can be used as unique global reference for Trend Micro November 25 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-12-02T00:00:00Z |
| date_published | 2024-11-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Game of Emperor Unveiling Long Term Earth Estries Cyber Intrusions |
Kaspersky Winnti June 2015
Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.
Internal MISP references
UUID 86504950-0f4f-42bc-b003-24f60ae97c99 which can be used as unique global reference for Kaspersky Winnti June 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2015-06-22T00:00:00Z |
| source | MITRE |
| title | Games are over: Winnti is now targeting pharmaceutical companies |
WeLiveSecurity Gapz and Redyms Mar 2013
Matrosov, A. (2013, March 19). Gapz and Redyms droppers based on Power Loader code. Retrieved December 16, 2017.
Internal MISP references
UUID b8d328b7-2eb3-4851-8d44-2e1bad7710c2 which can be used as unique global reference for WeLiveSecurity Gapz and Redyms Mar 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-16T00:00:00Z |
| date_published | 2013-03-19T00:00:00Z |
| source | MITRE |
| title | Gapz and Redyms droppers based on Power Loader code |
theevilbit gatekeeper bypass 2021
Csaba Fitzl. (2021, June 29). GateKeeper - Not a Bypass (Again). Retrieved September 22, 2021.
Internal MISP references
UUID d00f373d-2133-47c3-9b0a-104ecc9a6869 which can be used as unique global reference for theevilbit gatekeeper bypass 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-06-29T00:00:00Z |
| source | MITRE |
| title | GateKeeper - Not a Bypass (Again) |
Kaspersky Gauss Whitepaper
Kaspersky Lab. (2012, August). Gauss: Abnormal Distribution. Retrieved January 17, 2019.
Internal MISP references
UUID 4bf39390-f3ca-4132-841e-b35abefe7dee which can be used as unique global reference for Kaspersky Gauss Whitepaper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-17T00:00:00Z |
| date_published | 2012-08-01T00:00:00Z |
| source | MITRE |
| title | Gauss: Abnormal Distribution |
Kaspersky MoleRATs April 2019
GReAT. (2019, April 10). Gaza Cybergang Group1, operation SneakyPastes. Retrieved May 13, 2020.
Internal MISP references
UUID 38216a34-5ffd-4e79-80b1-7270743b728e which can be used as unique global reference for Kaspersky MoleRATs April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-13T00:00:00Z |
| date_published | 2019-04-10T00:00:00Z |
| source | MITRE |
| title | Gaza Cybergang Group1, operation SneakyPastes |
ESET Gazer Aug 2017
ESET. (2017, August). Gazing at Gazer: Turla’s new second stage backdoor. Retrieved September 14, 2017.
Internal MISP references
UUID 9d1c40af-d4bc-4d4a-b667-a17378942685 which can be used as unique global reference for ESET Gazer Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-14T00:00:00Z |
| date_published | 2017-08-01T00:00:00Z |
| source | MITRE |
| title | Gazing at Gazer: Turla’s new second stage backdoor |
file_sig_table
Kessler, G. (2022, December 9). GCK'S FILE SIGNATURES TABLE. Retrieved August 23, 2022.
Internal MISP references
UUID 4bc3a8af-d0c1-514d-9edd-dcebb3344db8 which can be used as unique global reference for file_sig_table in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-23T00:00:00Z |
| date_published | 2022-12-09T00:00:00Z |
| source | MITRE |
| title | GCK'S FILE SIGNATURES TABLE |
Google Cloud Add Metadata
Google Cloud. (2022, March 31). gcloud compute instances add-metadata. Retrieved April 1, 2022.
Internal MISP references
UUID eba4b850-8784-4da2-b87d-54b5bd0f58d6 which can be used as unique global reference for Google Cloud Add Metadata in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2022-03-31T00:00:00Z |
| source | MITRE |
| title | gcloud compute instances add-metadata |
Google Compute Instances
Google. (n.d.). gcloud compute instances list. Retrieved May 26, 2020.
Internal MISP references
UUID ae09e791-a00c-487b-b0e5-7768df0679a3 which can be used as unique global reference for Google Compute Instances in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| source | MITRE |
| title | gcloud compute instances list |
GCP SSH Key Add
Google. (n.d.). gcloud compute os-login ssh-keys add. Retrieved October 1, 2020.
Internal MISP references
UUID 372b6cfd-abdc-41b7-be78-4b1dc0426044 which can be used as unique global reference for GCP SSH Key Add in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | gcloud compute os-login ssh-keys add |
Google Cloud - IAM Servie Accounts List API
Google. (2020, June 23). gcloud iam service-accounts list. Retrieved August 4, 2020.
Internal MISP references
UUID 3ffad706-1dac-41dd-b197-06f22fec3b30 which can be used as unique global reference for Google Cloud - IAM Servie Accounts List API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2020-06-23T00:00:00Z |
| source | MITRE |
| title | gcloud iam service-accounts list |
ESET Gelsemium June 2021
Dupuy, T. and Faou, M. (2021, June). Gelsemium. Retrieved November 30, 2021.
Internal MISP references
UUID ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5 which can be used as unique global reference for ESET Gelsemium June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11- |