{ "authors": [ "Tidal Cyber" ], "category": "References", "description": "Tidal References Cluster", "name": "Tidal References", "source": "https://app-api.tidalcyber.com/api/v1/references/", "type": "references", "uuid": "efd98ec4-16ef-41c4-bc3c-60c7c1ae8b39", "values": [ { "description": "Banerd, W. (2019, April 30). 10 of the Best Open Source Threat Intelligence Feeds. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2019-04-30T00:00:00Z", "refs": [ "https://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/" ], "source": "MITRE", "title": "10 of the Best Open Source Threat Intelligence Feeds" }, "related": [], "uuid": "088f2cbd-cce1-477f-9ffb-319477d74b69", "value": "D3Secutrity CTI Feeds" }, { "description": "Marcel. (2018, April 19). 12 Critical Linux Log Files You Must be Monitoring. Retrieved March 29, 2020.", "meta": { "date_accessed": "2020-03-29T00:00:00Z", "date_published": "2018-04-19T00:00:00Z", "refs": [ "https://www.eurovps.com/blog/important-linux-log-files-you-must-be-monitoring/" ], "source": "MITRE", "title": "12 Critical Linux Log Files You Must be Monitoring" }, "related": [], "uuid": "aa25e385-802c-4f04-81bb-bb7d1a7599ec", "value": "Linux Logs" }, { "description": "Sutherland, S. (2014, September 9). 15 Ways to Bypass the PowerShell Execution Policy. Retrieved July 23, 2015.", "meta": { "date_accessed": "2015-07-23T00:00:00Z", "date_published": "2014-09-09T00:00:00Z", "refs": [ "https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/" ], "source": "MITRE", "title": "15 Ways to Bypass the PowerShell Execution Policy" }, "related": [], "uuid": "0ee90db4-f21c-4c68-bd35-aa6c5edd3b4e", "value": "Netspi PowerShell Execution Policy Bypass" }, { "description": "DANIEL KAPELLMANN ZAFRA, COREY HIDELBRANDT, NATHAN BRUBAKER, KEITH LUNDEN. (2022, January 31). 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "date_published": "2022-01-31T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/ransomware-extortion-ot-docs" ], "source": "MITRE", "title": "1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information" }, "related": [], "uuid": "aecc3ffb-c524-5ad9-b621-7228f53e27c3", "value": "Mandiant-leaks" }, { "description": "Chad Tilbury. (2017, August 8). 1Windows Credentials: Attack, Mitigation, Defense. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2017-08-08T00:00:00Z", "refs": [ "https://www.first.org/resources/papers/conf2017/Windows-Credentials-Attacks-and-Mitigation-Techniques.pdf" ], "source": "MITRE", "title": "1Windows Credentials: Attack, Mitigation, Defense" }, "related": [], "uuid": "2ddae0c9-910c-4c1a-b524-de3a58dbba13", "value": "Tilbury Windows Credentials" }, { "description": "Christey, S., Brown, M., Kirby, D., Martin, B., Paller, A.. (2011, September 13). 2011 CWE/SANS Top 25 Most Dangerous Software Errors. Retrieved April 10, 2019.", "meta": { "date_accessed": "2019-04-10T00:00:00Z", "date_published": "2011-09-13T00:00:00Z", "refs": [ "https://cwe.mitre.org/top25/index.html" ], "source": "MITRE", "title": "2011 CWE/SANS Top 25 Most Dangerous Software Errors" }, "related": [], "uuid": "d8ee8b1f-c18d-48f3-9758-6860cd31c3e3", "value": "CWE top 25" }, { "description": "CrowdStrike Intelligence. (2016). 2015 Global Threat Report. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2016-01-01T00:00:00Z", "refs": [ "https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf" ], "source": "MITRE", "title": "2015 Global Threat Report" }, "related": [], "uuid": "50d467da-286b-45f3-8d5a-e9d8632f7bf1", "value": "CrowdStrike 2015 Global Threat Report" }, { "description": "Bit9 + Carbon Black Threat Research Team. (2015). 2015: The Most Prolific Year in History for OS X Malware. Retrieved July 8, 2017.", "meta": { "date_accessed": "2017-07-08T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "https://assets.documentcloud.org/documents/2459197/bit9-carbon-black-threat-research-report-2015.pdf" ], "source": "MITRE", "title": "2015: The Most Prolific Year in History for OS X Malware" }, "related": [], "uuid": "74b0f1a9-5822-4dcf-9a92-9a6df0b4db1e", "value": "Prolific OSX Malware History" }, { "description": "CERN. (2019, June 4). 2019/06/04 Advisory: Windigo attacks. Retrieved February 10, 2021.", "meta": { "date_accessed": "2021-02-10T00:00:00Z", "date_published": "2019-06-04T00:00:00Z", "refs": [ "https://security.web.cern.ch/advisories/windigo/windigo.shtml" ], "source": "MITRE", "title": "2019/06/04 Advisory: Windigo attacks" }, "related": [], "uuid": "e9f1289f-a32e-441c-8787-cb32a26216d1", "value": "CERN Windigo June 2019" }, { "description": "CrowdStrike. (2019, January). 2019 Global Threat Report. Retrieved June 10, 2020.", "meta": { "date_accessed": "2020-06-10T00:00:00Z", "date_published": "2019-01-01T00:00:00Z", "refs": [ "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2019GlobalThreatReport.pdf" ], "source": "MITRE", "title": "2019 Global Threat Report" }, "related": [], "uuid": "d6aa917e-baee-4379-8e69-a04b9aa5192a", "value": "CrowdStrike GTR 2019" }, { "description": "Crowdstrike. (2020, March 2). 2020 Global Threat Report. Retrieved December 11, 2020.", "meta": { "date_accessed": "2020-12-11T00:00:00Z", "date_published": "2020-03-02T00:00:00Z", "refs": [ "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf" ], "source": "MITRE", "title": "2020 Global Threat Report" }, "related": [], "uuid": "a2325ace-e5a1-458d-80c1-5037bd7fa727", "value": "Crowdstrike GTR2020 Mar 2020" }, { "description": "Insikt Group. (2022, January 18). 2021 Adversary Infrastructure Report. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2022-01-18T00:00:00Z", "refs": [ "https://go.recordedfuture.com/hubfs/reports/cta-2022-0118.pdf" ], "source": "MITRE", "title": "2021 Adversary Infrastructure Report" }, "related": [], "uuid": "d509e6f2-c317-4483-a51e-ad15a78a12c0", "value": "RecordedFuture 2021 Ad Infra" }, { "description": "Red Canary. (2021, March 31). 2021 Threat Detection Report. Retrieved August 31, 2021.", "meta": { "date_accessed": "2021-08-31T00:00:00Z", "date_published": "2021-03-31T00:00:00Z", "refs": [ "https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf?mkt_tok=MDAzLVlSVS0zMTQAAAF_PIlmhNTaG2McG4X_foM-cIr20UfyB12MIQ10W0HbtMRwxGOJaD0Xj6CRTNg_S-8KniRxtf9xzhz_ACvm_TpbJAIgWCV8yIsFgbhb8cuaZA" ], "source": "MITRE", "title": "2021 Threat Detection Report" }, "related": [], "uuid": "83b906fc-ac2a-4f49-b87e-31f046e95fb7", "value": "Red Canary 2021 Threat Detection Report March 2021" }, { "description": "Australian Cyber Security Centre. (2022, April 14). 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat). Retrieved December 20, 2022.", "meta": { "date_accessed": "2022-12-20T00:00:00Z", "date_published": "2022-04-14T00:00:00Z", "refs": [ "https://www.cyber.gov.au/about-us/advisories/2022-004-acsc-ransomware-profile-alphv-aka-blackcat" ], "source": "MITRE", "title": "2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat)" }, "related": [], "uuid": "3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d", "value": "ACSC BlackCat Apr 2022" }, { "description": "IC3. (2022). 2022 Internet Crime Report. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "date_published": "2022-01-01T00:00:00Z", "refs": [ "https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf" ], "source": "MITRE", "title": "2022 Internet Crime Report" }, "related": [], "uuid": "ef30c4eb-3da3-5c7b-a304-188acd2f7ebc", "value": "Internet crime report 2022" }, { "description": "Red Canary. (n.d.). 2022 Threat Detection Report: PowerShell. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "refs": [ "https://redcanary.com/threat-detection-report/techniques/powershell/" ], "source": "MITRE", "title": "2022 Threat Detection Report: PowerShell" }, "related": [], "uuid": "0f154aa6-8c9d-5bfc-a3c4-5f3e1420f55f", "value": "RC PowerShell" }, { "description": "Phil Stokes. (2021, February 16). 20 Common Tools & Techniques Used by macOS Threat Actors & Malware. Retrieved August 23, 2021.", "meta": { "date_accessed": "2021-08-23T00:00:00Z", "date_published": "2021-02-16T00:00:00Z", "refs": [ "https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/" ], "source": "MITRE", "title": "20 Common Tools & Techniques Used by macOS Threat Actors & Malware" }, "related": [], "uuid": "3ee99ff4-daf4-4776-9d94-f7cf193c2b0c", "value": "20 macOS Common Tools and Techniques" }, { "description": "Microsoft. (n.d.). 2.2.1.1.4 Password Encryption. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/cc422924.aspx" ], "source": "MITRE", "title": "2.2.1.1.4 Password Encryption" }, "related": [], "uuid": "24d8847b-d5de-4513-a55f-62c805dfa1dc", "value": "Microsoft GPP Key" }, { "description": "Microsoft. (2020, February 19). 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information. Retrieved September 18, 2020.", "meta": { "date_accessed": "2020-09-18T00:00:00Z", "date_published": "2020-02-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-ovba/ef7087ac-3974-4452-aab2-7dba2214d239" ], "source": "MITRE", "title": "2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information" }, "related": [], "uuid": "70c75ee4-4ba4-4124-8001-0fadb49a5ac6", "value": "Microsoft _VBA_PROJECT Stream" }, { "description": "Microsoft. (2021, April 6). 2.5 ExtraData. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2021-04-06T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/c41e062d-f764-4f13-bd4f-ea812ab9a4d1" ], "source": "MITRE", "title": "2.5 ExtraData" }, "related": [], "uuid": "73ba4e07-cfbd-4b23-b52a-1ebbd7cc0fe4", "value": "Microsoft Learn" }, { "description": "Hybrid Analysis. (2018, May 30). 2a8efbfadd798f6111340f7c1c956bee.dll. Retrieved August 19, 2018.", "meta": { "date_accessed": "2018-08-19T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://www.hybrid-analysis.com/sample/22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f4626f5f9e38d6?environmentId=110" ], "source": "MITRE", "title": "2a8efbfadd798f6111340f7c1c956bee.dll" }, "related": [], "uuid": "5d33fcb4-0f01-4b88-b1ee-dad6dcc867f4", "value": "Hybrid Analysis Icacls2 May 2018" }, { "description": "Microsoft. (2018, May 31). 32-bit and 64-bit Application Data in the Registry. Retrieved August 3, 2020.", "meta": { "date_accessed": "2020-08-03T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/sysinfo/32-bit-and-64-bit-application-data-in-the-registry" ], "source": "MITRE", "title": "32-bit and 64-bit Application Data in the Registry" }, "related": [], "uuid": "cbc14af8-f0d9-46c9-ae2c-d93d706ac84e", "value": "Microsoft Wow6432Node 2018" }, { "description": "Department of Justice. (2021). 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "date_published": "2021-01-01T00:00:00Z", "refs": [ "https://www.justice.gov/usao-cdca/pr/3-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyber-attacks-and" ], "source": "MITRE", "title": "3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe" }, "related": [], "uuid": "c50d2a5b-1d44-5f18-aaff-4be9f6d3f3ac", "value": "DOJ-DPRK Heist" }, { "description": "Pinola, M. (2014, December 14). 3 tools to check your hard drive's health and make sure it's not already dying on you. Retrieved October 2, 2018.", "meta": { "date_accessed": "2018-10-02T00:00:00Z", "date_published": "2014-12-14T00:00:00Z", "refs": [ "https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html" ], "source": "MITRE", "title": "3 tools to check your hard drive's health and make sure it's not already dying on you" }, "related": [], "uuid": "e48fab76-7e38-420e-b69b-709f37bde847", "value": "ITWorld Hard Disk Health Dec 2014" }, { "description": "Miroshnikov, A. & Hall, J. (2017, April 18). 4657(S): A registry value was modified. Retrieved August 9, 2018.", "meta": { "date_accessed": "2018-08-09T00:00:00Z", "date_published": "2017-04-18T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4657" ], "source": "MITRE", "title": "4657(S): A registry value was modified" }, "related": [], "uuid": "ee681893-edd6-46c7-bb11-38fc24eef899", "value": "Microsoft 4657 APR 2017" }, { "description": "Miroshnikov, A. & Hall, J. (2017, April 18). 4697(S): A service was installed in the system. Retrieved August 7, 2018.", "meta": { "date_accessed": "2018-08-07T00:00:00Z", "date_published": "2017-04-18T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4697" ], "source": "MITRE", "title": "4697(S): A service was installed in the system" }, "related": [], "uuid": "17473dc7-39cd-4c90-85cb-05d4c1364fff", "value": "Microsoft 4697 APR 2017" }, { "description": "Lich, B., Miroshnikov, A. (2017, April 5). 4720(S): A user account was created. Retrieved June 30, 2017.", "meta": { "date_accessed": "2017-06-30T00:00:00Z", "date_published": "2017-04-05T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4720" ], "source": "MITRE", "title": "4720(S): A user account was created" }, "related": [], "uuid": "01e2068b-83bc-4479-8fc9-dfaafdbf272b", "value": "Microsoft User Creation Event" }, { "description": "Lich, B., Miroshnikov, A. (2017, April 5). 4738(S): A user account was changed. Retrieved June 30, 2017.", "meta": { "date_accessed": "2017-06-30T00:00:00Z", "date_published": "2017-04-05T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4738" ], "source": "MITRE", "title": "4738(S): A user account was changed" }, "related": [], "uuid": "fb4164f9-1e03-43f1-8143-179c9f08dff2", "value": "Microsoft User Modified Event" }, { "description": "Microsoft. (2017, April 19). 4768(S, F): A Kerberos authentication ticket (TGT) was requested. Retrieved August 24, 2020.", "meta": { "date_accessed": "2020-08-24T00:00:00Z", "date_published": "2017-04-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768" ], "source": "MITRE", "title": "4768(S, F): A Kerberos authentication ticket (TGT) was requested" }, "related": [], "uuid": "19237af4-e535-4059-a8a9-63280cdf4722", "value": "Microsoft 4768 TGT 2017" }, { "description": "HIPAA Journal. (2017, October 11). 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2017-10-11T00:00:00Z", "refs": [ "https://www.hipaajournal.com/47gb-medical-records-unsecured-amazon-s3-bucket/" ], "source": "MITRE", "title": "47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket" }, "related": [], "uuid": "b0fbf593-4aeb-4167-814b-ed3d4479ded0", "value": "HIPAA Journal S3 Breach, 2017" }, { "description": "Michael Osakwe. (2020, November 18). 4 SaaS and Slack Security Risks to Consider. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "date_published": "2020-11-18T00:00:00Z", "refs": [ "https://www.nightfall.ai/blog/saas-slack-security-risks-2020" ], "source": "MITRE", "title": "4 SaaS and Slack Security Risks to Consider" }, "related": [], "uuid": "4332430a-0dec-5942-88ce-21f6d02cc9a9", "value": "Slack Security Risks" }, { "description": "Michael Swanagan. (2020, October 24). 7 Data Loss Prevention Best Practices & Strategies. Retrieved August 30, 2021.", "meta": { "date_accessed": "2021-08-30T00:00:00Z", "date_published": "2020-10-24T00:00:00Z", "refs": [ "https://purplesec.us/data-loss-prevention/" ], "source": "MITRE", "title": "7 Data Loss Prevention Best Practices & Strategies" }, "related": [], "uuid": "b7d786db-c50e-4d1f-947e-205e8eefa2da", "value": "PurpleSec Data Loss Prevention" }, { "description": "I. Pavlov. (2019). 7-Zip. Retrieved February 20, 2020.", "meta": { "date_accessed": "2020-02-20T00:00:00Z", "date_published": "2019-01-01T00:00:00Z", "refs": [ "https://www.7-zip.org/" ], "source": "MITRE", "title": "7-Zip" }, "related": [], "uuid": "fc1396d2-1ffd-4fd9-ba60-3f6e0a9dfffb", "value": "7zip Homepage" }, { "description": "Petrovsky, O. (2016, August 30). “9002 RAT” -- a second building on the left. Retrieved February 20, 2018.", "meta": { "date_accessed": "2018-02-20T00:00:00Z", "date_published": "2016-08-30T00:00:00Z", "refs": [ "https://community.softwaregrp.com/t5/Security-Research/9002-RAT-a-second-building-on-the-left/ba-p/228686#.WosBVKjwZPZ" ], "source": "MITRE", "title": "“9002 RAT” -- a second building on the left" }, "related": [], "uuid": "a4d6bdd1-e70c-491b-a569-72708095c809", "value": "MicroFocus 9002 Aug 2016" }, { "description": "CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.", "meta": { "date_accessed": "2021-08-12T00:00:00Z", "date_published": "2021-07-19T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/aa21-200a" ], "source": "MITRE, Tidal Cyber", "title": "(AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department" }, "related": [], "uuid": "3a2dbd8b-54e3-406a-b77c-b6fae5541b6d", "value": "CISA AA21-200A APT40 July 2021" }, { "description": "Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 1, 2022.", "meta": { "date_accessed": "2022-02-01T00:00:00Z", "date_published": "2018-10-25T00:00:00Z", "refs": [ "https://o365blog.com/aadinternals/" ], "source": "MITRE", "title": "AADInternals" }, "related": [], "uuid": "d6faadde-690d-44d1-b1aa-0991a5374604", "value": "AADInternals" }, { "description": "Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 18, 2022.", "meta": { "date_accessed": "2022-02-18T00:00:00Z", "date_published": "2018-10-25T00:00:00Z", "refs": [ "https://o365blog.com/aadinternals" ], "source": "MITRE", "title": "AADInternals Documentation" }, "related": [], "uuid": "320231a1-4dbe-4eaa-b14d-48de738ba697", "value": "AADInternals Documentation" }, { "description": "Dr. Nestori Syynimaa. (2021, December 13). AADInternals. Retrieved February 1, 2022.", "meta": { "date_accessed": "2022-02-01T00:00:00Z", "date_published": "2021-12-13T00:00:00Z", "refs": [ "https://github.com/Gerenios/AADInternals" ], "source": "MITRE", "title": "AADInternals Github" }, "related": [], "uuid": "643d3947-c0ec-47c4-bb58-5e546084433c", "value": "AADInternals Github" }, { "description": "Savelesky, K., et al. (2019, July 23). ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling. Retrieved September 8, 2021.", "meta": { "date_accessed": "2021-09-08T00:00:00Z", "date_published": "2019-07-23T00:00:00Z", "refs": [ "https://blog.gigamon.com/2019/07/23/abadbabe-8badf00d-discovering-badhatch-and-a-detailed-look-at-fin8s-tooling/" ], "source": "MITRE", "title": "ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling" }, "related": [], "uuid": "69a45479-e982-58ee-9e2d-caaf825f0ad4", "value": "Gigamon BADHATCH Jul 2019" }, { "description": "Kaspersky Global Research & Analysis Team (GReAT). (2022). A Bad Luck BlackCat. Retrieved May 5, 2022.", "meta": { "date_accessed": "2022-05-05T00:00:00Z", "date_published": "2022-01-01T00:00:00Z", "refs": [ "https://go.kaspersky.com/rs/802-IJN-240/images/TR_BlackCat_Report.pdf" ], "source": "MITRE", "title": "A Bad Luck BlackCat" }, "related": [], "uuid": "0d1e9635-b7b6-454b-9482-b1fc7d33bfff", "value": "bad_luck_blackcat" }, { "description": "Cybereason Nocturnus. (2020, July 16). A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES. Retrieved November 18, 2020.", "meta": { "date_accessed": "2020-11-18T00:00:00Z", "date_published": "2020-07-16T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/a-bazar-of-tricks-following-team9s-development-cycles" ], "source": "MITRE", "title": "A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES" }, "related": [], "uuid": "8819875a-5139-4dae-94c8-e7cc9f847580", "value": "Cybereason Bazar July 2020" }, { "description": "Brian Donohue, Katie Nickels, Paul Michaud, Adina Bodkins, Taylor Chapman, Tony Lambert, Jeff Felling, Kyle Rainey, Mike Haag, Matt Graeber, Aaron Didier.. (2020, October 29). A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak. Retrieved October 30, 2020.", "meta": { "date_accessed": "2020-10-30T00:00:00Z", "date_published": "2020-10-29T00:00:00Z", "refs": [ "https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/" ], "source": "MITRE", "title": "A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak" }, "related": [], "uuid": "ae5d4c47-54c9-4f7b-9357-88036c524217", "value": "Red Canary Hospital Thwarted Ryuk October 2020" }, { "description": "CyberCX Intelligence. (2023, June 19). A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2023-06-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://cybercx.com.au/blog/a-bear-in-wolfs-clothing/" ], "source": "Tidal Cyber", "title": "A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations" }, "related": [], "uuid": "68ded9b7-3042-44e0-8bf7-cdba2174a3d8", "value": "CyberCX Anonymous Sudan June 19 2023" }, { "description": "Ashwin Vamshi. (2020, August 12). A Big Catch: Cloud Phishing from Google App Engine and Azure App Service. Retrieved August 18, 2022.", "meta": { "date_accessed": "2022-08-18T00:00:00Z", "date_published": "2020-08-12T00:00:00Z", "refs": [ "https://www.netskope.com/blog/a-big-catch-cloud-phishing-from-google-app-engine-and-azure-app-service" ], "source": "MITRE", "title": "A Big Catch: Cloud Phishing from Google App Engine and Azure App Service" }, "related": [], "uuid": "25d46bc1-4c05-48d3-95f0-aa3ee1100bf9", "value": "Netskope Cloud Phishing" }, { "description": "Ako-Adjei, K., Dickhaus, M., Baumgartner, P., Faigel, D., et. al.. (2019, October 8). About admin roles. Retrieved October 18, 2019.", "meta": { "date_accessed": "2019-10-18T00:00:00Z", "date_published": "2019-10-08T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide" ], "source": "MITRE", "title": "About admin roles" }, "related": [], "uuid": "8014a0cc-f793-4d9a-a2cc-ef9e9c5a826a", "value": "Microsoft O365 Admin Roles" }, { "description": "Microsoft. (n.d.). About Atom Tables. Retrieved December 8, 2017.", "meta": { "date_accessed": "2017-12-08T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms649053.aspx" ], "source": "MITRE", "title": "About Atom Tables" }, "related": [], "uuid": "a22636c8-8e39-4583-93ef-f0b7f0a218d8", "value": "Microsoft Atom Table" }, { "description": "Microsoft. (2019, July 12). About BITS. Retrieved March 16, 2020.", "meta": { "date_accessed": "2020-03-16T00:00:00Z", "date_published": "2019-07-12T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/bits/about-bits" ], "source": "MITRE", "title": "About BITS" }, "related": [], "uuid": "8d6d47d1-a6ea-4673-8ade-ba61bfeef084", "value": "Microsoft About BITS" }, { "description": "Microsoft. (2018, May 30). About Event Tracing. Retrieved June 7, 2019.", "meta": { "date_accessed": "2019-06-07T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/desktop/etw/consuming-events" ], "source": "MITRE", "title": "About Event Tracing" }, "related": [], "uuid": "689d944f-ad66-4908-91fb-bb1ecdafe8d9", "value": "Microsoft About Event Tracing 2018" }, { "description": "Microsoft. (2020, May 13). About History. Retrieved September 4, 2020.", "meta": { "date_accessed": "2020-09-04T00:00:00Z", "date_published": "2020-05-13T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7" ], "source": "MITRE", "title": "About History" }, "related": [], "uuid": "6c873fb4-db43-4bad-b5e4-a7d45cbe796f", "value": "Microsoft PowerShell Command History" }, { "description": "Microsoft. (2021, May 25). About List-View Controls. Retrieved January 4, 2022.", "meta": { "date_accessed": "2022-01-04T00:00:00Z", "date_published": "2021-05-25T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/win32/controls/list-view-controls-overview" ], "source": "MITRE", "title": "About List-View Controls" }, "related": [], "uuid": "7d6c6ba6-cda6-4f27-bfc8-af5b759305ed", "value": "Microsoft List View Controls" }, { "description": "Microsoft. (2020, March 30). about_Logging_Windows. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2020-03-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7" ], "source": "MITRE", "title": "about_Logging_Windows" }, "related": [], "uuid": "81c94686-741d-45d7-90f3-0c7979374e87", "value": "Microsoft PowerShell Logging" }, { "description": "Apple. (2016, June 13). About Mac Scripting. Retrieved April 14, 2021.", "meta": { "date_accessed": "2021-04-14T00:00:00Z", "date_published": "2016-06-13T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/LanguagesUtilities/Conceptual/MacAutomationScriptingGuide/index.html" ], "source": "MITRE", "title": "About Mac Scripting" }, "related": [], "uuid": "d2f32ac1-9b5b-408d-a7ab-d92dd9efe0ed", "value": "Apple About Mac Scripting 2016" }, { "description": "Wheeler, S. et al.. (2019, May 1). About PowerShell.exe. Retrieved October 11, 2019.", "meta": { "date_accessed": "2019-10-11T00:00:00Z", "date_published": "2019-05-01T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/About/about_PowerShell_exe?view=powershell-5.1" ], "source": "MITRE", "title": "About PowerShell.exe" }, "related": [], "uuid": "2c504602-4f5d-47fc-9780-e1e5041a0b3a", "value": "PowerShell About 2019" }, { "description": "Microsoft. (2023, February 8). about_PowerShell_exe: EncodedCommand. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "date_published": "2023-02-08T00:00:00Z", "refs": [ "https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_powershell_exe?view=powershell-5.1#-encodedcommand-base64encodedcommand" ], "source": "MITRE", "title": "about_PowerShell_exe: EncodedCommand" }, "related": [], "uuid": "7e50721c-c6d5-5449-8326-529da4cf5465", "value": "Microsoft PowerShellB64" }, { "description": "Microsoft. (2021, September 27). about_Profiles. Retrieved February 4, 2022.", "meta": { "date_accessed": "2022-02-04T00:00:00Z", "date_published": "2021-09-27T00:00:00Z", "refs": [ "https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_profiles" ], "source": "MITRE", "title": "about_Profiles" }, "related": [], "uuid": "b25ab0bf-c28b-4747-b075-30bcdfbc0e35", "value": "Microsoft Profiles" }, { "description": "Microsoft. (2017, November 29). About Profiles. Retrieved June 14, 2019.", "meta": { "date_accessed": "2019-06-14T00:00:00Z", "date_published": "2017-11-29T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-6" ], "source": "MITRE", "title": "About Profiles" }, "related": [], "uuid": "1da63665-7a96-4bc3-9606-a3575b913819", "value": "Microsoft About Profiles" }, { "description": "Microsoft. (2019, August 23). About Remote Desktop Services. Retrieved March 28, 2022.", "meta": { "date_accessed": "2022-03-28T00:00:00Z", "date_published": "2019-08-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/win32/termserv/about-terminal-services" ], "source": "MITRE", "title": "About Remote Desktop Services" }, "related": [], "uuid": "a981e013-f839-46e9-9c8a-128c4897f77a", "value": "Microsoft Remote Desktop Services" }, { "description": "Microsoft. (n.d.). About the Clipboard. Retrieved March 29, 2016.", "meta": { "date_accessed": "2016-03-29T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/ms649012" ], "source": "MITRE", "title": "About the Clipboard" }, "related": [], "uuid": "2c1b2d58-a5dc-4aee-8bdb-129a81c10408", "value": "MSDN Clipboard" }, { "description": "Microsoft. (n.d.). About the HTML Help Executable Program. Retrieved October 3, 2018.", "meta": { "date_accessed": "2018-10-03T00:00:00Z", "refs": [ "https://msdn.microsoft.com/windows/desktop/ms524405" ], "source": "MITRE", "title": "About the HTML Help Executable Program" }, "related": [], "uuid": "1af226cc-bb93-43c8-972e-367482c5d487", "value": "Microsoft HTML Help Executable Program" }, { "description": "UEFI Forum. (n.d.). About UEFI Forum. Retrieved January 5, 2016.", "meta": { "date_accessed": "2016-01-05T00:00:00Z", "refs": [ "http://www.uefi.org/about" ], "source": "MITRE", "title": "About UEFI Forum" }, "related": [], "uuid": "2e6fe82c-d90f-42b6-8247-397ab8823c7c", "value": "About UEFI" }, { "description": "Microsoft. (n.d.). About Window Classes. Retrieved December 16, 2017.", "meta": { "date_accessed": "2017-12-16T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms633574.aspx" ], "source": "MITRE", "title": "About Window Classes" }, "related": [], "uuid": "cc620fcd-1f4a-4670-84b5-3f12c9b85053", "value": "Microsoft Window Classes" }, { "description": "Ozarslan, S. (2020, January 15). A Brief History of Sodinokibi. Retrieved August 5, 2020.", "meta": { "date_accessed": "2020-08-05T00:00:00Z", "date_published": "2020-01-15T00:00:00Z", "refs": [ "https://www.picussecurity.com/blog/a-brief-history-and-further-technical-analysis-of-sodinokibi-ransomware" ], "source": "MITRE", "title": "A Brief History of Sodinokibi" }, "related": [], "uuid": "2e9c2206-a04e-4278-9492-830cc9347ff9", "value": "Picus Sodinokibi January 2020" }, { "description": "Brandon Dalton. (2022, August 9). A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation. Retrieved September 27, 2022.", "meta": { "date_accessed": "2022-09-27T00:00:00Z", "date_published": "2022-08-09T00:00:00Z", "refs": [ "https://redcanary.com/blog/mac-application-bundles/" ], "source": "MITRE", "title": "A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation" }, "related": [], "uuid": "2a8fd573-6ab0-403b-b813-88d9d3edab36", "value": "Application Bundle Manipulation Brandon Dalton" }, { "description": "Jansen, W . (2021, January 12). Abusing cloud services to fly under the radar. Retrieved January 19, 2021.", "meta": { "date_accessed": "2021-01-19T00:00:00Z", "date_published": "2021-01-12T00:00:00Z", "refs": [ "https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/" ], "source": "MITRE", "title": "Abusing cloud services to fly under the radar" }, "related": [], "uuid": "70c217c3-83a2-40f2-8f47-b68d8bd4cdf0", "value": "NCC Group Chimera January 2021" }, { "description": "Schroeder, W. (2016, March 17). Abusing GPO Permissions. Retrieved March 5, 2019.", "meta": { "date_accessed": "2019-03-05T00:00:00Z", "date_published": "2016-03-17T00:00:00Z", "refs": [ "http://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/" ], "source": "MITRE", "title": "Abusing GPO Permissions" }, "related": [], "uuid": "18cc9426-9b51-46fa-9106-99688385ebe4", "value": "Harmj0y Abusing GPO Permissions" }, { "description": "Routin, D. (2017, November 13). Abusing network shares for efficient lateral movements and privesc (DirSharePivot). Retrieved April 12, 2018.", "meta": { "date_accessed": "2018-04-12T00:00:00Z", "date_published": "2017-11-13T00:00:00Z", "refs": [ "https://rewtin.blogspot.ch/2017/11/abusing-user-shares-for-efficient.html" ], "source": "MITRE", "title": "Abusing network shares for efficient lateral movements and privesc (DirSharePivot)" }, "related": [], "uuid": "027c5274-6b61-447a-9058-edb844f112dd", "value": "Retwin Directory Share Pivot" }, { "description": "BOHOPS. (2018, August 18). Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques. Retrieved August 10, 2020.", "meta": { "date_accessed": "2020-08-10T00:00:00Z", "date_published": "2018-08-18T00:00:00Z", "refs": [ "https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/" ], "source": "MITRE", "title": "Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques" }, "related": [], "uuid": "3b5c0e62-7ac9-42e1-b2dd-8f2e0739b9d7", "value": "BOHOPS Abusing the COM Registry" }, { "description": "bohops. (2018, August 18). ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2018-08-18T00:00:00Z", "refs": [ "https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/" ], "source": "MITRE", "title": "ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES" }, "related": [], "uuid": "7f0f223f-09b1-4f8f-b6f1-1044e2ac7066", "value": "abusing_com_reg" }, { "description": "Spencer Gietzen. (2019, September 17). Abusing VPC Traffic Mirroring in AWS. Retrieved March 17, 2022.", "meta": { "date_accessed": "2022-03-17T00:00:00Z", "date_published": "2019-09-17T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/" ], "source": "MITRE", "title": "Abusing VPC Traffic Mirroring in AWS" }, "related": [], "uuid": "09cac813-862c-47c8-a47f-154c5436afbb", "value": "Rhino Security Labs AWS VPC Traffic Mirroring" }, { "description": "Comi, G. (2019, October 19). Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence. Retrieved April 28, 2020.", "meta": { "date_accessed": "2020-04-28T00:00:00Z", "date_published": "2019-10-19T00:00:00Z", "refs": [ "https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html" ], "source": "MITRE", "title": "Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence" }, "related": [], "uuid": "fc889ba3-79a5-445a-81ea-dfe81c1cc542", "value": "Narrator Accessibility Abuse" }, { "description": "Sanmillan, I. (2019, November 18). ACBackdoor: Analysis of a New Multiplatform Backdoor. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2019-11-18T00:00:00Z", "refs": [ "https://www.intezer.com/blog/research/acbackdoor-analysis-of-a-new-multiplatform-backdoor/" ], "source": "MITRE", "title": "ACBackdoor: Analysis of a New Multiplatform Backdoor" }, "related": [], "uuid": "e6cb833f-cf18-498b-a233-848853423412", "value": "Intezer ACBackdoor" }, { "description": "LOLBAS. (2022, January 2). AccCheckConsole.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-01-02T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/AccCheckConsole/" ], "source": "Tidal Cyber", "title": "AccCheckConsole.exe" }, "related": [], "uuid": "de5523bd-e735-4751-84e9-a1be1d2980ec", "value": "AccCheckConsole.exe - LOLBAS Project" }, { "description": "Shoorbajee, Z. (2018, November 29). Accenture: Russian hackers using Brexit talks to disguise phishing lures. Retrieved July 16, 2019.", "meta": { "date_accessed": "2019-07-16T00:00:00Z", "date_published": "2018-11-29T00:00:00Z", "refs": [ "https://www.cyberscoop.com/apt28-brexit-phishing-accenture/" ], "source": "MITRE", "title": "Accenture: Russian hackers using Brexit talks to disguise phishing lures" }, "related": [], "uuid": "ef8f0990-b2da-4538-8b02-7401dc5a4120", "value": "CyberScoop APT28 Nov 2018" }, { "description": "Microsoft Azure. (2023, April 28). Access and identity options for Azure Kubernetes Service (AKS). Retrieved July 14, 2023.", "meta": { "date_accessed": "2023-07-14T00:00:00Z", "date_published": "2023-04-28T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/aks/concepts-identity" ], "source": "MITRE", "title": "Access and identity options for Azure Kubernetes Service (AKS)" }, "related": [], "uuid": "bf374b41-b2a3-5c07-bf84-9ea0e1a9e6c5", "value": "Microsoft Azure Kubernetes Service Service Accounts" }, { "description": "CrowdStrike Intelligence Team. (2022, February 23). Access Brokers: Who Are the Targets, and What Are They Worth?. Retrieved March 10, 2023.", "meta": { "date_accessed": "2023-03-10T00:00:00Z", "date_published": "2022-02-23T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/access-brokers-targets-and-worth/" ], "source": "MITRE", "title": "Access Brokers: Who Are the Targets, and What Are They Worth?" }, "related": [], "uuid": "0f772693-e09d-5c82-85c2-77f5fee39ef0", "value": "CrowdStrike Access Brokers" }, { "description": "M. Satran, M. Jacobs. (2018, May 30). Access Control Lists. Retrieved February 4, 2020.", "meta": { "date_accessed": "2020-02-04T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists" ], "source": "MITRE", "title": "Access Control Lists" }, "related": [], "uuid": "2aeda95a-7741-4a74-a5a4-29a9e7a89451", "value": "Microsoft Access Control Lists May 2018" }, { "description": "Auth0. (n.d.). Access Tokens. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "refs": [ "https://auth0.com/docs/tokens/access-tokens" ], "source": "MITRE", "title": "Access Tokens" }, "related": [], "uuid": "43e8e178-a0da-44d8-be1b-853307e0d4ae", "value": "Auth0 Access Tokens" }, { "description": "French, D., Filar, B.. (2020, March 21). A Chain Is No Stronger Than Its Weakest LNK. Retrieved November 30, 2020.", "meta": { "date_accessed": "2020-11-30T00:00:00Z", "date_published": "2020-03-21T00:00:00Z", "refs": [ "https://www.youtube.com/watch?v=nJ0UsyiUEqQ" ], "source": "MITRE", "title": "A Chain Is No Stronger Than Its Weakest LNK" }, "related": [], "uuid": "4c2ede51-33f6-4d09-9186-43b023b079c0", "value": "BSidesSLC 2020 - LNK Elastic" }, { "description": "Thomas, C. (2020, August 13). A Change of Mythic Proportions. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2020-08-13T00:00:00Z", "refs": [ "https://posts.specterops.io/a-change-of-mythic-proportions-21debeb03617" ], "source": "MITRE", "title": "A Change of Mythic Proportions" }, "related": [], "uuid": "98d4453e-2e80-422a-ac8c-47f650f46e3c", "value": "Mythic SpecterOps" }, { "description": "Nalani Fraser, Kelli Vanderlee. (2019, October 10). Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions. Retrieved October 17, 2021.", "meta": { "date_accessed": "2021-10-17T00:00:00Z", "date_published": "2019-10-10T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions" }, "related": [], "uuid": "d37c069c-7fb8-44e1-8377-da97e8bbcf67", "value": "FireEye Chinese Espionage October 2019" }, { "description": "Reichel, D. and Idrizovic, E. (2020, June 17). AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations. Retrieved March 16, 2021.", "meta": { "date_accessed": "2021-03-16T00:00:00Z", "date_published": "2020-06-17T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/acidbox-rare-malware/" ], "source": "MITRE", "title": "AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations" }, "related": [], "uuid": "f3f2eca0-fda3-451e-bf13-aacb14668e48", "value": "Unit42 AcidBox June 2020" }, { "description": "Eli Schwartz. (2018, June 8). acroread package compromised. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2018-06-08T00:00:00Z", "refs": [ "https://lists.archlinux.org/pipermail/aur-general/2018-July/034153.html" ], "source": "MITRE", "title": "acroread package compromised" }, "related": [], "uuid": "99245022-2130-404d-bf7a-095d84a515cd", "value": "acroread package compromised Arch Linux Mail 8JUL2018" }, { "description": "Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.", "meta": { "date_accessed": "2022-02-18T00:00:00Z", "date_published": "2022-02-04T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/" ], "source": "MITRE", "title": "ACTINIUM targets Ukrainian organizations" }, "related": [], "uuid": "5ab658db-7f71-4213-8146-e22da54160b3", "value": "Microsoft Actinium February 2022" }, { "description": "Wikipedia. (2018, March 10). Active Directory. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2018-03-10T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Active_Directory" ], "source": "MITRE", "title": "Active Directory" }, "related": [], "uuid": "924e1186-57e5-43db-94ab-29afa3fdaa7b", "value": "Wikipedia Active Directory" }, { "description": "Microsoft. (2019, August 23). Active Directory Accounts. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "date_published": "2019-08-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts" ], "source": "MITRE", "title": "Active Directory Accounts" }, "related": [], "uuid": "df734659-2441-487a-991d-59064c61b771", "value": "Microsoft AD Accounts" }, { "description": "Microsoft. (2019, February 14). Active Directory administrative tier model. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2019-02-14T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Active Directory administrative tier model" }, "related": [], "uuid": "3afba81a-3b1d-41ec-938e-24f055698d52", "value": "Microsoft AD Admin Tier Model" }, { "description": "Microsoft. (2016, August 31). Active Directory Certificate Services Overview. Retrieved August 2, 2022.", "meta": { "date_accessed": "2022-08-02T00:00:00Z", "date_published": "2016-08-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)" ], "source": "MITRE", "title": "Active Directory Certificate Services Overview" }, "related": [], "uuid": "f1b2526a-1bf6-4954-a9b3-a5e008761ceb", "value": "Microsoft AD CS Overview" }, { "description": "Microsoft. (n.d.). Active Directory Cmdlets - Get-ADUser. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/ee617241.aspx" ], "source": "MITRE", "title": "Active Directory Cmdlets - Get-ADUser" }, "related": [], "uuid": "b68ac85e-a007-4a72-9185-2877e9184fad", "value": "Microsoft Get-ADUser" }, { "description": "Microsoft. (2023, June 26). Active Directory Enumeration with LDIFDE. Retrieved July 11, 2023.", "meta": { "date_accessed": "2023-07-11T00:00:00Z", "date_published": "2023-06-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md#atomic-test-14---active-directory-enumeration-with-ldifde" ], "source": "Tidal Cyber", "title": "Active Directory Enumeration with LDIFDE" }, "related": [], "uuid": "51e6623a-4448-4244-8c81-4eab102e5926", "value": "Active Directory Enumeration with LDIFDE" }, { "description": "Microsoft. (n.d.). Active Directory Schema - SID-History attribute. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/ms679833.aspx" ], "source": "MITRE", "title": "Active Directory Schema - SID-History attribute" }, "related": [], "uuid": "32150673-5593-4a2c-9872-aaa96a21aa5c", "value": "Microsoft SID-History Attribute" }, { "description": "Dan Goodin. (2014, June 30). Active malware operation let attackers sabotage US energy industry. Retrieved March 9, 2017.", "meta": { "date_accessed": "2017-03-09T00:00:00Z", "date_published": "2014-06-30T00:00:00Z", "refs": [ "https://arstechnica.com/information-technology/2014/06/active-malware-operation-let-attackers-sabotage-us-energy-industry/" ], "source": "MITRE", "title": "Active malware operation let attackers sabotage US energy industry" }, "related": [], "uuid": "f2ef73c6-5d4c-423e-a3f5-194cba121eb1", "value": "ActiveMalwareEnergy" }, { "description": "Klein, H. (2010, April 22). Active Setup Explained. Retrieved December 18, 2020.", "meta": { "date_accessed": "2020-12-18T00:00:00Z", "date_published": "2010-04-22T00:00:00Z", "refs": [ "https://helgeklein.com/blog/2010/04/active-setup-explained/" ], "source": "MITRE", "title": "Active Setup Explained" }, "related": [], "uuid": "cbdd6290-1dda-48af-a101-fb3db6581276", "value": "Klein Active Setup 2010" }, { "description": "Dark Vortex. (n.d.). A Customized Command and Control Center for Red Team and Adversary Simulation. Retrieved February 7, 2023.", "meta": { "date_accessed": "2023-02-07T00:00:00Z", "refs": [ "https://bruteratel.com/" ], "source": "MITRE", "title": "A Customized Command and Control Center for Red Team and Adversary Simulation" }, "related": [], "uuid": "47992cb5-df11-56c2-b266-6f58d75f8315", "value": "Dark Vortex Brute Ratel C4" }, { "description": "Kuzmenko, A.. (2021, March 10). Ad blocker with miner included. Retrieved October 28, 2021.", "meta": { "date_accessed": "2021-10-28T00:00:00Z", "date_published": "2021-03-10T00:00:00Z", "refs": [ "https://securelist.com/ad-blocker-with-miner-included/101105/" ], "source": "MITRE", "title": "Ad blocker with miner included" }, "related": [], "uuid": "8e30f71e-80b8-4662-bc95-bf3cf7cfcf40", "value": "ad_blocker_with_miner" }, { "description": "Microsoft. (n.d.). Add Another Admin. Retrieved October 18, 2019.", "meta": { "date_accessed": "2019-10-18T00:00:00Z", "refs": [ "https://support.office.com/en-us/article/add-another-admin-f693489f-9f55-4bd0-a637-a81ce93de22d" ], "source": "MITRE", "title": "Add Another Admin" }, "related": [], "uuid": "c31cfc48-289e-42aa-8046-b41261fdeb96", "value": "Microsoft Support O365 Add Another Admin, October 2019" }, { "description": "MacCarthaigh, C. (2019, November 19). Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service. Retrieved October 14, 2020.", "meta": { "date_accessed": "2020-10-14T00:00:00Z", "date_published": "2019-11-19T00:00:00Z", "refs": [ "https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/" ], "source": "MITRE", "title": "Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service" }, "related": [], "uuid": "f252eb18-86e9-4ed0-b9da-2c81f12a6e13", "value": "Amazon AWS IMDS V2" }, { "description": "Apple. (2016, September 13). Adding Login Items. Retrieved July 11, 2017.", "meta": { "date_accessed": "2017-07-11T00:00:00Z", "date_published": "2016-09-13T00:00:00Z", "refs": [ "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html" ], "source": "MITRE", "title": "Adding Login Items" }, "related": [], "uuid": "5ab3e243-37a6-46f1-b28f-6846ecdef0ae", "value": "Adding Login Items" }, { "description": "Knowles, W. (2017, April 21). Add-In Opportunities for Office Persistence. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2017-04-21T00:00:00Z", "refs": [ "https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/" ], "source": "MITRE", "title": "Add-In Opportunities for Office Persistence" }, "related": [], "uuid": "a5b6ab63-0e6f-4789-a017-ceab1719ed85", "value": "MRWLabs Office Persistence Add-ins" }, { "description": "LOLBAS. (2023, October 5). AddinUtil.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-10-05T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Addinutil/" ], "source": "Tidal Cyber", "title": "AddinUtil.exe" }, "related": [], "uuid": "91af546d-0a56-4c17-b292-6257943a8aba", "value": "AddinUtil.exe - LOLBAS Project" }, { "description": "Microsoft. (n.d.). Add-Mailbox Permission. Retrieved September 13, 2019.", "meta": { "date_accessed": "2019-09-13T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/add-mailboxpermission?view=exchange-ps" ], "source": "MITRE", "title": "Add-Mailbox Permission" }, "related": [], "uuid": "b8d40efb-c78d-47dd-9d83-e5a31af73691", "value": "Microsoft - Add-MailboxPermission" }, { "description": "Microsoft. (n.d.). AddMonitor function. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "refs": [ "http://msdn.microsoft.com/en-us/library/dd183341" ], "source": "MITRE", "title": "AddMonitor function" }, "related": [], "uuid": "8c1a719e-6ca1-4b41-966d-ddb87c849fe0", "value": "AddMonitor" }, { "description": "Microsoft. (2019, November 11). Add or delete users using Azure Active Directory. Retrieved January 30, 2020.", "meta": { "date_accessed": "2020-01-30T00:00:00Z", "date_published": "2019-11-11T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory" ], "source": "MITRE", "title": "Add or delete users using Azure Active Directory" }, "related": [], "uuid": "b69468a2-693e-4bd0-8dc1-ccfd7d5630c0", "value": "Microsoft Azure AD Users" }, { "description": "Microsoft. (n.d.). Add or remove add-ins. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "refs": [ "https://support.office.com/article/Add-or-remove-add-ins-0af570c4-5cf3-4fa9-9b88-403625a0b460" ], "source": "MITRE", "title": "Add or remove add-ins" }, "related": [], "uuid": "99b20e30-76a8-4108-84ae-daf92058b44b", "value": "Microsoft Office Add-ins" }, { "description": "Microsoft. (2018, May 31). AddPrintProcessor function. Retrieved October 5, 2020.", "meta": { "date_accessed": "2020-10-05T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/printdocs/addprintprocessor" ], "source": "MITRE", "title": "AddPrintProcessor function" }, "related": [], "uuid": "12c7160b-c93c-44cd-b108-68d4823aec8c", "value": "Microsoft AddPrintProcessor May 2018" }, { "description": "IETF Network Working Group. (1996, February). Address Allocation for Private Internets. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "1996-02-01T00:00:00Z", "refs": [ "https://tools.ietf.org/html/rfc1918" ], "source": "MITRE", "title": "Address Allocation for Private Internets" }, "related": [], "uuid": "f2cdf62e-cb9b-4a48-99a2-d46e7d9e7a9e", "value": "RFC1918" }, { "description": "Microsoft. (2020, February 7). Address lists in Exchange Server. Retrieved March 26, 2020.", "meta": { "date_accessed": "2020-03-26T00:00:00Z", "date_published": "2020-02-07T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/exchange/email-addresses-and-address-books/address-lists/address-lists?view=exchserver-2019" ], "source": "MITRE", "title": "Address lists in Exchange Server" }, "related": [], "uuid": "138ec24a-4361-4ce0-b78e-508c11db397c", "value": "Microsoft Exchange Address Lists" }, { "description": "Foulds, I. et al. (2018, August 7). AD DS Getting Started. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "date_published": "2018-08-07T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/ad-ds-getting-started" ], "source": "MITRE", "title": "AD DS Getting Started" }, "related": [], "uuid": "82d01c77-571b-4f33-a286-878f325462ae", "value": "Microsoft AD DS Getting Started" }, { "description": "Liu, H. and Yuzifovich, Y. (2018, January 9). A Death Match of Domain Generation Algorithms. Retrieved February 18, 2019.", "meta": { "date_accessed": "2019-02-18T00:00:00Z", "date_published": "2018-01-09T00:00:00Z", "refs": [ "https://blogs.akamai.com/2018/01/a-death-match-of-domain-generation-algorithms.html" ], "source": "MITRE", "title": "A Death Match of Domain Generation Algorithms" }, "related": [], "uuid": "5b14cdf6-261a-4d7e-acb4-74e7fafa9467", "value": "Akamai DGA Mitigation" }, { "description": "Yana Gourenko. (n.d.). A Deep Dive into Apple Keychain Decryption. Retrieved April 13, 2022.", "meta": { "date_accessed": "2022-04-13T00:00:00Z", "refs": [ "https://support.passware.com/hc/en-us/articles/4573379868567-A-Deep-Dive-into-Apple-Keychain-Decryption" ], "source": "MITRE", "title": "A Deep Dive into Apple Keychain Decryption" }, "related": [], "uuid": "6a426ab4-5b0b-46d4-9dfe-e2587f69e111", "value": "Keychain Decryption Passware" }, { "description": "Marco Balduzzi, Ryan Flores, Lion Gu, Federico Maggi, Vincenzo Ciancaglini, Roel Reyes, Akira Urano. (n.d.). A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks. Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/white_papers/wp-a-deep-dive-into-defacement.pdf" ], "source": "MITRE", "title": "A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks" }, "related": [], "uuid": "4886418b-3a2e-4f12-b91e-3bb2a8134112", "value": "Trend Micro Deep Dive Into Defacement" }, { "description": "Muhammad, I., Unterbrink, H.. (2021, January 6). A Deep Dive into Lokibot Infection Chain. Retrieved August 31, 2021.", "meta": { "date_accessed": "2021-08-31T00:00:00Z", "date_published": "2021-01-06T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html" ], "source": "MITRE", "title": "A Deep Dive into Lokibot Infection Chain" }, "related": [], "uuid": "3baba4e6-0cf5-45eb-8abb-6c389743af89", "value": "Talos Lokibot Jan 2021" }, { "description": "Hasherezade. (2021, April 6). A deep dive into Saint Bot, a new downloader. Retrieved June 9, 2022.", "meta": { "date_accessed": "2022-06-09T00:00:00Z", "date_published": "2021-04-06T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-intelligence/2021/04/a-deep-dive-into-saint-bot-downloader/" ], "source": "MITRE", "title": "A deep dive into Saint Bot, a new downloader" }, "related": [], "uuid": "3a1faa47-7bd3-453f-9b7a-bb17efb8bb3c", "value": "Malwarebytes Saint Bot April 2021" }, { "description": "Vlad Pasca. (2022, September 27). A Deep Dive Into the APT28’s stealer called CredoMap. Retrieved December 5, 2023.", "meta": { "date_accessed": "2023-12-05T00:00:00Z", "date_published": "2022-09-27T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://securityscorecard.com/research/apt28s-stealer-called-credomap/" ], "source": "Tidal Cyber", "title": "A Deep Dive Into the APT28’s stealer called CredoMap" }, "related": [], "uuid": "3e683efc-4712-4397-8d55-4354ff7ad9f0", "value": "SecurityScorecard CredoMap September 2022" }, { "description": "Brian Krebs. (2019, February 18). A Deep Dive on the Recent Widespread DNS Hijacking Attacks. Retrieved February 14, 2022.", "meta": { "date_accessed": "2022-02-14T00:00:00Z", "date_published": "2019-02-18T00:00:00Z", "refs": [ "https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/" ], "source": "MITRE", "title": "A Deep Dive on the Recent Widespread DNS Hijacking Attacks" }, "related": [], "uuid": "9bdc618d-ff55-4ac8-8967-6039c6c24cb1", "value": "Krebs DNS Hijack 2019" }, { "description": "Reaqta. (2017, November 22). A dive into MuddyWater APT targeting Middle-East. Retrieved May 18, 2020.", "meta": { "date_accessed": "2020-05-18T00:00:00Z", "date_published": "2017-11-22T00:00:00Z", "refs": [ "https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/" ], "source": "MITRE", "title": "A dive into MuddyWater APT targeting Middle-East" }, "related": [], "uuid": "ecd28ccf-edb6-478d-a8f1-da630df42127", "value": "Reaqta MuddyWater November 2017" }, { "description": "Faou, M. and Dumont R.. (2019, May 29). A dive into Turla PowerShell usage. Retrieved June 14, 2019.", "meta": { "date_accessed": "2019-06-14T00:00:00Z", "date_published": "2019-05-29T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/" ], "source": "MITRE", "title": "A dive into Turla PowerShell usage" }, "related": [], "uuid": "68c0f34b-691a-4847-8d49-f18b7f4e5188", "value": "ESET Turla PowerShell May 2019" }, { "description": "Kubernetes. (n.d.). Admission Controllers Reference. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "refs": [ "https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers" ], "source": "MITRE", "title": "Admission Controllers Reference" }, "related": [], "uuid": "ea035e41-159b-5f12-96fc-0638eace9fd2", "value": "Kubernetes Admission Controllers" }, { "description": "Brian Krebs. (2013, October 3). Adobe To Announce Source Code, Customer Data Breach. Retrieved May 17, 2021.", "meta": { "date_accessed": "2021-05-17T00:00:00Z", "date_published": "2013-10-03T00:00:00Z", "refs": [ "https://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/" ], "source": "MITRE", "title": "Adobe To Announce Source Code, Customer Data Breach" }, "related": [], "uuid": "bc2b0b89-e00d-4beb-bf27-fe81d8c826a4", "value": "Krebs Adobe" }, { "description": "Twi1ight. (2015, July 11). AD-Pentest-Script - wmiexec.vbs. Retrieved June 29, 2017.", "meta": { "date_accessed": "2017-06-29T00:00:00Z", "date_published": "2015-07-11T00:00:00Z", "refs": [ "https://github.com/Twi1ight/AD-Pentest-Script/blob/master/wmiexec.vbs" ], "source": "MITRE", "title": "AD-Pentest-Script - wmiexec.vbs" }, "related": [], "uuid": "45a5f6c2-b52e-4518-a10e-19797e6fdcc3", "value": "Github AD-Pentest-Script" }, { "description": "LOLBAS. (2021, September 1). adplus.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Adplus/" ], "source": "Tidal Cyber", "title": "adplus.exe" }, "related": [], "uuid": "d407ca0a-7ace-4dc5-947d-69a1e5a1d459", "value": "adplus.exe - LOLBAS Project" }, { "description": "Microsoft. (2017, December 12). ADV170021 - Microsoft Office Defense in Depth Update. Retrieved February 3, 2018.", "meta": { "date_accessed": "2018-02-03T00:00:00Z", "date_published": "2017-12-12T00:00:00Z", "refs": [ "https://portal.msrc.microsoft.com/security-guidance/advisory/ADV170021" ], "source": "MITRE", "title": "ADV170021 - Microsoft Office Defense in Depth Update" }, "related": [], "uuid": "ce960e76-848f-440d-9843-54773f7b11cf", "value": "Microsoft ADV170021 Dec 2017" }, { "description": "FireEye. (n.d.). Advanced Persistent Threat Groups. Retrieved August 3, 2018.", "meta": { "date_accessed": "2018-08-03T00:00:00Z", "refs": [ "https://www.fireeye.com/current-threats/apt-groups.html#apt19" ], "source": "MITRE, Tidal Cyber", "title": "Advanced Persistent Threat Groups" }, "related": [], "uuid": "5b6b909d-870a-4d14-85ec-6aa14e598740", "value": "FireEye APT Groups" }, { "description": "Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.mandiant.com/resources/insights/apt-groups" ], "source": "Tidal Cyber", "title": "Advanced Persistent Threats (APTs)" }, "related": [], "uuid": "c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97", "value": "Mandiant APT Groups List" }, { "description": "Simpson, D. et al. (2017, April 19). Advanced security audit policy settings. Retrieved September 14, 2021.", "meta": { "date_accessed": "2021-09-14T00:00:00Z", "date_published": "2017-04-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings" ], "source": "MITRE", "title": "Advanced security audit policy settings" }, "related": [], "uuid": "9aef57b1-1a2e-4833-815e-887616cc0570", "value": "Advanced_sec_audit_policy_settings" }, { "description": "CrowdStrike. (2021, September 30). Adversary Profile - Ricochet Chollima. Retrieved September 30, 2021.", "meta": { "date_accessed": "2021-09-30T00:00:00Z", "date_published": "2021-09-30T00:00:00Z", "refs": [ "https://www.crowdstrike.com/adversaries/ricochet-chollima/" ], "source": "MITRE", "title": "Adversary Profile - Ricochet Chollima" }, "related": [], "uuid": "69a23467-c55c-43a3-951d-c208e6ead6f7", "value": "CrowdStrike Richochet Chollima September 2021" }, { "description": "French, D., Murphy, B. (2020, March 24). Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1). Retrieved December 21, 2020.", "meta": { "date_accessed": "2020-12-21T00:00:00Z", "date_published": "2020-03-24T00:00:00Z", "refs": [ "https://www.elastic.co/blog/hunting-for-persistence-using-elastic-security-part-1" ], "source": "MITRE", "title": "Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1)" }, "related": [], "uuid": "bd9406d3-c3e3-4737-97a1-a4bc997c88cd", "value": "Elastic - Hunting for Persistence Part 1" }, { "description": "National Cyber Security Centre. (2020, July 16). Advisory: APT29 targets COVID-19 vaccine development. Retrieved September 29, 2020.", "meta": { "date_accessed": "2020-09-29T00:00:00Z", "date_published": "2020-07-16T00:00:00Z", "refs": [ "https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf" ], "source": "MITRE", "title": "Advisory: APT29 targets COVID-19 vaccine development" }, "related": [], "uuid": "28da86a6-4ca1-4bb4-a401-d4aa469c0034", "value": "NCSC APT29 July 2020" }, { "description": "LOLBAS. (2018, May 25). Advpack.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Advpack/" ], "source": "Tidal Cyber", "title": "Advpack.dll" }, "related": [], "uuid": "837ccb3c-316d-4d96-8a33-b5df40870aba", "value": "Advpack.dll - LOLBAS Project" }, { "description": "Kamluk, V. & Gostev, A. (2016, February). Adwind - A Cross-Platform RAT. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2016-02-01T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07195002/KL_AdwindPublicReport_2016.pdf" ], "source": "MITRE", "title": "Adwind - A Cross-Platform RAT" }, "related": [], "uuid": "69fd8de4-81bc-4165-b77d-c5fc72cfa699", "value": "Kaspersky Adwind Feb 2016" }, { "description": "Radu Tudorica. (2021, July 12). A Fresh Look at Trickbot’s Ever-Improving VNC Module. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2021-07-12T00:00:00Z", "refs": [ "https://www.bitdefender.com/files/News/CaseStudies/study/399/Bitdefender-PR-Whitepaper-Trickbot-creat5515-en-EN.pdf" ], "source": "MITRE", "title": "A Fresh Look at Trickbot’s Ever-Improving VNC Module" }, "related": [], "uuid": "ee2709d7-2b33-48ac-8e90-a2770d469d80", "value": "Bitdefender Trickbot VNC module Whitepaper 2021" }, { "description": "Dan Goodin. (2016, July 6). After hiatus, in-the-wild Mac backdoors are suddenly back. Retrieved July 8, 2017.", "meta": { "date_accessed": "2017-07-08T00:00:00Z", "date_published": "2016-07-06T00:00:00Z", "refs": [ "https://arstechnica.com/security/2016/07/after-hiatus-in-the-wild-mac-backdoors-are-suddenly-back/" ], "source": "MITRE", "title": "After hiatus, in-the-wild Mac backdoors are suddenly back" }, "related": [], "uuid": "c37f00dc-ee53-4be1-9046-0a28bdc5649a", "value": "Mac Backdoors are back" }, { "description": "Plakhov, A., Sitchikhin, D. (2019, August 22). Agent 1433: remote attack on Microsoft SQL Server. Retrieved September 4, 2019.", "meta": { "date_accessed": "2019-09-04T00:00:00Z", "date_published": "2019-08-22T00:00:00Z", "refs": [ "https://securelist.com/malicious-tasks-in-ms-sql-server/92167/" ], "source": "MITRE", "title": "Agent 1433: remote attack on Microsoft SQL Server" }, "related": [], "uuid": "569a6be3-7a10-4aa4-be26-a62ed562a4ce", "value": "Kaspersky MSSQL Aug 2019" }, { "description": "Gostev, A.. (2014, March 12). Agent.btz: a Source of Inspiration?. Retrieved April 8, 2016.", "meta": { "date_accessed": "2016-04-08T00:00:00Z", "date_published": "2014-03-12T00:00:00Z", "refs": [ "https://securelist.com/agent-btz-a-source-of-inspiration/58551/" ], "source": "MITRE", "title": "Agent.btz: a Source of Inspiration?" }, "related": [], "uuid": "3b876c56-1d18-49e3-9a96-5cee4af7ab72", "value": "Securelist Agent.btz" }, { "description": "Shevchenko, S.. (2008, November 30). Agent.btz - A Threat That Hit Pentagon. Retrieved April 8, 2016.", "meta": { "date_accessed": "2016-04-08T00:00:00Z", "date_published": "2008-11-30T00:00:00Z", "refs": [ "http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html" ], "source": "MITRE", "title": "Agent.btz - A Threat That Hit Pentagon" }, "related": [], "uuid": "b710c404-b02e-444c-9388-9a5e751971d2", "value": "ThreatExpert Agent.btz" }, { "description": "LOLBAS. (2020, July 23). AgentExecutor.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-07-23T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Agentexecutor/" ], "source": "Tidal Cyber", "title": "AgentExecutor.exe" }, "related": [], "uuid": "633d7f25-df9d-4619-9aa9-92d1d9d225d7", "value": "AgentExecutor.exe - LOLBAS Project" }, { "description": "Walter, J. (2020, August 10). Agent Tesla | Old RAT Uses New Tricks to Stay on Top. Retrieved December 11, 2020.", "meta": { "date_accessed": "2020-12-11T00:00:00Z", "date_published": "2020-08-10T00:00:00Z", "refs": [ "https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/" ], "source": "MITRE", "title": "Agent Tesla | Old RAT Uses New Tricks to Stay on Top" }, "related": [], "uuid": "5f712e3f-5a9d-4af3-b846-a61dc1d59b3a", "value": "SentinelLabs Agent Tesla Aug 2020" }, { "description": "Hegel, T. (2021, January 13). A Global Perspective of the SideWinder APT. Retrieved January 27, 2021.", "meta": { "date_accessed": "2021-01-27T00:00:00Z", "date_published": "2021-01-13T00:00:00Z", "refs": [ "https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf" ], "source": "MITRE, Tidal Cyber", "title": "A Global Perspective of the SideWinder APT" }, "related": [], "uuid": "d6644f88-d727-4f62-897a-bfa18f86380d", "value": "ATT Sidewinder January 2021" }, { "description": "Schroeder, W. (2017, October 30). A Guide to Attacking Domain Trusts. Retrieved February 14, 2019.", "meta": { "date_accessed": "2019-02-14T00:00:00Z", "date_published": "2017-10-30T00:00:00Z", "refs": [ "https://posts.specterops.io/a-guide-to-attacking-domain-trusts-971e52cb2944" ], "source": "MITRE", "title": "A Guide to Attacking Domain Trusts" }, "related": [], "uuid": "23a9ef6c-9f71-47bb-929f-9a92f24553eb", "value": "Harmj0y Domain Trusts" }, { "description": "airwalk. (2023, January 1). A guide to backdooring Unix systems. Retrieved May 31, 2023.", "meta": { "date_accessed": "2023-05-31T00:00:00Z", "date_published": "2023-01-01T00:00:00Z", "refs": [ "http://www.ouah.org/backdoors.html" ], "source": "MITRE", "title": "A guide to backdooring Unix systems" }, "related": [], "uuid": "3f3bca4a-68fa-5d4a-b86f-36f82345ff36", "value": "airwalk backdoor unix systems" }, { "description": "Greenberg, A. (2019, March 25). A Guide to LockerGoga, the Ransomware Crippling Industrial Firms. Retrieved July 17, 2019.", "meta": { "date_accessed": "2019-07-17T00:00:00Z", "date_published": "2019-03-25T00:00:00Z", "refs": [ "https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/" ], "source": "MITRE", "title": "A Guide to LockerGoga, the Ransomware Crippling Industrial Firms" }, "related": [], "uuid": "de12f263-f76d-4b63-beb8-b210f7a8310d", "value": "Wired Lockergoga 2019" }, { "description": "Cimpanu, C. (2020, May 9). A hacker group is selling more than 73 million user records on the dark web. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2020-05-09T00:00:00Z", "refs": [ "https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/" ], "source": "MITRE", "title": "A hacker group is selling more than 73 million user records on the dark web" }, "related": [], "uuid": "61d00ae2-5494-4c6c-8860-6826e701ade8", "value": "ZDNET Selling Data" }, { "description": "ESET Research. (2019, May 22). A journey to Zebrocy land. Retrieved June 20, 2019.", "meta": { "date_accessed": "2019-06-20T00:00:00Z", "date_published": "2019-05-22T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/" ], "source": "MITRE", "title": "A journey to Zebrocy land" }, "related": [], "uuid": "f8b837fb-e46c-4153-8e86-dc4b909b393a", "value": "ESET Zebrocy May 2019" }, { "description": "Microsoft. (2023, February 27). AKS-managed Azure Active Directory integration. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2023-02-27T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/aks/managed-aad" ], "source": "MITRE", "title": "AKS-managed Azure Active Directory integration" }, "related": [], "uuid": "809db259-3557-5597-9d1a-7c00cc10b89c", "value": "Microsoft AKS Azure AD 2023" }, { "description": "US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.", "meta": { "date_accessed": "2019-03-15T00:00:00Z", "date_published": "2018-12-03T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/AA18-337A" ], "source": "MITRE", "title": "Alert (AA18-337A): SamSam Ransomware" }, "related": [], "uuid": "b9d14fea-2330-4eed-892c-b4e05a35d273", "value": "US-CERT SamSam 2018" }, { "description": "CISA. (2020, September 14). Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity. Retrieved October 1, 2020.", "meta": { "date_accessed": "2020-10-01T00:00:00Z", "date_published": "2020-09-14T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/aa20-258a" ], "source": "MITRE", "title": "Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity" }, "related": [], "uuid": "ffe613e3-b528-42bf-81d5-4d8de38b3457", "value": "CISA MSS Sep 2020" }, { "description": "DHS/CISA. (2020, September 22). Alert (AA20-266A) LokiBot Malware . Retrieved September 15, 2021.", "meta": { "date_accessed": "2021-09-15T00:00:00Z", "date_published": "2020-09-22T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/aa20-266a" ], "source": "MITRE", "title": "Alert (AA20-266A) LokiBot Malware" }, "related": [], "uuid": "df979f7b-6de8-4029-ae47-700f29157db0", "value": "CISA Lokibot September 2020" }, { "description": "CISA. (2021, August 20). Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs. Retrieved June 21, 2022.", "meta": { "date_accessed": "2022-06-21T00:00:00Z", "date_published": "2021-08-20T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/alerts/aa21-200b" ], "source": "MITRE", "title": "Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs" }, "related": [], "uuid": "633c6045-8990-58ae-85f0-00139aa9a091", "value": "CISA_AA21_200B" }, { "description": "CISA. (2022, April 28). Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine. Retrieved July 29, 2022.", "meta": { "date_accessed": "2022-07-29T00:00:00Z", "date_published": "2022-04-28T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-057a" ], "source": "MITRE", "title": "Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine" }, "related": [], "uuid": "ebe89b36-f87f-4e09-8030-a1328c0b8683", "value": "cisa_malware_orgs_ukraine" }, { "description": "US-CERT. (2016, March 31). Alert (TA16-091A): Ransomware and Recent Variants. Retrieved March 15, 2019.", "meta": { "date_accessed": "2019-03-15T00:00:00Z", "date_published": "2016-03-31T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA16-091A" ], "source": "MITRE", "title": "Alert (TA16-091A): Ransomware and Recent Variants" }, "related": [], "uuid": "866484fa-836d-4c5b-bbad-3594ef60599c", "value": "US-CERT Ransomware 2016" }, { "description": "US-CERT. (2017, May 12). Alert (TA17-132A): Indicators Associated With WannaCry Ransomware. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2017-05-12T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA17-132A" ], "source": "MITRE", "title": "Alert (TA17-132A): Indicators Associated With WannaCry Ransomware" }, "related": [], "uuid": "349b8e9d-7172-4d01-b150-f0371d038b7e", "value": "US-CERT WannaCry 2017" }, { "description": "US-CERT. (2017, June 13). Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure. Retrieved July 13, 2017.", "meta": { "date_accessed": "2017-07-13T00:00:00Z", "date_published": "2017-06-13T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA17-164A" ], "source": "MITRE", "title": "Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure" }, "related": [], "uuid": "8e57cea3-ee37-4507-bb56-7445050ec8ca", "value": "US-CERT HIDDEN COBRA June 2017" }, { "description": "US-CERT. (2017, July 1). Alert (TA17-181A): Petya Ransomware. Retrieved March 15, 2019.", "meta": { "date_accessed": "2019-03-15T00:00:00Z", "date_published": "2017-07-01T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA17-181A" ], "source": "MITRE", "title": "Alert (TA17-181A): Petya Ransomware" }, "related": [], "uuid": "6a009850-834b-4178-9028-2745921b6743", "value": "US-CERT NotPetya 2017" }, { "description": "US-CERT. (2017, October 20). Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved November 2, 2017.", "meta": { "date_accessed": "2017-11-02T00:00:00Z", "date_published": "2017-10-20T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA17-293A" ], "source": "MITRE", "title": "Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors" }, "related": [], "uuid": "e34ddf0a-a112-4557-ac09-1ff540241a89", "value": "US-CERT APT Energy Oct 2017" }, { "description": "US-CERT. (2017, November 22). Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL. Retrieved December 7, 2017.", "meta": { "date_accessed": "2017-12-07T00:00:00Z", "date_published": "2017-11-22T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA17-318A" ], "source": "MITRE", "title": "Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL" }, "related": [], "uuid": "045e03f9-af83-4442-b69e-b80f68e570ac", "value": "US-CERT FALLCHILL Nov 2017" }, { "description": "US-CERT. (2017, November 22). Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer. Retrieved December 7, 2017.", "meta": { "date_accessed": "2017-12-07T00:00:00Z", "date_published": "2017-11-22T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA17-318B" ], "source": "MITRE", "title": "Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer" }, "related": [], "uuid": "c48c7ac0-8d55-4b62-9606-a9ce420459b6", "value": "US-CERT Volgmer Nov 2017" }, { "description": "US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018.", "meta": { "date_accessed": "2018-06-06T00:00:00Z", "date_published": "2018-03-16T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA18-074A" ], "source": "MITRE", "title": "Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors" }, "related": [], "uuid": "94e87a92-bf80-43e2-a3ab-cd7d4895f2fc", "value": "US-CERT TA18-074A" }, { "description": "US-CERT. (2018, April 20). Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2018-04-20T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA18-106A" ], "source": "MITRE", "title": "Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices" }, "related": [], "uuid": "1fe55557-94af-4697-a675-884701f70f2a", "value": "US-CERT-TA18-106A" }, { "description": "US-CERT. (2018, July 20). Alert (TA18-201A) Emotet Malware. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2018-07-20T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA18-201A" ], "source": "MITRE", "title": "Alert (TA18-201A) Emotet Malware" }, "related": [], "uuid": "0043043a-4741-41c2-a6f2-f88d5caa8b7a", "value": "US-CERT Emotet Jul 2018" }, { "description": "Noteworthy. (2019, January 6). Al-Khaser. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2019-01-06T00:00:00Z", "refs": [ "https://github.com/LordNoteworthy/al-khaser/tree/master/al-khaser/AntiDebug" ], "source": "MITRE", "title": "Al-Khaser" }, "related": [], "uuid": "d9773aaf-e3ec-4ce3-b5c8-1ca3c4751622", "value": "AlKhaser Debug" }, { "description": "Bryan Lee and Rob Downs. (2016, February 12). A Look Into Fysbis: Sofacy’s Linux Backdoor. Retrieved September 10, 2017.", "meta": { "date_accessed": "2017-09-10T00:00:00Z", "date_published": "2016-02-12T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/" ], "source": "MITRE", "title": "A Look Into Fysbis: Sofacy’s Linux Backdoor" }, "related": [], "uuid": "3e527ad6-6b56-473d-8178-e1c3c14f2311", "value": "Fysbis Palo Alto Analysis" }, { "description": "Karmi, D. (2020, January 4). A Look Into Konni 2019 Campaign. Retrieved April 28, 2020.", "meta": { "date_accessed": "2020-04-28T00:00:00Z", "date_published": "2020-01-04T00:00:00Z", "refs": [ "https://medium.com/d-hunter/a-look-into-konni-2019-campaign-b45a0f321e9b" ], "source": "MITRE", "title": "A Look Into Konni 2019 Campaign" }, "related": [], "uuid": "e117a6ac-eaa2-4494-b4ae-2d9ae52c3251", "value": "Medium KONNI Jan 2020" }, { "description": "Jay Chen. (2022, May 16). A Look Into Public Clouds From the Ransomware Actor's Perspective. Retrieved March 21, 2023.", "meta": { "date_accessed": "2023-03-21T00:00:00Z", "date_published": "2022-05-16T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/ransomware-in-public-clouds/" ], "source": "MITRE", "title": "A Look Into Public Clouds From the Ransomware Actor's Perspective" }, "related": [], "uuid": "cc6c2b69-ca51-513e-9666-a03be2ea5fcd", "value": "Unit 42 Palo Alto Ransomware in Public Clouds 2022" }, { "description": "Canadian Centre for Cyber Security. (2023, July 25). ALPHV/BlackCat Ransomware Targeting of Canadian Industries. Retrieved September 13, 2023.", "meta": { "date_accessed": "2023-09-13T00:00:00Z", "date_published": "2023-07-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cyber.gc.ca/en/alerts-advisories/alphvblackcat-ransomware-targeting-canadian-industries" ], "source": "Tidal Cyber", "title": "ALPHV/BlackCat Ransomware Targeting of Canadian Industries" }, "related": [], "uuid": "610c8f22-1a96-42d2-934d-8467d136eed2", "value": "Cyber Centre ALPHV/BlackCat July 25 2023" }, { "description": "Marlin, J. (2013, March 24). Alternate Data Streams in NTFS. Retrieved March 21, 2018.", "meta": { "date_accessed": "2018-03-21T00:00:00Z", "date_published": "2013-03-24T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/" ], "source": "MITRE", "title": "Alternate Data Streams in NTFS" }, "related": [], "uuid": "eae434ff-97c0-4a82-9f80-215e515befae", "value": "Microsoft ADS Mar 2014" }, { "description": "Chester, A. (2017, November 20). Alternative methods of becoming SYSTEM. Retrieved June 4, 2019.", "meta": { "date_accessed": "2019-06-04T00:00:00Z", "date_published": "2017-11-20T00:00:00Z", "refs": [ "https://blog.xpnsec.com/becoming-system/" ], "source": "MITRE", "title": "Alternative methods of becoming SYSTEM" }, "related": [], "uuid": "0dbf093e-4b54-4972-b048-2a6411037da4", "value": "XPNSec PPID Nov 2017" }, { "description": "Microsoft. (2018, May 31). AlwaysInstallElevated. Retrieved December 14, 2020.", "meta": { "date_accessed": "2020-12-14T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated" ], "source": "MITRE", "title": "AlwaysInstallElevated" }, "related": [], "uuid": "19026f4c-ad65-435e-8c0e-a8ccc9895348", "value": "Microsoft AlwaysInstallElevated 2018" }, { "description": "Amazon. (n.d.). Amazon EBS snapshots. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html" ], "source": "MITRE", "title": "Amazon EBS snapshots" }, "related": [], "uuid": "3961a653-b53c-4ba4-9ea6-709e1d1bdb55", "value": "Amazon Snapshots" }, { "description": "Amazon. (n.d.). Amazon Machine Images (AMI). Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html" ], "source": "MITRE", "title": "Amazon Machine Images (AMI)" }, "related": [], "uuid": "bc9ecf45-2a20-47df-a634-064237e5f126", "value": "Amazon AMI" }, { "description": "Amazon. (n.d.). Amazon S3. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://aws.amazon.com/s3/" ], "source": "MITRE", "title": "Amazon S3" }, "related": [], "uuid": "7fecbd5d-626f-496a-a72f-5f166c78c204", "value": "Amazon S3" }, { "description": "Trend Micro. (2017, November 6). A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2017-11-06T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/a-misconfigured-amazon-s3-exposed-almost-50-thousand-pii-in-australia" ], "source": "MITRE", "title": "A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia" }, "related": [], "uuid": "1ba37b48-1219-4f87-af36-9bdd8d6265ca", "value": "Trend Micro S3 Exposed PII, 2017" }, { "description": "Insikt Group. (2019, June 18). A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "date_published": "2019-06-18T00:00:00Z", "refs": [ "https://www.recordedfuture.com/cobalt-strike-servers/" ], "source": "MITRE", "title": "A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers" }, "related": [], "uuid": "792ca8a7-c9b2-4e7f-8562-e1ccb60a402a", "value": "Recorded Future Beacon Certificates" }, { "description": "Dainotti, A. et al. (2012). Analysis of a “/0” Stealth Scan from a Botnet. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2012-01-01T00:00:00Z", "refs": [ "https://www.caida.org/publications/papers/2012/analysis_slash_zero/analysis_slash_zero.pdf" ], "source": "MITRE", "title": "Analysis of a “/0” Stealth Scan from a Botnet" }, "related": [], "uuid": "ca09941c-fcc8-460b-8b02-d1608a7d3813", "value": "Botnet Scan" }, { "description": "Borja, A. Camba, A. et al (2020, September 14). Analysis of a Convoluted Attack Chain Involving Ngrok. Retrieved September 15, 2020.", "meta": { "date_accessed": "2020-09-15T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/20/i/analysis-of-a-convoluted-attack-chain-involving-ngrok.html" ], "source": "MITRE", "title": "Analysis of a Convoluted Attack Chain Involving Ngrok" }, "related": [], "uuid": "e7b57e64-3532-4b98-9fa5-b832e6fcd53a", "value": "Trend Micro Ngrok September 2020" }, { "description": "Computer Incident Response Center Luxembourg. (2013, March 29). Analysis of a PlugX variant. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2013-03-29T00:00:00Z", "refs": [ "http://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf" ], "source": "MITRE", "title": "Analysis of a PlugX variant" }, "related": [], "uuid": "8ab89236-6994-43a3-906c-383e294f65d1", "value": "CIRCL PlugX March 2013" }, { "description": "Sarah Edwards. (2020, April 30). Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins. Retrieved August 19, 2021.", "meta": { "date_accessed": "2021-08-19T00:00:00Z", "date_published": "2020-04-30T00:00:00Z", "refs": [ "https://sarah-edwards-xzkc.squarespace.com/blog/2020/4/30/analysis-of-apple-unified-logs-quarantine-edition-entry-6-working-from-home-remote-logins" ], "source": "MITRE", "title": "Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins" }, "related": [], "uuid": "a2169171-8e4a-4faa-811c-98b6204a5a57", "value": "Apple Unified Log Analysis Remote Login and Screen Sharing" }, { "description": "S2W. (2022, January 18). Analysis of Destructive Malware (WhisperGate) targeting Ukraine. Retrieved March 14, 2022.", "meta": { "date_accessed": "2022-03-14T00:00:00Z", "date_published": "2022-01-18T00:00:00Z", "refs": [ "https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3" ], "source": "MITRE", "title": "Analysis of Destructive Malware (WhisperGate) targeting Ukraine" }, "related": [], "uuid": "06cf7197-244a-431b-a288-4c2bbd431ad5", "value": "Medium S2W WhisperGate January 2022" }, { "description": "Guillaume Lovet and Alex Kong. (2023, March 9). Analysis of FG-IR-22-369. Retrieved May 15, 2023.", "meta": { "date_accessed": "2023-05-15T00:00:00Z", "date_published": "2023-03-09T00:00:00Z", "refs": [ "https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis" ], "source": "MITRE", "title": "Analysis of FG-IR-22-369" }, "related": [], "uuid": "f12b141e-6bb2-5563-9665-5756fec2d5e7", "value": "Analysis of FG-IR-22-369" }, { "description": "Graeber, M. (2014, October). Analysis of Malicious Security Support Provider DLLs. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2014-10-01T00:00:00Z", "refs": [ "http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html" ], "source": "MITRE", "title": "Analysis of Malicious Security Support Provider DLLs" }, "related": [], "uuid": "f2f9a6bf-b4d9-461e-b961-0610ea72faf0", "value": "Graeber 2014" }, { "description": "Zhang, X. (2018, April 05). Analysis of New Agent Tesla Spyware Variant. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2018-04-05T00:00:00Z", "refs": [ "https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html" ], "source": "MITRE", "title": "Analysis of New Agent Tesla Spyware Variant" }, "related": [], "uuid": "86a65be7-0f70-4755-b526-a26b92eabaa2", "value": "Fortinet Agent Tesla April 2018" }, { "description": "Antiy CERT. (2020, April 20). Analysis of Ramsay components of Darkhotel's infiltration and isolation network. Retrieved March 24, 2021.", "meta": { "date_accessed": "2021-03-24T00:00:00Z", "date_published": "2020-04-20T00:00:00Z", "refs": [ "https://www.programmersought.com/article/62493896999/" ], "source": "MITRE", "title": "Analysis of Ramsay components of Darkhotel's infiltration and isolation network" }, "related": [], "uuid": "280636da-fa21-472c-947c-651a628ea2cd", "value": "Antiy CERT Ramsay April 2020" }, { "description": "Microsoft Threat Intelligence. (2023, July 14). Analysis of Storm-0558 techniques for unauthorized email access. Retrieved September 18, 2023.", "meta": { "date_accessed": "2023-09-18T00:00:00Z", "date_published": "2023-07-14T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/" ], "source": "MITRE", "title": "Analysis of Storm-0558 techniques for unauthorized email access" }, "related": [], "uuid": "74fd79a9-09f7-5149-a457-687a1e2989de", "value": "Storm-0558 techniques for unauthorized email access" }, { "description": "Cherepanov, A.. (2017, July 4). Analysis of TeleBots’ cunning backdoor . Retrieved June 11, 2020.", "meta": { "date_accessed": "2020-06-11T00:00:00Z", "date_published": "2017-07-04T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/" ], "source": "MITRE", "title": "Analysis of TeleBots’ cunning backdoor" }, "related": [], "uuid": "5d62c323-6626-4aad-8bf2-0d988e436f3d", "value": "ESET Telebots July 2017" }, { "description": "ESTSecurity. (2019, April 17). Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그]. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2019-04-17T00:00:00Z", "refs": [ "https://blog.alyac.co.kr/attachment/cfile5.uf@99A0CD415CB67E210DCEB3.pdf" ], "source": "MITRE", "title": "Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그]" }, "related": [], "uuid": "15213a3c-1e9f-47fa-9864-8ef2707c7fb6", "value": "EST Kimsuky SmokeScreen April 2019" }, { "description": "Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems. (2016, March 18). Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case. Retrieved March 27, 2018.", "meta": { "date_accessed": "2018-03-27T00:00:00Z", "date_published": "2016-03-18T00:00:00Z", "refs": [ "https://nsarchive.gwu.edu/sites/default/files/documents/3891751/SANS-and-Electricity-Information-Sharing-and.pdf" ], "source": "MITRE", "title": "Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case" }, "related": [], "uuid": "8adc6d36-3aa0-5d7b-8bb3-23f4426be8a6", "value": "Ukraine15 - EISAC - 201603" }, { "description": "Ganani, M. (2015, May 14). Analysis of the Havij SQL Injection tool. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "date_published": "2015-05-14T00:00:00Z", "refs": [ "https://blog.checkpoint.com/2015/05/14/analysis-havij-sql-injection-tool/" ], "source": "MITRE", "title": "Analysis of the Havij SQL Injection tool" }, "related": [], "uuid": "2e00a539-acbe-4462-a30f-43da4e8b9c4f", "value": "Check Point Havij Analysis" }, { "description": "Perez, D.. (2018, December 28). Analysis of the latest Emotet propagation campaign. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2018-12-28T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/12/28/analysis-latest-emotet-propagation-campaign/" ], "source": "MITRE", "title": "Analysis of the latest Emotet propagation campaign" }, "related": [], "uuid": "3fab9e25-e83e-4c90-ae32-dcd0c30757f8", "value": "ESET Emotet Dec 2018" }, { "description": "Rewterz. (2020, June 22). Analysis on Sidewinder APT Group – COVID-19. Retrieved January 29, 2021.", "meta": { "date_accessed": "2021-01-29T00:00:00Z", "date_published": "2020-06-22T00:00:00Z", "refs": [ "https://www.rewterz.com/articles/analysis-on-sidewinder-apt-group-covid-19" ], "source": "MITRE", "title": "Analysis on Sidewinder APT Group – COVID-19" }, "related": [], "uuid": "cdd779f1-30c2-40be-a500-332920f0e21c", "value": "Rewterz Sidewinder COVID-19 June 2020" }, { "description": "CISA. (2018, December 18). Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool. Retrieved August 1, 2022.", "meta": { "date_accessed": "2022-08-01T00:00:00Z", "date_published": "2018-12-18T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/analysis-reports/AR18-352A" ], "source": "MITRE", "title": "Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool" }, "related": [], "uuid": "a109e42d-604f-4885-ada3-5d6895addc96", "value": "CISA AR18-352A Quasar RAT December 2018" }, { "description": "CISA. (2021, May 6). Analysis Report (AR21-126A) FiveHands Ransomware. Retrieved June 7, 2021.", "meta": { "date_accessed": "2021-06-07T00:00:00Z", "date_published": "2021-05-06T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a" ], "source": "MITRE", "title": "Analysis Report (AR21-126A) FiveHands Ransomware" }, "related": [], "uuid": "f98604dd-2881-4024-8e43-6f5f48c6c9fa", "value": "CISA AR21-126A FIVEHANDS May 2021" }, { "description": "Joe Security. (n.d.). Analysis Report fasm.dll. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "refs": [ "https://www.joesandbox.com/analysis/318027/0/html" ], "source": "MITRE", "title": "Analysis Report fasm.dll" }, "related": [], "uuid": "d403e610-fa83-4c17-842f-223063864009", "value": "JoeSecurity Egregor 2020" }, { "description": "Ebach, L. (2017, June 22). Analysis Results of Zeus.Variant.Panda. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2017-06-22T00:00:00Z", "refs": [ "https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf" ], "source": "MITRE", "title": "Analysis Results of Zeus.Variant.Panda" }, "related": [], "uuid": "2d9a6957-5645-4863-968b-4a3c8736564b", "value": "GDATA Zeus Panda June 2017" }, { "description": "jstnk9.github.io. (2022, June 1). Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage. Retrieved May 7, 2023.", "meta": { "date_accessed": "2023-05-07T00:00:00Z", "date_published": "2022-06-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://jstnk9.github.io/jstnk9/research/AsyncRAT-Analysis/" ], "source": "Tidal Cyber", "title": "Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage" }, "related": [], "uuid": "4e7f573d-f8cc-4538-9f8d-b945f037e46f", "value": "jstnk9.github.io June 01 2022" }, { "description": "Maynier, E. (2020, December 20). Analyzing Cobalt Strike for Fun and Profit. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2020-12-20T00:00:00Z", "refs": [ "https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/" ], "source": "MITRE", "title": "Analyzing Cobalt Strike for Fun and Profit" }, "related": [], "uuid": "f2cb06bc-66d5-4c60-a2a4-74e5a0c23bee", "value": "Analyzing CS Dec 2020" }, { "description": "Felix. (2016, September). Analyzing Malicious Office Documents. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2016-09-01T00:00:00Z", "refs": [ "https://www.uperesia.com/analyzing-malicious-office-documents" ], "source": "MITRE", "title": "Analyzing Malicious Office Documents" }, "related": [], "uuid": "f6ffb916-ac14-44d1-8566-26bafa06e77b", "value": "Uperesia Malicious Office Documents" }, { "description": "Falcone, R., Wilhoit, K.. (2018, November 16). Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2018-11-16T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-analyzing-oilrigs-ops-tempo-testing-weaponization-delivery/" ], "source": "MITRE", "title": "Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery" }, "related": [], "uuid": "9bc09d8a-d890-473b-a8cf-ea319fcc3462", "value": "Unit42 OilRig Nov 2018" }, { "description": "Sherstobitoff, R., Malhotra, A. (2018, April 24). Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide. Retrieved May 16, 2018.", "meta": { "date_accessed": "2018-05-16T00:00:00Z", "date_published": "2018-04-24T00:00:00Z", "refs": [ "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/" ], "source": "MITRE", "title": "Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide" }, "related": [], "uuid": "d1cd4f5b-253c-4833-8905-49fb58e7c016", "value": "McAfee GhostSecret" }, { "description": "MSTIC. (2020, December 18). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers . Retrieved January 5, 2021.", "meta": { "date_accessed": "2021-01-05T00:00:00Z", "date_published": "2020-12-18T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/" ], "source": "MITRE", "title": "Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers" }, "related": [], "uuid": "8ad72d46-ba2c-426f-bb0d-eb47723c8e11", "value": "Microsoft Analyzing Solorigate Dec 2020" }, { "description": "Vasilenko, R. (2013, December 17). An Analysis of PlugX Malware. Retrieved November 24, 2015.", "meta": { "date_accessed": "2015-11-24T00:00:00Z", "date_published": "2013-12-17T00:00:00Z", "refs": [ "http://labs.lastline.com/an-analysis-of-plugx" ], "source": "MITRE", "title": "An Analysis of PlugX Malware" }, "related": [], "uuid": "9f7fa262-cede-4f47-94ca-1534c65c86e2", "value": "Lastline PlugX Analysis" }, { "description": "Wu, W. (2014, October 14). An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm”. Retrieved June 18, 2020.", "meta": { "date_accessed": "2020-06-18T00:00:00Z", "date_published": "2014-10-14T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/" ], "source": "MITRE", "title": "An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm”" }, "related": [], "uuid": "84f289ce-c7b9-4f67-b6cc-bd058e5e6bcb", "value": "TrendMicro Sandworm October 2014" }, { "description": "Joe Slowik. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved December 18, 2020.", "meta": { "date_accessed": "2020-12-18T00:00:00Z", "date_published": "2018-10-12T00:00:00Z", "refs": [ "https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf" ], "source": "MITRE", "title": "Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE" }, "related": [], "uuid": "d14442d5-2557-4a92-9a29-b15a20752f56", "value": "Dragos Crashoverride 2018" }, { "description": "Drysdale, D. (2014, July 16). Anatomy of a system call, part 2. Retrieved June 16, 2020.", "meta": { "date_accessed": "2020-06-16T00:00:00Z", "date_published": "2014-07-16T00:00:00Z", "refs": [ "https://lwn.net/Articles/604515/" ], "source": "MITRE", "title": "Anatomy of a system call, part 2" }, "related": [], "uuid": "4e8fe849-ab1a-4c51-b5eb-16fcd10e8bd0", "value": "Syscall 2014" }, { "description": "Shaked, O. (2020, January 20). Anatomy of a Targeted Ransomware Attack. Retrieved June 18, 2022.", "meta": { "date_accessed": "2022-06-18T00:00:00Z", "date_published": "2020-01-20T00:00:00Z", "refs": [ "https://cdn.logic-control.com/docs/scadafence/Anatomy-Of-A-Targeted-Ransomware-Attack-WP.pdf" ], "source": "MITRE", "title": "Anatomy of a Targeted Ransomware Attack" }, "related": [], "uuid": "24c80db5-37a7-46ee-b232-f3c3ffb10f0a", "value": "SCADAfence_ransomware" }, { "description": "Hromcová, Z., Cherepanov, A. (2021). Anatomy of Native IIS Malware. Retrieved September 9, 2021.", "meta": { "date_accessed": "2021-09-09T00:00:00Z", "date_published": "2021-01-01T00:00:00Z", "refs": [ "https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Anatomy-Of-Native-Iis-Malware-wp.pdf" ], "source": "MITRE", "title": "Anatomy of Native IIS Malware" }, "related": [], "uuid": "d9c6e55b-39b7-4097-8ab2-8b87421ce2f4", "value": "ESET IIS Malware 2021" }, { "description": "Grange, W. (2020, July 13). Anchor_dns malware goes cross platform. Retrieved September 10, 2020.", "meta": { "date_accessed": "2020-09-10T00:00:00Z", "date_published": "2020-07-13T00:00:00Z", "refs": [ "https://medium.com/stage-2-security/anchor-dns-malware-family-goes-cross-platform-d807ba13ca30" ], "source": "MITRE", "title": "Anchor_dns malware goes cross platform" }, "related": [], "uuid": "de246d53-385f-44be-bf0f-25a76442b835", "value": "Medium Anchor DNS July 2020" }, { "description": "NSA, FBI, DHS. (2021, April 15). Russian SVR Targets U.S. and Allied Networks. Retrieved April 16, 2021.", "meta": { "date_accessed": "2021-04-16T00:00:00Z", "refs": [ "https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF" ], "source": "MITRE", "title": "and Allied Networks" }, "related": [], "uuid": "43d9c469-1d54-454b-ba67-74e7f1de9c10", "value": "NSA Joint Advisory SVR SolarWinds April 2021" }, { "description": "Park, S. (2021, June 15). Andariel evolves to target South Korea with ransomware. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2021-06-15T00:00:00Z", "refs": [ "https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/" ], "source": "MITRE", "title": "Andariel evolves to target South Korea with ransomware" }, "related": [], "uuid": "f4efbcb5-494c-40e0-8734-5df1b92ec39c", "value": "Kaspersky Andariel Ransomware June 2021" }, { "description": "Plummer, D. (1982, November). An Ethernet Address Resolution Protocol. Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "date_published": "1982-11-01T00:00:00Z", "refs": [ "https://tools.ietf.org/html/rfc826" ], "source": "MITRE", "title": "An Ethernet Address Resolution Protocol" }, "related": [], "uuid": "8eef2b68-f932-4cba-8646-bff9a7848532", "value": "RFC826 ARP" }, { "description": "Schlapfer, Patrick. (2022, June 6). A New Loader Gets Ready. Retrieved December 13, 2022.", "meta": { "date_accessed": "2022-12-13T00:00:00Z", "date_published": "2022-06-06T00:00:00Z", "refs": [ "https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/" ], "source": "MITRE", "title": "A New Loader Gets Ready" }, "related": [], "uuid": "48d5ec83-f1b9-595c-bb9a-d6d5cc513a41", "value": "HP SVCReady Jun 2022" }, { "description": "Legezo, D. (2022, May 4). A new secret stash for “fileless” malware. Retrieved March 23, 2023.", "meta": { "date_accessed": "2023-03-23T00:00:00Z", "date_published": "2022-05-04T00:00:00Z", "refs": [ "https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/" ], "source": "MITRE", "title": "A new secret stash for “fileless” malware" }, "related": [], "uuid": "03eb080d-0b83-5cbb-9317-c50b35996c9b", "value": "SecureList Fileless" }, { "description": "M.Léveillé, M.. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "date_published": "2014-02-21T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/" ], "source": "MITRE", "title": "An In-depth Analysis of Linux/Ebury" }, "related": [], "uuid": "eb6d4f77-ac63-4cb8-8487-20f9e709334b", "value": "ESET Ebury Feb 2014" }, { "description": "M.Léveillé, M. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved January 8, 2018.", "meta": { "date_accessed": "2018-01-08T00:00:00Z", "date_published": "2014-02-21T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/" ], "source": "MITRE", "title": "An In-depth Analysis of Linux/Ebury" }, "related": [], "uuid": "39384c7a-3032-4b45-a5eb-8ebe7de22aa2", "value": "Welivesecurity Ebury SSH" }, { "description": "Avertium. (2022, June 1). AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE. Retrieved March 7, 2023.", "meta": { "date_accessed": "2023-03-07T00:00:00Z", "date_published": "2022-06-01T00:00:00Z", "refs": [ "https://www.avertium.com/resources/threat-reports/in-depth-look-at-black-basta-ransomware" ], "source": "MITRE", "title": "AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE" }, "related": [], "uuid": "31c2ef62-2852-5418-9d52-2479a3a619d0", "value": "Avertium Black Basta June 2022" }, { "description": "Myers, M., and Youndt, S. (2007). An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits. Retrieved November 13, 2014.", "meta": { "date_accessed": "2014-11-13T00:00:00Z", "date_published": "2007-01-01T00:00:00Z", "refs": [ "http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.90.8832&rep=rep1&type=pdf" ], "source": "MITRE", "title": "An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits" }, "related": [], "uuid": "689dfe75-9c06-4438-86fa-5fbbb09f0fe7", "value": "Myers 2007" }, { "description": "The Linux Foundation. (2006, January 11). An introduction to services, runlevels, and rc.d scripts. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2006-01-11T00:00:00Z", "refs": [ "https://www.linux.com/news/introduction-services-runlevels-and-rcd-scripts/" ], "source": "MITRE", "title": "An introduction to services, runlevels, and rc.d scripts" }, "related": [], "uuid": "091aa85d-7d30-4800-9b2d-97f96d257798", "value": "Linux Services Run Levels" }, { "description": "Moore, S. et al. (2020, April 30). Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center. Retrieved May 19, 2020.", "meta": { "date_accessed": "2020-05-19T00:00:00Z", "date_published": "2020-04-30T00:00:00Z", "refs": [ "https://www.anomali.com/blog/anomali-suspects-that-china-backed-apt-pirate-panda-may-be-seeking-access-to-vietnam-government-data-center#When:15:00:00Z" ], "source": "MITRE", "title": "Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center" }, "related": [], "uuid": "f1d28b91-a529-439d-9548-c597baa245d4", "value": "Anomali Pirate Panda April 2020" }, { "description": "ADL. (2015, July 6). AnonGhost Team. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2015-07-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.adl.org/resources/profile/anonghost-team" ], "source": "Tidal Cyber", "title": "AnonGhost Team" }, "related": [], "uuid": "f868f5fa-df66-435f-8b32-d58e4785e46c", "value": "AnonGhost Team Profile" }, { "description": "Bright, P. (2011, February 15). Anonymous speaks: the inside story of the HBGary hack. Retrieved March 9, 2017.", "meta": { "date_accessed": "2017-03-09T00:00:00Z", "date_published": "2011-02-15T00:00:00Z", "refs": [ "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/" ], "source": "MITRE", "title": "Anonymous speaks: the inside story of the HBGary hack" }, "related": [], "uuid": "19ab02ea-883f-441c-bebf-4be64855374a", "value": "AnonHBGary" }, { "description": "Zhang, X. (2020, February 4). Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries. Retrieved July 30, 2020.", "meta": { "date_accessed": "2020-07-30T00:00:00Z", "date_published": "2020-02-04T00:00:00Z", "refs": [ "https://www.fortinet.com/blog/threat-research/another-metamorfo-variant-targeting-customers-of-financial-institutions" ], "source": "MITRE", "title": "Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries" }, "related": [], "uuid": "e89e3825-85df-45cf-b309-e449afed0288", "value": "Fortinet Metamorfo Feb 2020" }, { "description": "Villanueva, M., Co, M. (2018, June 14). Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor. Retrieved July 3, 2018.", "meta": { "date_accessed": "2018-07-03T00:00:00Z", "date_published": "2018-06-14T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/" ], "source": "MITRE", "title": "Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor" }, "related": [], "uuid": "b2c415e4-edbe-47fe-9820-b968114f81f0", "value": "MuddyWater TrendMicro June 2018" }, { "description": "Blasco, J. (2011, December 12). Another Sykipot sample likely targeting US federal agencies. Retrieved March 28, 2016.", "meta": { "date_accessed": "2016-03-28T00:00:00Z", "date_published": "2011-12-12T00:00:00Z", "refs": [ "https://www.alienvault.com/open-threat-exchange/blog/another-sykipot-sample-likely-targeting-us-federal-agencies" ], "source": "MITRE", "title": "Another Sykipot sample likely targeting US federal agencies" }, "related": [], "uuid": "800363c1-60df-47e7-8ded-c0f4b6e758f4", "value": "AlienVault Sykipot 2011" }, { "description": "Klijnsma, Y. (2018, September 19). Another Victim of the Magecart Assault Emerges: Newegg. Retrieved September 9, 2020.", "meta": { "date_accessed": "2020-09-09T00:00:00Z", "date_published": "2018-09-19T00:00:00Z", "refs": [ "https://web.archive.org/web/20181209083100/https://www.riskiq.com/blog/labs/magecart-newegg/" ], "source": "MITRE", "title": "Another Victim of the Magecart Assault Emerges: Newegg" }, "related": [], "uuid": "095a705f-810b-4c4f-90ce-016117a5b4b6", "value": "RiskIQ Newegg September 2018" }, { "description": "Dell SecureWorks Counter Threat Unit™ (CTU) Research Team. (2016, March 28). A Novel WMI Persistence Implementation. Retrieved March 30, 2016.", "meta": { "date_accessed": "2016-03-30T00:00:00Z", "date_published": "2016-03-28T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/wmi-persistence" ], "source": "MITRE", "title": "A Novel WMI Persistence Implementation" }, "related": [], "uuid": "a88dd548-ac8f-4297-9e23-de2643294846", "value": "Dell WMI Persistence" }, { "description": "Chuvakin, A. (2003, February). An Overview of Rootkits. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2003-02-01T00:00:00Z", "refs": [ "http://www.megasecurity.org/papers/Rootkits.pdf" ], "source": "MITRE", "title": "An Overview of Rootkits" }, "related": [], "uuid": "c1aef861-9e31-42e6-a2eb-5151b056762b", "value": "iDefense Rootkit Overview" }, { "description": "Hultquist, J. (2022, January 20). Anticipating Cyber Threats as the Ukraine Crisis Escalates. Retrieved January 24, 2022.", "meta": { "date_accessed": "2022-01-24T00:00:00Z", "date_published": "2022-01-20T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/ukraine-crisis-cyber-threats" ], "source": "MITRE", "title": "Anticipating Cyber Threats as the Ukraine Crisis Escalates" }, "related": [], "uuid": "6f53117f-2e94-4981-be61-c3da4b783ce2", "value": "Mandiant Ukraine Cyber Threats January 2022" }, { "description": "Microsoft. (2019, April 19). Antimalware Scan Interface (AMSI). Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2019-04-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal" ], "source": "MITRE", "title": "Antimalware Scan Interface (AMSI)" }, "related": [], "uuid": "32a4b7b5-8560-4600-aba9-15a6342b4dc3", "value": "Microsoft AMSI" }, { "description": "Microsoft. (2020, October 13). Anti-spoofing protection in EOP. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2020-10-13T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide" ], "source": "MITRE", "title": "Anti-spoofing protection in EOP" }, "related": [], "uuid": "b3ac28ac-3f98-40fd-b1da-2461a9e3ffca", "value": "Microsoft Anti Spoofing" }, { "description": "Prins, R. (2015, February 16). Anunak (aka Carbanak) Update. Retrieved January 20, 2017.", "meta": { "date_accessed": "2017-01-20T00:00:00Z", "date_published": "2015-02-16T00:00:00Z", "refs": [ "https://www.fox-it.com/en/news/blog/anunak-aka-carbanak-update/" ], "source": "MITRE", "title": "Anunak (aka Carbanak) Update" }, "related": [], "uuid": "d74a8d0b-887a-40b9-bd43-366764157990", "value": "Fox-It Anunak Feb 2015" }, { "description": "Group-IB and Fox-IT. (2014, December). Anunak: APT against financial institutions. Retrieved April 20, 2016.", "meta": { "date_accessed": "2016-04-20T00:00:00Z", "date_published": "2014-12-01T00:00:00Z", "refs": [ "http://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf" ], "source": "MITRE", "title": "Anunak: APT against financial institutions" }, "related": [], "uuid": "fd254ecc-a076-4b9f-97f2-acb73c6a1695", "value": "Group-IB Anunak" }, { "description": "Huntley, S. (2022, March 7). An update on the threat landscape. Retrieved March 16, 2022.", "meta": { "date_accessed": "2022-03-16T00:00:00Z", "date_published": "2022-03-07T00:00:00Z", "refs": [ "https://blog.google/threat-analysis-group/update-threat-landscape-ukraine" ], "source": "MITRE", "title": "An update on the threat landscape" }, "related": [], "uuid": "a6070f95-fbee-472e-a737-a8adbedbb4f8", "value": "Google TAG Ukraine Threat Landscape March 2022" }, { "description": "Felici, M. (2006, December 6). Any application-defined hook procedure on my machine?. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2006-12-06T00:00:00Z", "refs": [ "https://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/" ], "source": "MITRE", "title": "Any application-defined hook procedure on my machine?" }, "related": [], "uuid": "e816127a-04e4-4145-a784-50b1215612f2", "value": "Zairon Hooking Dec 2006" }, { "description": "Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.", "meta": { "date_accessed": "2022-07-14T00:00:00Z", "date_published": "2022-06-09T00:00:00Z", "refs": [ "https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/" ], "source": "MITRE", "title": "Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years" }, "related": [], "uuid": "b4e792e0-b1fa-4639-98b1-233aaec53594", "value": "SentinelOne Aoqin Dragon June 2022" }, { "description": "Apache. (n.d.). Apache HTTP Server Version 2.4 Documentation - Web Site Content. Retrieved July 27, 2018.", "meta": { "date_accessed": "2018-07-27T00:00:00Z", "refs": [ "http://httpd.apache.org/docs/2.4/getting-started.html#content" ], "source": "MITRE", "title": "Apache HTTP Server Version 2.4 Documentation - Web Site Content" }, "related": [], "uuid": "46f62435-bfb3-44b6-8c79-54af584cc35f", "value": "Apache Server 2018" }, { "description": "Counter Threat Unit Research Team. (2019, February 27). A Peek into BRONZE UNION’s Toolbox. Retrieved September 24, 2019.", "meta": { "date_accessed": "2019-09-24T00:00:00Z", "date_published": "2019-02-27T00:00:00Z", "refs": [ "https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox" ], "source": "MITRE", "title": "A Peek into BRONZE UNION’s Toolbox" }, "related": [], "uuid": "691df278-fd7d-4b73-a22c-227bc7641dec", "value": "Secureworks BRONZEUNION Feb 2019" }, { "description": "AppArmor. (2017, October 19). AppArmor Security Project Wiki. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-10-19T00:00:00Z", "refs": [ "http://wiki.apparmor.net/index.php/Main_Page" ], "source": "MITRE", "title": "AppArmor Security Project Wiki" }, "related": [], "uuid": "12df02e3-bbdd-4682-9662-1810402ad918", "value": "AppArmor official" }, { "description": "Mandiant. (n.d.). Appendix C (Digital) - The Malware Arsenal. Retrieved July 18, 2016.", "meta": { "date_accessed": "2016-07-18T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report-appendix.zip" ], "source": "MITRE", "title": "Appendix C (Digital) - The Malware Arsenal" }, "related": [], "uuid": "1f31c09c-6a93-4142-8333-154138c1d70a", "value": "Mandiant APT1 Appendix" }, { "description": "Microsoft. (n.d.). AppInit DLLs and Secure Boot. Retrieved July 15, 2015.", "meta": { "date_accessed": "2015-07-15T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/dn280412" ], "source": "MITRE", "title": "AppInit DLLs and Secure Boot" }, "related": [], "uuid": "2b951be3-5105-4665-972f-7809c057fd3f", "value": "AppInit Secure Boot" }, { "description": "LOLBAS. (2020, December 2). AppInstaller.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-12-02T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/AppInstaller/" ], "source": "Tidal Cyber", "title": "AppInstaller.exe" }, "related": [], "uuid": "9a777e7c-e76c-465c-8b45-67503e715f7e", "value": "AppInstaller.exe - LOLBAS Project" }, { "description": "Patrick Wardle. (2020, August 30). Apple Approved Malware malicious code ...now notarized!? #2020. Retrieved September 13, 2021.", "meta": { "date_accessed": "2021-09-13T00:00:00Z", "date_published": "2020-08-30T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x4E.html" ], "source": "MITRE", "title": "Apple Approved Malware malicious code ...now notarized!? #2020" }, "related": [], "uuid": "a2127d3d-c320-4637-a85c-16e20c2654f6", "value": "objectivesee osx.shlayer apple approved 2020" }, { "description": "Apple. (n.d.). Apple Developer Documentation - AuthorizationExecuteWithPrivileges. Retrieved August 8, 2019.", "meta": { "date_accessed": "2019-08-08T00:00:00Z", "refs": [ "https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg" ], "source": "MITRE", "title": "Apple Developer Documentation - AuthorizationExecuteWithPrivileges" }, "related": [], "uuid": "7b8875e8-5b93-4d49-a12b-2683bab2ba6e", "value": "AppleDocs AuthorizationExecuteWithPrivileges" }, { "description": "Apple. (n.d.). Retrieved July 17, 2017.", "meta": { "date_accessed": "2017-07-17T00:00:00Z", "refs": [ "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/ScheduledJobs.html" ], "source": "MITRE", "title": "AppleDocs Scheduling Timed Jobs" }, "related": [], "uuid": "66dd8a7d-521f-4610-b478-52d748185ad3", "value": "AppleDocs Scheduling Timed Jobs" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2021, February 21). AppleJeus: Analysis of North Korea’s Cryptocurrency Malware. Retrieved March 1, 2021.", "meta": { "date_accessed": "2021-03-01T00:00:00Z", "date_published": "2021-02-21T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/aa21-048a" ], "source": "MITRE", "title": "AppleJeus: Analysis of North Korea’s Cryptocurrency Malware" }, "related": [], "uuid": "6873e14d-eba4-4e3c-9ccf-cec1d760f0be", "value": "CISA AppleJeus Feb 2021" }, { "description": "Apple. (n.d.). Apple Remote Desktop Administrator Guide Version 3.3. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "refs": [ "https://images.apple.com/remotedesktop/pdf/ARD_Admin_Guide_v3.3.pdf" ], "source": "MITRE", "title": "Apple Remote Desktop Administrator Guide Version 3.3" }, "related": [], "uuid": "c57c2bba-a398-4e68-b2a7-fddcf0740b61", "value": "Apple Remote Desktop Admin Guide 3.3" }, { "description": "Steven Sande. (2013, December 23). AppleScript and Automator gain new features in OS X Mavericks. Retrieved September 21, 2018.", "meta": { "date_accessed": "2018-09-21T00:00:00Z", "date_published": "2013-12-23T00:00:00Z", "refs": [ "https://www.engadget.com/2013/10/23/applescript-and-automator-gain-new-features-in-os-x-mavericks/" ], "source": "MITRE", "title": "AppleScript and Automator gain new features in OS X Mavericks" }, "related": [], "uuid": "dd76c7ab-c3df-4f34-aaf0-684b56499065", "value": "applescript signing" }, { "description": "Corio, C., & Sayana, D. P. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.", "meta": { "date_accessed": "2014-11-18T00:00:00Z", "date_published": "2008-06-01T00:00:00Z", "refs": [ "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx" ], "source": "MITRE", "title": "Application Lockdown with Software Restriction Policies" }, "related": [], "uuid": "cae409ca-1c77-45df-88cd-c0998ac724ec", "value": "Corio 2008" }, { "description": "Corio, C., & Sayana, D. P.. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.", "meta": { "date_accessed": "2014-11-18T00:00:00Z", "date_published": "2008-06-01T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Application Lockdown with Software Restriction Policies" }, "related": [], "uuid": "5dab4466-0871-486a-84ad-0e648b2e937d", "value": "Microsoft Application Lockdown" }, { "description": "Beechey, J.. (2014, November 18). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.", "meta": { "date_accessed": "2014-11-18T00:00:00Z", "date_published": "2014-11-18T00:00:00Z", "refs": [ "https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599" ], "source": "MITRE", "title": "Application Whitelisting: Panacea or Propaganda?" }, "related": [], "uuid": "a333f45f-1760-443a-9208-f3682ea32f67", "value": "SANS Application Whitelisting" }, { "description": "Beechey, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.", "meta": { "date_accessed": "2014-11-18T00:00:00Z", "date_published": "2010-12-01T00:00:00Z", "refs": [ "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599" ], "source": "MITRE", "title": "Application Whitelisting: Panacea or Propaganda?" }, "related": [], "uuid": "4994e065-c6e4-4b41-8ae3-d72023135429", "value": "Beechey 2010" }, { "description": "NSA Information Assurance Directorate. (2014, August). Application Whitelisting Using Microsoft AppLocker. Retrieved March 31, 2016.", "meta": { "date_accessed": "2016-03-31T00:00:00Z", "date_published": "2014-08-01T00:00:00Z", "refs": [ "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm" ], "source": "MITRE", "title": "Application Whitelisting Using Microsoft AppLocker" }, "related": [], "uuid": "0db5c3ea-5392-4fd3-9f1d-9fa69aba4259", "value": "NSA MS AppLocker" }, { "description": "netbiosX. (2017, July 6). AppLocker Bypass – MSXSL. Retrieved July 3, 2018.", "meta": { "date_accessed": "2018-07-03T00:00:00Z", "date_published": "2017-07-06T00:00:00Z", "refs": [ "https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/" ], "source": "MITRE", "title": "AppLocker Bypass – MSXSL" }, "related": [], "uuid": "2f1adf20-a4b8-48c1-861f-0a44271765d7", "value": "Penetration Testing Lab MSXSL July 2017" }, { "description": "Microsoft. (2023, January 30). Approve or deny requests for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2023-01-30T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow" ], "source": "MITRE", "title": "Approve or deny requests for Azure AD roles in Privileged Identity Management" }, "related": [], "uuid": "1495effe-16a6-5b4e-9b50-1d1f7db48fa7", "value": "Microsoft Requests for Azure AD Roles in Privileged Identity Management" }, { "description": "Apple Inc. (2021, February 18). App security overview. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2021-02-18T00:00:00Z", "refs": [ "https://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1" ], "source": "MITRE", "title": "App security overview" }, "related": [], "uuid": "3b1e9a5d-7940-43b5-bc11-3112c0762740", "value": "Apple App Security Overview" }, { "description": "Smith, T. (2016, October 27). AppUNBlocker: Bypassing AppLocker. Retrieved December 19, 2017.", "meta": { "date_accessed": "2017-12-19T00:00:00Z", "date_published": "2016-10-27T00:00:00Z", "refs": [ "https://www.tripwire.com/state-of-security/off-topic/appunblocker-bypassing-applocker/" ], "source": "MITRE", "title": "AppUNBlocker: Bypassing AppLocker" }, "related": [], "uuid": "2afb9a5f-c023-49df-90d1-e0ffb6d192f3", "value": "Tripwire AppUNBlocker" }, { "description": "LOLBAS. (2018, May 25). Appvlp.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Appvlp/" ], "source": "Tidal Cyber", "title": "Appvlp.exe" }, "related": [], "uuid": "b0afe3e8-9f1d-4295-8811-8dfbe993c337", "value": "Appvlp.exe - LOLBAS Project" }, { "description": "Atkinson, J., Winchester, R. (2017, December 7). A Process is No One: Hunting for Token Manipulation. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "date_published": "2017-12-07T00:00:00Z", "refs": [ "https://www.blackhat.com/docs/eu-17/materials/eu-17-Atkinson-A-Process-Is-No-One-Hunting-For-Token-Manipulation.pdf" ], "source": "MITRE", "title": "A Process is No One: Hunting for Token Manipulation" }, "related": [], "uuid": "2eaee06d-529d-4fe0-9ca3-c62419f47a90", "value": "BlackHat Atkinson Winchester Token Manipulation" }, { "description": "FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.", "meta": { "date_accessed": "2017-06-29T00:00:00Z", "date_published": "2017-04-06T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html" ], "source": "MITRE", "title": "APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat" }, "related": [], "uuid": "2d494df8-83e3-45d2-b798-4c3bcf55f675", "value": "FireEye APT10 April 2017" }, { "description": "GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.", "meta": { "date_accessed": "2021-06-17T00:00:00Z", "date_published": "2021-03-30T00:00:00Z", "refs": [ "https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/" ], "source": "MITRE", "title": "APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign" }, "related": [], "uuid": "90450a1e-59c3-491f-b842-2cf81023fc9e", "value": "Securelist APT10 March 2021" }, { "description": "Matsuda, A., Muhammad I. (2018, September 13). APT10 Targeting Japanese Corporations Using Updated TTPs. Retrieved September 17, 2018.", "meta": { "date_accessed": "2018-09-17T00:00:00Z", "date_published": "2018-09-13T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html" ], "source": "MITRE", "title": "APT10 Targeting Japanese Corporations Using Updated TTPs" }, "related": [], "uuid": "5f122a27-2137-4016-a482-d04106187594", "value": "FireEye APT10 Sept 2018" }, { "description": "Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.", "meta": { "date_accessed": "2018-04-04T00:00:00Z", "date_published": "2018-03-10T00:00:00Z", "refs": [ "https://research.nccgroup.com/2018/03/10/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/" ], "source": "MITRE", "title": "APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS" }, "related": [], "uuid": "02a50445-de06-40ab-9ea4-da5c37e066cd", "value": "NCC Group APT15 Alive and Strong" }, { "description": "Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.", "meta": { "date_accessed": "2016-07-18T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf" ], "source": "MITRE, Tidal Cyber", "title": "APT1 Exposing One of China’s Cyber Espionage Units" }, "related": [], "uuid": "865eba93-cf6a-4e41-bc09-de9b0b3c2669", "value": "Mandiant APT1" }, { "description": "Global Threat Center, Intelligence Team. (2020, December). APT27 Turns to Ransomware. Retrieved November 12, 2021.", "meta": { "date_accessed": "2021-11-12T00:00:00Z", "date_published": "2020-12-01T00:00:00Z", "refs": [ "https://web.archive.org/web/20210104144857/https://shared-public-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf" ], "source": "MITRE", "title": "APT27 Turns to Ransomware" }, "related": [], "uuid": "0290ea31-f817-471e-85ae-c3855c63f5c3", "value": "Profero APT27 December 2020" }, { "description": "FireEye iSIGHT Intelligence. (2017, January 11). APT28: At the Center of the Storm. Retrieved January 11, 2017.", "meta": { "date_accessed": "2017-01-11T00:00:00Z", "date_published": "2017-01-11T00:00:00Z", "refs": [ "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" ], "source": "MITRE, Tidal Cyber", "title": "APT28: At the Center of the Storm" }, "related": [], "uuid": "61d80b8f-5bdb-41e6-b59a-d2d996392873", "value": "FireEye APT28 January 2017" }, { "description": "FireEye. (2015). APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?. Retrieved August 19, 2015.", "meta": { "date_accessed": "2015-08-19T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "https://web.archive.org/web/20151022204649/https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf" ], "source": "MITRE, Tidal Cyber", "title": "APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?" }, "related": [], "uuid": "c423b2b2-25a3-4a8d-b89a-83ab07c0cd20", "value": "FireEye APT28" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, April 18). APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers. Retrieved August 23, 2023.", "meta": { "date_accessed": "2023-08-23T00:00:00Z", "date_published": "2023-04-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108" ], "source": "Tidal Cyber", "title": "APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers" }, "related": [], "uuid": "c532a6fc-b27f-4240-a071-3eaa866bce89", "value": "U.S. CISA APT28 Cisco Routers April 18 2023" }, { "description": "Symantec Security Response. (2018, October 04). APT28: New Espionage Operations Target Military and Government Organizations. Retrieved November 14, 2018.", "meta": { "date_accessed": "2018-11-14T00:00:00Z", "date_published": "2018-10-04T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/election-security/apt28-espionage-military-government" ], "source": "MITRE", "title": "APT28: New Espionage Operations Target Military and Government Organizations" }, "related": [], "uuid": "777bc94a-6c21-4f8c-9efa-a1cf52ececc0", "value": "Symantec APT28 Oct 2018" }, { "description": "Smith, L. and Read, B.. (2017, August 11). APT28 Targets Hospitality Sector, Presents Threat to Travelers. Retrieved August 17, 2017.", "meta": { "date_accessed": "2017-08-17T00:00:00Z", "date_published": "2017-08-11T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html" ], "source": "MITRE", "title": "APT28 Targets Hospitality Sector, Presents Threat to Travelers" }, "related": [], "uuid": "7887dc90-3f05-411a-81ea-b86aa392104b", "value": "FireEye APT28 Hospitality Aug 2017" }, { "description": "Bitdefender. (2015, December). APT28 Under the Scope. Retrieved February 23, 2017.", "meta": { "date_accessed": "2017-02-23T00:00:00Z", "date_published": "2015-12-01T00:00:00Z", "refs": [ "https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf" ], "source": "MITRE", "title": "APT28 Under the Scope" }, "related": [], "uuid": "3dd67aae-7feb-4b07-a985-ccadc1b16f1d", "value": "Bitdefender APT28 Dec 2015" }, { "description": "Matthew Dunwoody. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved November 20, 2017.", "meta": { "date_accessed": "2017-11-20T00:00:00Z", "date_published": "2017-03-27T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html" ], "source": "MITRE", "title": "APT29 Domain Fronting With TOR" }, "related": [], "uuid": "1d919991-bc87-41bf-9e58-edf1b3806bb8", "value": "FireEye APT29 Domain Fronting With TOR March 2017" }, { "description": "Dunwoody, M. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved March 27, 2017.", "meta": { "date_accessed": "2017-03-27T00:00:00Z", "date_published": "2017-03-27T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html" ], "source": "MITRE", "title": "APT29 Domain Fronting With TOR" }, "related": [], "uuid": "3e013b07-deaf-4387-acd7-2d0565d196a9", "value": "FireEye APT29 Domain Fronting" }, { "description": "FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved May 1, 2015.", "meta": { "date_accessed": "2015-05-01T00:00:00Z", "date_published": "2015-04-01T00:00:00Z", "refs": [ "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf" ], "source": "MITRE, Tidal Cyber", "title": "APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION" }, "related": [], "uuid": "c48d2084-61cf-4e86-8072-01e5d2de8416", "value": "FireEye APT30" }, { "description": "Singh, S. and Antil, S. (2020, October 27). APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services. Retrieved March 24, 2021.", "meta": { "date_accessed": "2021-03-24T00:00:00Z", "date_published": "2020-10-27T00:00:00Z", "refs": [ "https://www.zscaler.com/blogs/security-research/apt-31-leverages-covid-19-vaccine-theme-and-abuses-legitimate-online" ], "source": "MITRE", "title": "APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services" }, "related": [], "uuid": "1647c9a6-e475-4a9a-a202-0133dbeef9a0", "value": "Zscaler APT31 Covid-19 October 2020" }, { "description": "Phil Stokes. (2020, December 2). APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique. Retrieved September 13, 2021.", "meta": { "date_accessed": "2021-09-13T00:00:00Z", "date_published": "2020-12-02T00:00:00Z", "refs": [ "https://www.sentinelone.com/labs/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-technique/" ], "source": "MITRE", "title": "APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique" }, "related": [], "uuid": "d31dcbe6-06ec-475e-b121-fd25a93c3ef7", "value": "sentinelone apt32 macOS backdoor 2020" }, { "description": "Davis, S. and Carr, N. (2017, September 21). APT33: New Insights into Iranian Cyber Espionage Group. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2017-09-21T00:00:00Z", "refs": [ "https://www.brighttalk.com/webcast/10703/275683" ], "source": "MITRE", "title": "APT33: New Insights into Iranian Cyber Espionage Group" }, "related": [], "uuid": "9b378592-5737-403d-8a07-27077f5b2d61", "value": "FireEye APT33 Webinar Sept 2017" }, { "description": "Davis, S. and Caban, D. (2017, December 19). APT34 - New Targeted Attack in the Middle East. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-12-19T00:00:00Z", "refs": [ "https://www.brighttalk.com/webcast/10703/296317/apt34-new-targeted-attack-in-the-middle-east" ], "source": "MITRE", "title": "APT34 - New Targeted Attack in the Middle East" }, "related": [], "uuid": "4eef7032-de14-44a2-a403-82aefdc85c50", "value": "FireEye APT34 Webinar Dec 2017" }, { "description": "DFIR Report. (2022, March 21). APT35 Automates Initial Access Using ProxyShell. Retrieved May 25, 2022.", "meta": { "date_accessed": "2022-05-25T00:00:00Z", "date_published": "2022-03-21T00:00:00Z", "refs": [ "https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell" ], "source": "MITRE", "title": "APT35 Automates Initial Access Using ProxyShell" }, "related": [], "uuid": "1837e917-d80b-4632-a1ca-c70d4b712ac7", "value": "DFIR Report APT35 ProxyShell March 2022" }, { "description": "Check Point. (2022, January 11). APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit. Retrieved January 24, 2022.", "meta": { "date_accessed": "2022-01-24T00:00:00Z", "date_published": "2022-01-11T00:00:00Z", "refs": [ "https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/" ], "source": "MITRE", "title": "APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit" }, "related": [], "uuid": "81dce660-93ea-42a4-902f-0c6021d30f59", "value": "Check Point APT35 CharmPower January 2022" }, { "description": "FireEye. (2018, February 20). APT37 (Reaper): The Overlooked North Korean Actor. Retrieved March 1, 2018.", "meta": { "date_accessed": "2018-03-01T00:00:00Z", "date_published": "2018-02-20T00:00:00Z", "refs": [ "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf" ], "source": "MITRE, Tidal Cyber", "title": "APT37 (Reaper): The Overlooked North Korean Actor" }, "related": [], "uuid": "4d575c1a-4ff9-49ce-97cd-f9d0637c2271", "value": "FireEye APT37 Feb 2018" }, { "description": "FireEye. (2018, October 03). APT38: Un-usual Suspects. Retrieved November 6, 2018.", "meta": { "date_accessed": "2018-11-06T00:00:00Z", "date_published": "2018-10-03T00:00:00Z", "refs": [ "https://content.fireeye.com/apt/rpt-apt38" ], "source": "MITRE, Tidal Cyber", "title": "APT38: Un-usual Suspects" }, "related": [], "uuid": "7c916329-af56-4723-820c-ef932a6e3409", "value": "FireEye APT38 Oct 2018" }, { "description": "Hawley et al. (2019, January 29). APT39: An Iranian Cyber Espionage Group Focused on Personal Information. Retrieved February 19, 2019.", "meta": { "date_accessed": "2019-02-19T00:00:00Z", "date_published": "2019-01-29T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html" ], "source": "MITRE", "title": "APT39: An Iranian Cyber Espionage Group Focused on Personal Information" }, "related": [], "uuid": "ba366cfc-cc04-41a5-903b-a7bb73136bc3", "value": "FireEye APT39 Jan 2019" }, { "description": "Korban, C, et al. (2017, September). APT3 Adversary Emulation Plan. Retrieved January 16, 2018.", "meta": { "date_accessed": "2018-01-16T00:00:00Z", "date_published": "2017-09-01T00:00:00Z", "refs": [ "https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf" ], "source": "MITRE", "title": "APT3 Adversary Emulation Plan" }, "related": [], "uuid": "64c01921-c33f-402e-b30d-a2ba26583a24", "value": "APT3 Adversary Emulation Plan" }, { "description": "Yates, M. (2017, June 18). APT3 Uncovered: The code evolution of Pirpi. Retrieved September 28, 2017.", "meta": { "date_accessed": "2017-09-28T00:00:00Z", "date_published": "2017-06-18T00:00:00Z", "refs": [ "https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpi.pdf" ], "source": "MITRE", "title": "APT3 Uncovered: The code evolution of Pirpi" }, "related": [], "uuid": "9c8bd493-bf08-431b-9d53-29eb14a6eef5", "value": "evolution of pirpi" }, { "description": "Plan, F., et al. (2019, March 4). APT40: Examining a China-Nexus Espionage Actor. Retrieved March 18, 2019.", "meta": { "date_accessed": "2019-03-18T00:00:00Z", "date_published": "2019-03-04T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html" ], "source": "MITRE", "title": "APT40: Examining a China-Nexus Espionage Actor" }, "related": [], "uuid": "8a44368f-3348-4817-aca7-81bfaca5ae6d", "value": "FireEye APT40 March 2019" }, { "description": "Mandiant. (n.d.). APT42: Crooked Charms, Cons and Compromise. Retrieved September 16, 2022.", "meta": { "date_accessed": "2022-09-16T00:00:00Z", "refs": [ "https://www.mandiant.com/media/17826" ], "source": "MITRE", "title": "APT42: Crooked Charms, Cons and Compromise" }, "related": [], "uuid": "10b3e476-a0c5-41fd-8cb8-5bfb245b118f", "value": "Mandiant APT42" }, { "description": "QiAnXin Threat Intelligence Center. (2019, February 18). APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations. Retrieved May 5, 2020.", "meta": { "date_accessed": "2020-05-05T00:00:00Z", "date_published": "2019-02-18T00:00:00Z", "refs": [ "https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" ], "source": "MITRE, Tidal Cyber", "title": "APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations" }, "related": [], "uuid": "cae075ea-42cb-4695-ac66-9187241393d1", "value": "QiAnXin APT-C-36 Feb2019" }, { "description": "kate. (2020, September 25). APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign. Retrieved November 20, 2020.", "meta": { "date_accessed": "2020-11-20T00:00:00Z", "date_published": "2020-09-25T00:00:00Z", "refs": [ "https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/" ], "source": "MITRE, Tidal Cyber", "title": "APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign" }, "related": [], "uuid": "682c843d-1bb8-4f30-9d2e-35e8d41b1976", "value": "360 Machete Sep 2020" }, { "description": "Cycraft. (2020, April 15). APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors. Retrieved August 24, 2020.", "meta": { "date_accessed": "2020-08-24T00:00:00Z", "date_published": "2020-04-15T00:00:00Z", "refs": [ "https://cycraft.com/download/CyCraft-Whitepaper-Chimera_V4.1.pdf" ], "source": "MITRE", "title": "APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors" }, "related": [], "uuid": "a5a14a4e-2214-44ab-9067-75429409d744", "value": "Cycraft Chimera April 2020" }, { "description": "CISA. (n.d.). APTs Targeting IT Service Provider Customers. Retrieved November 16, 2020.", "meta": { "date_accessed": "2020-11-16T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/APTs-Targeting-IT-Service-Provider-Customers" ], "source": "MITRE", "title": "APTs Targeting IT Service Provider Customers" }, "related": [], "uuid": "b8bee7f9-155e-4765-9492-01182e4435b7", "value": "CISA IT Service Providers" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.", "meta": { "date_accessed": "2016-04-20T00:00:00Z", "date_published": "2016-02-08T00:00:00Z", "refs": [ "https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/" ], "source": "MITRE, Tidal Cyber", "title": "APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks" }, "related": [], "uuid": "1f07f234-50f0-4c1e-942a-a01d3f733161", "value": "Securelist GCMAN" }, { "description": "Axel F. (2017, April 27). APT Targets Financial Analysts with CVE-2017-0199. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2017-04-27T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts" ], "source": "MITRE, Tidal Cyber", "title": "APT Targets Financial Analysts with CVE-2017-0199" }, "related": [], "uuid": "dabad6df-1e31-4c16-9217-e079f2493b02", "value": "Proofpoint TA459 April 2017" }, { "description": "Global Research and Analysis Team . (2018, April 12). APT Trends report Q1 2018. Retrieved January 27, 2021.", "meta": { "date_accessed": "2021-01-27T00:00:00Z", "date_published": "2018-04-12T00:00:00Z", "refs": [ "https://securelist.com/apt-trends-report-q1-2018/85280/" ], "source": "MITRE", "title": "APT Trends report Q1 2018" }, "related": [], "uuid": "587f5195-e696-4a3c-8c85-90b9c002cd11", "value": "Securelist APT Trends April 2018" }, { "description": "Global Research and Analysis Team. (2020, April 30). APT trends report Q1 2020. Retrieved September 19, 2022.", "meta": { "date_accessed": "2022-09-19T00:00:00Z", "date_published": "2020-04-30T00:00:00Z", "refs": [ "https://securelist.com/apt-trends-report-q1-2020/96826/" ], "source": "MITRE", "title": "APT trends report Q1 2020" }, "related": [], "uuid": "23c91719-5ebe-4d03-8018-df1809fffd2f", "value": "Kaspersky APT Trends Q1 2020" }, { "description": "GReAT . (2021, April 27). APT trends report Q1 2021. Retrieved June 6, 2022.", "meta": { "date_accessed": "2022-06-06T00:00:00Z", "date_published": "2021-04-27T00:00:00Z", "refs": [ "https://securelist.com/apt-trends-report-q1-2021/101967" ], "source": "MITRE", "title": "APT trends report Q1 2021" }, "related": [], "uuid": "3fd0ba3b-7919-46d3-a444-50508603956f", "value": "Kaspersky APT Trends Q1 April 2021" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2017-08-08T00:00:00Z", "refs": [ "https://securelist.com/apt-trends-report-q2-2017/79332/" ], "source": "MITRE", "title": "APT Trends report Q2 2017" }, "related": [], "uuid": "fe28042c-d289-463f-9ece-1a75a70b966e", "value": "Securelist APT Trends Q2 2017" }, { "description": "Robbins, A. (2018, April 2). A Red Teamer’s Guide to GPOs and OUs. Retrieved March 5, 2019.", "meta": { "date_accessed": "2019-03-05T00:00:00Z", "date_published": "2018-04-02T00:00:00Z", "refs": [ "https://wald0.com/?p=179" ], "source": "MITRE", "title": "A Red Teamer’s Guide to GPOs and OUs" }, "related": [], "uuid": "48bb84ac-56c8-4840-9a11-2cc76213e24e", "value": "Wald0 Guide to GPOs" }, { "description": "Lau, H. (2011, August 8). Are MBR Infections Back in Fashion? (Infographic). Retrieved November 13, 2014.", "meta": { "date_accessed": "2014-11-13T00:00:00Z", "date_published": "2011-08-08T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/are-mbr-infections-back-fashion" ], "source": "MITRE", "title": "Are MBR Infections Back in Fashion? (Infographic)" }, "related": [], "uuid": "fa809aab-5051-4f9c-8e27-b5989608b03c", "value": "Lau 2011" }, { "description": "Brian Krebs. (2016, October 27). Are the Days of “Booter” Services Numbered?. Retrieved May 15, 2017.", "meta": { "date_accessed": "2017-05-15T00:00:00Z", "date_published": "2016-10-27T00:00:00Z", "refs": [ "https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/" ], "source": "MITRE", "title": "Are the Days of “Booter” Services Numbered?" }, "related": [], "uuid": "d29a88ae-273b-439e-8808-dc9931f1ff72", "value": "Krebs-Booter" }, { "description": "Partington, E. (2017, August 14). Are you looking out for forfiles.exe (if you are watching for cmd.exe). Retrieved January 22, 2018.", "meta": { "date_accessed": "2018-01-22T00:00:00Z", "date_published": "2017-08-14T00:00:00Z", "refs": [ "https://community.rsa.com/community/products/netwitness/blog/2017/08/14/are-you-looking-out-for-forfilesexe-if-you-are-watching-for-cmdexe" ], "source": "MITRE", "title": "Are you looking out for forfiles.exe (if you are watching for cmd.exe)" }, "related": [], "uuid": "923d6d3e-6117-43a5-92c6-ea0c131355c2", "value": "RSA Forfiles Aug 2017" }, { "description": "Scavella, T. and Rifki, A. (2017, July 20). Are you Ready to Respond? (Webinar). Retrieved October 4, 2017.", "meta": { "date_accessed": "2017-10-04T00:00:00Z", "date_published": "2017-07-20T00:00:00Z", "refs": [ "https://www2.fireeye.com/WBNR-Are-you-ready-to-respond.html" ], "source": "MITRE", "title": "Are you Ready to Respond? (Webinar)" }, "related": [], "uuid": "e7091d66-7faa-49d6-b16f-be1f79db4471", "value": "FireEye Respond Webinar July 2017" }, { "description": "Microsoft. (n.d.). Arp. Retrieved April 17, 2016.", "meta": { "date_accessed": "2016-04-17T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490864.aspx" ], "source": "MITRE", "title": "Arp" }, "related": [], "uuid": "7714222e-8046-4884-b460-493d9ef46305", "value": "TechNet Arp" }, { "description": "King, J., Lauerman, K. (2016, January 22). ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique. Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "date_published": "2016-01-22T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_603839.html" ], "source": "MITRE", "title": "ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique" }, "related": [], "uuid": "715cd044-f5ef-4cad-8741-308d104f05a5", "value": "Cisco ARP Poisoning Mitigation 2016" }, { "description": "ASEC. (2017). ASEC REPORT VOL.88. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2017-01-01T00:00:00Z", "refs": [ "https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.88_ENG.pdf" ], "source": "MITRE", "title": "ASEC REPORT VOL.88" }, "related": [], "uuid": "a02e3bbf-5864-4ccf-8b6f-5f8452395670", "value": "ASEC Emotet 2017" }, { "description": "ASERT. (2015, August). ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "date_published": "2015-08-01T00:00:00Z", "refs": [ "https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Point-Dagger.pdf" ], "source": "MITRE", "title": "ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger" }, "related": [], "uuid": "a8f323c7-82bc-46e6-bd6c-0b631abc644a", "value": "ASERT Seven Pointed Dagger Aug 2015" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2018, February 20). A Slice of 2017 Sofacy Activity. Retrieved November 27, 2018.", "meta": { "date_accessed": "2018-11-27T00:00:00Z", "date_published": "2018-02-20T00:00:00Z", "refs": [ "https://securelist.com/a-slice-of-2017-sofacy-activity/83930/" ], "source": "MITRE", "title": "A Slice of 2017 Sofacy Activity" }, "related": [], "uuid": "3a043bba-2451-4765-946b-c1f3bf4aea36", "value": "Securelist Sofacy Feb 2018" }, { "description": "THE FINANCIAL TIMES. (2019, September 2). A sobering day. Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "date_published": "2019-09-02T00:00:00Z", "refs": [ "https://labs.ft.com/2013/05/a-sobering-day/?mhq5j=e6" ], "source": "MITRE", "title": "A sobering day" }, "related": [], "uuid": "5a01f0b7-86f7-44a1-bf35-46a631402ceb", "value": "THE FINANCIAL TIMES LTD 2019." }, { "description": "LOLBAS. (2021, September 26). Aspnet_Compiler.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Aspnet_Compiler/" ], "source": "Tidal Cyber", "title": "Aspnet_Compiler.exe" }, "related": [], "uuid": "15864c56-115e-4163-b816-03bdb9bfd5c5", "value": "Aspnet_Compiler.exe - LOLBAS Project" }, { "description": "Mandiant. (2020, April 27). Assembling the Russian Nesting Doll: UNC2452 Merged into APT29. Retrieved March 26, 2023.", "meta": { "date_accessed": "2023-03-26T00:00:00Z", "date_published": "2020-04-27T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/unc2452-merged-into-apt29" ], "source": "MITRE", "title": "Assembling the Russian Nesting Doll: UNC2452 Merged into APT29" }, "related": [], "uuid": "5276508c-6792-56be-b757-e4b495ef6c37", "value": "Mandiant UNC2452 APT29 April 2022" }, { "description": "Plett, C. et al.. (2017, October 15). assoc. Retrieved August 7, 2018.", "meta": { "date_accessed": "2018-08-07T00:00:00Z", "date_published": "2017-10-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-server/administration/windows-commands/assoc" ], "source": "MITRE", "title": "assoc" }, "related": [], "uuid": "63fb65d7-6423-42de-b868-37fbc2bc133d", "value": "Microsoft Assoc Oct 2017" }, { "description": "Spencer Gietzen. (2018, August 8). Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2018-08-08T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/aws/assume-worst-aws-assume-role-enumeration" ], "source": "MITRE", "title": "Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’" }, "related": [], "uuid": "f403fc54-bdac-415a-9cc0-78803dd84214", "value": "Rhino Security Labs Enumerating AWS Roles" }, { "description": "Salem, E. (2019, February 13). ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2019-02-13T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research" ], "source": "MITRE", "title": "ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA" }, "related": [], "uuid": "eb4dc1f8-c6e7-4d6c-9258-b03a0ae64d2e", "value": "Cybereason Astaroth Feb 2019" }, { "description": "Miller, Sarah. (2023, February 2). A surge of malvertising across Google Ads is distributing dangerous malware. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2023-02-02T00:00:00Z", "refs": [ "https://www.spamhaus.com/resource-center/a-surge-of-malvertising-across-google-ads-is-distributing-dangerous-malware/" ], "source": "MITRE", "title": "A surge of malvertising across Google Ads is distributing dangerous malware" }, "related": [], "uuid": "15a4d429-28c3-52be-aeb8-d94ad2743866", "value": "spamhaus-malvertising" }, { "description": "Microsoft. (n.d.). Asynchronous Procedure Calls. Retrieved December 8, 2017.", "meta": { "date_accessed": "2017-12-08T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms681951.aspx" ], "source": "MITRE", "title": "Asynchronous Procedure Calls" }, "related": [], "uuid": "37f1ef6c-fc0e-4e47-85ab-20d53caba77e", "value": "Microsoft APC" }, { "description": "Microsoft. (n.d.). At. Retrieved April 28, 2016.", "meta": { "date_accessed": "2016-04-28T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490866.aspx" ], "source": "MITRE", "title": "At" }, "related": [], "uuid": "31b40c09-d68f-4889-b585-c077bd9cef28", "value": "TechNet At" }, { "description": "Thomas Koenig. (n.d.). at(1) - Linux man page. Retrieved December 19, 2017.", "meta": { "date_accessed": "2017-12-19T00:00:00Z", "refs": [ "https://linux.die.net/man/1/at" ], "source": "MITRE", "title": "at(1) - Linux man page" }, "related": [], "uuid": "4bc1389d-9586-4dfc-a67c-58c6d3f6796a", "value": "Die.net Linux at Man Page" }, { "description": "IEEE/The Open Group. (2017). at(1p) — Linux manual page. Retrieved February 25, 2022.", "meta": { "date_accessed": "2022-02-25T00:00:00Z", "date_published": "2017-01-01T00:00:00Z", "refs": [ "https://man7.org/linux/man-pages/man1/at.1p.html" ], "source": "MITRE", "title": "at(1p) — Linux manual page" }, "related": [], "uuid": "3e3a84bc-ab6d-460d-8abc-cafae6eaaedd", "value": "Linux at" }, { "description": "Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.", "meta": { "date_accessed": "2016-03-30T00:00:00Z", "date_published": "2015-07-25T00:00:00Z", "refs": [ "http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html" ], "source": "MITRE", "title": "A tale of Pirpi, Scanbox & CVE-2015-3113" }, "related": [], "uuid": "4904261a-a3a9-4c3e-b6a7-079890026ee2", "value": "PWC Pirpi Scanbox" }, { "description": "LOLBAS. (2018, May 25). Atbroker.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Atbroker/" ], "source": "Tidal Cyber", "title": "Atbroker.exe" }, "related": [], "uuid": "b0c21b56-6591-49c3-8e67-328ddb7b436d", "value": "Atbroker.exe - LOLBAS Project" }, { "description": "Hromcova, Z. (2019, October). AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM. Retrieved May 6, 2020.", "meta": { "date_accessed": "2020-05-06T00:00:00Z", "date_published": "2019-10-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Attor.pdf" ], "source": "MITRE", "title": "AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM" }, "related": [], "uuid": "fdd57c56-d989-4a6f-8cc5-5b3713605dec", "value": "ESET Attor Oct 2019" }, { "description": "Noerenberg, E., Costis, A., and Quist, N. (2017, May 16). A Technical Analysis of WannaCry Ransomware. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2017-05-16T00:00:00Z", "refs": [ "https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/" ], "source": "MITRE", "title": "A Technical Analysis of WannaCry Ransomware" }, "related": [], "uuid": "305d0742-154a-44af-8686-c6d8bd7f8636", "value": "LogRhythm WannaCry" }, { "description": "hasherezade. (2015, November 4). A Technical Look At Dyreza. Retrieved June 15, 2020.", "meta": { "date_accessed": "2020-06-15T00:00:00Z", "date_published": "2015-11-04T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2015/11/a-technical-look-at-dyreza/" ], "source": "MITRE", "title": "A Technical Look At Dyreza" }, "related": [], "uuid": "0a5719f2-8a88-44e2-81c5-2d16a39f1f8d", "value": "Malwarebytes Dyreza November 2015" }, { "description": "LOLBAS. (2019, September 20). At.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-09-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/At/" ], "source": "Tidal Cyber", "title": "At.exe" }, "related": [], "uuid": "a31e1f5c-9b8d-4af4-875b-5c03d2400c12", "value": "At.exe - LOLBAS Project" }, { "description": "Liberman, T. (2016, October 27). ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS. Retrieved December 8, 2017.", "meta": { "date_accessed": "2017-12-08T00:00:00Z", "date_published": "2016-10-27T00:00:00Z", "refs": [ "https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows" ], "source": "MITRE", "title": "ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS" }, "related": [], "uuid": "9282dbab-391c-4ffd-ada9-1687413b686b", "value": "ENSIL AtomBombing Oct 2016" }, { "description": "Miller, S. Reese, E. (2018, June 7). A Totally Tubular Treatise on TRITON and TriStation. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2018-06-07T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-TRITON-and-tristation.html" ], "source": "MITRE", "title": "A Totally Tubular Treatise on TRITON and TriStation" }, "related": [], "uuid": "bfa5886a-a7f4-40d1-98d0-c3358abcf265", "value": "FireEye TRITON 2018" }, { "description": "The DFIR Report. (2023, June 12). A Truly Graceful Wipe Out. Retrieved June 15, 2023.", "meta": { "date_accessed": "2023-06-15T00:00:00Z", "date_published": "2023-06-12T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/" ], "source": "Tidal Cyber", "title": "A Truly Graceful Wipe Out" }, "related": [], "uuid": "a6311a66-bb36-4cad-a98f-2b0b89aafa3d", "value": "The DFIR Report Truebot June 12 2023" }, { "description": "Hao, M. (2019, February 27). Attack and Defense Around PowerShell Event Logging. Retrieved November 24, 2021.", "meta": { "date_accessed": "2021-11-24T00:00:00Z", "date_published": "2019-02-27T00:00:00Z", "refs": [ "https://nsfocusglobal.com/attack-and-defense-around-powershell-event-logging/" ], "source": "MITRE", "title": "Attack and Defense Around PowerShell Event Logging" }, "related": [], "uuid": "52212570-b1a6-4249-99d4-3bcf66c27140", "value": "att_def_ps_logging" }, { "description": "Fishbein, N. (2020, September 8). Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2020-09-08T00:00:00Z", "refs": [ "https://www.intezer.com/blog/cloud-security/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/" ], "source": "MITRE", "title": "Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks" }, "related": [], "uuid": "1155a45e-86f4-497a-9a03-43b6dcb25202", "value": "Intezer TeamTNT September 2020" }, { "description": "Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.", "meta": { "date_accessed": "2015-02-03T00:00:00Z", "date_published": "2015-01-19T00:00:00Z", "refs": [ "http://adsecurity.org/?p=1275" ], "source": "MITRE", "title": "Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest" }, "related": [], "uuid": "1c899028-466c-49b0-8d64-1a954c812508", "value": "Metcalf 2015" }, { "description": "Omar Santos. (2020, October 19). Attackers Continue to Target Legacy Devices. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2020-10-19T00:00:00Z", "refs": [ "https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954" ], "source": "MITRE", "title": "Attackers Continue to Target Legacy Devices" }, "related": [], "uuid": "f7ce5099-7e04-4c0b-8767-e0eec664b18e", "value": "Cisco Blog Legacy Device Attacks" }, { "description": "Johnson, B, et. al. (2017, December 14). Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2017-12-14T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html" ], "source": "MITRE", "title": "Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure" }, "related": [], "uuid": "597a4d8b-ffb2-4551-86db-b319f5a5b707", "value": "FireEye TRITON 2017" }, { "description": "Runa A. Sandvik. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved August 9, 2022.", "meta": { "date_accessed": "2022-08-09T00:00:00Z", "date_published": "2014-01-14T00:00:00Z", "refs": [ "https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/" ], "source": "MITRE", "title": "Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency" }, "related": [], "uuid": "d2186b8c-10c9-493b-8e25-7d69fce006e4", "value": "GitHub Cloud Service Credentials" }, { "description": "Sandvik, R. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2014-01-14T00:00:00Z", "refs": [ "https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/#242c479d3196" ], "source": "MITRE", "title": "Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency" }, "related": [], "uuid": "303f8801-bdd6-4a0c-a90a-37867898c99c", "value": "Forbes GitHub Creds" }, { "description": "Chen, J.. (2020, January 29). Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed. Retrieved March 31, 2021.", "meta": { "date_accessed": "2021-03-31T00:00:00Z", "date_published": "2020-01-29T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-revealed/" ], "source": "MITRE", "title": "Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed" }, "related": [], "uuid": "efcbbbdd-9af1-46c2-8538-3fd22f2b67d2", "value": "Unit 42 Unsecured Docker Daemons" }, { "description": "Bullock, B.. (2016, October 3). Attacking Exchange with MailSniper. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "date_published": "2016-10-03T00:00:00Z", "refs": [ "https://www.blackhillsinfosec.com/attacking-exchange-with-mailsniper/" ], "source": "MITRE", "title": "Attacking Exchange with MailSniper" }, "related": [], "uuid": "adedfddc-29b7-4245-aa67-cc590acb7434", "value": "Black Hills Attacking Exchange MailSniper, 2016" }, { "description": "Medin, T. (2014, November). Attacking Kerberos - Kicking the Guard Dog of Hades. Retrieved March 22, 2018.", "meta": { "date_accessed": "2018-03-22T00:00:00Z", "date_published": "2014-11-01T00:00:00Z", "refs": [ "https://redsiege.com/kerberoast-slides" ], "source": "MITRE", "title": "Attacking Kerberos - Kicking the Guard Dog of Hades" }, "related": [], "uuid": "f20d6bd0-d699-4ee4-8ef6-3c45ec12cd42", "value": "SANS Attacking Kerberos Nov 2014" }, { "description": "Sutherland, S. (2017, July 13). Attacking SQL Server CLR Assemblies. Retrieved July 8, 2019.", "meta": { "date_accessed": "2019-07-08T00:00:00Z", "date_published": "2017-07-13T00:00:00Z", "refs": [ "https://blog.netspi.com/attacking-sql-server-clr-assemblies/" ], "source": "MITRE", "title": "Attacking SQL Server CLR Assemblies" }, "related": [], "uuid": "6f3d8c89-9d5d-4754-98d5-44fe3a5dd0d5", "value": "NetSPI SQL Server CLR" }, { "description": "Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.", "meta": { "date_accessed": "2017-10-06T00:00:00Z", "date_published": "2016-10-07T00:00:00Z", "refs": [ "https://www.youtube.com/watch?v=fevGZs0EQu8" ], "source": "MITRE", "title": "Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years" }, "related": [], "uuid": "2bd39baf-4223-4344-ba93-98aa8453dc11", "value": "Mandiant FIN5 GrrCON Oct 2016" }, { "description": "Administrator, Penetration Testing Lab. (2012, October 30). Attacking VNC Servers. Retrieved October 6, 2021.", "meta": { "date_accessed": "2021-10-06T00:00:00Z", "date_published": "2012-10-30T00:00:00Z", "refs": [ "https://pentestlab.blog/2012/10/30/attacking-vnc-servers/" ], "source": "MITRE", "title": "Attacking VNC Servers" }, "related": [], "uuid": "f953ea41-f9ca-4f4e-a46f-ef1d2def1d07", "value": "Attacking VNC Servers PentestLab" }, { "description": "Baird, S. et al.. (2017, July 7). Attack on Critical Infrastructure Leverages Template Injection. Retrieved July 21, 2018.", "meta": { "date_accessed": "2018-07-21T00:00:00Z", "date_published": "2017-07-07T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2017/07/template-injection.html" ], "source": "MITRE", "title": "Attack on Critical Infrastructure Leverages Template Injection" }, "related": [], "uuid": "175ea537-2a94-42c7-a83b-bec8906ee6b9", "value": "Talos Template Injection July 2017" }, { "description": "Falcone, R. and Miller-Osborn, J.. (2015, December 18). Attack on French Diplomat Linked to Operation Lotus Blossom. Retrieved February 15, 2016.", "meta": { "date_accessed": "2016-02-15T00:00:00Z", "date_published": "2015-12-18T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/" ], "source": "MITRE", "title": "Attack on French Diplomat Linked to Operation Lotus Blossom" }, "related": [], "uuid": "dcbe51a0-6d63-4401-b19e-46cd3c42204c", "value": "Lotus Blossom Dec 2015" }, { "description": "Symantec. (2021, June 10). Attacks Against the Government Sector. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2021-06-10T00:00:00Z", "refs": [ "https://symantec.broadcom.com/hubfs/Attacks-Against-Government-Sector.pdf" ], "source": "MITRE", "title": "Attacks Against the Government Sector" }, "related": [], "uuid": "f5940cc2-1bbd-4e42-813a-f50867b01035", "value": "Symantec Attacks Against Government Sector" }, { "description": "Team Nautilus. (2021, June). Attacks in the Wild on the Container Supply Chain and Infrastructure. Retrieved August 26, 2021.", "meta": { "date_accessed": "2021-08-26T00:00:00Z", "date_published": "2021-06-01T00:00:00Z", "refs": [ "https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation" ], "source": "MITRE", "title": "Attacks in the Wild on the Container Supply Chain and Infrastructure" }, "related": [], "uuid": "be9652d5-7531-4143-9c44-aefd019b7a32", "value": "Aqua Security Cloud Native Threat Report June 2021" }, { "description": "CERT-FR. (2020, April 1). ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE. Retrieved March 1, 2021.", "meta": { "date_accessed": "2021-03-01T00:00:00Z", "date_published": "2020-04-01T00:00:00Z", "refs": [ "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-003.pdf" ], "source": "MITRE", "title": "ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE" }, "related": [], "uuid": "4e502db6-2e09-4422-9dcc-1e10e701e122", "value": "CERT-FR PYSA April 2020" }, { "description": "Sander, J. (2017, October 12). Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks. Retrieved March 21, 2018.", "meta": { "date_accessed": "2018-03-21T00:00:00Z", "date_published": "2017-10-12T00:00:00Z", "refs": [ "https://blog.stealthbits.com/attack-step-3-persistence-ntfs-extended-attributes-file-system-attacks" ], "source": "MITRE", "title": "Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks" }, "related": [], "uuid": "6d270128-0461-43ec-8925-204c7b5aacc9", "value": "InsiderThreat NTFS EA Oct 2017" }, { "description": "Microsoft. (2023, February 22). Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "date_published": "2023-02-22T00:00:00Z", "refs": [ "https://learn.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-execution-of-potentially-obfuscated-scripts" ], "source": "MITRE", "title": "Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts" }, "related": [], "uuid": "dec646d4-8b32-5091-b097-abe887aeca96", "value": "Microsoft ASR Obfuscation" }, { "description": "Co, M. and Sison, G. (2018, February 8). Attack Using Windows Installer msiexec.exe leads to LokiBot. Retrieved April 18, 2019.", "meta": { "date_accessed": "2019-04-18T00:00:00Z", "date_published": "2018-02-08T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/attack-using-windows-installer-msiexec-exe-leads-lokibot/" ], "source": "MITRE", "title": "Attack Using Windows Installer msiexec.exe leads to LokiBot" }, "related": [], "uuid": "768c99f3-ee28-47dc-bc33-06d50ac72dea", "value": "TrendMicro Msiexec Feb 2018" }, { "description": "Stepanic, D. (2018, September 2). attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs. Retrieved March 11, 2019.", "meta": { "date_accessed": "2019-03-11T00:00:00Z", "date_published": "2018-09-02T00:00:00Z", "refs": [ "https://github.com/dstepanic/attck_empire" ], "source": "MITRE", "title": "attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs" }, "related": [], "uuid": "b3d6bb33-2b23-4c0a-b8fa-e002a5c7edfc", "value": "GitHub ATTACK Empire" }, { "description": "Tony Lambert. (2022, November 13). ATT&CK T1501: Understanding systemd service persistence. Retrieved March 20, 2023.", "meta": { "date_accessed": "2023-03-20T00:00:00Z", "date_published": "2022-11-13T00:00:00Z", "refs": [ "https://redcanary.com/blog/attck-t1501-understanding-systemd-service-persistence/" ], "source": "MITRE", "title": "ATT&CK T1501: Understanding systemd service persistence" }, "related": [], "uuid": "196f0c77-4c98-57e7-ad79-eb43bdd2c848", "value": "lambert systemd 2022" }, { "description": "Microsoft. (2016, April 15). Attractive Accounts for Credential Theft. Retrieved June 3, 2016.", "meta": { "date_accessed": "2016-06-03T00:00:00Z", "date_published": "2016-04-15T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/dn535501.aspx" ], "source": "MITRE", "title": "Attractive Accounts for Credential Theft" }, "related": [], "uuid": "5c183c97-0ab2-4b75-8dbc-9db92a929ff4", "value": "TechNet Credential Theft" }, { "description": "Gagliardi, R. (n.d.). Audit in a OS X System. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "refs": [ "https://www.scip.ch/en/?labs.20150108" ], "source": "MITRE", "title": "Audit in a OS X System" }, "related": [], "uuid": "c5181c95-0a94-4ea0-9940-04a9663d0069", "value": "Audit OSX" }, { "description": "Microsoft. (2021, September 6). Audit logon events. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2021-09-06T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events" ], "source": "MITRE", "title": "Audit logon events" }, "related": [], "uuid": "050d6da7-a78c-489d-8bef-b06d802b55d7", "value": "Microsoft Audit Logon Events" }, { "description": "Google. (n.d.). Audit Logs. Retrieved June 1, 2020.", "meta": { "date_accessed": "2020-06-01T00:00:00Z", "refs": [ "https://cloud.google.com/logging/docs/audit#admin-activity" ], "source": "MITRE", "title": "Audit Logs" }, "related": [], "uuid": "500bdcea-5f49-4949-80fb-5eec1ce5e09e", "value": "Cloud Audit Logs" }, { "description": "Microsoft. (2017, May 28). Audit Other Object Access Events. Retrieved June 27, 2019.", "meta": { "date_accessed": "2019-06-27T00:00:00Z", "date_published": "2017-05-28T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events" ], "source": "MITRE", "title": "Audit Other Object Access Events" }, "related": [], "uuid": "79e54b41-69ba-4738-86ef-88c4f540bce3", "value": "Microsoft Scheduled Task Events Win10" }, { "description": "Jason Gerend, et al. (2017, October 16). auditpol. Retrieved September 1, 2021.", "meta": { "date_accessed": "2021-09-01T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/auditpol" ], "source": "MITRE", "title": "auditpol" }, "related": [], "uuid": "20d18ecf-d7d3-4433-9a3c-c28be71de4b1", "value": "auditpol" }, { "description": "STRONTIC. (n.d.). auditpol.exe. Retrieved September 9, 2021.", "meta": { "date_accessed": "2021-09-09T00:00:00Z", "refs": [ "https://strontic.github.io/xcyclopedia/library/auditpol.exe-214E0EA1F7F7C27C82D23F183F9D23F1.html" ], "source": "MITRE", "title": "auditpol.exe" }, "related": [], "uuid": "c8a305b3-cd17-4415-a740-32787da703cd", "value": "auditpol.exe_STRONTIC" }, { "description": "Daniel Simpson. (2017, April 19). Audit Policy. Retrieved September 13, 2021.", "meta": { "date_accessed": "2021-09-13T00:00:00Z", "date_published": "2017-04-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/audit-policy" ], "source": "MITRE", "title": "Audit Policy" }, "related": [], "uuid": "9ff43f64-7fcb-4aa3-9599-9d00774d8da5", "value": "Audit_Policy_Microsoft" }, { "description": "Microsoft. (2016, April 15). Audit Policy Recommendations. Retrieved June 3, 2016.", "meta": { "date_accessed": "2016-06-03T00:00:00Z", "date_published": "2016-04-15T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/dn487457.aspx" ], "source": "MITRE", "title": "Audit Policy Recommendations" }, "related": [], "uuid": "406cd8ff-e539-4853-85ed-775726155cf1", "value": "TechNet Audit Policy" }, { "description": "Microsoft. (2012, July 2). Audit Registry. Retrieved January 31, 2018.", "meta": { "date_accessed": "2018-01-31T00:00:00Z", "date_published": "2012-07-02T00:00:00Z", "refs": [ "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941614(v=ws.10)" ], "source": "MITRE", "title": "Audit Registry" }, "related": [], "uuid": "4e95ad81-cbc4-4f66-ba95-fb781d7d9c3c", "value": "Microsoft Audit Registry July 2012" }, { "description": "Paganini, P. (2012, September 9). Elderwood project, who is behind Op. Aurora and ongoing attacks?. Retrieved February 13, 2018.", "meta": { "date_accessed": "2018-02-13T00:00:00Z", "refs": [ "http://securityaffairs.co/wordpress/8528/hacking/elderwood-project-who-is-behind-op-aurora-and-ongoing-attacks.html" ], "source": "MITRE", "title": "Aurora and ongoing attacks?" }, "related": [], "uuid": "ebfc56c5-0490-4b91-b49f-548c00a59162", "value": "Security Affairs Elderwood Sept 2012" }, { "description": "NIST. (n.d.). Authentication. Retrieved January 30, 2020.", "meta": { "date_accessed": "2020-01-30T00:00:00Z", "refs": [ "https://csrc.nist.gov/glossary/term/authentication" ], "source": "MITRE", "title": "Authentication" }, "related": [], "uuid": "f3cfb9b9-62f4-4066-a2b9-7e6f25bd7a46", "value": "NIST Authentication" }, { "description": "Microsoft. (n.d.). Authentication Packages. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx" ], "source": "MITRE", "title": "Authentication Packages" }, "related": [], "uuid": "e9bb8434-9b6d-4301-bfe2-5c83ceabb020", "value": "MSDN Authentication Packages" }, { "description": "Microsoft. (n.d.). Authenticode. Retrieved January 31, 2018.", "meta": { "date_accessed": "2018-01-31T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/ms537359.aspx" ], "source": "MITRE", "title": "Authenticode" }, "related": [], "uuid": "33efd1a3-ffe9-42b3-ae12-970ed11454bf", "value": "Microsoft Authenticode" }, { "description": "Kubernetes. (n.d.). Authorization Overview. Retrieved June 24, 2021.", "meta": { "date_accessed": "2021-06-24T00:00:00Z", "refs": [ "https://kubernetes.io/docs/reference/access-authn-authz/authorization/" ], "source": "MITRE", "title": "Authorization Overview" }, "related": [], "uuid": "120f968a-c81f-4902-9b76-7544577b768d", "value": "K8s Authorization Overview" }, { "description": "ssh.com. (n.d.). Authorized_keys File in SSH. Retrieved June 24, 2020.", "meta": { "date_accessed": "2020-06-24T00:00:00Z", "refs": [ "https://www.ssh.com/ssh/authorized_keys/" ], "source": "MITRE", "title": "Authorized_keys File in SSH" }, "related": [], "uuid": "ff100b76-894e-4d7c-9b8d-5f0eedcf59cc", "value": "SSH Authorized Keys" }, { "description": "Pascual, C. (2018, November 27). AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor. Retrieved June 4, 2019.", "meta": { "date_accessed": "2019-06-04T00:00:00Z", "date_published": "2018-11-27T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/" ], "source": "MITRE", "title": "AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor" }, "related": [], "uuid": "d8e7b428-84dd-4d96-b3f3-70e7ed7f8271", "value": "Trend Micro njRAT 2018" }, { "description": "Apple. (2016, December 6). Automatically re-open windows, apps, and documents on your Mac. Retrieved July 11, 2017.", "meta": { "date_accessed": "2017-07-11T00:00:00Z", "date_published": "2016-12-06T00:00:00Z", "refs": [ "https://support.apple.com/en-us/HT204005" ], "source": "MITRE", "title": "Automatically re-open windows, apps, and documents on your Mac" }, "related": [], "uuid": "ed907f1e-71d6-45db-8ef3-75bec59c238b", "value": "Re-Open windows on Mac" }, { "description": "Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016.", "meta": { "date_accessed": "2016-06-06T00:00:00Z", "date_published": "2016-01-04T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/sysinternals/bb963902" ], "source": "MITRE", "title": "Autoruns for Windows v13.51" }, "related": [], "uuid": "709f4509-9d69-4033-8aa6-a947496a1703", "value": "TechNet Autoruns" }, { "description": "Mark Russinovich. (2019, June 28). Autoruns for Windows v13.96. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "date_published": "2019-06-28T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns" ], "source": "MITRE", "title": "Autoruns for Windows v13.96" }, "related": [], "uuid": "aaf66ad0-c444-48b5-875f-a0f66b82031c", "value": "Autoruns for Windows" }, { "description": "Security Lab. (2020, June 5). Avaddon: From seeking affiliates to in-the-wild in 2 days. Retrieved August 19, 2021.", "meta": { "date_accessed": "2021-08-19T00:00:00Z", "date_published": "2020-06-05T00:00:00Z", "refs": [ "https://www.hornetsecurity.com/en/security-information/avaddon-from-seeking-affiliates-to-in-the-wild-in-2-days/" ], "source": "MITRE", "title": "Avaddon: From seeking affiliates to in-the-wild in 2 days" }, "related": [], "uuid": "41377d56-2e7b-48a8-8561-681e04a65907", "value": "Hornet Security Avaddon June 2020" }, { "description": "Yuste, J. Pastrana, S. (2021, February 9). Avaddon ransomware: an in-depth analysis and decryption of infected systems. Retrieved August 19, 2021.", "meta": { "date_accessed": "2021-08-19T00:00:00Z", "date_published": "2021-02-09T00:00:00Z", "refs": [ "https://arxiv.org/pdf/2102.04796.pdf" ], "source": "MITRE", "title": "Avaddon ransomware: an in-depth analysis and decryption of infected systems" }, "related": [], "uuid": "dbee8e7e-f477-4bd5-8225-84e0e222617e", "value": "Arxiv Avaddon Feb 2021" }, { "description": "CISA. (2021, February 1). Avoiding Social Engineering and Phishing Attacks. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "date_published": "2021-02-01T00:00:00Z", "refs": [ "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks" ], "source": "MITRE", "title": "Avoiding Social Engineering and Phishing Attacks" }, "related": [], "uuid": "0c98bf66-f43c-5b09-ae43-d10c682f51e7", "value": "CISA Phishing" }, { "description": "Hasherezade. (2021, July 23). AvosLocker enters the ransomware scene, asks for partners. Retrieved January 11, 2023.", "meta": { "date_accessed": "2023-01-11T00:00:00Z", "date_published": "2021-07-23T00:00:00Z", "refs": [ "https://www.malwarebytes.com/blog/threat-intelligence/2021/07/avoslocker-enters-the-ransomware-scene-asks-for-partners" ], "source": "MITRE", "title": "AvosLocker enters the ransomware scene, asks for partners" }, "related": [], "uuid": "88dffb14-a7a7-5b36-b269-8283dec0f1a3", "value": "Malwarebytes AvosLocker Jul 2021" }, { "description": "Lakshmanan, R. (2022, May 2). AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection. Retrieved May 17, 2022.", "meta": { "date_accessed": "2022-05-17T00:00:00Z", "date_published": "2022-05-02T00:00:00Z", "refs": [ "https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html" ], "source": "MITRE", "title": "AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection" }, "related": [], "uuid": "ea2756ce-a183-4c80-af11-92374ad045b2", "value": "avoslocker_ransomware" }, { "description": "Venere, G. Neal, C. (2022, June 21). Avos ransomware group expands with new attack arsenal. Retrieved January 11, 2023.", "meta": { "date_accessed": "2023-01-11T00:00:00Z", "date_published": "2022-06-21T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/avoslocker-new-arsenal/" ], "source": "MITRE", "title": "Avos ransomware group expands with new attack arsenal" }, "related": [], "uuid": "1170fdc2-6d8e-5b60-bf9e-ca915790e534", "value": "Cisco Talos Avos Jun 2022" }, { "description": "Alexandre D'Hondt. (n.d.). Awesome Executable Packing. Retrieved March 11, 2022.", "meta": { "date_accessed": "2022-03-11T00:00:00Z", "refs": [ "https://github.com/dhondta/awesome-executable-packing" ], "source": "MITRE", "title": "Awesome Executable Packing" }, "related": [], "uuid": "565bf600-5657-479b-9678-803e991c88a5", "value": "Awesome Executable Packing" }, { "description": "M.Leveille, M., Sanmillan, I. (2021, January). A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs. Retrieved August 24, 2021.", "meta": { "date_accessed": "2021-08-24T00:00:00Z", "date_published": "2021-01-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2021/01/ESET_Kobalos.pdf" ], "source": "MITRE", "title": "A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs" }, "related": [], "uuid": "745e963e-33fd-40d4-a8c6-1a9f321017f4", "value": "ESET Kobalos Jan 2021" }, { "description": "Amazon. (n.d.). AWS Account Root User. Retrieved April 5, 2021.", "meta": { "date_accessed": "2021-04-05T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html" ], "source": "MITRE", "title": "AWS Account Root User" }, "related": [], "uuid": "5f315c21-f02f-4c9e-aac6-d648deff3ff9", "value": "AWS Root User" }, { "description": "Damian Hickey. (2017, January 28). AWS-ADFS-Credential-Generator. Retrieved December 16, 2020.", "meta": { "date_accessed": "2020-12-16T00:00:00Z", "date_published": "2017-01-28T00:00:00Z", "refs": [ "https://github.com/damianh/aws-adfs-credential-generator" ], "source": "MITRE", "title": "AWS-ADFS-Credential-Generator" }, "related": [], "uuid": "340a3a20-0ee1-4fd8-87ab-10ac0d2a50c8", "value": "GitHub AWS-ADFS-Credential-Generator" }, { "description": "Amazon Web Services. (n.d.). AWS API GetAccountPasswordPolicy. Retrieved June 8, 2021.", "meta": { "date_accessed": "2021-06-08T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html" ], "source": "MITRE", "title": "AWS API GetAccountPasswordPolicy" }, "related": [], "uuid": "dd44d565-b9d9-437e-a31a-a52c6a21e3b3", "value": "AWS GetPasswordPolicy" }, { "description": "Amazon. (n.d.). AWS Console Sign-in Events. Retrieved October 23, 2019.", "meta": { "date_accessed": "2019-10-23T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-aws-console-sign-in-events.html" ], "source": "MITRE", "title": "AWS Console Sign-in Events" }, "related": [], "uuid": "72578d0b-f68a-40fa-9a5d-379a66792be8", "value": "AWS Console Sign-in Events" }, { "description": "Amazon Web Services. (n.d.). Retrieved May 28, 2021.", "meta": { "date_accessed": "2021-05-28T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html" ], "source": "MITRE", "title": "AWS Describe DB Instances" }, "related": [], "uuid": "85bda17d-7b7c-4d0e-a0d2-2adb5f0a6b82", "value": "AWS Describe DB Instances" }, { "description": "Amazon Web Services. (n.d.). Retrieved May 28, 2021.", "meta": { "date_accessed": "2021-05-28T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html" ], "source": "MITRE", "title": "AWS Get Bucket ACL" }, "related": [], "uuid": "1eddbd32-8314-4f95-812a-550904eac2fa", "value": "AWS Get Bucket ACL" }, { "description": "Amazon Web Services. (n.d.). Retrieved May 28, 2021.", "meta": { "date_accessed": "2021-05-28T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html" ], "source": "MITRE", "title": "AWS Get Public Access Block" }, "related": [], "uuid": "f2887980-569a-4bc2-949e-bd8ff266c43c", "value": "AWS Get Public Access Block" }, { "description": "Amazon Web Services. (n.d.). AWS HeadBucket. Retrieved February 14, 2022.", "meta": { "date_accessed": "2022-02-14T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html" ], "source": "MITRE", "title": "AWS HeadBucket" }, "related": [], "uuid": "1388a78e-9f86-4927-a619-e0fcbac5b7a1", "value": "AWS Head Bucket" }, { "description": "Spencer Gietzen. (n.d.). AWS IAM Privilege Escalation – Methods and Mitigation. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/" ], "source": "MITRE", "title": "AWS IAM Privilege Escalation – Methods and Mitigation" }, "related": [], "uuid": "693e5783-4aa1-40ce-8080-cec01c3e7b59", "value": "Rhino Security Labs AWS Privilege Escalation" }, { "description": "Adam Chester. (2020, February 25). AWS Lambda Redirector. Retrieved July 8, 2022.", "meta": { "date_accessed": "2022-07-08T00:00:00Z", "date_published": "2020-02-25T00:00:00Z", "refs": [ "https://blog.xpnsec.com/aws-lambda-redirector/" ], "source": "MITRE", "title": "AWS Lambda Redirector" }, "related": [], "uuid": "9ba87a5d-a140-4959-9905-c4a80e684d56", "value": "AWS Lambda Redirector" }, { "description": "Spencer Gietzen. (n.d.). AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense. Retrieved March 21, 2023.", "meta": { "date_accessed": "2023-03-21T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/" ], "source": "MITRE", "title": "AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense" }, "related": [], "uuid": "785c6b11-c5f0-5cb4-931b-cf75fcc368a1", "value": "Rhino Security Labs AWS S3 Ransomware" }, { "description": "AWS. (n.d.). AWS Systems Manager Run Command. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/systems-manager/latest/userguide/run-command.html" ], "source": "MITRE", "title": "AWS Systems Manager Run Command" }, "related": [], "uuid": "ef66f17b-6a5b-5eb8-83de-943e2bddd114", "value": "AWS Systems Manager Run Command" }, { "description": "Slowik, J.. (2019, April 12). A XENOTIME to Remember: Veles in the Wild. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2019-04-12T00:00:00Z", "refs": [ "https://pylos.co/2019/04/12/a-xenotime-to-remember-veles-in-the-wild/" ], "source": "MITRE", "title": "A XENOTIME to Remember: Veles in the Wild" }, "related": [], "uuid": "e2f246d8-c75e-4e0f-bba8-869d82be26da", "value": "Pylos Xenotime 2019" }, { "description": "Patrick Wardle. (2018, January 11). Ay MaMi. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "date_published": "2018-01-11T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x26.html" ], "source": "MITRE", "title": "Ay MaMi" }, "related": [], "uuid": "1b1d656c-4fe6-47d1-9ce5-a70c33003507", "value": "objective-see ay mami 2018" }, { "description": "Microsoft. (n.d.). az ad user. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/cli/azure/ad/user?view=azure-cli-latest" ], "source": "MITRE", "title": "az ad user" }, "related": [], "uuid": "cfd94553-272b-466b-becb-3859942bcaa5", "value": "Microsoft AZ CLI" }, { "description": "Kennedy, J. (2020, December 9). A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2020-12-09T00:00:00Z", "refs": [ "https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/" ], "source": "MITRE", "title": "A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy" }, "related": [], "uuid": "88d8a3b7-d994-4fd2-9aa1-83b79bccda7e", "value": "Intezer Russian APT Dec 2020" }, { "description": "Microsoft. (n.d.). az monitor diagnostic-settings. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest#az_monitor_diagnostic_settings_delete" ], "source": "MITRE", "title": "az monitor diagnostic-settings" }, "related": [], "uuid": "6ddd92ee-1014-4b7a-953b-18ac396b100e", "value": "az monitor diagnostic-settings" }, { "description": "Microsoft. (2020, September 16). Azure Active Directory security operations for devices. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2020-09-16T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-devices" ], "source": "MITRE", "title": "Azure Active Directory security operations for devices" }, "related": [], "uuid": "eeba5eab-a9d8-55c0-b555-0414f65d2c2d", "value": "Microsoft Azure AD Security Operations for Devices" }, { "description": "Microsoft . (2022, September 16). Azure Active Directory security operations guide. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-09-16T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-introduction" ], "source": "MITRE", "title": "Azure Active Directory security operations guide" }, "related": [], "uuid": "b75a3f28-a028-50e6-b971-cc85e7d52e0c", "value": "Microsoft Azure Active Directory security operations guide" }, { "description": "Adam Chester. (2019, February 18). Azure AD Connect for Red Teamers. Retrieved September 28, 2022.", "meta": { "date_accessed": "2022-09-28T00:00:00Z", "date_published": "2019-02-18T00:00:00Z", "refs": [ "https://blog.xpnsec.com/azuread-connect-for-redteam/" ], "source": "MITRE", "title": "Azure AD Connect for Red Teamers" }, "related": [], "uuid": "0b9946ff-8c1c-4d93-8401-e1e4dd186305", "value": "Azure AD Connect for Read Teamers" }, { "description": "Microsoft. (2014, December 12). Azure/azure-powershell. Retrieved March 24, 2023.", "meta": { "date_accessed": "2023-03-24T00:00:00Z", "date_published": "2014-12-12T00:00:00Z", "refs": [ "https://github.com/Azure/azure-powershell" ], "source": "MITRE", "title": "Azure/azure-powershell" }, "related": [], "uuid": "3b17b649-9efa-525f-aa49-cf6c9ad559d7", "value": "Microsoft - Azure PowerShell" }, { "description": "Microsoft. (n.d.). Azure Blob Storage. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://azure.microsoft.com/en-us/services/storage/blobs/" ], "source": "MITRE", "title": "Azure Blob Storage" }, "related": [], "uuid": "7a392b85-872a-4a5a-984c-185a8e8f8a3f", "value": "Azure Blob Storage" }, { "description": "Microsoft. (2021, February 21). Azure Instance Metadata Service (Windows). Retrieved April 2, 2021.", "meta": { "date_accessed": "2021-04-02T00:00:00Z", "date_published": "2021-02-21T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=windows" ], "source": "MITRE", "title": "Azure Instance Metadata Service (Windows)" }, "related": [], "uuid": "66e93b75-0067-4cdb-b695-8f8109ef26e0", "value": "Microsoft Azure Instance Metadata 2021" }, { "description": "Microsoft. (2023, August 30). Azure Policy built-in policy definitions. Retrieved September 5, 2023.", "meta": { "date_accessed": "2023-09-05T00:00:00Z", "date_published": "2023-08-30T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute" ], "source": "MITRE", "title": "Azure Policy built-in policy definitions" }, "related": [], "uuid": "761d102e-768a-5536-a098-0b1819029d33", "value": "Microsoft Azure Policy" }, { "description": "Andy Robbins. (2021, October 12). Azure Privilege Escalation via Service Principal Abuse. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2021-10-12T00:00:00Z", "refs": [ "https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5" ], "source": "MITRE", "title": "Azure Privilege Escalation via Service Principal Abuse" }, "related": [], "uuid": "5dba5a6d-465e-4489-bc4d-299a891b62f6", "value": "SpecterOps Azure Privilege Escalation" }, { "description": "Microsoft. (n.d.). Azure products. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://azure.microsoft.com/en-us/services/" ], "source": "MITRE", "title": "Azure products" }, "related": [], "uuid": "12a72e05-ada4-4f77-8d6e-03024f88cab6", "value": "Azure Products" }, { "description": "Microsoft. (2019, May 20). Azure Resource Manager. Retrieved June 17, 2020.", "meta": { "date_accessed": "2020-06-17T00:00:00Z", "date_published": "2019-05-20T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/rest/api/resources/" ], "source": "MITRE", "title": "Azure Resource Manager" }, "related": [], "uuid": "223cc020-e88a-4236-9c34-64fe606a1729", "value": "Azure - Resource Manager API" }, { "description": "Adrien Bataille, Anders Vejlby, Jared Scott Wilson, and Nader Zaveri. (2021, December 14). Azure Run Command for Dummies. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "date_published": "2021-12-14T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/azure-run-command-dummies" ], "source": "MITRE", "title": "Azure Run Command for Dummies" }, "related": [], "uuid": "e15d38de-bc15-525b-bd03-27c0edca768d", "value": "Mandiant Azure Run Command 2021" }, { "description": "Microsoft. (2022, November 14). Azure security baseline for Azure Active Directory. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-11-14T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline" ], "source": "MITRE", "title": "Azure security baseline for Azure Active Directory" }, "related": [], "uuid": "2bc66dc9-2ed2-52ad-8ae2-5497be3b0c53", "value": "Microsoft Azure security baseline for Azure Active Directory" }, { "description": "Microsoft. (2020, December). Azure Sentinel Detections. Retrieved December 30, 2020.", "meta": { "date_accessed": "2020-12-30T00:00:00Z", "date_published": "2020-12-01T00:00:00Z", "refs": [ "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/ADFSDomainTrustMods.yaml" ], "source": "MITRE", "title": "Azure Sentinel Detections" }, "related": [], "uuid": "34314090-33c2-4276-affa-3d0b527bbcef", "value": "Microsoft - Azure Sentinel ADFSDomainTrustMods" }, { "description": "Microsoft. (2022, October 17). Azure Serial Console. Retrieved June 2, 2023.", "meta": { "date_accessed": "2023-06-02T00:00:00Z", "date_published": "2022-10-17T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview" ], "source": "MITRE", "title": "Azure Serial Console" }, "related": [], "uuid": "fd75d136-e818-5233-b2c2-5d8ed033b9e6", "value": "Azure Serial Console" }, { "description": "Amlekar, M., Brooks, C., Claman, L., et. al.. (2019, March 20). Azure Storage security guide. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2019-03-20T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide" ], "source": "MITRE", "title": "Azure Storage security guide" }, "related": [], "uuid": "95bda448-bb13-4fa6-b663-e48a9d1b866f", "value": "Microsoft Azure Storage Security, 2019" }, { "description": "Microsoft. (2020). Azure Stormspotter GitHub. Retrieved June 17, 2020.", "meta": { "date_accessed": "2020-06-17T00:00:00Z", "date_published": "2020-01-01T00:00:00Z", "refs": [ "https://github.com/Azure/Stormspotter" ], "source": "MITRE", "title": "Azure Stormspotter GitHub" }, "related": [], "uuid": "42383ed1-9705-4313-8068-28a22a23f50e", "value": "Azure - Stormspotter" }, { "description": "Sebdraven. (2021, February 8). Babuk is distributed packed. Retrieved August 11, 2021.", "meta": { "date_accessed": "2021-08-11T00:00:00Z", "date_published": "2021-02-08T00:00:00Z", "refs": [ "https://sebdraven.medium.com/babuk-is-distributed-packed-78e2f5dd2e62" ], "source": "MITRE", "title": "Babuk is distributed packed" }, "related": [], "uuid": "58759b1c-8e2c-44fa-8e37-8bf7325c330d", "value": "Medium Babuk February 2021" }, { "description": "Sogeti. (2021, March). Babuk Ransomware. Retrieved August 11, 2021.", "meta": { "date_accessed": "2021-08-11T00:00:00Z", "date_published": "2021-03-01T00:00:00Z", "refs": [ "https://www.sogeti.com/globalassets/reports/cybersecchronicles_-_babuk.pdf" ], "source": "MITRE", "title": "Babuk Ransomware" }, "related": [], "uuid": "e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e", "value": "Sogeti CERT ESEC Babuk March 2021" }, { "description": "Lim, M.. (2019, April 26). BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat . Retrieved October 7, 2019.", "meta": { "date_accessed": "2019-10-07T00:00:00Z", "date_published": "2019-04-26T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/" ], "source": "MITRE", "title": "BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat" }, "related": [], "uuid": "c020569d-9c85-45fa-9f0b-97be5bdbab08", "value": "Unit42 BabyShark Apr 2019" }, { "description": "Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.", "meta": { "date_accessed": "2018-02-21T00:00:00Z", "date_published": "2012-05-15T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-2843-99" ], "source": "MITRE", "title": "Backdoor.Briba" }, "related": [], "uuid": "bcf0f82b-1b26-4c0c-905e-0dd8b88d0903", "value": "Symantec Briba May 2012" }, { "description": "Bermejo, L., Giagone, R., Wu, R., and Yarochkin, F. (2017, August 7). Backdoor-carrying Emails Set Sights on Russian-speaking Businesses. Retrieved March 7, 2019.", "meta": { "date_accessed": "2019-03-07T00:00:00Z", "date_published": "2017-08-07T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-carrying-emails-set-sights-on-russian-speaking-businesses/" ], "source": "MITRE", "title": "Backdoor-carrying Emails Set Sights on Russian-speaking Businesses" }, "related": [], "uuid": "efeb475c-2a7c-4ab6-814d-3ee7866fa322", "value": "TrendMicro Squiblydoo Aug 2017" }, { "description": "Hayashi, K. (2005, August 18). Backdoor.Darkmoon. Retrieved February 23, 2018.", "meta": { "date_accessed": "2018-02-23T00:00:00Z", "date_published": "2005-08-18T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2005-081910-3934-99" ], "source": "MITRE", "title": "Backdoor.Darkmoon" }, "related": [], "uuid": "7088234d-a6fc-49ad-b4fd-2fe8ca333c1d", "value": "Symantec Darkmoon Aug 2005" }, { "description": "Adam Burgher. (2021, June 10). BackdoorDiplomacy: Upgrading from Quarian to Turian. Retrieved September 1, 2021", "meta": { "date_accessed": "2021-09-01T00:00:00Z", "date_published": "2021-06-10T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/" ], "source": "MITRE, Tidal Cyber", "title": "BackdoorDiplomacy: Upgrading from Quarian to Turian" }, "related": [], "uuid": "127d4b10-8d61-4bdf-b5b9-7d86bbc065b6", "value": "ESET BackdoorDiplomacy Jun 2021" }, { "description": "Daniel Grzelak. (2016, July 9). Backdooring an AWS account. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2016-07-09T00:00:00Z", "refs": [ "https://medium.com/daniel-grzelak/backdooring-an-aws-account-da007d36f8f9" ], "source": "MITRE", "title": "Backdooring an AWS account" }, "related": [], "uuid": "2c867527-1584-44f7-b5e5-8ca54ea79619", "value": "Backdooring an AWS account" }, { "description": "Zhou, R. (2012, May 15). Backdoor.Linfo. Retrieved February 23, 2018.", "meta": { "date_accessed": "2018-02-23T00:00:00Z", "date_published": "2012-05-15T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2012-051605-2535-99" ], "source": "MITRE", "title": "Backdoor.Linfo" }, "related": [], "uuid": "e6b88cd4-a58e-4139-b266-48d0f5957407", "value": "Symantec Linfo May 2012" }, { "description": "Stama, D.. (2015, February 6). Backdoor.Mivast. Retrieved February 15, 2016.", "meta": { "date_accessed": "2016-02-15T00:00:00Z", "date_published": "2015-02-06T00:00:00Z", "refs": [ "http://www.symantec.com/security_response/writeup.jsp?docid=2015-020623-0740-99&tabid=2" ], "source": "MITRE", "title": "Backdoor.Mivast" }, "related": [], "uuid": "800780e3-7d00-4cfc-8458-74fe17da2f71", "value": "Symantec Backdoor.Mivast" }, { "description": "Ladley, F. (2012, May 15). Backdoor.Nerex. Retrieved February 23, 2018.", "meta": { "date_accessed": "2018-02-23T00:00:00Z", "date_published": "2012-05-15T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-3445-99" ], "source": "MITRE", "title": "Backdoor.Nerex" }, "related": [], "uuid": "1613fd6b-4d62-464b-9cda-6f7d3f0192e1", "value": "Symantec Nerex May 2012" }, { "description": "Sponchioni, R.. (2016, March 11). Backdoor.Nidiran. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2016-03-11T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2015-120123-5521-99" ], "source": "MITRE", "title": "Backdoor.Nidiran" }, "related": [], "uuid": "01852772-c333-47a3-9e3f-e234a87f0b9b", "value": "Symantec Backdoor.Nidiran" }, { "description": "Symantec Security Response. (2016, August 8). Backdoor.Remsec indicators of compromise. Retrieved August 17, 2016.", "meta": { "date_accessed": "2016-08-17T00:00:00Z", "date_published": "2016-08-08T00:00:00Z", "refs": [ "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Symantec_Remsec_IOCs.pdf" ], "source": "MITRE", "title": "Backdoor.Remsec indicators of compromise" }, "related": [], "uuid": "b00bf616-96e6-42c9-a56c-380047ad5acb", "value": "Symantec Remsec IOCs" }, { "description": "Ladley, F. (2012, May 15). Backdoor.Ritsol. Retrieved February 23, 2018.", "meta": { "date_accessed": "2018-02-23T00:00:00Z", "date_published": "2012-05-15T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-3909-99" ], "source": "MITRE", "title": "Backdoor.Ritsol" }, "related": [], "uuid": "1c8b1762-8abd-479b-b78c-43d8c7be7c27", "value": "Symantec Ristol May 2012" }, { "description": "Zhou, R. (2012, May 15). Backdoor.Vasport. Retrieved February 22, 2018.", "meta": { "date_accessed": "2018-02-22T00:00:00Z", "date_published": "2012-05-15T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2012-051606-5938-99" ], "source": "MITRE", "title": "Backdoor.Vasport" }, "related": [], "uuid": "2dc7d7fb-3d13-4647-b15b-5e501946d606", "value": "Symantec Vasport May 2012" }, { "description": "FSecure. (n.d.). Backdoor - W32/Hupigon.EMV - Threat Description. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "refs": [ "https://www.f-secure.com/v-descs/backdoor_w32_hupigon_emv.shtml" ], "source": "MITRE", "title": "Backdoor - W32/Hupigon.EMV - Threat Description" }, "related": [], "uuid": "08ceb57f-065e-45e9-98e9-d58a92caa755", "value": "FSecure Hupigon" }, { "description": "Zhou, R. (2012, May 15). Backdoor.Wiarp. Retrieved February 22, 2018.", "meta": { "date_accessed": "2018-02-22T00:00:00Z", "date_published": "2012-05-15T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2012-051606-1005-99" ], "source": "MITRE", "title": "Backdoor.Wiarp" }, "related": [], "uuid": "78285833-4b0d-4077-86d2-f34b010a5862", "value": "Symantec Wiarp May 2012" }, { "description": "Microsoft. (2009, May 17). Backdoor:Win32/Lamin.A. Retrieved September 6, 2018.", "meta": { "date_accessed": "2018-09-06T00:00:00Z", "date_published": "2009-05-17T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor:Win32/Lamin.A" ], "source": "MITRE", "title": "Backdoor:Win32/Lamin.A" }, "related": [], "uuid": "84b8b159-6e85-4329-8903-aca156f4ed84", "value": "Microsoft Lamin Sept 2017" }, { "description": "McCormack, M. (2017, September 15). Backdoor:Win32/Poisonivy.E. Retrieved December 21, 2020.", "meta": { "date_accessed": "2020-12-21T00:00:00Z", "date_published": "2017-09-15T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3aWin32%2fPoisonivy.E" ], "source": "MITRE", "title": "Backdoor:Win32/Poisonivy.E" }, "related": [], "uuid": "fc97a89c-c912-4b0c-b151-916695dbbca4", "value": "Microsoft PoisonIvy 2017" }, { "description": "Microsoft. (2017, September 15). Backdoor:Win32/Truvasys.A!dha. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "date_published": "2017-09-15T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Truvasys.A!dha" ], "source": "MITRE", "title": "Backdoor:Win32/Truvasys.A!dha" }, "related": [], "uuid": "3c8ba6ef-8edc-44bf-9abe-655ba0f45912", "value": "Microsoft Win Defender Truvasys Sep 2017" }, { "description": "Microsoft. (2017, November 9). Backdoor:Win32/Wingbird.A!dha. Retrieved November 27, 2017.", "meta": { "date_accessed": "2017-11-27T00:00:00Z", "date_published": "2017-11-09T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Wingbird.A!dha" ], "source": "MITRE", "title": "Backdoor:Win32/Wingbird.A!dha" }, "related": [], "uuid": "6c7e2b89-8f3a-443c-9b72-12934b9dc364", "value": "Microsoft Wingbird Nov 2017" }, { "description": "Microsoft. (n.d.). Background Intelligent Transfer Service. Retrieved January 12, 2018.", "meta": { "date_accessed": "2018-01-12T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx" ], "source": "MITRE", "title": "Background Intelligent Transfer Service" }, "related": [], "uuid": "3d925a69-35f3-4337-8e1e-275de4c1783e", "value": "Microsoft BITS" }, { "description": "NCC Group Research Blog. (2022, August 19). Back in Black: Unlocking a LockBit 3.0 Ransomware Attack. Retrieved May 7, 2023.", "meta": { "date_accessed": "2023-05-07T00:00:00Z", "date_published": "2022-08-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://research.nccgroup.com/2022/08/19/back-in-black-unlocking-a-lockbit-3-0-ransomware-attack/" ], "source": "Tidal Cyber", "title": "Back in Black: Unlocking a LockBit 3.0 Ransomware Attack" }, "related": [], "uuid": "8c1fbe98-5fc1-4e67-9b96-b740ffc9b1ae", "value": "NCC Group Research Blog August 19 2022" }, { "description": "Hardiman, N.. (2012, March 20). Backing up and restoring snapshots on Amazon EC2 machines. Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "date_published": "2012-03-20T00:00:00Z", "refs": [ "https://www.techrepublic.com/blog/the-enterprise-cloud/backing-up-and-restoring-snapshots-on-amazon-ec2-machines/" ], "source": "MITRE", "title": "Backing up and restoring snapshots on Amazon EC2 machines" }, "related": [], "uuid": "bfe848a3-c855-4bca-a6ea-44804d48c7eb", "value": "Tech Republic - Restore AWS Snapshots" }, { "description": "Counter Threat Unit Research Team. (2018, August 24). Back to School: COBALT DICKENS Targets Universities. Retrieved February 3, 2021.", "meta": { "date_accessed": "2021-02-03T00:00:00Z", "date_published": "2018-08-24T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities" ], "source": "MITRE", "title": "Back to School: COBALT DICKENS Targets Universities" }, "related": [], "uuid": "addbb46b-b2b5-4844-b4be-f6294cf51caa", "value": "Secureworks COBALT DICKENS August 2018" }, { "description": "Dahan, A. et al. (2020, November 2). Back to the Future: Inside the Kimsuky KGH Spyware Suite. Retrieved November 6, 2020.", "meta": { "date_accessed": "2020-11-06T00:00:00Z", "date_published": "2020-11-02T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite" ], "source": "MITRE, Tidal Cyber", "title": "Back to the Future: Inside the Kimsuky KGH Spyware Suite" }, "related": [], "uuid": "ecc2f5ad-b2a8-470b-b919-cb184d12d00f", "value": "Cybereason Kimsuky November 2020" }, { "description": "Miller, J. et al. (2021, March 30). BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns. Retrieved May 4, 2021.", "meta": { "date_accessed": "2021-05-04T00:00:00Z", "date_published": "2021-03-30T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-research-personnel-credential" ], "source": "MITRE", "title": "BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns" }, "related": [], "uuid": "5ba4217c-813b-4cc5-b694-3a4dcad776e4", "value": "Proofpoint TA453 March 2021" }, { "description": "Bar, T., Conant, S. (2017, October 20). BadPatch. Retrieved November 13, 2018.", "meta": { "date_accessed": "2018-11-13T00:00:00Z", "date_published": "2017-10-20T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/" ], "source": "MITRE", "title": "BadPatch" }, "related": [], "uuid": "9c294bf7-24ba-408a-90b8-5b9885838e1b", "value": "Unit 42 BadPatch Oct 2017" }, { "description": "M.Léveille, M-E.. (2017, October 24). Bad Rabbit: Not‑Petya is back with improved ransomware. Retrieved January 28, 2021.", "meta": { "date_accessed": "2021-01-28T00:00:00Z", "date_published": "2017-10-24T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/" ], "source": "MITRE", "title": "Bad Rabbit: Not‑Petya is back with improved ransomware" }, "related": [], "uuid": "a9664f01-78f0-4461-a757-12f54ec99a56", "value": "ESET Bad Rabbit" }, { "description": "Mamedov, O. Sinitsyn, F. Ivanov, A.. (2017, October 24). Bad Rabbit ransomware. Retrieved January 28, 2021.", "meta": { "date_accessed": "2021-01-28T00:00:00Z", "date_published": "2017-10-24T00:00:00Z", "refs": [ "https://securelist.com/bad-rabbit-ransomware/82851/" ], "source": "MITRE", "title": "Bad Rabbit ransomware" }, "related": [], "uuid": "f4cec03a-ea94-4874-9bea-16189e967ff9", "value": "Secure List Bad Rabbit" }, { "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.", "meta": { "date_accessed": "2021-02-08T00:00:00Z", "date_published": "2020-10-01T00:00:00Z", "refs": [ "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf" ], "source": "MITRE", "title": "BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps" }, "related": [], "uuid": "872c377b-724b-454c-8432-e38062a7c331", "value": "BlackBerry Bahamut" }, { "description": "Duncan, I., Campbell, C. (2019, May 7). Baltimore city government computer network hit by ransomware attack. Retrieved July 29, 2019.", "meta": { "date_accessed": "2019-07-29T00:00:00Z", "date_published": "2019-05-07T00:00:00Z", "refs": [ "https://www.baltimoresun.com/politics/bs-md-ci-it-outage-20190507-story.html" ], "source": "MITRE", "title": "Baltimore city government computer network hit by ransomware attack" }, "related": [], "uuid": "f578de81-ea6b-49d0-9a0a-111e07249cd8", "value": "BaltimoreSun RobbinHood May 2019" }, { "description": "Check Point. (2020, November 26). Bandook: Signed & Delivered. Retrieved May 31, 2021.", "meta": { "date_accessed": "2021-05-31T00:00:00Z", "date_published": "2020-11-26T00:00:00Z", "refs": [ "https://research.checkpoint.com/2020/bandook-signed-delivered/" ], "source": "MITRE", "title": "Bandook: Signed & Delivered" }, "related": [], "uuid": "352652a9-86c9-42e1-8ee0-968180c6a51e", "value": "CheckPoint Bandook Nov 2020" }, { "description": "Marinho, R. (n.d.). (Banker(GoogleChromeExtension)).targeting. Retrieved November 18, 2017.", "meta": { "date_accessed": "2017-11-18T00:00:00Z", "refs": [ "https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/" ], "source": "MITRE", "title": "(Banker(GoogleChromeExtension)).targeting" }, "related": [], "uuid": "93f37adc-d060-4b35-9a4d-62d2ad61cdf3", "value": "Banker Google Chrome Extension Steals Creds" }, { "description": "Or Chechik. (2022, October 31). Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "date_published": "2022-10-31T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/banking-trojan-techniques/#post-125550-_rm3d6xxbk52n" ], "source": "MITRE", "title": "Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure" }, "related": [], "uuid": "411c3df4-08e6-518a-953d-19988b663dc4", "value": "Unit42 Banking Trojans Hooking 2022" }, { "description": "ArchWiki. (2021, January 19). Bash. Retrieved February 25, 2021.", "meta": { "date_accessed": "2021-02-25T00:00:00Z", "date_published": "2021-01-19T00:00:00Z", "refs": [ "https://wiki.archlinux.org/index.php/Bash#Invocation" ], "source": "MITRE", "title": "Bash" }, "related": [], "uuid": "06185cbd-6635-46c7-9783-67bd8742b66f", "value": "Linux manual bash invocation" }, { "description": "die.net. (n.d.). bash(1) - Linux man page. Retrieved June 12, 2020.", "meta": { "date_accessed": "2020-06-12T00:00:00Z", "refs": [ "https://linux.die.net/man/1/bash" ], "source": "MITRE", "title": "bash(1) - Linux man page" }, "related": [], "uuid": "c5b362ce-6bae-46f7-b047-e3a0b2bf2580", "value": "DieNet Bash" }, { "description": "LOLBAS. (2018, May 25). Bash.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Bash/" ], "source": "Tidal Cyber", "title": "Bash.exe" }, "related": [], "uuid": "7d3efbc7-6abf-4f3f-aec8-686100bb90ad", "value": "Bash.exe - LOLBAS Project" }, { "description": "LeFevre, A. (n.d.). Bashfuscator Command Obfuscators. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "refs": [ "https://bashfuscator.readthedocs.io/en/latest/Mutators/command_obfuscators/index.html" ], "source": "MITRE", "title": "Bashfuscator Command Obfuscators" }, "related": [], "uuid": "c0256889-3ff0-59de-b0d1-39a947a4c89d", "value": "Bashfuscator Command Obfuscators" }, { "description": "Microsoft. (n.d.). Basic TxF Concepts. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/dd979526.aspx" ], "source": "MITRE", "title": "Basic TxF Concepts" }, "related": [], "uuid": "72798536-a7e3-43e2-84e3-b5b8b54f0bca", "value": "Microsoft Basic TxF Concepts" }, { "description": "Bethany Hardin, Lavine Oluoch, Tatiana Vollbrecht. (2022, November 14). BATLOADER: The Evasive Downloader Malware. Retrieved June 5, 2023.", "meta": { "date_accessed": "2023-06-05T00:00:00Z", "date_published": "2022-11-14T00:00:00Z", "refs": [ "https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html" ], "source": "MITRE", "title": "BATLOADER: The Evasive Downloader Malware" }, "related": [], "uuid": "53e12ade-99ed-51ee-b5c8-32180f144658", "value": "BATLOADER: The Evasive Downloader Malware" }, { "description": "Lee, B. Grunzweig, J. (2015, December 22). BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger. Retrieved August 19, 2016.", "meta": { "date_accessed": "2016-08-19T00:00:00Z", "date_published": "2015-12-22T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/" ], "source": "MITRE", "title": "BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger" }, "related": [], "uuid": "8c5d61ba-24c5-4f6c-a208-e0a5d23ebb49", "value": "Palo Alto Networks BBSRAT" }, { "description": "Microsoft. (2021, May 27). bcdedit. Retrieved June 23, 2021.", "meta": { "date_accessed": "2021-06-23T00:00:00Z", "date_published": "2021-05-27T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/bcdedit" ], "source": "MITRE", "title": "bcdedit" }, "related": [], "uuid": "40dedfcb-f666-4f2d-a518-5cd4ae2e273c", "value": "Microsoft bcdedit 2021" }, { "description": "Baumgartner, K. and Garnaeva, M.. (2014, November 3). BE2 custom plugins, router abuse, and target profiles. Retrieved March 24, 2016.", "meta": { "date_accessed": "2016-03-24T00:00:00Z", "date_published": "2014-11-03T00:00:00Z", "refs": [ "https://securelist.com/be2-custom-plugins-router-abuse-and-target-profiles/67353/" ], "source": "MITRE", "title": "BE2 custom plugins, router abuse, and target profiles" }, "related": [], "uuid": "c64696d0-ee42-41e5-92cb-13cf43fac0c9", "value": "Securelist BlackEnergy Nov 2014" }, { "description": "Baumgartner, K. and Garnaeva, M.. (2015, February 17). BE2 extraordinary plugins, Siemens targeting, dev fails. Retrieved March 24, 2016.", "meta": { "date_accessed": "2016-03-24T00:00:00Z", "date_published": "2015-02-17T00:00:00Z", "refs": [ "https://securelist.com/be2-extraordinary-plugins-siemens-targeting-dev-fails/68838/" ], "source": "MITRE", "title": "BE2 extraordinary plugins, Siemens targeting, dev fails" }, "related": [], "uuid": "ef043c07-6ae6-4cd2-82cf-7cbdb259f676", "value": "Securelist BlackEnergy Feb 2015" }, { "description": "Alperovitch, D.. (2016, June 15). Bears in the Midst: Intrusion into the Democratic National Committee. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2016-06-15T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/" ], "source": "MITRE, Tidal Cyber", "title": "Bears in the Midst: Intrusion into the Democratic National Committee" }, "related": [], "uuid": "7f4edc06-ac67-4d71-b39c-5df9ce521bbb", "value": "Crowdstrike DNC June 2016" }, { "description": "Vilkomir-Preisman, S. (2022, August 18). Beating Black Basta Ransomware. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2022-08-18T00:00:00Z", "refs": [ "https://www.deepinstinct.com/blog/black-basta-ransomware-threat-emergence" ], "source": "MITRE", "title": "Beating Black Basta Ransomware" }, "related": [], "uuid": "72b64d7d-f8eb-54d3-83c8-a883906ceea1", "value": "Deep Instinct Black Basta August 2022" }, { "description": "Bienstock, D.. (2019). BECS and Beyond: Investigating and Defending O365. Retrieved September 13, 2019.", "meta": { "date_accessed": "2019-09-13T00:00:00Z", "date_published": "2019-01-01T00:00:00Z", "refs": [ "https://www.slideshare.net/DouglasBienstock/shmoocon-2019-becs-and-beyond-investigating-and-defending-office-365" ], "source": "MITRE", "title": "BECS and Beyond: Investigating and Defending O365" }, "related": [], "uuid": "4866e6c3-c1b2-4131-bd8f-0ac228168a10", "value": "Bienstock, D. - Defending O365 - 2019" }, { "description": "Kevin Mandia. (2017, March 30). Prepared Statement of Kevin Mandia, CEO of FireEye, Inc. before the United States Senate Select Committee on Intelligence. Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "refs": [ "https://www.intelligence.senate.gov/sites/default/files/documents/os-kmandia-033017.pdf" ], "source": "MITRE", "title": "before the United States Senate Select Committee on Intelligence" }, "related": [], "uuid": "c40a3f96-75f4-4b1c-98a5-cb38129c6dc4", "value": "Kevin Mandia Statement to US Senate Committee on Intelligence" }, { "description": "Windows Defender Research. (2018, March 7). Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign. Retrieved March 20, 2018.", "meta": { "date_accessed": "2018-03-20T00:00:00Z", "date_published": "2018-03-07T00:00:00Z", "refs": [ "https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/" ], "source": "MITRE", "title": "Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign" }, "related": [], "uuid": "85069317-2c25-448b-9ff4-504e429dc1bf", "value": "Microsoft Dofoil 2018" }, { "description": "Bennett, J., Vengerik, B. (2017, June 12). Behind the CARBANAK Backdoor. Retrieved June 11, 2018.", "meta": { "date_accessed": "2018-06-11T00:00:00Z", "date_published": "2017-06-12T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html" ], "source": "MITRE", "title": "Behind the CARBANAK Backdoor" }, "related": [], "uuid": "39105492-6044-460c-9dc9-3d4473ee862e", "value": "FireEye CARBANAK June 2017" }, { "description": "S. Lipton, L. Easterly, A. Randazzo and J. Hencinski. (2020, July 28). Behind the scenes in the Expel SOC: Alert-to-fix in AWS. Retrieved October 1, 2020.", "meta": { "date_accessed": "2020-10-01T00:00:00Z", "date_published": "2020-07-28T00:00:00Z", "refs": [ "https://expel.io/blog/behind-the-scenes-expel-soc-alert-aws/" ], "source": "MITRE", "title": "Behind the scenes in the Expel SOC: Alert-to-fix in AWS" }, "related": [], "uuid": "d538026c-da30-48d2-bc30-fde3776db1a8", "value": "Expel Behind the Scenes" }, { "description": "Carr, N., Sellmer, S. (2021, June 14). Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign. Retrieved June 15, 2021.", "meta": { "date_accessed": "2021-06-15T00:00:00Z", "date_published": "2021-06-14T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/" ], "source": "MITRE", "title": "Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign" }, "related": [], "uuid": "1de8c853-2b0c-439b-a31b-a2c4fa9f4206", "value": "Microsoft BEC Campaign" }, { "description": "Harbison, M. (2021, February 9). BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech. Retrieved February 16, 2021.", "meta": { "date_accessed": "2021-02-16T00:00:00Z", "date_published": "2021-02-09T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/" ], "source": "MITRE", "title": "BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech" }, "related": [], "uuid": "f5cbc08f-6f2c-4c81-9d68-07f61e16f138", "value": "Unit42 BendyBear Feb 2021" }, { "description": "Google. (2019, September 16). Best practices for Cloud Storage. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2019-09-16T00:00:00Z", "refs": [ "https://cloud.google.com/storage/docs/best-practices" ], "source": "MITRE", "title": "Best practices for Cloud Storage" }, "related": [], "uuid": "752ad355-0f10-4c8d-bad8-42bf2fc75fa0", "value": "Google Cloud Storage Best Practices, 2019" }, { "description": "Johann Rehberger. (2020, September 23). Beware of the Shadowbunny - Using virtual machines to persist and evade detections. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2020-09-23T00:00:00Z", "refs": [ "https://embracethered.com/blog/posts/2020/shadowbunny-virtual-machine-red-teaming-technique/" ], "source": "MITRE", "title": "Beware of the Shadowbunny - Using virtual machines to persist and evade detections" }, "related": [], "uuid": "eef7cd8a-8cb6-4b24-ba49-9b17353d20b5", "value": "Shadowbunny VM Defense Evasion" }, { "description": "Hexacorn. (2014, April 16). Beyond good ol’ Run key, Part 10. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2014-04-16T00:00:00Z", "refs": [ "http://www.hexacorn.com/blog/2014/04/16/beyond-good-ol-run-key-part-10/" ], "source": "MITRE", "title": "Beyond good ol’ Run key, Part 10" }, "related": [], "uuid": "60d90852-ea00-404d-b613-9ad1589aff31", "value": "Hexacorn Office Test" }, { "description": "Hexacorn. (2014, November 14). Beyond good ol’ Run key, Part 18. Retrieved November 15, 2019.", "meta": { "date_accessed": "2019-11-15T00:00:00Z", "date_published": "2014-11-14T00:00:00Z", "refs": [ "http://www.hexacorn.com/blog/2014/11/14/beyond-good-ol-run-key-part-18/" ], "source": "MITRE", "title": "Beyond good ol’ Run key, Part 18" }, "related": [], "uuid": "bdcdfe9e-1f22-4472-9a86-faefcb5c5618", "value": "Hexacorn Logon Scripts" }, { "description": "Hexacorn. (2017, April 17). Beyond good ol’ Run key, Part 62. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2017-04-17T00:00:00Z", "refs": [ "http://www.hexacorn.com/blog/2017/04/19/beyond-good-ol-run-key-part-62/" ], "source": "MITRE", "title": "Beyond good ol’ Run key, Part 62" }, "related": [], "uuid": "7d558a35-a5c0-4e4c-92bf-cb2435c41a95", "value": "Hexacorn Office Template Macros" }, { "description": "LOLBAS. (2018, May 25). Bginfo.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Bginfo/" ], "source": "Tidal Cyber", "title": "Bginfo.exe" }, "related": [], "uuid": "ca1eaac2-7449-4a76-bec2-9dc5971fd808", "value": "Bginfo.exe - LOLBAS Project" }, { "description": "Ben Armstrong, Lauren Pearce, Brad Pittack, Danny Quist. (2022, September 1). BianLian Ransomware Gang Gives It a Go!. Retrieved May 18, 2023.", "meta": { "date_accessed": "2023-05-18T00:00:00Z", "date_published": "2022-09-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://redacted.com/blog/bianlian-ransomware-gang-gives-it-a-go/" ], "source": "Tidal Cyber", "title": "BianLian Ransomware Gang Gives It a Go!" }, "related": [], "uuid": "fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d", "value": "BianLian Ransomware Gang Gives It a Go! | [redacted]" }, { "description": "Rostovcev, N. (2021, June 10). Big airline heist APT41 likely behind a third-party attack on Air India. Retrieved August 26, 2021.", "meta": { "date_accessed": "2021-08-26T00:00:00Z", "date_published": "2021-06-10T00:00:00Z", "refs": [ "https://www.group-ib.com/blog/colunmtk-apt41/" ], "source": "MITRE", "title": "Big airline heist APT41 likely behind a third-party attack on Air India" }, "related": [], "uuid": "a2bf43a0-c7da-4cb9-8f9a-b34fac92b625", "value": "Group IB APT 41 June 2021" }, { "description": "Frankoff, S., Hartley, B. (2018, November 14). Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2018-11-14T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/" ], "source": "MITRE, Tidal Cyber", "title": "Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware" }, "related": [], "uuid": "0f85f611-90db-43ba-8b71-5d0d4ec8cdd5", "value": "Crowdstrike Indrik November 2018" }, { "description": "Hanel, A. (2019, January 10). Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved May 12, 2020.", "meta": { "date_accessed": "2020-05-12T00:00:00Z", "date_published": "2019-01-10T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/" ], "source": "MITRE, Tidal Cyber", "title": "Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware" }, "related": [], "uuid": "df471757-2ce0-48a7-922f-a84c57704914", "value": "CrowdStrike Ryuk January 2019" }, { "description": "OWASP. (2013, January 30). Binary planting. Retrieved June 7, 2016.", "meta": { "date_accessed": "2016-06-07T00:00:00Z", "date_published": "2013-01-30T00:00:00Z", "refs": [ "https://www.owasp.org/index.php/Binary_planting" ], "source": "MITRE", "title": "Binary planting" }, "related": [], "uuid": "86fc5a62-385e-4c56-9812-138db0808fba", "value": "OWASP Binary Planting" }, { "description": "Wikipedia. (2016, December 26). Binary-to-text encoding. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2016-12-26T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Binary-to-text_encoding" ], "source": "MITRE", "title": "Binary-to-text encoding" }, "related": [], "uuid": "9b3820e8-f094-4e87-9ed6-ab0207d509fb", "value": "Wikipedia Binary-to-text Encoding" }, { "description": "Cid, D.. (2015, August 2). BIND9 – Denial of Service Exploit in the Wild. Retrieved April 26, 2019.", "meta": { "date_accessed": "2019-04-26T00:00:00Z", "date_published": "2015-08-02T00:00:00Z", "refs": [ "https://blog.sucuri.net/2015/08/bind9-denial-of-service-exploit-in-the-wild.html" ], "source": "MITRE", "title": "BIND9 – Denial of Service Exploit in the Wild" }, "related": [], "uuid": "5e108782-2f32-4704-be01-055d9e767216", "value": "Sucuri BIND9 August 2015" }, { "description": "Wikipedia. (n.d.). BIOS. Retrieved January 5, 2016.", "meta": { "date_accessed": "2016-01-05T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/BIOS" ], "source": "MITRE", "title": "BIOS" }, "related": [], "uuid": "0c4a2cb3-d663-47ee-87af-c5e9e68fe15f", "value": "Wikipedia BIOS" }, { "description": "Ge, L. (2011, September 9). BIOS Threat is Showing up Again!. Retrieved November 14, 2014.", "meta": { "date_accessed": "2014-11-14T00:00:00Z", "date_published": "2011-09-09T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/bios-threat-showing-again" ], "source": "MITRE", "title": "BIOS Threat is Showing up Again!" }, "related": [], "uuid": "dd6032fb-8913-4593-81b9-86d1239e01f4", "value": "Ge 2011" }, { "description": "Mercer, W., et al. (2020, March 5). Bisonal: 10 years of play. Retrieved January 26, 2022.", "meta": { "date_accessed": "2022-01-26T00:00:00Z", "date_published": "2020-03-05T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html" ], "source": "MITRE", "title": "Bisonal: 10 years of play" }, "related": [], "uuid": "eaecccff-e0a0-4fa0-81e5-799b23c26b5a", "value": "Talos Bisonal Mar 2020" }, { "description": "Warren Mercer, Paul Rascagneres, Vitor Ventura. (2020, March 6). Bisonal 10 Years of Play. Retrieved October 17, 2021.", "meta": { "date_accessed": "2021-10-17T00:00:00Z", "date_published": "2020-03-06T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html" ], "source": "MITRE", "title": "Bisonal 10 Years of Play" }, "related": [], "uuid": "6844e59b-d393-43df-9978-e3e3cc7b8db6", "value": "Talos Bisonal 10 Years March 2020" }, { "description": "Hayashi, K., Ray, V. (2018, July 31). Bisonal Malware Used in Attacks Against Russia and South Korea. Retrieved August 7, 2018.", "meta": { "date_accessed": "2018-08-07T00:00:00Z", "date_published": "2018-07-31T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/" ], "source": "MITRE", "title": "Bisonal Malware Used in Attacks Against Russia and South Korea" }, "related": [], "uuid": "30b2ec12-b785-43fb-ab72-b37387046d15", "value": "Unit 42 Bisonal July 2018" }, { "description": "LOLBAS. (2018, May 25). Bitsadmin.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Bitsadmin/" ], "source": "Tidal Cyber", "title": "Bitsadmin.exe" }, "related": [], "uuid": "89bdc17b-553c-4245-acde-f6c56602e357", "value": "Bitsadmin.exe - LOLBAS Project" }, { "description": "Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018.", "meta": { "date_accessed": "2018-01-12T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/aa362813.aspx" ], "source": "MITRE", "title": "BITSAdmin Tool" }, "related": [], "uuid": "5b8c2a8c-f01e-491a-aaf9-504ee7a1caed", "value": "Microsoft BITSAdmin" }, { "description": "Raghuprasad, C . (2022, May 11). Bitter APT adds Bangladesh to their targets. Retrieved June 1, 2022.", "meta": { "date_accessed": "2022-06-01T00:00:00Z", "date_published": "2022-05-11T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html" ], "source": "MITRE", "title": "Bitter APT adds Bangladesh to their targets" }, "related": [], "uuid": "097583ed-03b0-41cd-bf85-66d473f46439", "value": "Cisco Talos Bitter Bangladesh May 2022" }, { "description": "Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved June 1, 2022.", "meta": { "date_accessed": "2022-06-01T00:00:00Z", "date_published": "2016-10-21T00:00:00Z", "refs": [ "https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan" ], "source": "MITRE", "title": "BITTER: a targeted attack against Pakistan" }, "related": [], "uuid": "9fc54fb0-b7d9-49dc-b6dd-ab4cb2cd34fa", "value": "Forcepoint BITTER Pakistan Oct 2016" }, { "description": "Camba, A. (2013, February 27). BKDR_RARSTONE: New RAT to Watch Out For. Retrieved January 8, 2016.", "meta": { "date_accessed": "2016-01-08T00:00:00Z", "date_published": "2013-02-27T00:00:00Z", "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/" ], "source": "MITRE", "title": "BKDR_RARSTONE: New RAT to Watch Out For" }, "related": [], "uuid": "bca93846-457d-4644-ba43-f9293982916f", "value": "Camba RARSTONE" }, { "description": "Sioting, S. (2013, June 15). BKDR_URSNIF.SM. Retrieved June 5, 2019.", "meta": { "date_accessed": "2019-06-05T00:00:00Z", "date_published": "2013-06-15T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/BKDR_URSNIF.SM?_ga=2.129468940.1462021705.1559742358-1202584019.1549394279" ], "source": "MITRE", "title": "BKDR_URSNIF.SM" }, "related": [], "uuid": "aa791512-039e-4230-ab49-f184ca0e38c5", "value": "TrendMicro BKDR_URSNIF.SM" }, { "description": "Cybleinc. (2023, September 28). Bl00dy – New Ransomware Strain Active in the Wild. Retrieved August 3, 2023.", "meta": { "date_accessed": "2023-08-03T00:00:00Z", "date_published": "2023-09-28T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://cyble.com/blog/bl00dy-new-ransomware-strain-active-in-the-wild/" ], "source": "Tidal Cyber", "title": "Bl00dy – New Ransomware Strain Active in the Wild" }, "related": [], "uuid": "ae2daa9c-6741-4ab7-854d-bee1170b3d7a", "value": "Cyble September 28 2022" }, { "description": "Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot, Ian Kenefick. (2024, January 9). Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign. Retrieved January 11, 2024.", "meta": { "date_accessed": "2024-01-11T00:00:00Z", "date_published": "2024-01-09T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html" ], "source": "Tidal Cyber", "title": "Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign" }, "related": [], "uuid": "dc7d882b-4e83-42da-8e2f-f557b675930a", "value": "Trend Micro Pikabot January 9 2024" }, { "description": "Check Point. (2022, October 20). BLACK BASTA AND THE UNNOTICED DELIVERY. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2022-10-20T00:00:00Z", "refs": [ "https://research.checkpoint.com/2022/black-basta-and-the-unnoticed-delivery/" ], "source": "MITRE", "title": "BLACK BASTA AND THE UNNOTICED DELIVERY" }, "related": [], "uuid": "7a00457b-ae72-5aea-904f-9ca7f4cb9fe9", "value": "Check Point Black Basta October 2022" }, { "description": "Antonio Cocomazzi and Antonio Pirozzi. (2022, November 3). Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor. Retrieved March 14, 2023.", "meta": { "date_accessed": "2023-03-14T00:00:00Z", "date_published": "2022-11-03T00:00:00Z", "refs": [ "https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/" ], "source": "MITRE", "title": "Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor" }, "related": [], "uuid": "c7e55e37-d051-5111-8d0a-738656f88650", "value": "BlackBasta" }, { "description": "Kenefick, I. et al. (2022, October 12). Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike. Retrieved February 6, 2023.", "meta": { "date_accessed": "2023-02-06T00:00:00Z", "date_published": "2022-10-12T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html" ], "source": "MITRE", "title": "Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike" }, "related": [], "uuid": "6e4a1565-4a30-5a6b-961c-226a6f1967ae", "value": "Trend Micro Black Basta October 2022" }, { "description": "Sharma, S. and Hegde, N. (2022, June 7). Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2022-06-07T00:00:00Z", "refs": [ "https://www.uptycs.com/blog/black-basta-ransomware-goes-cross-platform-now-targets-esxi-systems" ], "source": "MITRE", "title": "Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems" }, "related": [], "uuid": "a8145e38-c2a4-5021-824d-5a831299b9d9", "value": "Uptycs Black Basta ESXi June 2022" }, { "description": "Ballmer, D. (2022, May 6). Black Basta: Rebrand of Conti or Something New?. Retrieved March 7, 2023.", "meta": { "date_accessed": "2023-03-07T00:00:00Z", "date_published": "2022-05-06T00:00:00Z", "refs": [ "https://blogs.blackberry.com/en/2022/05/black-basta-rebrand-of-conti-or-something-new" ], "source": "MITRE", "title": "Black Basta: Rebrand of Conti or Something New?" }, "related": [], "uuid": "32a272fe-ac10-5478-88a0-b3dd366ec540", "value": "BlackBerry Black Basta May 2022" }, { "description": "FBI. (2022, April 19). BlackCat/ALPHV Ransomware Indicators of Compromise. Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "date_published": "2022-04-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.ic3.gov/Media/News/2022/220420.pdf" ], "source": "Tidal Cyber", "title": "BlackCat/ALPHV Ransomware Indicators of Compromise" }, "related": [], "uuid": "2640b58c-8413-4691-80e1-33aec9b6c7f6", "value": "FBI BlackCat April 19 2022" }, { "description": "IBM Security X-Force Team. (2023, May 30). BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration. Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "date_published": "2023-05-30T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://securityintelligence.com/posts/blackcat-ransomware-levels-up-stealth-speed-exfiltration/" ], "source": "Tidal Cyber", "title": "BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration" }, "related": [], "uuid": "b80c1f70-9d05-4f4b-bdc2-6157c6837202", "value": "X-Force BlackCat May 30 2023" }, { "description": "BlackBerry. (n.d.). BlackCat Malware (AKA ALPHV). Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/blackcat" ], "source": "Tidal Cyber", "title": "BlackCat Malware (AKA ALPHV)" }, "related": [], "uuid": "59f98ae1-c62d-460f-8d2a-9ae287b59953", "value": "BlackBerry BlackCat Threat Overview" }, { "description": "Brandt, Andrew. (2022, July 14). BlackCat ransomware attacks not merely a byproduct of bad luck. Retrieved December 20, 2022.", "meta": { "date_accessed": "2022-12-20T00:00:00Z", "date_published": "2022-07-14T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/" ], "source": "MITRE", "title": "BlackCat ransomware attacks not merely a byproduct of bad luck" }, "related": [], "uuid": "481a0106-d5b6-532c-8f5b-6c0c477185f4", "value": "Sophos BlackCat Jul 2022" }, { "description": "Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry . Retrieved June 10, 2020.", "meta": { "date_accessed": "2020-06-10T00:00:00Z", "date_published": "2016-01-03T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/" ], "source": "MITRE", "title": "BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry" }, "related": [], "uuid": "a0103079-c966-46b6-8871-c01f7f0eea4c", "value": "ESET BlackEnergy Jan 2016" }, { "description": "Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved May 18, 2016.", "meta": { "date_accessed": "2016-05-18T00:00:00Z", "date_published": "2016-01-03T00:00:00Z", "refs": [ "http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/" ], "source": "MITRE", "title": "BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry" }, "related": [], "uuid": "4d626eb9-3722-4aa4-b95e-1650cc2865c2", "value": "ESEST Black Energy Jan 2016" }, { "description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.", "meta": { "date_accessed": "2016-03-24T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf" ], "source": "MITRE", "title": "BlackEnergy & Quedagh: The convergence of crimeware and APT attacks" }, "related": [], "uuid": "5f228fb5-d959-4c4a-bb8c-f9dc01d5af07", "value": "F-Secure BlackEnergy 2014" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2017, October 16). BlackOasis APT and new targeted attacks leveraging zero-day exploit. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/" ], "source": "MITRE, Tidal Cyber", "title": "BlackOasis APT and new targeted attacks leveraging zero-day exploit" }, "related": [], "uuid": "66121c37-6b66-4ab2-9f63-1adb80dcec62", "value": "Securelist BlackOasis Oct 2017" }, { "description": "Quist, N. (2020, October 5). Black-T: New Cryptojacking Variant from TeamTNT. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2020-10-05T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/" ], "source": "MITRE", "title": "Black-T: New Cryptojacking Variant from TeamTNT" }, "related": [], "uuid": "d4351c8e-026d-4660-9344-166481ecf64a", "value": "Palo Alto Black-T October 2020" }, { "description": "Lawrence Abrams. (2020, March 14). BlackWater Malware Abuses Cloudflare Workers for C2 Communication. Retrieved July 8, 2022.", "meta": { "date_accessed": "2022-07-08T00:00:00Z", "date_published": "2020-03-14T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/" ], "source": "MITRE", "title": "BlackWater Malware Abuses Cloudflare Workers for C2 Communication" }, "related": [], "uuid": "053895e8-da3f-4291-a728-2198fde774e7", "value": "BlackWater Malware Cloudflare Workers" }, { "description": "NHS Digital . (2020, August 20). BLINDINGCAN Remote Access Trojan. Retrieved August 20, 2020.", "meta": { "date_accessed": "2020-08-20T00:00:00Z", "date_published": "2020-08-20T00:00:00Z", "refs": [ "https://digital.nhs.uk/cyber-alerts/2020/cc-3603" ], "source": "MITRE", "title": "BLINDINGCAN Remote Access Trojan" }, "related": [], "uuid": "acca4c89-acce-4916-88b6-f4dac7d8ab19", "value": "NHS UK BLINDINGCAN Aug 2020" }, { "description": "Microsoft Azure. (2021, December 29). Blob snapshots. Retrieved March 2, 2022.", "meta": { "date_accessed": "2022-03-02T00:00:00Z", "date_published": "2021-12-29T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/storage/blobs/snapshots-overview" ], "source": "MITRE", "title": "Blob snapshots" }, "related": [], "uuid": "152628ab-3244-4cc7-a68e-a220b652039b", "value": "Azure Blob Snapshots" }, { "description": "Patrick Wardle. (2018, July 23). Block Blocking Login Items. Retrieved October 1, 2021.", "meta": { "date_accessed": "2021-10-01T00:00:00Z", "date_published": "2018-07-23T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x31.html" ], "source": "MITRE", "title": "Block Blocking Login Items" }, "related": [], "uuid": "76511800-8331-476b-ab4f-0daa587f5e22", "value": "objsee block blocking login items" }, { "description": "Mohta, A. (n.d.). Block Chrome Extensions using Google Chrome Group Policy Settings. Retrieved January 10, 2018.", "meta": { "date_accessed": "2018-01-10T00:00:00Z", "refs": [ "http://www.technospot.net/blogs/block-chrome-extensions-using-google-chrome-group-policy-settings/" ], "source": "MITRE", "title": "Block Chrome Extensions using Google Chrome Group Policy Settings" }, "related": [], "uuid": "76faf20c-27d3-4e67-8ab7-8480f8f88ae5", "value": "Technospot Chrome Extensions GP" }, { "description": "Evi1cg. (2017, November 26). block cmd.exe ? try this :. Retrieved January 22, 2018.", "meta": { "date_accessed": "2018-01-22T00:00:00Z", "date_published": "2017-11-26T00:00:00Z", "refs": [ "https://twitter.com/Evi1cg/status/935027922397573120" ], "source": "MITRE", "title": "block cmd.exe ? try this :" }, "related": [], "uuid": "b292b85e-68eb-43c3-9b5b-222810e2f26a", "value": "Evi1cg Forfiles Nov 2017" }, { "description": "David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. (2015). Blocking-resistant communication through domain fronting. Retrieved November 20, 2017.", "meta": { "date_accessed": "2017-11-20T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "http://www.icir.org/vern/papers/meek-PETS-2015.pdf" ], "source": "MITRE", "title": "Blocking-resistant communication through domain fronting" }, "related": [], "uuid": "52671075-c425-40c7-a49a-b75e44a0c58a", "value": "Fifield Blocking Resistent Communication through domain fronting 2015" }, { "description": "Robbins, A., Vazarkar, R., and Schroeder, W. (2016, April 17). Bloodhound: Six Degrees of Domain Admin. Retrieved March 5, 2019.", "meta": { "date_accessed": "2019-03-05T00:00:00Z", "date_published": "2016-04-17T00:00:00Z", "refs": [ "https://github.com/BloodHoundAD/BloodHound" ], "source": "MITRE", "title": "Bloodhound: Six Degrees of Domain Admin" }, "related": [], "uuid": "e90b4941-5dff-4f38-b4dd-af3426fd621e", "value": "GitHub Bloodhound" }, { "description": "Kunz, Bruce. (2018, October 14). Blue Cloud of Death: Red Teaming Azure. Retrieved November 21, 2019.", "meta": { "date_accessed": "2019-11-21T00:00:00Z", "date_published": "2018-10-14T00:00:00Z", "refs": [ "https://www.youtube.com/watch?v=wQ1CuAPnrLM&feature=youtu.be&t=2815" ], "source": "MITRE", "title": "Blue Cloud of Death: Red Teaming Azure" }, "related": [], "uuid": "39b0adf6-c71e-4501-b8bb-fab82718486b", "value": "Blue Cloud of Death Video" }, { "description": "Kunz, Bryce. (2018, May 11). Blue Cloud of Death: Red Teaming Azure. Retrieved October 23, 2019.", "meta": { "date_accessed": "2019-10-23T00:00:00Z", "date_published": "2018-05-11T00:00:00Z", "refs": [ "https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1" ], "source": "MITRE", "title": "Blue Cloud of Death: Red Teaming Azure" }, "related": [], "uuid": "0c764280-9d8c-4fa4-9088-170f02550d4c", "value": "Blue Cloud of Death" }, { "description": "Apple Inc. (2013, April 23). Bonjour Overview. Retrieved October 11, 2021.", "meta": { "date_accessed": "2021-10-11T00:00:00Z", "date_published": "2013-04-23T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/NetServices/Introduction.html" ], "source": "MITRE", "title": "Bonjour Overview" }, "related": [], "uuid": "b8538d67-ab91-41c2-9cc3-a7b00c6b372a", "value": "apple doco bonjour description" }, { "description": "Weyne, F. (2017, April). Booby trap a shortcut with a backdoor. Retrieved October 3, 2023.", "meta": { "date_accessed": "2023-10-03T00:00:00Z", "date_published": "2017-04-01T00:00:00Z", "refs": [ "https://www.uperesia.com/booby-trapped-shortcut" ], "source": "MITRE", "title": "Booby trap a shortcut with a backdoor" }, "related": [], "uuid": "1a820fb8-3cff-584b-804f-9bad0592873b", "value": "Booby Trap Shortcut 2017" }, { "description": "Gerend, J. et al. (2017, October 16). bootcfg. Retrieved August 30, 2021.", "meta": { "date_accessed": "2021-08-30T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-server/administration/windows-commands/bootcfg" ], "source": "MITRE", "title": "bootcfg" }, "related": [], "uuid": "44ffaa60-4461-4463-a1b5-abc868368c0a", "value": "Microsoft Bootcfg" }, { "description": "Imperva. (n.d.). Booters, Stressers and DDoSers. Retrieved October 4, 2020.", "meta": { "date_accessed": "2020-10-04T00:00:00Z", "refs": [ "https://www.imperva.com/learn/ddos/booters-stressers-ddosers/" ], "source": "MITRE", "title": "Booters, Stressers and DDoSers" }, "related": [], "uuid": "86f87ec6-058e-45a7-9314-0579a2b4e8f2", "value": "Imperva DDoS for Hire" }, { "description": "Wikipedia. (n.d.). Booting. Retrieved November 13, 2019.", "meta": { "date_accessed": "2019-11-13T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Booting" ], "source": "MITRE", "title": "Booting" }, "related": [], "uuid": "6d9c72cb-6cda-445e-89ea-7e695063d49a", "value": "Wikipedia Booting" }, { "description": "Glyer, C.. (2017, June 22). Boot What?. Retrieved May 4, 2020.", "meta": { "date_accessed": "2020-05-04T00:00:00Z", "date_published": "2017-06-22T00:00:00Z", "refs": [ "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1498163766.pdf" ], "source": "MITRE", "title": "Boot What?" }, "related": [], "uuid": "835c9e5d-b291-43d9-9b8a-2978aa8c8cd3", "value": "FireEye BOOTRASH SANS" }, { "description": "Harbison, M. (2019, March 26). Born This Way? Origins of LockerGoga. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2019-03-26T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/" ], "source": "MITRE", "title": "Born This Way? Origins of LockerGoga" }, "related": [], "uuid": "8f058923-f2f7-4c0e-b90a-c7a0d5e62186", "value": "Unit42 LockerGoga 2019" }, { "description": "Vest, J. (2017, October 9). Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads. Retrieved September 10, 2019.", "meta": { "date_accessed": "2019-09-10T00:00:00Z", "date_published": "2017-10-09T00:00:00Z", "refs": [ "https://threatexpress.com/blogs/2017/metatwin-borrowing-microsoft-metadata-and-digital-signatures-to-hide-binaries/" ], "source": "MITRE", "title": "Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads" }, "related": [], "uuid": "156efefd-793f-4219-8904-ef160a45c9ec", "value": "Threatexpress MetaTwin 2017" }, { "description": "The Sandfly Security Team. (2022, May 11). BPFDoor - An Evasive Linux Backdoor Technical Analysis. Retrieved September 29, 2023.", "meta": { "date_accessed": "2023-09-29T00:00:00Z", "date_published": "2022-05-11T00:00:00Z", "refs": [ "https://sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis/" ], "source": "MITRE", "title": "BPFDoor - An Evasive Linux Backdoor Technical Analysis" }, "related": [], "uuid": "01c8337f-614b-5f63-870f-5c880b390922", "value": "Sandfly BPFDoor 2022" }, { "description": "Dr. Nestori Syynimaa. (2021, January 31). BPRT unleashed: Joining multiple devices to Azure AD and Intune. Retrieved March 4, 2022.", "meta": { "date_accessed": "2022-03-04T00:00:00Z", "date_published": "2021-01-31T00:00:00Z", "refs": [ "https://o365blog.com/post/bprt/" ], "source": "MITRE", "title": "BPRT unleashed: Joining multiple devices to Azure AD and Intune" }, "related": [], "uuid": "19af3fce-eb57-4e67-9678-1968e9ea9677", "value": "AADInternals - BPRT" }, { "description": "Shahar Tavor. (n.d.). BrazKing Android Malware Upgraded and Targeting Brazilian Banks. Retrieved March 24, 2023.", "meta": { "date_accessed": "2023-03-24T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/" ], "source": "MITRE", "title": "BrazKing Android Malware Upgraded and Targeting Brazilian Banks" }, "related": [], "uuid": "fa813afd-b8f0-535b-9108-6d3d3989b6b9", "value": "Brazking-Websockets" }, { "description": "MSTIC. (2021, May 28). Breaking down NOBELIUM’s latest early-stage toolset. Retrieved August 4, 2021.", "meta": { "date_accessed": "2021-08-04T00:00:00Z", "date_published": "2021-05-28T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/" ], "source": "MITRE", "title": "Breaking down NOBELIUM’s latest early-stage toolset" }, "related": [], "uuid": "52464e69-ff9e-4101-9596-dd0c6404bf76", "value": "MSTIC Nobelium Toolset May 2021" }, { "description": "Lee, T., Hanzlik, D., Ahl, I. (2013, August 7). Breaking Down the China Chopper Web Shell - Part I. Retrieved March 27, 2015.", "meta": { "date_accessed": "2015-03-27T00:00:00Z", "date_published": "2013-08-07T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html" ], "source": "MITRE", "title": "Breaking Down the China Chopper Web Shell - Part I" }, "related": [], "uuid": "6d1e2b0a-fed2-490b-be25-6580dfb7d6aa", "value": "Lee 2013" }, { "description": "Hegel, Tom. (2023, January 19). Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2023-01-19T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/breaking-down-the-seo-poisoning-attack-how-attackers-are-hijacking-search-results/" ], "source": "MITRE", "title": "Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results" }, "related": [], "uuid": "7989f0de-90b8-5e6d-bc20-1764610d1568", "value": "sentinelone-malvertising" }, { "description": "Juuso Salonen. (2012, September 5). Breaking into the OS X keychain. Retrieved July 15, 2017.", "meta": { "date_accessed": "2017-07-15T00:00:00Z", "date_published": "2012-09-05T00:00:00Z", "refs": [ "http://juusosalonen.com/post/30923743427/breaking-into-the-os-x-keychain" ], "source": "MITRE", "title": "Breaking into the OS X keychain" }, "related": [], "uuid": "bde3ff9c-fbf9-49c4-b414-70dc8356d57d", "value": "OS X Keychain" }, { "description": "Tim Brown. (2011, June 29). Breaking the links: Exploiting the linker. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "date_published": "2011-06-29T00:00:00Z", "refs": [ "http://www.nth-dimension.org.uk/pub/BTL.pdf" ], "source": "MITRE", "title": "Breaking the links: Exploiting the linker" }, "related": [], "uuid": "24674e91-5cbf-4023-98ae-a9f0968ad99a", "value": "Brown Exploiting Linkers" }, { "description": "McWhirt, M., Carr, N., Bienstock, D. (2019, December 4). Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774). Retrieved June 23, 2020.", "meta": { "date_accessed": "2020-06-23T00:00:00Z", "date_published": "2019-12-04T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html" ], "source": "MITRE", "title": "Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)" }, "related": [], "uuid": "f23a773f-9c50-4193-877d-97f7c13f48f1", "value": "FireEye Outlook Dec 2019" }, { "description": "Cisco Talos Blog. (2022, December 8). Breaking the silence - Recent Truebot activity. Retrieved May 8, 2023.", "meta": { "date_accessed": "2023-05-08T00:00:00Z", "date_published": "2022-12-08T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/" ], "source": "Tidal Cyber", "title": "Breaking the silence - Recent Truebot activity" }, "related": [], "uuid": "bcf92374-48a3-480f-a679-9fd34b67bcdd", "value": "Cisco Talos Blog December 08 2022" }, { "description": "Kiwi. (2016, April 6). Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks. Retrieved October 3, 2018.", "meta": { "date_accessed": "2018-10-03T00:00:00Z", "date_published": "2016-04-06T00:00:00Z", "refs": [ "https://live.paloaltonetworks.com/t5/Ignite-2016-Blog/Breakout-Recap-Cybersecurity-Best-Practices-Part-1-Preventing/ba-p/75913" ], "source": "MITRE", "title": "Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks" }, "related": [], "uuid": "60fac434-2815-4568-b951-4bde55c2e3af", "value": "PaloAlto Preventing Opportunistic Attacks Apr 2016" }, { "description": "Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 8, 2021.", "meta": { "date_accessed": "2021-10-08T00:00:00Z", "date_published": "2018-06-18T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique" ], "source": "MITRE", "title": "Bring Your Own Land (BYOL) – A Novel Red Teaming Technique" }, "related": [], "uuid": "104a1c1c-0899-4ff9-a5c4-73de702c467d", "value": "Mandiant BYOL 2018" }, { "description": "Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2018-06-18T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique" ], "source": "MITRE", "title": "Bring Your Own Land (BYOL) – A Novel Red Teaming Technique" }, "related": [], "uuid": "445efe8b-659a-4023-afc7-aa7cd21ee5a1", "value": "Mandiant BYOL" }, { "description": "Bischoff, P. (2020, October 15). Broadvoice database of more than 350 million customer records exposed online. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2020-10-15T00:00:00Z", "refs": [ "https://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/" ], "source": "MITRE", "title": "Broadvoice database of more than 350 million customer records exposed online" }, "related": [], "uuid": "fa0eac56-45ea-4628-88cf-b843874b4a4d", "value": "Comparitech Leak" }, { "description": "Seals, T. (2020, October 15). Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2020-10-15T00:00:00Z", "refs": [ "https://threatpost.com/broadvoice-leaks-350m-records-voicemail-transcripts/160158/" ], "source": "MITRE", "title": "Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts" }, "related": [], "uuid": "91d20979-d4e7-4372-8a83-1e1512c8d3a9", "value": "ThreatPost Broadvoice Leak" }, { "description": "Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.", "meta": { "date_accessed": "2018-01-04T00:00:00Z", "date_published": "2017-10-12T00:00:00Z", "refs": [ "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses" ], "source": "MITRE, Tidal Cyber", "title": "BRONZE BUTLER Targets Japanese Enterprises" }, "related": [], "uuid": "c62d8d1a-cd1b-4b39-95b6-68f3f063dacf", "value": "Secureworks BRONZE BUTLER Oct 2017" }, { "description": "Secureworks. (2021, January 1). BRONZE HUNTLEY Threat Profile. Retrieved May 5, 2021.", "meta": { "date_accessed": "2021-05-05T00:00:00Z", "date_published": "2021-01-01T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/bronze-huntley" ], "source": "MITRE", "title": "BRONZE HUNTLEY Threat Profile" }, "related": [], "uuid": "9558ebc5-4de3-4b1d-b32c-a170adbc3451", "value": "Secureworks BRONZE HUNTLEY" }, { "description": "Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021.", "meta": { "date_accessed": "2021-04-13T00:00:00Z", "date_published": "2019-12-29T00:00:00Z", "refs": [ "https://www.secureworks.com/research/bronze-president-targets-ngos" ], "source": "MITRE, Tidal Cyber", "title": "BRONZE PRESIDENT Targets NGOs" }, "related": [], "uuid": "019889e0-a2ce-476f-9a31-2fc394de2821", "value": "Secureworks BRONZE PRESIDENT December 2019" }, { "description": "Counter Threat Unit Research Team. (2017, June 27). BRONZE UNION Cyberespionage Persists Despite Disclosures. Retrieved July 13, 2017.", "meta": { "date_accessed": "2017-07-13T00:00:00Z", "date_published": "2017-06-27T00:00:00Z", "refs": [ "https://www.secureworks.com/research/bronze-union" ], "source": "MITRE, Tidal Cyber", "title": "BRONZE UNION Cyberespionage Persists Despite Disclosures" }, "related": [], "uuid": "42adda47-f5d6-4d34-9b3d-3748a782f886", "value": "SecureWorks BRONZE UNION June 2017" }, { "description": "Wikipedia. (2017, October 8). Browser Extension. Retrieved January 11, 2018.", "meta": { "date_accessed": "2018-01-11T00:00:00Z", "date_published": "2017-10-08T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Browser_extension" ], "source": "MITRE", "title": "Browser Extension" }, "related": [], "uuid": "52aef082-3f8e-41b4-af95-6631ce4c9e91", "value": "Wikipedia Browser Extension" }, { "description": "mr.d0x. (2022, March 15). Browser In The Browser (BITB) Attack. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2022-03-15T00:00:00Z", "refs": [ "https://mrd0x.com/browser-in-the-browser-phishing-attack/" ], "source": "MITRE", "title": "Browser In The Browser (BITB) Attack" }, "related": [], "uuid": "447f6b34-ac3a-58d9-af96-aa1d947a3e0e", "value": "Mr. D0x BitB 2022" }, { "description": "Mudge, R. (n.d.). Browser Pivoting. Retrieved January 10, 2018.", "meta": { "date_accessed": "2018-01-10T00:00:00Z", "refs": [ "https://www.cobaltstrike.com/help-browser-pivoting" ], "source": "MITRE", "title": "Browser Pivoting" }, "related": [], "uuid": "0c1dd453-7281-4ee4-9c8f-bdc401cf48d7", "value": "Cobalt Strike Browser Pivot" }, { "description": "Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.", "meta": { "date_accessed": "2016-09-26T00:00:00Z", "date_published": "2016-09-06T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong" ], "source": "MITRE, Tidal Cyber", "title": "Buckeye cyberespionage group shifts gaze from US to Hong Kong" }, "related": [], "uuid": "dbf3ce3e-bcf2-4e47-ad42-839e51967395", "value": "Symantec Buckeye" }, { "description": "ESET Research. (2019, April 30). Buhtrap backdoor and Buran ransomware distributed via major advertising platform. Retrieved May 11, 2020.", "meta": { "date_accessed": "2020-05-11T00:00:00Z", "date_published": "2019-04-30T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2019/04/30/buhtrap-backdoor-ransomware-advertising-platform/" ], "source": "MITRE", "title": "Buhtrap backdoor and Buran ransomware distributed via major advertising platform" }, "related": [], "uuid": "e308a957-fb5c-44e8-a846-be6daef4b940", "value": "ESET Buhtrap and Buran April 2019" }, { "description": "Bunce, D. (2019, October 31). Building A Custom Tool For Shellcode Analysis. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2019-10-31T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/building-a-custom-tool-for-shellcode-analysis/" ], "source": "MITRE", "title": "Building A Custom Tool For Shellcode Analysis" }, "related": [], "uuid": "f49bfd00-48d5-4d84-a7b7-cb23fcdf861b", "value": "S1 Custom Shellcode Tool" }, { "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.", "meta": { "date_accessed": "2019-02-18T00:00:00Z", "date_published": "2014-10-02T00:00:00Z", "refs": [ "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/" ], "source": "MITRE", "title": "Building a DGA Classifier: Part 2, Feature Engineering" }, "related": [], "uuid": "c92fb2ec-c144-42d4-bd42-179d3d737db0", "value": "Data Driven Security DGA" }, { "description": "Tafani-Dereeper, C. (2019, March 12). Building an Office macro to spoof parent processes and command line arguments. Retrieved June 3, 2019.", "meta": { "date_accessed": "2019-06-03T00:00:00Z", "date_published": "2019-03-12T00:00:00Z", "refs": [ "https://blog.christophetd.fr/building-an-office-macro-to-spoof-process-parent-and-command-line/" ], "source": "MITRE", "title": "Building an Office macro to spoof parent processes and command line arguments" }, "related": [], "uuid": "b06b72ba-dbd6-4190-941a-0cdd3d659ab6", "value": "CTD PPID Spoofing Macro Mar 2019" }, { "description": "Cybereason. (2022, August 17). Bumblebee Loader – The High Road to Enterprise Domain Control. Retrieved August 29, 2022.", "meta": { "date_accessed": "2022-08-29T00:00:00Z", "date_published": "2022-08-17T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control" ], "source": "MITRE", "title": "Bumblebee Loader – The High Road to Enterprise Domain Control" }, "related": [], "uuid": "64bfb605-af69-4df0-ae56-32fa997516bc", "value": "Cybereason Bumblebee August 2022" }, { "description": "Kamble, V. (2022, June 28). Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem. Retrieved August 24, 2022.", "meta": { "date_accessed": "2022-08-24T00:00:00Z", "date_published": "2022-06-28T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bumblebee-loader-cybercrime" ], "source": "MITRE", "title": "Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem" }, "related": [], "uuid": "81bfabad-b5b3-4e45-ac1d-1e2e829fca33", "value": "Symantec Bumblebee June 2022" }, { "description": "Patrick Wardle. (2019, June 20). Burned by Fire(fox). Retrieved October 1, 2021.", "meta": { "date_accessed": "2021-10-01T00:00:00Z", "date_published": "2019-06-20T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x44.html" ], "source": "MITRE", "title": "Burned by Fire(fox)" }, "related": [], "uuid": "866c5305-8629-4f09-8dfe-192c8573ffb0", "value": "objsee netwire backdoor 2019" }, { "description": "Hegel, T. (2018, May 3). Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers. Retrieved July 8, 2018.", "meta": { "date_accessed": "2018-07-08T00:00:00Z", "date_published": "2018-05-03T00:00:00Z", "refs": [ "https://401trg.github.io/pages/burning-umbrella.html" ], "source": "MITRE", "title": "Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers" }, "related": [], "uuid": "e3f1f2e4-dc1c-4d9c-925d-47013f44a69f", "value": "401 TRG Winnti Umbrella May 2018" }, { "description": "Thomas Reed. (2016, March 31). Bypassing Apple's Gatekeeper. Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "date_published": "2016-03-31T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/cybercrime/2015/10/bypassing-apples-gatekeeper/" ], "source": "MITRE", "title": "Bypassing Apple's Gatekeeper" }, "related": [], "uuid": "957a0916-614e-4c7b-a6dd-1baa4fc6f93e", "value": "Bypassing Gatekeeper" }, { "description": "Nelson, M. (2017, November 17). Bypassing Application Whitelisting By Using dnx.exe. Retrieved May 25, 2017.", "meta": { "date_accessed": "2017-05-25T00:00:00Z", "date_published": "2017-11-17T00:00:00Z", "refs": [ "https://enigma0x3.net/2016/11/17/bypassing-application-whitelisting-by-using-dnx-exe/" ], "source": "MITRE", "title": "Bypassing Application Whitelisting By Using dnx.exe" }, "related": [], "uuid": "e0186f1d-100d-4e52-b6f7-0a7e1c1a35f0", "value": "engima0x3 DNX Bypass" }, { "description": "Nelson, M. (2016, November 21). Bypassing Application Whitelisting By Using rcsi.exe. Retrieved May 26, 2017.", "meta": { "date_accessed": "2017-05-26T00:00:00Z", "date_published": "2016-11-21T00:00:00Z", "refs": [ "https://enigma0x3.net/2016/11/21/bypassing-application-whitelisting-by-using-rcsi-exe/" ], "source": "MITRE", "title": "Bypassing Application Whitelisting By Using rcsi.exe" }, "related": [], "uuid": "0b815bd9-6c7f-4bd8-9031-667fa6252f89", "value": "engima0x3 RCSI Bypass" }, { "description": "Graeber, M. (2016, August 15). Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner. Retrieved May 26, 2017.", "meta": { "date_accessed": "2017-05-26T00:00:00Z", "date_published": "2016-08-15T00:00:00Z", "refs": [ "http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html" ], "source": "MITRE", "title": "Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner" }, "related": [], "uuid": "abd5f871-e12e-4355-af72-d4be79cb0291", "value": "Exploit Monday WinDbg" }, { "description": "Smith, C. (2016, September 13). Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations. Retrieved September 13, 2016.", "meta": { "date_accessed": "2016-09-13T00:00:00Z", "date_published": "2016-09-13T00:00:00Z", "source": "MITRE", "title": "Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations" }, "related": [], "uuid": "82a762d0-c59f-456d-a7d3-1cab3fa02526", "value": "SubTee MSBuild" }, { "description": "Nick Frichette. (2023, March 20). Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research. Retrieved September 18, 2023.", "meta": { "date_accessed": "2023-09-18T00:00:00Z", "date_published": "2023-03-20T00:00:00Z", "refs": [ "https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other/" ], "source": "MITRE", "title": "Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research" }, "related": [], "uuid": "de50bd67-96bb-537c-b91d-e541a717b7a1", "value": "Bypassing CloudTrail in AWS Service Catalog" }, { "description": "Dr. Nestori Syynimaa. (2020, September 6). Bypassing conditional access by faking device compliance. Retrieved March 4, 2022.", "meta": { "date_accessed": "2022-03-04T00:00:00Z", "date_published": "2020-09-06T00:00:00Z", "refs": [ "https://o365blog.com/post/mdm" ], "source": "MITRE", "title": "Bypassing conditional access by faking device compliance" }, "related": [], "uuid": "832841a1-92d1-4fcc-90f7-afbabad84aec", "value": "AADInternals - Conditional Access Bypass" }, { "description": "Moe, O. (2017, August 13). Bypassing Device guard UMCI using CHM – CVE-2017-8625. Retrieved October 3, 2018.", "meta": { "date_accessed": "2018-10-03T00:00:00Z", "date_published": "2017-08-13T00:00:00Z", "refs": [ "https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/" ], "source": "MITRE", "title": "Bypassing Device guard UMCI using CHM – CVE-2017-8625" }, "related": [], "uuid": "d4e4cc8a-3246-463f-ba06-d68459d907d4", "value": "MsitPros CHM Aug 2017" }, { "description": "Nelson, M. (2017, March 14). Bypassing UAC using App Paths. Retrieved May 25, 2017.", "meta": { "date_accessed": "2017-05-25T00:00:00Z", "date_published": "2017-03-14T00:00:00Z", "refs": [ "https://enigma0x3.net/2017/03/14/bypassing-uac-using-app-paths/" ], "source": "MITRE", "title": "Bypassing UAC using App Paths" }, "related": [], "uuid": "2e69a4a7-dc7f-4b7d-99b2-190c60d7efd1", "value": "enigma0x3 sdclt app paths" }, { "description": "MDSec Research. (2020, December). Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2020-12-01T00:00:00Z", "refs": [ "https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/" ], "source": "MITRE", "title": "Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams" }, "related": [], "uuid": "b461e226-1317-4ce4-a195-ba4c4957db99", "value": "MDSec System Calls" }, { "description": "Hybrid Analysis. (2018, June 12). c9b65b764985dfd7a11d3faf599c56b8.exe. Retrieved August 19, 2018.", "meta": { "date_accessed": "2018-08-19T00:00:00Z", "date_published": "2018-06-12T00:00:00Z", "refs": [ "https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100" ], "source": "MITRE", "title": "c9b65b764985dfd7a11d3faf599c56b8.exe" }, "related": [], "uuid": "74df644a-06b8-4331-85a3-932358d65b62", "value": "Hybrid Analysis Icacls1 June 2018" }, { "description": "Microsoft. (2016, August 31). Cached and Stored Credentials Technical Overview. Retrieved November 24, 2020.", "meta": { "date_accessed": "2020-11-24T00:00:00Z", "date_published": "2016-08-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v=ws.11)#credential-manager-store" ], "source": "MITRE", "title": "Cached and Stored Credentials Technical Overview" }, "related": [], "uuid": "c949a29b-bb31-4bd7-a967-ddd48c7efb8e", "value": "Microsoft Credential Manager store" }, { "description": "Microsoft. (2016, August 21). Cached and Stored Credentials Technical Overview. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2016-08-21T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v%3Dws.11)" ], "source": "MITRE", "title": "Cached and Stored Credentials Technical Overview" }, "related": [], "uuid": "590ea63f-f800-47e4-8d39-df11a184ba84", "value": "Microsoft - Cached Creds" }, { "description": "Zykov, K. (2020, August 13). CactusPete APT group’s updated Bisonal backdoor. Retrieved May 5, 2021.", "meta": { "date_accessed": "2021-05-05T00:00:00Z", "date_published": "2020-08-13T00:00:00Z", "refs": [ "https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/" ], "source": "MITRE, Tidal Cyber", "title": "CactusPete APT group’s updated Bisonal backdoor" }, "related": [], "uuid": "1c393964-e717-45ad-8eb6-5df5555d3c70", "value": "Kaspersky CactusPete Aug 2020" }, { "description": "ESET. (2022, March 15). CaddyWiper: New wiper malware discovered in Ukraine. Retrieved March 23, 2022.", "meta": { "date_accessed": "2022-03-23T00:00:00Z", "date_published": "2022-03-15T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine" ], "source": "MITRE", "title": "CaddyWiper: New wiper malware discovered in Ukraine" }, "related": [], "uuid": "9fa97444-311f-40c1-8728-c5f91634c750", "value": "ESET CaddyWiper March 2022" }, { "description": "Microsoft Threat Intelligence. (2023, June 14). Cadet Blizzard emerges as a novel and distinct Russian threat actor. Retrieved July 10, 2023.", "meta": { "date_accessed": "2023-07-10T00:00:00Z", "date_published": "2023-06-14T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/" ], "source": "MITRE", "title": "Cadet Blizzard emerges as a novel and distinct Russian threat actor" }, "related": [], "uuid": "7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b", "value": "Cadet Blizzard emerges as novel threat actor" }, { "description": "Matt Muir. (2022, April 6). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2022-04-06T00:00:00Z", "refs": [ "https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/" ], "source": "MITRE", "title": "Cado Discovers Denonia: The First Malware Specifically Targeting Lambda" }, "related": [], "uuid": "584e7ace-ef33-423b-9801-4728a447cb34", "value": "Cado Security Denonia" }, { "description": "William Turton. (2023, September 13). Caesars Entertainment Paid Millions to Hackers in Attack. Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "date_published": "2023-09-13T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.bloomberg.com/news/articles/2023-09-13/caesars-entertainment-paid-millions-in-ransom-in-recent-attack" ], "source": "Tidal Cyber", "title": "Caesars Entertainment Paid Millions to Hackers in Attack" }, "related": [], "uuid": "6915c003-7c8b-451c-8fb1-3541f00c14fb", "value": "Caesars Scattered Spider September 13 2023" }, { "description": "Kuzin, M., Zelensky S. (2018, July 20). Calisto Trojan for macOS. Retrieved September 7, 2018.", "meta": { "date_accessed": "2018-09-07T00:00:00Z", "date_published": "2018-07-20T00:00:00Z", "refs": [ "https://securelist.com/calisto-trojan-for-macos/86543/" ], "source": "MITRE", "title": "Calisto Trojan for macOS" }, "related": [], "uuid": "a292d77b-9150-46ea-b217-f51e091fdb57", "value": "Securelist Calisto July 2018" }, { "description": "CERT-FR. (2023, October 26). Campagnes d'attaques du mode opératoire APT28 depuis 2021. Retrieved October 26, 2023.", "meta": { "date_accessed": "2023-10-26T00:00:00Z", "date_published": "2023-10-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-009.pdf" ], "source": "Tidal Cyber", "title": "Campagnes d'attaques du mode opératoire APT28 depuis 2021" }, "related": [], "uuid": "5365ac4c-fbb8-4389-989e-a64cb7693371", "value": "CERTFR-2023-CTI-009" }, { "description": "FSI. (2017, July 27). Campaign Rifle - Andariel, the Maiden of Anguish. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2017-07-27T00:00:00Z", "refs": [ "https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1680.do" ], "source": "MITRE", "title": "Campaign Rifle - Andariel, the Maiden of Anguish" }, "related": [], "uuid": "bde61ee9-16f9-4bd9-a847-5cc9df21335c", "value": "FSI Andariel Campaign Rifle July 2017" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved March 27, 2017.", "meta": { "date_accessed": "2017-03-27T00:00:00Z", "date_published": "2015-02-01T00:00:00Z", "refs": [ "https://securelist.com/the-great-bank-robbery-the-carbanak-apt/68732/" ], "source": "MITRE", "title": "CARBANAK APT THE GREAT BANK ROBBERY" }, "related": [], "uuid": "053a2bbb-5509-4aba-bbd7-ccc3d8074291", "value": "KasperskyCarbanak" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved August 23, 2018.", "meta": { "date_accessed": "2018-08-23T00:00:00Z", "date_published": "2015-02-01T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064518/Carbanak_APT_eng.pdf" ], "source": "MITRE, Tidal Cyber", "title": "CARBANAK APT THE GREAT BANK ROBBERY" }, "related": [], "uuid": "2f7e77db-fe39-4004-9945-3c8943708494", "value": "Kaspersky Carbanak" }, { "description": "Griffin, N. (2017, January 17). CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL. Retrieved February 15, 2017.", "meta": { "date_accessed": "2017-02-15T00:00:00Z", "date_published": "2017-01-17T00:00:00Z", "refs": [ "https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-command-and-control" ], "source": "MITRE", "title": "CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL" }, "related": [], "uuid": "3da6084f-5e12-4472-afb9-82efd3e22cf6", "value": "Forcepoint Carbanak Google C2" }, { "description": "Trend Micro. (2014, February 27). CARBERP. Retrieved July 29, 2020.", "meta": { "date_accessed": "2020-07-29T00:00:00Z", "date_published": "2014-02-27T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/carberp" ], "source": "MITRE", "title": "CARBERP" }, "related": [], "uuid": "069e458f-d780-47f9-8ebe-21b195fe9b33", "value": "Trend Micro Carberp February 2014" }, { "description": "Giuliani, M., Allievi, A. (2011, February 28). Carberp - a modular information stealing trojan. Retrieved July 15, 2020.", "meta": { "date_accessed": "2020-07-15T00:00:00Z", "date_published": "2011-02-28T00:00:00Z", "refs": [ "http://pxnow.prevx.com/content/blog/carberp-a_modular_information_stealing_trojan.pdf" ], "source": "MITRE", "title": "Carberp - a modular information stealing trojan" }, "related": [], "uuid": "8f95d81a-ea8c-44bf-950d-9eb868182d39", "value": "Prevx Carberp March 2011" }, { "description": "Trusteer Fraud Prevention Center. (2010, October 7). Carberp Under the Hood of Carberp: Malware & Configuration Analysis. Retrieved July 15, 2020.", "meta": { "date_accessed": "2020-07-15T00:00:00Z", "date_published": "2010-10-07T00:00:00Z", "refs": [ "https://web.archive.org/web/20111004014029/http://www.trusteer.com/sites/default/files/Carberp_Analysis.pdf" ], "source": "MITRE", "title": "Carberp Under the Hood of Carberp: Malware & Configuration Analysis" }, "related": [], "uuid": "f7af5be2-0cb4-4b41-9d08-2f652b6bac3c", "value": "Trusteer Carberp October 2010" }, { "description": "ESET. (2017, March 30). Carbon Paper: Peering into Turla’s second stage backdoor. Retrieved November 7, 2018.", "meta": { "date_accessed": "2018-11-07T00:00:00Z", "date_published": "2017-03-30T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/" ], "source": "MITRE", "title": "Carbon Paper: Peering into Turla’s second stage backdoor" }, "related": [], "uuid": "5d2a3a81-e7b7-430d-b748-b773f89d3c77", "value": "ESET Carbon Mar 2017" }, { "description": "Loui, E. and Reynolds, J. (2021, August 30). CARBON SPIDER Embraces Big Game Hunting, Part 1. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2021-08-30T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/" ], "source": "MITRE", "title": "CARBON SPIDER Embraces Big Game Hunting, Part 1" }, "related": [], "uuid": "36f0ddb0-94af-494c-ad10-9d3f75d1d810", "value": "CrowdStrike Carbon Spider August 2021" }, { "description": "Grunzweig, J.. (2017, April 20). Cardinal RAT Active for Over Two Years. Retrieved December 8, 2018.", "meta": { "date_accessed": "2018-12-08T00:00:00Z", "date_published": "2017-04-20T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/" ], "source": "MITRE", "title": "Cardinal RAT Active for Over Two Years" }, "related": [], "uuid": "8d978b94-75c9-46a1-812a-bafe3396eda9", "value": "PaloAlto CardinalRat Apr 2017" }, { "description": "ESET Research. (2019, October 3). Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "date_published": "2019-10-03T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/" ], "source": "MITRE", "title": "Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico" }, "related": [], "uuid": "a5cb3ee6-9a0b-4e90-bf32-be7177a858b1", "value": "ESET Casbaneiro Oct 2019" }, { "description": "Hudek, T. (2017, April 20). Catalog Files and Digital Signatures. Retrieved January 31, 2018.", "meta": { "date_accessed": "2018-01-31T00:00:00Z", "date_published": "2017-04-20T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-hardware/drivers/install/catalog-files" ], "source": "MITRE", "title": "Catalog Files and Digital Signatures" }, "related": [], "uuid": "5b6ae460-a1cf-4afe-a0c8-d6ea24741ebe", "value": "Microsoft Catalog Files and Signatures April 2017" }, { "description": "Marinho, R. (n.d.). \"Catch-All\" Google Chrome Malicious Extension Steals All Posted Data. Retrieved November 16, 2017.", "meta": { "date_accessed": "2017-11-16T00:00:00Z", "refs": [ "https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/https:/threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/)" ], "source": "MITRE", "title": "\"Catch-All\" Google Chrome Malicious Extension Steals All Posted Data" }, "related": [], "uuid": "eddd2ea8-89c1-40f9-b6e3-37cbdebd210e", "value": "Catch All Chrome Extension" }, { "description": "Katz, O. (2020, October 26). Catch Me if You Can—JavaScript Obfuscation. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "date_published": "2020-10-26T00:00:00Z", "refs": [ "https://www.akamai.com/blog/security/catch-me-if-you-can-javascript-obfuscation" ], "source": "MITRE", "title": "Catch Me if You Can—JavaScript Obfuscation" }, "related": [], "uuid": "379a177b-0c31-5840-ad54-3fdfc9904a88", "value": "Akamai JS" }, { "description": "MDSec Research. (2017, July). Categorisation is not a Security Boundary. Retrieved September 20, 2019.", "meta": { "date_accessed": "2019-09-20T00:00:00Z", "date_published": "2017-07-01T00:00:00Z", "refs": [ "https://www.mdsec.co.uk/2017/07/categorisation-is-not-a-security-boundary/" ], "source": "MITRE", "title": "Categorisation is not a Security Boundary" }, "related": [], "uuid": "3c320f38-e691-46f7-a20d-58b024ea2fa2", "value": "Categorisation_not_boundary" }, { "description": "Dahl, M.. (2014, May 13). Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN. Retrieved May 27, 2020.", "meta": { "date_accessed": "2020-05-27T00:00:00Z", "date_published": "2014-05-13T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/" ], "source": "MITRE", "title": "Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN" }, "related": [], "uuid": "ab669ded-e659-4313-b5ab-8c5362562f39", "value": "CrowdStrike Flying Kitten" }, { "description": "Selena Larson, Sam Scholten, Timothy Kromphardt. (2021, November 4). Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery. Retrieved January 5, 2022.", "meta": { "date_accessed": "2022-01-05T00:00:00Z", "date_published": "2021-11-04T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/caught-beneath-landline-411-telephone-oriented-attack-delivery" ], "source": "MITRE", "title": "Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery" }, "related": [], "uuid": "9670da7b-0600-4072-9ecc-65a918b89ac5", "value": "Telephone Attack Delivery" }, { "description": "Tetra Defense. (2020, March). CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS. Retrieved December 14, 2020.", "meta": { "date_accessed": "2020-12-14T00:00:00Z", "date_published": "2020-03-01T00:00:00Z", "refs": [ "https://www.tetradefense.com/incident-response-services/cause-and-effect-sodinokibi-ransomware-analysis" ], "source": "MITRE", "title": "CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS" }, "related": [], "uuid": "a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50", "value": "Tetra Defense Sodinokibi March 2020" }, { "description": "Lee, S. (2019, May 17). CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption. Retrieved July 29, 2019.", "meta": { "date_accessed": "2019-07-29T00:00:00Z", "date_published": "2019-05-17T00:00:00Z", "refs": [ "https://www.carbonblack.com/2019/05/17/cb-tau-threat-intelligence-notification-robbinhood-ransomware-stops-181-windows-services-before-encryption/" ], "source": "MITRE", "title": "CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption" }, "related": [], "uuid": "cb9e49fa-253a-447a-9c88-c6e507bae0bb", "value": "CarbonBlack RobbinHood May 2019" }, { "description": "Brumaghin, E. et al. (2017, September 18). CCleanup: A Vast Number of Machines at Risk. Retrieved March 9, 2018.", "meta": { "date_accessed": "2018-03-09T00:00:00Z", "date_published": "2017-09-18T00:00:00Z", "refs": [ "http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html" ], "source": "MITRE", "title": "CCleanup: A Vast Number of Machines at Risk" }, "related": [], "uuid": "f2522cf4-dc65-4dc5-87e3-9e88212fcfe9", "value": "Talos CCleanup 2017" }, { "description": "LOLBAS. (2018, May 25). Cdb.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Cdb/" ], "source": "Tidal Cyber", "title": "Cdb.exe" }, "related": [], "uuid": "e61b035f-6247-47e3-918c-2892815dfddf", "value": "Cdb.exe - LOLBAS Project" }, { "description": "Cherepanov, A.. (2018, July 9). Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign. Retrieved May 6, 2020.", "meta": { "date_accessed": "2020-05-06T00:00:00Z", "date_published": "2018-07-09T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/" ], "source": "MITRE", "title": "Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign" }, "related": [], "uuid": "2c28640d-e4ee-47db-a8f1-b34def7d2e9a", "value": "ESET PLEAD Malware July 2018" }, { "description": "Schroeder, W. (2021, June 17). Certified Pre-Owned. Retrieved August 2, 2022.", "meta": { "date_accessed": "2022-08-02T00:00:00Z", "date_published": "2021-06-17T00:00:00Z", "refs": [ "https://posts.specterops.io/certified-pre-owned-d95910965cd2" ], "source": "MITRE", "title": "Certified Pre-Owned" }, "related": [], "uuid": "04e53c69-3f29-4bb4-83c9-ff3a2db1526b", "value": "Medium Certified Pre Owned" }, { "description": "Schroeder, W. & Christensen, L. (2021, June 22). Certified Pre-Owned - Abusing Active Directory Certificate Services. Retrieved August 2, 2022.", "meta": { "date_accessed": "2022-08-02T00:00:00Z", "date_published": "2021-06-22T00:00:00Z", "refs": [ "https://web.archive.org/web/20220818094600/https://specterops.io/assets/resources/Certified_Pre-Owned.pdf" ], "source": "MITRE", "title": "Certified Pre-Owned - Abusing Active Directory Certificate Services" }, "related": [], "uuid": "73b6a6a6-c2b8-4aed-9cbc-d3bdcbb97698", "value": "SpecterOps Certified Pre Owned" }, { "description": "HarmJ0y et al. (2021, June 9). Certify. Retrieved August 4, 2022.", "meta": { "date_accessed": "2022-08-04T00:00:00Z", "date_published": "2021-06-09T00:00:00Z", "refs": [ "https://github.com/GhostPack/Certify/" ], "source": "MITRE", "title": "Certify" }, "related": [], "uuid": "27fce38b-07d6-43ed-a3da-174458c4acbe", "value": "GitHub Certify" }, { "description": "LOLBAS. (2021, October 7). CertOC.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-10-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Certoc/" ], "source": "Tidal Cyber", "title": "CertOC.exe" }, "related": [], "uuid": "b906498e-2773-419b-8c6d-3e974925ac18", "value": "CertOC.exe - LOLBAS Project" }, { "description": "LOLBAS. (2020, July 7). CertReq.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-07-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Certreq/" ], "source": "Tidal Cyber", "title": "CertReq.exe" }, "related": [], "uuid": "be446484-8ecc-486e-8940-658c147f6978", "value": "CertReq.exe - LOLBAS Project" }, { "description": "TheWover. (2021, April 21). CertStealer. Retrieved August 2, 2022.", "meta": { "date_accessed": "2022-08-02T00:00:00Z", "date_published": "2021-04-21T00:00:00Z", "refs": [ "https://github.com/TheWover/CertStealer" ], "source": "MITRE", "title": "CertStealer" }, "related": [], "uuid": "da06ce8f-f950-4ae8-a62a-b59b236e91a3", "value": "GitHub CertStealer" }, { "description": "Microsoft. (2012, November 14). Certutil. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2012-11-14T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/cc732443.aspx" ], "source": "MITRE", "title": "Certutil" }, "related": [], "uuid": "8d095aeb-c72c-49c1-8482-dbf4ce9203ce", "value": "TechNet Certutil" }, { "description": "LOLBAS. (n.d.). Certutil.exe. Retrieved July 31, 2019.", "meta": { "date_accessed": "2019-07-31T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Certutil/" ], "source": "MITRE", "title": "Certutil.exe" }, "related": [], "uuid": "4c875710-9b5d-47b5-bc9e-69ef95797c8f", "value": "LOLBAS Certutil" }, { "description": "Kindlund, D. (2012, December 30). CFR Watering Hole Attack Details. Retrieved December 18, 2020.", "meta": { "date_accessed": "2020-12-18T00:00:00Z", "date_published": "2012-12-30T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-details.html" ], "source": "MITRE", "title": "CFR Watering Hole Attack Details" }, "related": [], "uuid": "6108ab77-e4fd-43f2-9d49-8ce9c219ca9c", "value": "FireEye CFR Watering Hole 2012" }, { "description": "Glyer, C. (2018, April 14). @cglyer Status Update. Retrieved October 11, 2018.", "meta": { "date_accessed": "2018-10-11T00:00:00Z", "date_published": "2018-04-14T00:00:00Z", "refs": [ "https://twitter.com/cglyer/status/985311489782374400" ], "source": "MITRE", "title": "@cglyer Status Update" }, "related": [], "uuid": "cfcb0839-0736-489f-9779-72e5c96cce3d", "value": "Twitter Cglyer Status Update APT3 eml" }, { "description": "Salem, E. (2020, November 17). CHAES: Novel Malware Targeting Latin American E-Commerce. Retrieved June 30, 2021.", "meta": { "date_accessed": "2021-06-30T00:00:00Z", "date_published": "2020-11-17T00:00:00Z", "refs": [ "https://www.cybereason.com/hubfs/dam/collateral/reports/11-2020-Chaes-e-commerce-malware-research.pdf" ], "source": "MITRE", "title": "CHAES: Novel Malware Targeting Latin American E-Commerce" }, "related": [], "uuid": "aaefa162-82a8-4b6d-b7be-fd31fafd9246", "value": "Cybereason Chaes Nov 2020" }, { "description": "Symantec. (2018, February 28). Chafer: Latest Attacks Reveal Heightened Ambitions. Retrieved May 22, 2020.", "meta": { "date_accessed": "2020-05-22T00:00:00Z", "date_published": "2018-02-28T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions" ], "source": "MITRE", "title": "Chafer: Latest Attacks Reveal Heightened Ambitions" }, "related": [], "uuid": "3daaa402-5477-4868-b8f1-a2f6e38f04ef", "value": "Symantec Chafer February 2018" }, { "description": "Legezo, D. (2019, January 30). Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2019-01-30T00:00:00Z", "refs": [ "https://securelist.com/chafer-used-remexi-malware/89538/" ], "source": "MITRE", "title": "Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities" }, "related": [], "uuid": "07dfd8e7-4e51-4c6e-a4f6-aaeb74ff8845", "value": "Securelist Remexi Jan 2019" }, { "description": "The DFIR Report. (2022, March 1). \"Change RDP port\" #ContiLeaks. Retrieved March 1, 2022.", "meta": { "date_accessed": "2022-03-01T00:00:00Z", "date_published": "2022-03-01T00:00:00Z", "refs": [ "https://twitter.com/TheDFIRReport/status/1498657772254240768" ], "source": "MITRE", "title": "\"Change RDP port\" #ContiLeaks" }, "related": [], "uuid": "c0deb077-6c26-52f1-9e7c-d1fb535a02a0", "value": "change_rdp_port_conti" }, { "description": "Microsoft. (n.d.). Change the Normal template (Normal.dotm). Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "refs": [ "https://support.office.com/article/Change-the-Normal-template-Normal-dotm-06de294b-d216-47f6-ab77-ccb5166f98ea" ], "source": "MITRE", "title": "Change the Normal template (Normal.dotm)" }, "related": [], "uuid": "76bf3ce1-b94c-4b3d-9707-aca8a1ae5555", "value": "Microsoft Change Normal Template" }, { "description": "Microsoft. (n.d.). Change which programs Windows 7 uses by default. Retrieved July 26, 2016.", "meta": { "date_accessed": "2016-07-26T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/help/18539/windows-7-change-default-programs" ], "source": "MITRE", "title": "Change which programs Windows 7 uses by default" }, "related": [], "uuid": "de515277-a280-40e5-ba34-3e8f16a5c703", "value": "Microsoft Change Default Programs" }, { "description": "Sebastian Feldmann. (2018, February 14). Chaos: a Stolen Backdoor Rising Again. Retrieved March 5, 2018.", "meta": { "date_accessed": "2018-03-05T00:00:00Z", "date_published": "2018-02-14T00:00:00Z", "refs": [ "http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/" ], "source": "MITRE", "title": "Chaos: a Stolen Backdoor Rising Again" }, "related": [], "uuid": "8e6916c1-f102-4b54-b6a5-a58fed825c2e", "value": "Chaos Stolen Backdoor" }, { "description": "Patrick Wardle. (n.d.). Chapter 0x2: Persistence. Retrieved April 13, 2022.", "meta": { "date_accessed": "2022-04-13T00:00:00Z", "refs": [ "https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf" ], "source": "MITRE", "title": "Chapter 0x2: Persistence" }, "related": [], "uuid": "6272b9a2-d704-43f3-9e25-6c434bb5d1ef", "value": "Wardle Persistence Chapter" }, { "description": "Cisco. (2023, February 17). Chapter: Deploying RSA Keys Within a PKI . Retrieved March 27, 2023.", "meta": { "date_accessed": "2023-03-27T00:00:00Z", "date_published": "2023-02-17T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/xe-17/sec-pki-xe-17-book/sec-deploy-rsa-pki.html#GUID-1CB802D8-9DE3-447F-BECE-CF22F5E11436" ], "source": "MITRE", "title": "Chapter: Deploying RSA Keys Within a PKI" }, "related": [], "uuid": "132f387e-4ee3-51d3-a3b6-d61102ada152", "value": "cisco_deploy_rsa_keys" }, { "description": "Wikipedia. (2017, February 19). Character Encoding. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2017-02-19T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Character_encoding" ], "source": "MITRE", "title": "Character Encoding" }, "related": [], "uuid": "3e7df20f-5d11-4102-851f-04e89c25d12f", "value": "Wikipedia Character Encoding" }, { "description": "ClearSky Cyber Security. (2017, December). Charming Kitten. Retrieved December 27, 2017.", "meta": { "date_accessed": "2017-12-27T00:00:00Z", "date_published": "2017-12-01T00:00:00Z", "refs": [ "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf" ], "source": "MITRE", "title": "Charming Kitten" }, "related": [], "uuid": "23ab1ad2-e9d4-416a-926f-6220a59044ab", "value": "ClearSky Charming Kitten Dec 2017" }, { "description": "Certfa Labs. (2021, January 8). Charming Kitten’s Christmas Gift. Retrieved May 3, 2021.", "meta": { "date_accessed": "2021-05-03T00:00:00Z", "date_published": "2021-01-08T00:00:00Z", "refs": [ "https://blog.certfa.com/posts/charming-kitten-christmas-gift/" ], "source": "MITRE", "title": "Charming Kitten’s Christmas Gift" }, "related": [], "uuid": "c38a8af6-3f9b-40c3-8122-a2a51eb50664", "value": "Certfa Charming Kitten January 2021" }, { "description": "Larson, S. and Wise, J. (2022, February 15). Charting TA2541's Flight. Retrieved September 12, 2023.", "meta": { "date_accessed": "2023-09-12T00:00:00Z", "date_published": "2022-02-15T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight" ], "source": "MITRE", "title": "Charting TA2541's Flight" }, "related": [], "uuid": "db0b1425-8bd7-51b5-bae3-53c5ccccb8da", "value": "Proofpoint TA2541 February 2022" }, { "description": "Nakamura, Y.. (2017, February 17). ChChes - Malware that Communicates with C&C Servers Using Cookie Headers. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2017-02-17T00:00:00Z", "refs": [ "http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html" ], "source": "MITRE", "title": "ChChes - Malware that Communicates with C&C Servers Using Cookie Headers" }, "related": [], "uuid": "657b43aa-ead2-41d3-911a-d714d9b28e19", "value": "JPCERT ChChes Feb 2017" }, { "description": "Howard Oakley. (2020, November 16). Checks on executable code in Catalina and Big Sur: a first draft. Retrieved September 21, 2022.", "meta": { "date_accessed": "2022-09-21T00:00:00Z", "date_published": "2020-11-16T00:00:00Z", "refs": [ "https://eclecticlight.co/2020/11/16/checks-on-executable-code-in-catalina-and-big-sur-a-first-draft/" ], "source": "MITRE", "title": "Checks on executable code in Catalina and Big Sur: a first draft" }, "related": [], "uuid": "2885db46-4f8c-4c35-901c-7641c7701293", "value": "EclecticLightChecksonEXECodeSigning" }, { "description": "Anomali Threat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021.", "meta": { "date_accessed": "2021-04-12T00:00:00Z", "date_published": "2019-10-07T00:00:00Z", "refs": [ "https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations" ], "source": "MITRE, Tidal Cyber", "title": "China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations" }, "related": [], "uuid": "70277fa4-60a8-475e-993a-c74241b76127", "value": "Anomali MUSTANG PANDA October 2019" }, { "description": "FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.", "meta": { "date_accessed": "2015-12-04T00:00:00Z", "date_published": "2015-12-01T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html" ], "source": "MITRE, Tidal Cyber", "title": "China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets" }, "related": [], "uuid": "f3470275-9652-440e-914d-ad4fc5165413", "value": "FireEye admin@338" }, { "description": "Demboski, M., et al. (2021, October 26). China cyber attacks: the current threat landscape. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2021-10-26T00:00:00Z", "refs": [ "https://www.ironnet.com/blog/china-cyber-attacks-the-current-threat-landscape" ], "source": "MITRE", "title": "China cyber attacks: the current threat landscape" }, "related": [], "uuid": "98b2d114-4246-409d-934a-238682fd5ae6", "value": "IronNet BlackTech Oct 2021" }, { "description": "Insikt Group. (2021, February 28). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved March 22, 2021.", "meta": { "date_accessed": "2021-03-22T00:00:00Z", "date_published": "2021-02-28T00:00:00Z", "refs": [ "https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf" ], "source": "MITRE", "title": "China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions" }, "related": [], "uuid": "6da7eb8a-aab4-41ea-a0b7-5313d88cbe91", "value": "Recorded Future RedEcho Feb 2021" }, { "description": "Budington, B. (2015, April 2). China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack. Retrieved September 1, 2023.", "meta": { "date_accessed": "2023-09-01T00:00:00Z", "date_published": "2015-04-02T00:00:00Z", "refs": [ "https://www.eff.org/deeplinks/2015/04/china-uses-unencrypted-websites-to-hijack-browsers-in-github-attack" ], "source": "MITRE", "title": "China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack" }, "related": [], "uuid": "b8405628-6366-5cc9-a9af-b97d5c9176dd", "value": "EFF China GitHub Attack" }, { "description": "Falcone, R. & Miller-Osborn, J. (2015, September 23). Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "date_published": "2015-09-23T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/" ], "source": "MITRE", "title": "Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media" }, "related": [], "uuid": "db340043-43a7-4b16-a570-92a0d879b2bf", "value": "PaloAlto 3102 Sept 2015" }, { "description": "Desai, D.. (2015, August 14). Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm. Retrieved January 26, 2016.", "meta": { "date_accessed": "2016-01-26T00:00:00Z", "date_published": "2015-08-14T00:00:00Z", "refs": [ "http://research.zscaler.com/2015/08/chinese-cyber-espionage-apt-group.html" ], "source": "MITRE", "title": "Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm" }, "related": [], "uuid": "83e6ab22-1f01-4c9b-90e5-0279af487805", "value": "ZScaler Hacking Team" }, { "description": "Khandelwal, S. (2018, June 14). Chinese Hackers Carried Out Country-Level Watering Hole Attack. Retrieved August 18, 2018.", "meta": { "date_accessed": "2018-08-18T00:00:00Z", "date_published": "2018-06-14T00:00:00Z", "refs": [ "https://thehackernews.com/2018/06/chinese-watering-hole-attack.html" ], "source": "MITRE", "title": "Chinese Hackers Carried Out Country-Level Watering Hole Attack" }, "related": [], "uuid": "de78446a-cb46-4422-820b-9ddf07557b1a", "value": "Hacker News LuckyMouse June 2018" }, { "description": "Chickowski, E. (2015, February 10). Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole. Retrieved September 13, 2018.", "meta": { "date_accessed": "2018-09-13T00:00:00Z", "date_published": "2015-02-10T00:00:00Z", "refs": [ "https://www.darkreading.com/attacks-breaches/chinese-hacking-group-codoso-team-uses-forbescom-as-watering-hole-/d/d-id/1319059" ], "source": "MITRE", "title": "Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole" }, "related": [], "uuid": "c24035b1-2021-44ae-b01e-651e44526737", "value": "Dark Reading Codoso Feb 2015" }, { "description": "INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 2, 2022.", "meta": { "date_accessed": "2022-09-02T00:00:00Z", "date_published": "2021-07-08T00:00:00Z", "refs": [ "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan" ], "source": "MITRE", "title": "Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling" }, "related": [], "uuid": "258433e7-f829-4365-adbb-c5690159070f", "value": "Recorded Future TAG-22 July 2021" }, { "description": "Insikt Group. (2021, December 8). Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia. Retrieved September 19, 2022.", "meta": { "date_accessed": "2022-09-19T00:00:00Z", "date_published": "2021-12-08T00:00:00Z", "refs": [ "https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf" ], "source": "MITRE", "title": "Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia" }, "related": [], "uuid": "0809db3b-81a8-475d-920a-cb913b30f42e", "value": "Recorded Future Chinese Activity in Southeast Asia December 2021" }, { "description": "Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retrieved April 13, 2021.", "meta": { "date_accessed": "2021-04-13T00:00:00Z", "date_published": "2020-07-28T00:00:00Z", "refs": [ "https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf" ], "source": "MITRE", "title": "CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS" }, "related": [], "uuid": "e2bc037e-d483-4670-8281-70e51b16effe", "value": "Recorded Future REDDELTA July 2020" }, { "description": "Intel. (2017, March 18). CHIPSEC Platform Security Assessment Framework. Retrieved March 20, 2017.", "meta": { "date_accessed": "2017-03-20T00:00:00Z", "date_published": "2017-03-18T00:00:00Z", "refs": [ "https://github.com/chipsec/chipsec" ], "source": "MITRE", "title": "CHIPSEC Platform Security Assessment Framework" }, "related": [], "uuid": "47501334-56cb-453b-a9e3-33990d88018b", "value": "Github CHIPSEC" }, { "description": "Beek, C., Samani, R. (2017, March 8). CHIPSEC Support Against Vault 7 Disclosure Scanning. Retrieved March 13, 2017.", "meta": { "date_accessed": "2017-03-13T00:00:00Z", "date_published": "2017-03-08T00:00:00Z", "refs": [ "https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/" ], "source": "MITRE", "title": "CHIPSEC Support Against Vault 7 Disclosure Scanning" }, "related": [], "uuid": "b65ed687-c279-4f64-9dd2-839164cd269c", "value": "McAfee CHIPSEC Blog" }, { "description": "Murilo, N., Steding-Jessen, K. (2017, August 23). Chkrootkit. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2017-08-23T00:00:00Z", "refs": [ "http://www.chkrootkit.org/" ], "source": "MITRE", "title": "Chkrootkit" }, "related": [], "uuid": "828fb4b9-17a6-4a87-ac2a-631643adb18d", "value": "Chkrootkit Main" }, { "description": "Microsoft. (2022, August 26). Choose the right authentication method for your Azure Active Directory hybrid identity solution. Retrieved September 28, 2022.", "meta": { "date_accessed": "2022-09-28T00:00:00Z", "date_published": "2022-08-26T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn" ], "source": "MITRE", "title": "Choose the right authentication method for your Azure Active Directory hybrid identity solution" }, "related": [], "uuid": "b019406c-6e39-41a2-a8b4-97f8d6482147", "value": "Azure AD Hybrid Identity" }, { "description": "Cisco. (2023, March 7). Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2023-03-07T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s5.html" ], "source": "MITRE", "title": "Cisco IOS Security Command Reference: Commands S to Z" }, "related": [], "uuid": "11d34884-4559-57ad-8910-54e517c6493e", "value": "show_ssh_users_cmd_cisco" }, { "description": "George Nosenko. (2015). CISCO IOS SHELLCODE: ALL-IN-ONE. Retrieved October 21, 2020.", "meta": { "date_accessed": "2020-10-21T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "http://2015.zeronights.org/assets/files/05-Nosenko.pdf" ], "source": "MITRE", "title": "CISCO IOS SHELLCODE: ALL-IN-ONE" }, "related": [], "uuid": "55a45f9b-7be4-4f1b-8b19-a0addf9da8d8", "value": "Cisco IOS Shellcode" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - AAA. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#38" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - AAA" }, "related": [], "uuid": "2d1b5021-91ad-43c9-8527-4978fa779168", "value": "Cisco IOS Software Integrity Assurance - AAA" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Boot Information. Retrieved October 21, 2020.", "meta": { "date_accessed": "2020-10-21T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#26" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - Boot Information" }, "related": [], "uuid": "5349863a-00c1-42bf-beac-4e7d053d6311", "value": "Cisco IOS Software Integrity Assurance - Boot Information" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Change Control. Retrieved October 21, 2020.", "meta": { "date_accessed": "2020-10-21T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#31" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - Change Control" }, "related": [], "uuid": "8fb532f2-c730-4b86-b8d2-2314ce559289", "value": "Cisco IOS Software Integrity Assurance - Change Control" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#7" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification" }, "related": [], "uuid": "f1d736cb-63c1-43e8-a83b-ed86b7c27606", "value": "Cisco IOS Software Integrity Assurance - Image File Verification" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#13" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification" }, "related": [], "uuid": "284608ea-3769-470e-950b-cbd67796b20f", "value": "Cisco IOS Software Integrity Assurance - Run-Time Memory Verification" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Command History. Retrieved October 21, 2020.", "meta": { "date_accessed": "2020-10-21T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#23" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - Command History" }, "related": [], "uuid": "dbca06dd-1184-4d52-9ee8-b059e368033c", "value": "Cisco IOS Software Integrity Assurance - Command History" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Credentials Management. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#40" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - Credentials Management" }, "related": [], "uuid": "9a7428e3-bd77-4c3e-ac90-c4e30d504ba6", "value": "Cisco IOS Software Integrity Assurance - Credentials Management" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Deploy Signed IOS. Retrieved October 21, 2020.", "meta": { "date_accessed": "2020-10-21T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#34" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - Deploy Signed IOS" }, "related": [], "uuid": "71ea5591-6e46-4c58-a4e8-c629eba1b6c5", "value": "Cisco IOS Software Integrity Assurance - Deploy Signed IOS" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Image File Integrity. Retrieved October 21, 2020.", "meta": { "date_accessed": "2020-10-21T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#30" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - Image File Integrity" }, "related": [], "uuid": "90909bd4-15e8-48ee-8067-69f04736c583", "value": "Cisco IOS Software Integrity Assurance - Image File Integrity" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Secure Boot. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#35" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - Secure Boot" }, "related": [], "uuid": "4f6f686e-bcda-480a-88a1-ad7b00084c13", "value": "Cisco IOS Software Integrity Assurance - Secure Boot" }, { "description": "Cisco. (n.d.). Cisco IOS Software Integrity Assurance - TACACS. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/resources/integrity_assurance.html#39" ], "source": "MITRE", "title": "Cisco IOS Software Integrity Assurance - TACACS" }, "related": [], "uuid": "54506dc2-6496-4edb-a5bf-fe64bf235ac0", "value": "Cisco IOS Software Integrity Assurance - TACACS" }, { "description": "Cisco. (n.d.). Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-1/interfaces/configuration/guide/hc51xcrsbook/hc51span.html" ], "source": "MITRE", "title": "Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x" }, "related": [], "uuid": "1a5c86ad-d3b1-408b-a6b4-14ca0e572020", "value": "Cisco Traffic Mirroring" }, { "description": "Nick Biasini. (2022, August 10). Cisco Talos shares insights related to recent cyber attack on Cisco. Retrieved March 9, 2023.", "meta": { "date_accessed": "2023-03-09T00:00:00Z", "date_published": "2022-08-10T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/recent-cyber-attack/" ], "source": "MITRE", "title": "Cisco Talos shares insights related to recent cyber attack on Cisco" }, "related": [], "uuid": "143182ad-6a16-5a0d-a5c4-7dae721a9e26", "value": "Talos - Cisco Attack 2022" }, { "description": "Citrix. (2023, July 18). Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467. Retrieved July 24, 2023.", "meta": { "date_accessed": "2023-07-24T00:00:00Z", "date_published": "2023-07-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467" ], "source": "Tidal Cyber", "title": "Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467" }, "related": [], "uuid": "245ef1b7-778d-4df2-99a9-b51c95c57580", "value": "Citrix Bulletin CVE-2023-3519" }, { "description": "Pieter Arntz. (2023, November 24). Citrix Bleed widely exploited, warn government agencies. Retrieved November 30, 2023.", "meta": { "date_accessed": "2023-11-30T00:00:00Z", "date_published": "2023-11-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.malwarebytes.com/blog/news/2023/11/citrix-bleed-widely-exploitated-warn-government-agencies" ], "source": "Tidal Cyber", "title": "Citrix Bleed widely exploited, warn government agencies" }, "related": [], "uuid": "fdc86cea-0015-48d1-934f-b22244de6306", "value": "Malwarebytes Citrix Bleed November 24 2023" }, { "description": "Chen, T. and Chen, Z. (2020, February 17). CLAMBLING - A New Backdoor Base On Dropbox. Retrieved November 12, 2021.", "meta": { "date_accessed": "2021-11-12T00:00:00Z", "date_published": "2020-02-17T00:00:00Z", "refs": [ "https://www.talent-jump.com/article/2020/02/17/CLAMBLING-A-New-Backdoor-Base-On-Dropbox-en/" ], "source": "MITRE", "title": "CLAMBLING - A New Backdoor Base On Dropbox" }, "related": [], "uuid": "51144a8a-0cd4-4d5d-826b-21c2dc8422be", "value": "Talent-Jump Clambling February 2020" }, { "description": "Scott, M.. (2014, June 10). Clandestine Fox, Part Deux. Retrieved January 14, 2016.", "meta": { "date_accessed": "2016-01-14T00:00:00Z", "date_published": "2014-06-10T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html" ], "source": "MITRE", "title": "Clandestine Fox, Part Deux" }, "related": [], "uuid": "82500741-984d-4039-8f53-b303845c2849", "value": "FireEye Clandestine Fox Part 2" }, { "description": "Microsoft. (n.d.). Clear-EventLog. Retrieved July 2, 2018.", "meta": { "date_accessed": "2018-07-02T00:00:00Z", "refs": [ "https://docs.microsoft.com/powershell/module/microsoft.powershell.management/clear-eventlog" ], "source": "MITRE", "title": "Clear-EventLog" }, "related": [], "uuid": "35944ff0-2bbd-4055-8e8a-cfff27241a8a", "value": "Microsoft Clear-EventLog" }, { "description": "Rich Trouton. (2012, November 20). Clearing the quarantine extended attribute from downloaded applications. Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "date_published": "2012-11-20T00:00:00Z", "refs": [ "https://derflounder.wordpress.com/2012/11/20/clearing-the-quarantine-extended-attribute-from-downloaded-applications/" ], "source": "MITRE", "title": "Clearing the quarantine extended attribute from downloaded applications" }, "related": [], "uuid": "4115ab53-751c-4016-9151-a55eab7d6ddf", "value": "Clearing quarantine attribute" }, { "description": "Dray Agha. (2022, August 16). Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2022-08-16T00:00:00Z", "refs": [ "https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy" ], "source": "MITRE", "title": "Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY" }, "related": [], "uuid": "df1f7379-38c3-5ca9-8333-d684022c000c", "value": "NPPSPY - Huntress" }, { "description": "LOLBAS. (2018, May 25). CL_Invocation.ps1. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/Cl_invocation/" ], "source": "Tidal Cyber", "title": "CL_Invocation.ps1" }, "related": [], "uuid": "a53e093a-973c-491d-91e3-bc7804d87b8b", "value": "CL_Invocation.ps1 - LOLBAS Project" }, { "description": "Microsoft, JasonGerend, et al. (2023, February 3). clip. Retrieved June 21, 2022.", "meta": { "date_accessed": "2022-06-21T00:00:00Z", "date_published": "2023-02-03T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/clip" ], "source": "MITRE", "title": "clip" }, "related": [], "uuid": "8a961fa1-def0-5efe-8599-62e884d4ea22", "value": "clip_win_server" }, { "description": "Tony Lambert. (2021, February 18). Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight. Retrieved April 20, 2021.", "meta": { "date_accessed": "2021-04-20T00:00:00Z", "date_published": "2021-02-18T00:00:00Z", "refs": [ "https://redcanary.com/blog/clipping-silver-sparrows-wings/" ], "source": "MITRE", "title": "Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight" }, "related": [], "uuid": "f08a856d-6c3e-49e2-b7ba-399831c637e5", "value": "Red Canary Silver Sparrow Feb2021" }, { "description": "LOLBAS. (2021, September 26). CL_LoadAssembly.ps1. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/CL_LoadAssembly/" ], "source": "Tidal Cyber", "title": "CL_LoadAssembly.ps1" }, "related": [], "uuid": "31a14027-1181-49b9-87bf-78a65a551312", "value": "CL_LoadAssembly.ps1 - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). CL_Mutexverifiers.ps1. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/CL_mutexverifiers/" ], "source": "Tidal Cyber", "title": "CL_Mutexverifiers.ps1" }, "related": [], "uuid": "75b89502-21ed-4920-95cc-212eaf17f281", "value": "CL_Mutexverifiers.ps1 - LOLBAS Project" }, { "description": "Cybereason Nocturnus. (2020, December 23). Cybereason vs. Clop Ransomware. Retrieved May 11, 2021.", "meta": { "date_accessed": "2021-05-11T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/cybereason-vs.-clop-ransomware" ], "source": "MITRE", "title": "Clop Ransomware" }, "related": [], "uuid": "f54d682d-100e-41bb-96be-6a79ea422066", "value": "Cybereason Clop Dec 2020" }, { "description": "Mundo, A. (2019, August 1). Clop Ransomware. Retrieved May 10, 2021.", "meta": { "date_accessed": "2021-05-10T00:00:00Z", "date_published": "2019-08-01T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clop-ransomware/" ], "source": "MITRE", "title": "Clop Ransomware" }, "related": [], "uuid": "458141bd-7dd2-41fd-82e8-7ea2e4a477ab", "value": "Mcafee Clop Aug 2019" }, { "description": "GReAT. (2014, December 10). Cloud Atlas: RedOctober APT is back in style. Retrieved May 8, 2020.", "meta": { "date_accessed": "2020-05-08T00:00:00Z", "date_published": "2014-12-10T00:00:00Z", "refs": [ "https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/" ], "source": "MITRE", "title": "Cloud Atlas: RedOctober APT is back in style" }, "related": [], "uuid": "41a9b3e3-0953-4bde-9e1d-c2f51de1120e", "value": "Kaspersky Cloud Atlas December 2014" }, { "description": "Rhino Labs. (2019, September). Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "date_published": "2019-09-01T00:00:00Z", "refs": [ "https://github.com/RhinoSecurityLabs/ccat" ], "source": "MITRE", "title": "Cloud Container Attack Tool (CCAT)" }, "related": [], "uuid": "ac31b781-dbe4-49c2-b7af-dfb23d435ce8", "value": "Rhino Labs Cloud Backdoor September 2019" }, { "description": "Google. (n.d.). Cloud Storage. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://cloud.google.com/storage" ], "source": "MITRE", "title": "Cloud Storage" }, "related": [], "uuid": "5fe51b4e-9b82-4e97-bb65-73708349538a", "value": "Google Cloud Storage" }, { "description": "Microsoft. (2017, January 23). (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2017-01-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/archive/blogs/tip_of_the_day/cloud-tip-of-the-day-advanced-way-to-check-domain-availability-for-office-365-and-azure" ], "source": "MITRE", "title": "(Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure" }, "related": [], "uuid": "dddf33ea-d074-4bc4-98d2-39b7e843e37d", "value": "Office 265 Azure Domain Availability" }, { "description": "Pany, D. & Hanley, C. (2023, May 3). Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations. Retrieved October 16, 2023.", "meta": { "date_accessed": "2023-10-16T00:00:00Z", "date_published": "2023-05-03T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/cloud-bad-log-configurations" ], "source": "MITRE", "title": "Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations" }, "related": [], "uuid": "a9835fe9-8227-5310-a728-1d09f19342b3", "value": "Mandiant Cloudy Logs 2023" }, { "description": "Microsoft. (2018, May 31). CLSID Key. Retrieved September 24, 2021.", "meta": { "date_accessed": "2021-09-24T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/com/clsid-key-hklm" ], "source": "MITRE", "title": "CLSID Key" }, "related": [], "uuid": "239bb629-2733-4da3-87c2-47a7ab55433f", "value": "win_clsid_key" }, { "description": "kubernetes. (2021, January 16). Cluster Administration. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "date_published": "2021-01-16T00:00:00Z", "refs": [ "https://kubernetes.io/docs/concepts/cluster-administration/" ], "source": "MITRE", "title": "Cluster Administration" }, "related": [], "uuid": "6c5f2465-1db3-46cc-8d2a-9763c21aa8cc", "value": "Kube Cluster Admin" }, { "description": "kubernetes. (n.d.). cluster-info. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#cluster-info" ], "source": "MITRE", "title": "cluster-info" }, "related": [], "uuid": "0f8b5d79-2393-45a2-b6d4-df394e513e39", "value": "Kube Cluster Info" }, { "description": "Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.", "meta": { "date_accessed": "2016-04-18T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490880.aspx" ], "source": "MITRE", "title": "Cmd" }, "related": [], "uuid": "dbfc01fe-c300-4c27-ab9a-a20508c1e04b", "value": "TechNet Cmd" }, { "description": "LOLBAS. (2019, June 26). Cmd.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-06-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Cmd/" ], "source": "Tidal Cyber", "title": "Cmd.exe" }, "related": [], "uuid": "887aa9af-3f0e-42bb-8c40-39149f34b922", "value": "Cmd.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Cmdkey.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Cmdkey/" ], "source": "Tidal Cyber", "title": "Cmdkey.exe" }, "related": [], "uuid": "c9ca075a-8327-463d-96ec-adddf6f1a7bb", "value": "Cmdkey.exe - LOLBAS Project" }, { "description": "LOLBAS. (2021, August 26). cmdl32.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-08-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Cmdl32/" ], "source": "Tidal Cyber", "title": "cmdl32.exe" }, "related": [], "uuid": "2628e452-caa1-4058-a405-7c4657fa3245", "value": "cmdl32.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Cmstp.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Cmstp/" ], "source": "Tidal Cyber", "title": "Cmstp.exe" }, "related": [], "uuid": "86c21dcd-464a-4870-8aae-25fcaccc889d", "value": "Cmstp.exe - LOLBAS Project" }, { "description": "Tyrer, N. (2018, January 30). CMSTP.exe - remote .sct execution applocker bypass. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2018-01-30T00:00:00Z", "refs": [ "https://twitter.com/NickTyrer/status/958450014111633408" ], "source": "MITRE", "title": "CMSTP.exe - remote .sct execution applocker bypass" }, "related": [], "uuid": "3847149c-1463-4d94-be19-0a8cf1db0b58", "value": "Twitter CMSTP Jan 2018" }, { "description": "Counter Threat Unit Research Team. (2019, September 11). COBALT DICKENS Goes Back to School…Again. Retrieved February 3, 2021.", "meta": { "date_accessed": "2021-02-03T00:00:00Z", "date_published": "2019-09-11T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/cobalt-dickens-goes-back-to-school-again" ], "source": "MITRE", "title": "COBALT DICKENS Goes Back to School…Again" }, "related": [], "uuid": "45815e4d-d678-4823-8315-583893e263e6", "value": "Secureworks COBALT DICKENS September 2019" }, { "description": "Gorelik, M. (2018, October 08). Cobalt Group 2.0. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2018-10-08T00:00:00Z", "refs": [ "https://blog.morphisec.com/cobalt-gang-2.0" ], "source": "MITRE", "title": "Cobalt Group 2.0" }, "related": [], "uuid": "0a0bdd4b-a680-4a38-967d-3ad92f04d619", "value": "Morphisec Cobalt Gang Oct 2018" }, { "description": "Secureworks. (n.d.). COBALT GYPSY Threat Profile. Retrieved April 14, 2021.", "meta": { "date_accessed": "2021-04-14T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/cobalt-gypsy" ], "source": "MITRE", "title": "COBALT GYPSY Threat Profile" }, "related": [], "uuid": "f1c21834-7536-430b-8539-e68373718b4d", "value": "Secureworks COBALT GYPSY Threat Profile" }, { "description": "Secureworks. (n.d.). COBALT ILLUSION Threat Profile. Retrieved April 14, 2021.", "meta": { "date_accessed": "2021-04-14T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/cobalt-illusion" ], "source": "MITRE", "title": "COBALT ILLUSION Threat Profile" }, "related": [], "uuid": "8d9a5b77-2516-4ad5-9710-4c8165df2882", "value": "Secureworks COBALT ILLUSION Threat Profile" }, { "description": "Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018.", "meta": { "date_accessed": "2018-10-09T00:00:00Z", "date_published": "2016-12-16T00:00:00Z", "refs": [ "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf" ], "source": "MITRE", "title": "Cobalt Snatch" }, "related": [], "uuid": "2de4d38f-c99d-4149-89e6-0349a4902aa2", "value": "PTSecurity Cobalt Dec 2016" }, { "description": "Mudge, R. (2017, May 23). Cobalt Strike 3.8 – Who’s Your Daddy?. Retrieved June 4, 2019.", "meta": { "date_accessed": "2019-06-04T00:00:00Z", "date_published": "2017-05-23T00:00:00Z", "refs": [ "https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/" ], "source": "MITRE", "title": "Cobalt Strike 3.8 – Who’s Your Daddy?" }, "related": [], "uuid": "056ef3cd-885d-41d6-9547-a2a575b03662", "value": "CobaltStrike Daddy May 2017" }, { "description": "Strategic Cyber LLC. (2020, November 5). Cobalt Strike: Advanced Threat Tactics for Penetration Testers. Retrieved April 13, 2021.", "meta": { "date_accessed": "2021-04-13T00:00:00Z", "date_published": "2020-11-05T00:00:00Z", "refs": [ "https://web.archive.org/web/20210708035426/https://www.cobaltstrike.com/downloads/csmanual43.pdf" ], "source": "MITRE", "title": "Cobalt Strike: Advanced Threat Tactics for Penetration Testers" }, "related": [], "uuid": "eb7abdb2-b270-46ae-a950-5a93d09b3565", "value": "Cobalt Strike Manual 4.3 November 2020" }, { "description": "Strategic Cyber LLC. (2017, March 14). Cobalt Strike Manual. Retrieved May 24, 2017.", "meta": { "date_accessed": "2017-05-24T00:00:00Z", "date_published": "2017-03-14T00:00:00Z", "refs": [ "https://web.archive.org/web/20210825130434/https://cobaltstrike.com/downloads/csmanual38.pdf" ], "source": "MITRE", "title": "Cobalt Strike Manual" }, "related": [], "uuid": "43277d05-0aa4-4cee-ac41-6f03a49851a9", "value": "cobaltstrike manual" }, { "description": "Giagone, R., Bermejo, L., and Yarochkin, F. (2017, November 20). Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks. Retrieved March 7, 2019.", "meta": { "date_accessed": "2019-03-07T00:00:00Z", "date_published": "2017-11-20T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/" ], "source": "MITRE", "title": "Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks" }, "related": [], "uuid": "81847e06-fea0-4d90-8a9e-5bc99a2bf3f0", "value": "TrendMicro Cobalt Group Nov 2017" }, { "description": "Positive Technologies. (2017, August 16). Cobalt Strikes Back: An Evolving Multinational Threat to Finance. Retrieved September 5, 2018.", "meta": { "date_accessed": "2018-09-05T00:00:00Z", "date_published": "2017-08-16T00:00:00Z", "refs": [ "https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Cobalt Strikes Back: An Evolving Multinational Threat to Finance" }, "related": [], "uuid": "f4ce1b4d-4f01-4083-8bc6-931cbac9ac38", "value": "PTSecurity Cobalt Group Aug 2017" }, { "description": "Yadav, A., et al. (2017, August 31). Cobian RAT – A backdoored RAT. Retrieved November 13, 2018.", "meta": { "date_accessed": "2018-11-13T00:00:00Z", "date_published": "2017-08-31T00:00:00Z", "refs": [ "https://www.zscaler.com/blogs/research/cobian-rat-backdoored-rat" ], "source": "MITRE", "title": "Cobian RAT – A backdoored RAT" }, "related": [], "uuid": "46541bb9-15cb-4a7c-a624-48a1c7e838e3", "value": "Zscaler Cobian Aug 2017" }, { "description": "Apple. (2015, September 16). Cocoa Application Layer. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "date_published": "2015-09-16T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/OSX_Technology_Overview/CocoaApplicationLayer/CocoaApplicationLayer.html#//apple_ref/doc/uid/TP40001067-CH274-SW1" ], "source": "MITRE", "title": "Cocoa Application Layer" }, "related": [], "uuid": "6ada4c6a-23dc-4469-a3a1-1d3b4935db97", "value": "MACOS Cocoa" }, { "description": "LOLBAS. (2023, February 1). code.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-02-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/HonorableMentions/Code/" ], "source": "Tidal Cyber", "title": "code.exe" }, "related": [], "uuid": "4a93063b-f3a3-4726-870d-b8f744651363", "value": "code.exe - LOLBAS Project" }, { "description": "Brian Prince. (2014, June 20). Code Hosting Service Shuts Down After Cyber Attack. Retrieved March 21, 2023.", "meta": { "date_accessed": "2023-03-21T00:00:00Z", "date_published": "2014-06-20T00:00:00Z", "refs": [ "https://www.darkreading.com/attacks-breaches/code-hosting-service-shuts-down-after-cyber-attack" ], "source": "MITRE", "title": "Code Hosting Service Shuts Down After Cyber Attack" }, "related": [], "uuid": "e5a3028a-f4cc-537c-9ddd-769792ab33be", "value": "Dark Reading Code Spaces Cyber Attack" }, { "description": "Jain, S. (2018, July 25). Code injection in running process using ptrace. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2018-07-25T00:00:00Z", "refs": [ "https://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be" ], "source": "MITRE", "title": "Code injection in running process using ptrace" }, "related": [], "uuid": "6dbfe4b5-9430-431b-927e-e8e775874cd9", "value": "Medium Ptrace JUL 2018" }, { "description": "Wikipedia. (2015, November 10). Code Signing. Retrieved March 31, 2016.", "meta": { "date_accessed": "2016-03-31T00:00:00Z", "date_published": "2015-11-10T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Code_signing" ], "source": "MITRE", "title": "Code Signing" }, "related": [], "uuid": "363e860d-e14c-4fcd-985f-f76353018908", "value": "Wikipedia Code Signing" }, { "description": "Graeber, M. (2017, December 22). Code Signing Certificate Cloning Attacks and Defenses. Retrieved April 3, 2018.", "meta": { "date_accessed": "2018-04-03T00:00:00Z", "date_published": "2017-12-22T00:00:00Z", "refs": [ "https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec" ], "source": "MITRE", "title": "Code Signing Certificate Cloning Attacks and Defenses" }, "related": [], "uuid": "3efc5ae9-c63a-4a07-bbbd-d7324acdbaf5", "value": "SpectorOps Code Signing Dec 2017" }, { "description": "Avira. (2019, November 28). CoinLoader: A Sophisticated Malware Loader Campaign. Retrieved June 5, 2023.", "meta": { "date_accessed": "2023-06-05T00:00:00Z", "date_published": "2019-11-28T00:00:00Z", "refs": [ "https://www.avira.com/en/blog/coinloader-a-sophisticated-malware-loader-campaign" ], "source": "MITRE", "title": "CoinLoader: A Sophisticated Malware Loader Campaign" }, "related": [], "uuid": "83469ab3-0199-5679-aa25-7b6885019552", "value": "CoinLoader: A Sophisticated Malware Loader Campaign" }, { "description": "Nicole Perlroth. (2021, May 13). Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "date_published": "2021-05-13T00:00:00Z", "refs": [ "https://www.nytimes.com/2021/05/13/technology/colonial-pipeline-ransom.html" ], "source": "MITRE", "title": "Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers." }, "related": [], "uuid": "58900911-ab4b-5157-968c-67fa69cc122d", "value": "NYT-Colonial" }, { "description": "LOLBAS. (2023, June 26). Colorcpl.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-06-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Colorcpl/" ], "source": "Tidal Cyber", "title": "Colorcpl.exe" }, "related": [], "uuid": "53ff662d-a0b3-41bd-ab9e-a9bb8bbdea25", "value": "Colorcpl.exe - LOLBAS Project" }, { "description": "Phil Stokes. (2020, September 8). Coming Out of Your Shell: From Shlayer to ZShlayer. Retrieved September 13, 2021.", "meta": { "date_accessed": "2021-09-13T00:00:00Z", "date_published": "2020-09-08T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/coming-out-of-your-shell-from-shlayer-to-zshlayer/" ], "source": "MITRE", "title": "Coming Out of Your Shell: From Shlayer to ZShlayer" }, "related": [], "uuid": "17277b12-af29-475a-bc9a-0731bbe0bae2", "value": "sentinelone shlayer to zshlayer" }, { "description": "Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.", "meta": { "date_accessed": "2016-04-20T00:00:00Z", "date_published": "2014-02-01T00:00:00Z", "refs": [ "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" ], "source": "MITRE", "title": "Command & Control Understanding, Denying and Detecting" }, "related": [], "uuid": "113ce14e-147f-4a86-8b83-7b49b43a4e88", "value": "University of Birmingham C2" }, { "description": "Mathers, B. (2017, March 7). Command line process auditing. Retrieved April 21, 2017.", "meta": { "date_accessed": "2017-04-21T00:00:00Z", "date_published": "2017-03-07T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/manage/component-updates/command-line-process-auditing" ], "source": "MITRE", "title": "Command line process auditing" }, "related": [], "uuid": "4a58170b-906c-4df4-ad1e-0e5bc15366fa", "value": "Microsoft Command-line Logging" }, { "description": "Microsoft. (2012, September 11). Command-Line Reference - Netdom Trust. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "date_published": "2012-09-11T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/cc835085.aspx" ], "source": "MITRE", "title": "Command-Line Reference - Netdom Trust" }, "related": [], "uuid": "380dc9fe-d490-4914-9595-05d765b27a85", "value": "Microsoft Netdom Trust Sept 2012" }, { "description": "Microsoft. (n.d.). Command Line Transformation Utility (msxsl.exe). Retrieved July 3, 2018.", "meta": { "date_accessed": "2018-07-03T00:00:00Z", "refs": [ "https://www.microsoft.com/download/details.aspx?id=21714" ], "source": "MITRE", "title": "Command Line Transformation Utility (msxsl.exe)" }, "related": [], "uuid": "a25d664c-d109-466f-9b6a-7e9ea8c57895", "value": "Microsoft msxsl.exe" }, { "description": "Kettle, J. (2014, August 29). Comma Separated Vulnerabilities. Retrieved November 22, 2017.", "meta": { "date_accessed": "2017-11-22T00:00:00Z", "date_published": "2014-08-29T00:00:00Z", "refs": [ "https://www.contextis.com/blog/comma-separated-vulnerabilities" ], "source": "MITRE", "title": "Comma Separated Vulnerabilities" }, "related": [], "uuid": "2badfb63-19a3-4829-bbb5-7c3dfab877d5", "value": "Kettle CSV DDE Aug 2014" }, { "description": "Microsoft. (2017, June 19). Common Language Runtime Integration. Retrieved July 8, 2019.", "meta": { "date_accessed": "2019-07-08T00:00:00Z", "date_published": "2017-06-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/sql/relational-databases/clr-integration/common-language-runtime-integration-overview?view=sql-server-2017" ], "source": "MITRE", "title": "Common Language Runtime Integration" }, "related": [], "uuid": "83fc7522-5eb1-4710-8391-090389948686", "value": "Microsoft CLR Integration 2017" }, { "description": "Grunzweig, J. (2018, January 31). Comnie Continues to Target Organizations in East Asia. Retrieved June 7, 2018.", "meta": { "date_accessed": "2018-06-07T00:00:00Z", "date_published": "2018-01-31T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/" ], "source": "MITRE", "title": "Comnie Continues to Target Organizations in East Asia" }, "related": [], "uuid": "ff3cc105-2798-45de-8561-983bf57eb9d9", "value": "Palo Alto Comnie" }, { "description": "G DATA. (2014, October). COM Object hijacking: the discreet way of persistence. Retrieved August 13, 2016.", "meta": { "date_accessed": "2016-08-13T00:00:00Z", "date_published": "2014-10-01T00:00:00Z", "refs": [ "https://blog.gdatasoftware.com/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence" ], "source": "MITRE", "title": "COM Object hijacking: the discreet way of persistence" }, "related": [], "uuid": "98e88505-b916-430d-aef6-616ba7ddd88e", "value": "GDATA COM Hijacking" }, { "description": "FRANK BAJAK AND RAPHAEL SATTER. (2017, June 30). Companies still hobbled from fearsome cyberattack. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "date_published": "2017-06-30T00:00:00Z", "refs": [ "https://apnews.com/article/russia-ukraine-technology-business-europe-hacking-ce7a8aca506742ab8e8873e7f9f229c2" ], "source": "MITRE", "title": "Companies still hobbled from fearsome cyberattack" }, "related": [], "uuid": "7f1af58a-33fd-538f-b092-789a8776780c", "value": "AP-NotPetya" }, { "description": "Microsoft. (n.d.). Component Object Model (COM). Retrieved November 22, 2017.", "meta": { "date_accessed": "2017-11-22T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx" ], "source": "MITRE", "title": "Component Object Model (COM)" }, "related": [], "uuid": "edcd917d-ca5b-4e5c-b3be-118e828abe97", "value": "Microsoft COM" }, { "description": "Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials: Case Studies From the Wild. Retrieved March 9, 2023.", "meta": { "date_accessed": "2023-03-09T00:00:00Z", "date_published": "2022-12-08T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/" ], "source": "MITRE", "title": "Compromised Cloud Compute Credentials: Case Studies From the Wild" }, "related": [], "uuid": "af755ba2-97c2-5152-ab00-2e24740f69f3", "value": "Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022" }, { "description": "US-CERT. (2015, November 13). Compromised Web Servers and Web Shells - Threat Awareness and Guidance. Retrieved June 8, 2016.", "meta": { "date_accessed": "2016-06-08T00:00:00Z", "date_published": "2015-11-13T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA15-314A" ], "source": "MITRE", "title": "Compromised Web Servers and Web Shells - Threat Awareness and Guidance" }, "related": [], "uuid": "61ceb0c4-62f6-46cd-b42b-5736c869421f", "value": "US-CERT Alert TA15-314A Web Shells" }, { "description": "LOLBAS. (2019, August 30). Comsvcs.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-08-30T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/comsvcs/" ], "source": "Tidal Cyber", "title": "Comsvcs.dll" }, "related": [], "uuid": "2eb2756d-5a49-4df3-9e2f-104c41c645cd", "value": "Comsvcs.dll - LOLBAS Project" }, { "description": "Joie Salvio and Roy Tay. (2023, June 20). Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389. Retrieved September 5, 2023.", "meta": { "date_accessed": "2023-09-05T00:00:00Z", "date_published": "2023-06-20T00:00:00Z", "refs": [ "https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389" ], "source": "MITRE", "title": "Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389" }, "related": [], "uuid": "a92b0d6c-b3e8-56a4-b1b4-1d117e59db84", "value": "Condi-Botnet-binaries" }, { "description": "Microsoft. (2022, December 14). Conditional Access templates. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-12-14T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common" ], "source": "MITRE", "title": "Conditional Access templates" }, "related": [], "uuid": "9ed9870b-d09a-511d-96f9-4956f26d46bf", "value": "Microsoft Common Conditional Access Policies" }, { "description": "Trend Micro. (2014, March 18). Conficker. Retrieved February 18, 2021.", "meta": { "date_accessed": "2021-02-18T00:00:00Z", "date_published": "2014-03-18T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/conficker" ], "source": "MITRE", "title": "Conficker" }, "related": [], "uuid": "62cf7f3a-9011-45eb-a7d9-91c76a2177e9", "value": "Trend Micro Conficker" }, { "description": "LOLBAS. (2020, September 4). ConfigSecurityPolicy.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-09-04T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/ConfigSecurityPolicy/" ], "source": "Tidal Cyber", "title": "ConfigSecurityPolicy.exe" }, "related": [], "uuid": "30b8a5d8-596c-4ab3-b3db-b799cc8923e1", "value": "ConfigSecurityPolicy.exe - LOLBAS Project" }, { "description": "Microsoft. (2020, December 14). Configurable token lifetimes in Microsoft Identity Platform. Retrieved December 22, 2020.", "meta": { "date_accessed": "2020-12-22T00:00:00Z", "date_published": "2020-12-14T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes" ], "source": "MITRE", "title": "Configurable token lifetimes in Microsoft Identity Platform" }, "related": [], "uuid": "8b810f7c-1f26-420b-9014-732f1469f145", "value": "Microsoft SAML Token Lifetimes" }, { "description": "Apple. (2019, May 3). Configuration Profile Reference. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "date_published": "2019-05-03T00:00:00Z", "refs": [ "https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf" ], "source": "MITRE", "title": "Configuration Profile Reference" }, "related": [], "uuid": "8453f06d-5007-4e53-a9a2-1c0edb99be3d", "value": "Apple Developer Configuration Profile" }, { "description": "Apple. (2019, May 3). Configuration Profile Reference, Developer. Retrieved April 15, 2022.", "meta": { "date_accessed": "2022-04-15T00:00:00Z", "date_published": "2019-05-03T00:00:00Z", "refs": [ "https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf" ], "source": "MITRE", "title": "Configuration Profile Reference, Developer" }, "related": [], "uuid": "a7078eee-5478-4a93-9a7e-8db1d020e1da", "value": "MDMProfileConfigMacOS" }, { "description": "Microsoft. (2023, August 29). Configure and approve just-in-time access for Azure Managed Applications. Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "date_published": "2023-08-29T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/approve-just-in-time-access" ], "source": "MITRE", "title": "Configure and approve just-in-time access for Azure Managed Applications" }, "related": [], "uuid": "ee35e13f-ca39-5faf-81ae-230d33329a28", "value": "Azure Just in Time Access 2023" }, { "description": "Cisco. (2022, August 17). Configure and Capture Embedded Packet on Software. Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2022-08-17T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html" ], "source": "MITRE", "title": "Configure and Capture Embedded Packet on Software" }, "related": [], "uuid": "5d973180-a28a-5c8f-b13a-45d21331700f", "value": "capture_embedded_packet_on_software" }, { "description": "Kubernetes. (n.d.). Configure a Security Context for a Pod or Container. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "refs": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" ], "source": "MITRE", "title": "Configure a Security Context for a Pod or Container" }, "related": [], "uuid": "bd91ec00-95bb-572f-9452-8040ec633e00", "value": "Kubernetes Security Context" }, { "description": "Microsoft. (2017, July 19). Configure audit settings for a site collection. Retrieved April 4, 2018.", "meta": { "date_accessed": "2018-04-04T00:00:00Z", "date_published": "2017-07-19T00:00:00Z", "refs": [ "https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2" ], "source": "MITRE", "title": "Configure audit settings for a site collection" }, "related": [], "uuid": "9a6a08c0-94f2-4dbc-a0b3-01d5234e7753", "value": "Microsoft SharePoint Logging" }, { "description": "Microsoft. (n.d.). Configure Network Level Authentication for Remote Desktop Services Connections. Retrieved June 6, 2016.", "meta": { "date_accessed": "2016-06-06T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc732713.aspx" ], "source": "MITRE", "title": "Configure Network Level Authentication for Remote Desktop Services Connections" }, "related": [], "uuid": "39e28cae-a35a-4cf2-a281-c35f4ebd16ba", "value": "TechNet RDP NLA" }, { "description": "Microsoft. (2022, November 14). Configure security alerts for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-11-14T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline" ], "source": "MITRE", "title": "Configure security alerts for Azure AD roles in Privileged Identity Management" }, "related": [], "uuid": "7bde8cd2-6c10-5342-9a4b-a45e84a861b6", "value": "Microsoft Security Alerts for Azure AD Roles" }, { "description": "Kubernetes. (2022, February 26). Configure Service Accounts for Pods. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2022-02-26T00:00:00Z", "refs": [ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "source": "MITRE", "title": "Configure Service Accounts for Pods" }, "related": [], "uuid": "a74ffa28-8a2e-4bfd-bc66-969b463bebd9", "value": "Kubernetes Service Accounts" }, { "description": "Microsoft. (n.d.). Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions. Retrieved December 11, 2017.", "meta": { "date_accessed": "2017-12-11T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc754272(v=ws.11).aspx" ], "source": "MITRE", "title": "Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions" }, "related": [], "uuid": "ccd0d241-4ff7-4a15-b2b4-06945980c6bf", "value": "Windows RDP Sessions" }, { "description": "Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved June 24, 2015.", "meta": { "date_accessed": "2015-06-24T00:00:00Z", "date_published": "2013-07-31T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/dn408187.aspx" ], "source": "MITRE", "title": "Configuring Additional LSA Protection" }, "related": [], "uuid": "4adfc72b-cd32-46a6-bdf4-a4c2c6cffa73", "value": "Microsoft Configure LSA" }, { "description": "Microsoft. (2014, March 12). Configuring Additional LSA Protection. Retrieved November 27, 2017.", "meta": { "date_accessed": "2017-11-27T00:00:00Z", "date_published": "2014-03-12T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/dn408187.aspx" ], "source": "MITRE", "title": "Configuring Additional LSA Protection" }, "related": [], "uuid": "da3f1d7d-188f-4500-9bc6-3299ba043b5c", "value": "Microsoft LSA Protection Mar 2014" }, { "description": "Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved February 13, 2015.", "meta": { "date_accessed": "2015-02-13T00:00:00Z", "date_published": "2013-07-31T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/dn408187.aspx" ], "source": "MITRE", "title": "Configuring Additional LSA Protection" }, "related": [], "uuid": "3ad49746-4e42-4663-a49e-ae64152b9463", "value": "Microsoft LSA" }, { "description": "Google. (n.d.). Configuring Data Access audit logs. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "refs": [ "https://cloud.google.com/logging/docs/audit/configure-data-access" ], "source": "MITRE", "title": "Configuring Data Access audit logs" }, "related": [], "uuid": "bd310606-f472-4eda-a696-50a3a25f07b3", "value": "Configuring Data Access audit logs" }, { "description": "Microsoft. (n.d.). Configuring SID Filter Quarantining on External Trusts. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/cc794757.aspx" ], "source": "MITRE", "title": "Configuring SID Filter Quarantining on External Trusts" }, "related": [], "uuid": "134169f1-7bd3-4d04-81a8-f01e1407a4b6", "value": "Microsoft SID Filtering Quarantining Jan 2009" }, { "description": "Schauland, D. (2009, February 24). Configuring Wireless settings via Group Policy. Retrieved July 26, 2018.", "meta": { "date_accessed": "2018-07-26T00:00:00Z", "date_published": "2009-02-24T00:00:00Z", "refs": [ "https://www.techrepublic.com/blog/data-center/configuring-wireless-settings-via-group-policy/" ], "source": "MITRE", "title": "Configuring Wireless settings via Group Policy" }, "related": [], "uuid": "b62415f8-76bd-4585-ae81-a4d04ccfc703", "value": "TechRepublic Wireless GPO FEB 2009" }, { "description": "Catalin Cimpanu. (2019, October 30). Confirmed: North Korean malware found on Indian nuclear plant's network. Retrieved January 20, 2021.", "meta": { "date_accessed": "2021-01-20T00:00:00Z", "date_published": "2019-10-30T00:00:00Z", "refs": [ "https://www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/" ], "source": "MITRE", "title": "Confirmed: North Korean malware found on Indian nuclear plant's network" }, "related": [], "uuid": "6e6e02da-b805-47d7-b410-343a1b5da042", "value": "ZDNet Dtrack" }, { "description": "Uptycs Threat Research Team. (2021, January 12). Confucius APT deploys Warzone RAT. Retrieved December 17, 2021.", "meta": { "date_accessed": "2021-12-17T00:00:00Z", "date_published": "2021-01-12T00:00:00Z", "refs": [ "https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat" ], "source": "MITRE", "title": "Confucius APT deploys Warzone RAT" }, "related": [], "uuid": "d74f2c25-cd53-4587-b087-7ba0b8427dc4", "value": "Uptycs Confucius APT Jan 2021" }, { "description": "Lunghi, D. (2021, August 17). Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military. Retrieved December 26, 2021.", "meta": { "date_accessed": "2021-12-26T00:00:00Z", "date_published": "2021-08-17T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html" ], "source": "MITRE, Tidal Cyber", "title": "Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military" }, "related": [], "uuid": "5c16aae9-d253-463b-8bbc-f14402ce77e4", "value": "TrendMicro Confucius APT Aug 2021" }, { "description": "LOLBAS. (2022, April 5). Conhost.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-04-05T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Conhost/" ], "source": "Tidal Cyber", "title": "Conhost.exe" }, "related": [], "uuid": "5ed807c1-15d1-48aa-b497-8cd74fe5b299", "value": "Conhost.exe - LOLBAS Project" }, { "description": "AWS. (2023, June 2). Connect using EC2 Instance Connect. Retrieved June 2, 2023.", "meta": { "date_accessed": "2023-06-02T00:00:00Z", "date_published": "2023-06-02T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html" ], "source": "MITRE", "title": "Connect using EC2 Instance Connect" }, "related": [], "uuid": "deefa5b7-5a28-524c-b500-bc5574aa9920", "value": "EC2 Instance Connect" }, { "description": "docker docs. (n.d.). Containers. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://docs.docker.com/engine/api/v1.41/#tag/Container" ], "source": "MITRE", "title": "Containers" }, "related": [], "uuid": "3475b705-3ab8-401d-bee6-e187c43ad3c2", "value": "Docker Docs Container" }, { "description": "Swisscom & Digital Shadows. (2017, September 6). Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2017-09-06T00:00:00Z", "refs": [ "https://www.digitalshadows.com/blog-and-research/content-delivery-networks-cdns-can-leave-you-exposed-how-you-might-be-affected-and-what-you-can-do-about-it/" ], "source": "MITRE", "title": "Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It" }, "related": [], "uuid": "183a070f-6c8c-46e3-915b-6edc58bb5e91", "value": "DigitalShadows CDN" }, { "description": "Microsoft. (2019, September 5). Content trust in Azure Container Registry. Retrieved October 16, 2019.", "meta": { "date_accessed": "2019-10-16T00:00:00Z", "date_published": "2019-09-05T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust" ], "source": "MITRE", "title": "Content trust in Azure Container Registry" }, "related": [], "uuid": "fcd211a1-ac81-4ebc-b395-c8fa2a4d614a", "value": "Content trust in Azure Container Registry" }, { "description": "Docker. (2019, October 10). Content trust in Docker. Retrieved October 16, 2019.", "meta": { "date_accessed": "2019-10-16T00:00:00Z", "date_published": "2019-10-10T00:00:00Z", "refs": [ "https://docs.docker.com/engine/security/trust/content_trust/" ], "source": "MITRE", "title": "Content trust in Docker" }, "related": [], "uuid": "57691166-5a22-44a0-8724-6b3b19658c3b", "value": "Content trust in Docker" }, { "description": "DFIR Report. (2021, November 29). CONTInuing the Bazar Ransomware Story. Retrieved September 29, 2022.", "meta": { "date_accessed": "2022-09-29T00:00:00Z", "date_published": "2021-11-29T00:00:00Z", "refs": [ "https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/" ], "source": "MITRE", "title": "CONTInuing the Bazar Ransomware Story" }, "related": [], "uuid": "a6f1a15d-448b-41d4-81f0-ee445cba83bd", "value": "DFIR Conti Bazar Nov 2021" }, { "description": "Rochberger, L. (2021, January 12). Cybereason vs. Conti Ransomware. Retrieved February 17, 2021.", "meta": { "date_accessed": "2021-02-17T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/cybereason-vs.-conti-ransomware" ], "source": "MITRE", "title": "Conti Ransomware" }, "related": [], "uuid": "3c0e82a2-41ab-4e63-ac10-bd691c786234", "value": "Cybereason Conti Jan 2021" }, { "description": "Cybleinc. (2021, January 21). Conti Ransomware Resurfaces, Targeting Government & Large Organizations. Retrieved April 13, 2021.", "meta": { "date_accessed": "2021-04-13T00:00:00Z", "date_published": "2021-01-21T00:00:00Z", "refs": [ "https://cybleinc.com/2021/01/21/conti-ransomware-resurfaces-targeting-government-large-organizations/" ], "source": "MITRE", "title": "Conti Ransomware Resurfaces, Targeting Government & Large Organizations" }, "related": [], "uuid": "5ef0ad9d-f34d-4771-a595-7ee4994f6c91", "value": "Cybleinc Conti January 2020" }, { "description": "LOLBAS. (2018, May 25). Control.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Control/" ], "source": "Tidal Cyber", "title": "Control.exe" }, "related": [], "uuid": "d0c821b9-7d37-4158-89fa-0dabe6e06800", "value": "Control.exe - LOLBAS Project" }, { "description": "Wikipedia. (2018, January 11). Control-flow integrity. Retrieved March 12, 2018.", "meta": { "date_accessed": "2018-03-12T00:00:00Z", "date_published": "2018-01-11T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Control-flow_integrity" ], "source": "MITRE", "title": "Control-flow integrity" }, "related": [], "uuid": "a9b2f525-d812-4dea-b4a6-c0d057d5f071", "value": "Wikipedia Control Flow Integrity" }, { "description": "The Kubernetes Authors. (n.d.). Controlling Access to The Kubernetes API. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://kubernetes.io/docs/concepts/security/controlling-access/" ], "source": "MITRE", "title": "Controlling Access to The Kubernetes API" }, "related": [], "uuid": "fd4577b6-0085-44c0-b4c3-4d66dcb39fe7", "value": "Kubernetes API Control Access" }, { "description": "Bernardino, J. (2013, December 17). Control Panel Files Used As Malicious Attachments. Retrieved January 18, 2018.", "meta": { "date_accessed": "2018-01-18T00:00:00Z", "date_published": "2013-12-17T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/control-panel-files-used-as-malicious-attachments/" ], "source": "MITRE", "title": "Control Panel Files Used As Malicious Attachments" }, "related": [], "uuid": "fd38f1fd-37e9-4173-b319-3f92c2743055", "value": "TrendMicro CPL Malware Dec 2013" }, { "description": "Robertson, K. (2016, August 28). Conveigh. Retrieved November 17, 2017.", "meta": { "date_accessed": "2017-11-17T00:00:00Z", "date_published": "2016-08-28T00:00:00Z", "refs": [ "https://github.com/Kevin-Robertson/Conveigh" ], "source": "MITRE", "title": "Conveigh" }, "related": [], "uuid": "4deb8c8e-2da1-4634-bf04-5ccf620a2143", "value": "GitHub Conveigh" }, { "description": "Butterworth, J. (2013, July 30). Copernicus: Question Your Assumptions about BIOS Security. Retrieved December 11, 2015.", "meta": { "date_accessed": "2015-12-11T00:00:00Z", "date_published": "2013-07-30T00:00:00Z", "refs": [ "http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about" ], "source": "MITRE", "title": "Copernicus: Question Your Assumptions about BIOS Security" }, "related": [], "uuid": "55d139fe-f5e5-4b5e-9123-8133b459ea72", "value": "MITRE Copernicus" }, { "description": "Secureworks. (n.d.). COPPER FIELDSTONE. Retrieved October 6, 2021.", "meta": { "date_accessed": "2021-10-06T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/copper-fieldstone" ], "source": "MITRE", "title": "COPPER FIELDSTONE" }, "related": [], "uuid": "d7f5f154-3638-47c1-8e1e-a30a6504a735", "value": "Secureworks COPPER FIELDSTONE Profile" }, { "description": "Microsoft. (n.d.). Copy. Retrieved April 26, 2016.", "meta": { "date_accessed": "2016-04-26T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490886.aspx" ], "source": "MITRE", "title": "Copy" }, "related": [], "uuid": "4e0d4b94-6b4c-4104-86e6-499b6aa7ba78", "value": "TechNet Copy" }, { "description": "Cisco. (2022, August 16). copy - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2022-08-16T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/C_commands.html#wp1068167689" ], "source": "MITRE", "title": "copy - Cisco IOS Configuration Fundamentals Command Reference" }, "related": [], "uuid": "88138372-550f-5da5-be5e-b5ba0fe32f64", "value": "copy_cmd_cisco" }, { "description": "Minerva Labs LTD and ClearSky Cyber Security. (2015, November 23). CopyKittens Attack Group. Retrieved September 11, 2017.", "meta": { "date_accessed": "2017-09-11T00:00:00Z", "date_published": "2015-11-23T00:00:00Z", "refs": [ "https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf" ], "source": "MITRE", "title": "CopyKittens Attack Group" }, "related": [], "uuid": "04e3ce40-5487-4931-98db-f55da83f412e", "value": "CopyKittens Nov 2015" }, { "description": "LOLBAS. (2020, October 9). coregen.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-10-09T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Coregen/" ], "source": "Tidal Cyber", "title": "coregen.exe" }, "related": [], "uuid": "f24d4cf5-9ca9-46bd-bd43-86b37e2a638a", "value": "coregen.exe - LOLBAS Project" }, { "description": "Apple. (n.d.). Core Services. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "refs": [ "https://developer.apple.com/documentation/coreservices" ], "source": "MITRE", "title": "Core Services" }, "related": [], "uuid": "0ef05e47-1305-4715-a677-67f1b55b24a3", "value": "Apple Core Services" }, { "description": "MSRC Team. (2019, August 5). Corporate IoT – a path to intrusion. Retrieved August 16, 2019.", "meta": { "date_accessed": "2019-08-16T00:00:00Z", "date_published": "2019-08-05T00:00:00Z", "refs": [ "https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/" ], "source": "MITRE", "title": "Corporate IoT – a path to intrusion" }, "related": [], "uuid": "7efd3c8d-5e69-4b6f-8edb-9186abdf0e1a", "value": "Microsoft STRONTIUM Aug 2019" }, { "description": "Palo Alto Networks. (2021, November 24). Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe. Retrieved December 7, 2021.", "meta": { "date_accessed": "2021-12-07T00:00:00Z", "date_published": "2021-11-24T00:00:00Z", "refs": [ "https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-analytics-alert-reference/cortex-xdr-analytics-alert-reference/uncommon-arp-cache-listing-via-arp-exe.html" ], "source": "MITRE", "title": "Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe" }, "related": [], "uuid": "96ce4324-57d2-422b-8403-f5d4f3ce410c", "value": "Palo Alto ARP" }, { "description": "F-Secure Labs. (2014, July). COSMICDUKE Cosmu with a twist of MiniDuke. Retrieved July 3, 2014.", "meta": { "date_accessed": "2014-07-03T00:00:00Z", "date_published": "2014-07-01T00:00:00Z", "refs": [ "https://blog.f-secure.com/wp-content/uploads/2019/10/CosmicDuke.pdf" ], "source": "MITRE", "title": "COSMICDUKE Cosmu with a twist of MiniDuke" }, "related": [], "uuid": "d0d5ecbe-1051-4ceb-b558-b8b451178358", "value": "F-Secure Cosmicduke" }, { "description": "Costin Raiu. (2020, October 2). Costin Raiu Twitter IAmTheKing SlothfulMedia. Retrieved November 16, 2020.", "meta": { "date_accessed": "2020-11-16T00:00:00Z", "date_published": "2020-10-02T00:00:00Z", "refs": [ "https://twitter.com/craiu/status/1311920398259367942" ], "source": "MITRE", "title": "Costin Raiu Twitter IAmTheKing SlothfulMedia" }, "related": [], "uuid": "2be88843-ed3a-460e-87c1-85aa50e827c8", "value": "Costin Raiu IAmTheKing October 2020" }, { "description": "Bash, A. (2021, October 14). Countering threats from Iran. Retrieved January 4, 2023.", "meta": { "date_accessed": "2023-01-04T00:00:00Z", "date_published": "2021-10-14T00:00:00Z", "refs": [ "https://blog.google/threat-analysis-group/countering-threats-iran/" ], "source": "MITRE", "title": "Countering threats from Iran" }, "related": [], "uuid": "6d568141-eb54-5001-b880-ae8ac1156746", "value": "Google Iran Threats October 2021" }, { "description": "Brumaghin, E. and Grady, C.. (2017, March 2). Covert Channels and Poor Decisions: The Tale of DNSMessenger. Retrieved March 8, 2017.", "meta": { "date_accessed": "2017-03-08T00:00:00Z", "date_published": "2017-03-02T00:00:00Z", "refs": [ "http://blog.talosintelligence.com/2017/03/dnsmessenger.html" ], "source": "MITRE", "title": "Covert Channels and Poor Decisions: The Tale of DNSMessenger" }, "related": [], "uuid": "49f22ba2-5aca-4204-858e-c2499a7050ae", "value": "Cisco DNSMessenger March 2017" }, { "description": "Kimayong, P. (2020, June 18). COVID-19 and FMLA Campaigns used to install new IcedID banking malware. Retrieved July 14, 2020.", "meta": { "date_accessed": "2020-07-14T00:00:00Z", "date_published": "2020-06-18T00:00:00Z", "refs": [ "https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedid-banking-malware" ], "source": "MITRE", "title": "COVID-19 and FMLA Campaigns used to install new IcedID banking malware" }, "related": [], "uuid": "426886d0-cdf2-4af7-a0e4-366c1b0a1942", "value": "Juniper IcedID June 2020" }, { "description": "PT ESC Threat Intelligence. (2020, June 4). COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group. Retrieved March 2, 2021.", "meta": { "date_accessed": "2021-03-02T00:00:00Z", "date_published": "2020-06-04T00:00:00Z", "refs": [ "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/" ], "source": "MITRE, Tidal Cyber", "title": "COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group" }, "related": [], "uuid": "cf8f3d9c-0d21-4587-a707-46848a15bd46", "value": "PTSecurity Higaisa 2020" }, { "description": "F-Secure Labs. (2015, April 22). CozyDuke: Malware Analysis. Retrieved December 10, 2015.", "meta": { "date_accessed": "2015-12-10T00:00:00Z", "date_published": "2015-04-22T00:00:00Z", "refs": [ "https://www.f-secure.com/documents/996508/1030745/CozyDuke" ], "source": "MITRE", "title": "CozyDuke: Malware Analysis" }, "related": [], "uuid": "08e1d233-0580-484e-b737-af091e2aa9ea", "value": "F-Secure CozyDuke" }, { "description": "Mercês, F. (2014, January 27). CPL Malware - Malicious Control Panel Items. Retrieved January 18, 2018.", "meta": { "date_accessed": "2018-01-18T00:00:00Z", "date_published": "2014-01-27T00:00:00Z", "refs": [ "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf" ], "source": "MITRE", "title": "CPL Malware - Malicious Control Panel Items" }, "related": [], "uuid": "9549f9b6-b771-4500-bd82-426c7abdfd8f", "value": "TrendMicro CPL Malware Jan 2014" }, { "description": "Merces, F. (2014). CPL Malware Malicious Control Panel Items. Retrieved November 1, 2017.", "meta": { "date_accessed": "2017-11-01T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf" ], "source": "MITRE", "title": "CPL Malware Malicious Control Panel Items" }, "related": [], "uuid": "d90a33aa-8f20-49cb-aa27-771249cb65eb", "value": "Trend Micro CPL" }, { "description": "Thomas, W. (2022, October 5). Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground. Retrieved February 6, 2023.", "meta": { "date_accessed": "2023-02-06T00:00:00Z", "date_published": "2022-10-05T00:00:00Z", "refs": [ "https://www.sans.org/blog/cracked-brute-ratel-c4-framework-proliferates-across-the-cybercriminal-underground/" ], "source": "MITRE", "title": "Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground" }, "related": [], "uuid": "9544e762-6f72-59e7-8384-5bbef13bfe96", "value": "SANS Brute Ratel October 2022" }, { "description": "Jeff Warren. (2019, June 27). Cracking Active Directory Passwords with AS-REP Roasting. Retrieved August 24, 2020.", "meta": { "date_accessed": "2020-08-24T00:00:00Z", "date_published": "2019-06-27T00:00:00Z", "refs": [ "https://blog.stealthbits.com/cracking-active-directory-passwords-with-as-rep-roasting/" ], "source": "MITRE", "title": "Cracking Active Directory Passwords with AS-REP Roasting" }, "related": [], "uuid": "3af06034-8384-4de8-9356-e9aaa35b95a2", "value": "Stealthbits Cracking AS-REP Roasting Jun 2019" }, { "description": "Metcalf, S. (2015, December 31). Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain. Retrieved March 22, 2018.", "meta": { "date_accessed": "2018-03-22T00:00:00Z", "date_published": "2015-12-31T00:00:00Z", "refs": [ "https://adsecurity.org/?p=2293" ], "source": "MITRE", "title": "Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain" }, "related": [], "uuid": "1b018fc3-515a-4ec4-978f-6d5649ceb0c5", "value": "AdSecurity Cracking Kerberos Dec 2015" }, { "description": "Dragos Inc.. (2017, June 13). CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Retrieved December 18, 2020.", "meta": { "date_accessed": "2020-12-18T00:00:00Z", "date_published": "2017-06-13T00:00:00Z", "refs": [ "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf" ], "source": "MITRE", "title": "CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations" }, "related": [], "uuid": "c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce", "value": "Dragos Crashoverride 2017" }, { "description": "Unit 42. (n.d.). Crawling Taurus. Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://unit42.paloaltonetworks.com/atoms/crawling-taurus/" ], "source": "Tidal Cyber", "title": "Crawling Taurus" }, "related": [], "uuid": "75098b2c-4928-4e3f-9bcc-b4f6b8de96f8", "value": "Unit 42 ATOM Crawling Taurus" }, { "description": "Microsoft. (2021, August 23). Create a managed image of a generalized VM in Azure. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "date_published": "2021-08-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource" ], "source": "MITRE", "title": "Create a managed image of a generalized VM in Azure" }, "related": [], "uuid": "5317c625-d0be-45eb-9321-0cc9aa295cc9", "value": "Microsoft Image" }, { "description": "Microsoft. (2021, September 16). Create a snapshot of a virtual hard disk. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "date_published": "2021-09-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/virtual-machines/linux/snapshot-copy-managed-disk" ], "source": "MITRE", "title": "Create a snapshot of a virtual hard disk" }, "related": [], "uuid": "693549da-d9b9-4b67-a1bb-c8ea4a099842", "value": "Microsoft Snapshot" }, { "description": "Brower, N., Lich, B. (2017, April 19). Create a token object. Retrieved December 19, 2017.", "meta": { "date_accessed": "2017-12-19T00:00:00Z", "date_published": "2017-04-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/device-security/security-policy-settings/create-a-token-object" ], "source": "MITRE", "title": "Create a token object" }, "related": [], "uuid": "d36d4f06-007e-4ff0-8660-4c65721d0b92", "value": "Microsoft Create Token" }, { "description": "Google. (n.d.). Create Cloud Identity user accounts. Retrieved January 29, 2020.", "meta": { "date_accessed": "2020-01-29T00:00:00Z", "refs": [ "https://support.google.com/cloudidentity/answer/7332836?hl=en&ref_topic=7558554" ], "source": "MITRE", "title": "Create Cloud Identity user accounts" }, "related": [], "uuid": "e91748b2-1432-4203-a1fe-100aa70458d2", "value": "GCP Create Cloud Identity Users" }, { "description": "LOLBAS. (2022, January 20). Createdump.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-01-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Createdump/" ], "source": "Tidal Cyber", "title": "Createdump.exe" }, "related": [], "uuid": "f3ccacc1-3b42-4042-9a5c-f5b483a5e801", "value": "Createdump.exe - LOLBAS Project" }, { "description": "Google Cloud. (n.d.). Create IAM policies. Retrieved July 14, 2023.", "meta": { "date_accessed": "2023-07-14T00:00:00Z", "refs": [ "https://cloud.google.com/kubernetes-engine/docs/how-to/iam" ], "source": "MITRE", "title": "Create IAM policies" }, "related": [], "uuid": "e8ee3ac6-ae7c-5fd3-a339-b579a419dd96", "value": "Google Cloud Kubernetes IAM" }, { "description": "Microsoft. (n.d.). CreateProcess function. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "refs": [ "http://msdn.microsoft.com/en-us/library/ms682425" ], "source": "MITRE", "title": "CreateProcess function" }, "related": [], "uuid": "aa336e3a-464d-48ce-bebb-760b73764610", "value": "Microsoft CreateProcess" }, { "description": "Microsoft . (n.d.). Create subscription. Retrieved August 4, 2023.", "meta": { "date_accessed": "2023-08-04T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions" ], "source": "MITRE", "title": "Create subscription" }, "related": [], "uuid": "1331b524-7d6f-59d9-a2bd-78ff7b3e371f", "value": "Microsoft CLI Create Subscription" }, { "description": "Microsoft. (2021, October 28). Create symbolic links. Retrieved April 27, 2022.", "meta": { "date_accessed": "2022-04-27T00:00:00Z", "date_published": "2021-10-28T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links" ], "source": "MITRE", "title": "Create symbolic links" }, "related": [], "uuid": "06bfdf8f-8671-47f7-9d0c-baf234c7ae96", "value": "create_sym_links" }, { "description": "Google. (2020, April 23). Creating and Starting a VM instance. Retrieved May 1, 2020.", "meta": { "date_accessed": "2020-05-01T00:00:00Z", "date_published": "2020-04-23T00:00:00Z", "refs": [ "https://cloud.google.com/compute/docs/instances/create-start-instance#api_2" ], "source": "MITRE", "title": "Creating and Starting a VM instance" }, "related": [], "uuid": "c1b87a56-115a-46d7-9117-80442091ac3c", "value": "GCP - Creating and Starting a VM" }, { "description": "AWS. (n.d.). Creating an IAM User in Your AWS Account. Retrieved January 29, 2020.", "meta": { "date_accessed": "2020-01-29T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html" ], "source": "MITRE", "title": "Creating an IAM User in Your AWS Account" }, "related": [], "uuid": "bb474e88-b7bb-4b92-837c-95fe7bdd03f7", "value": "AWS Create IAM User" }, { "description": "Free Software Foundation, Inc.. (2020, June 18). Creating a Process. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "date_published": "2020-06-18T00:00:00Z", "refs": [ "https://www.gnu.org/software/libc/manual/html_node/Creating-a-Process.html" ], "source": "MITRE", "title": "Creating a Process" }, "related": [], "uuid": "c46331cb-328a-46e3-89c4-e43fa345d6e8", "value": "GNU Fork" }, { "description": "Apple. (n.d.). Creating Launch Daemons and Agents. Retrieved July 10, 2017.", "meta": { "date_accessed": "2017-07-10T00:00:00Z", "refs": [ "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html" ], "source": "MITRE", "title": "Creating Launch Daemons and Agents" }, "related": [], "uuid": "310d18f8-6f9a-48b7-af12-6b921209d1ab", "value": "AppleDocs Launch Agent Daemons" }, { "description": "Microsoft. (2005, January 21). Creating logon scripts. Retrieved April 27, 2016.", "meta": { "date_accessed": "2016-04-27T00:00:00Z", "date_published": "2005-01-21T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx" ], "source": "MITRE", "title": "Creating logon scripts" }, "related": [], "uuid": "896cf5dd-3fe7-44ab-bbaf-d8b2b9980dca", "value": "TechNet Logon Scripts" }, { "description": "Google Cloud. (2022, March 31). Creating short-lived service account credentials. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2022-03-31T00:00:00Z", "refs": [ "https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials" ], "source": "MITRE", "title": "Creating short-lived service account credentials" }, "related": [], "uuid": "c4befa09-3c7f-49f3-bfcc-4fcbb7bace22", "value": "Google Cloud Service Account Credentials" }, { "description": "Apple. (2016, September 9). Creating XPC Services. Retrieved April 19, 2022.", "meta": { "date_accessed": "2022-04-19T00:00:00Z", "date_published": "2016-09-09T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html#//apple_ref/doc/uid/10000172i-SW6-SW1" ], "source": "MITRE", "title": "Creating XPC Services" }, "related": [], "uuid": "029acdee-95d6-47a7-86de-0f6b925cef9c", "value": "creatingXPCservices" }, { "description": "Flathers, R. (2018, February 19). creddump7. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2018-02-19T00:00:00Z", "refs": [ "https://github.com/Neohapsis/creddump7" ], "source": "MITRE", "title": "creddump7" }, "related": [], "uuid": "276975da-7b5f-49aa-975e-4ac9bc527cf2", "value": "GitHub Creddump7" }, { "description": "Microsoft Threat Intelligence. (2023, June 21). Credential Attacks. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "date_published": "2023-06-21T00:00:00Z", "refs": [ "https://twitter.com/MsftSecIntel/status/1671579359994343425" ], "source": "MITRE", "title": "Credential Attacks" }, "related": [], "uuid": "5af0008b-0ced-5d1d-bbc9-6c9d60835071", "value": "Microsoft Midnight Blizzard Replay Attack" }, { "description": "Intel_Acquisition_Team. (2018, March 1). Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection. Retrieved July 20, 2018.", "meta": { "date_accessed": "2018-07-20T00:00:00Z", "date_published": "2018-03-01T00:00:00Z", "refs": [ "https://forum.anomali.com/t/credential-harvesting-and-malicious-file-delivery-using-microsoft-office-template-injection/2104" ], "source": "MITRE", "title": "Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection" }, "related": [], "uuid": "3cdeb2a2-9582-4725-a132-6503dbe04e1d", "value": "Anomali Template Injection MAR 2018" }, { "description": "Microsoft. (2013, October 23). Credential Locker Overview. Retrieved November 24, 2020.", "meta": { "date_accessed": "2020-11-24T00:00:00Z", "date_published": "2013-10-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj554668(v=ws.11)?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Credential Locker Overview" }, "related": [], "uuid": "77505354-bb08-464c-9176-d0015a62c7c9", "value": "Microsoft Credential Locker" }, { "description": "Microsoft. (2018, December 5). CredEnumarateA function (wincred.h). Retrieved November 24, 2020.", "meta": { "date_accessed": "2020-11-24T00:00:00Z", "date_published": "2018-12-05T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/api/wincred/nf-wincred-credenumeratea" ], "source": "MITRE", "title": "CredEnumarateA function (wincred.h)" }, "related": [], "uuid": "ec3e7b3f-99dd-4f2f-885b-09d66b01fe3e", "value": "Microsoft CredEnumerate" }, { "description": "Max Goncharov. (2015, July 15). Criminal Hideouts for Lease: Bulletproof Hosting Services. Retrieved March 6, 2017.", "meta": { "date_accessed": "2017-03-06T00:00:00Z", "date_published": "2015-07-15T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/wp/wp-criminal-hideouts-for-lease.pdf" ], "source": "MITRE", "title": "Criminal Hideouts for Lease: Bulletproof Hosting Services" }, "related": [], "uuid": "527de869-3c76-447c-98c4-c37a2acf75e2", "value": "TrendmicroHideoutsLease" }, { "description": "Hurley, S. (2021, December 7). Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes. Retrieved January 26, 2022.", "meta": { "date_accessed": "2022-01-26T00:00:00Z", "date_published": "2021-12-07T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/" ], "source": "MITRE", "title": "Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes" }, "related": [], "uuid": "54b5d8af-21f0-4d1c-ada8-b87db85dd742", "value": "doppelpaymer_crowdstrike" }, { "description": "Team Huntress. (2023, April 21). Critical Vulnerabilities in PaperCut Print Management Software. Retrieved May 8, 2023.", "meta": { "date_accessed": "2023-05-08T00:00:00Z", "date_published": "2023-04-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.huntress.com/blog/critical-vulnerabilities-in-papercut-print-management-software" ], "source": "Tidal Cyber", "title": "Critical Vulnerabilities in PaperCut Print Management Software" }, "related": [], "uuid": "874f40f9-146d-4a52-93fd-9b2e7981b6da", "value": "Critical Vulnerabilities in PaperCut Print Management Software" }, { "description": "Paganini, P. (2019, July 7). Croatia government agencies targeted with news SilentTrinity malware. Retrieved March 23, 2022.", "meta": { "date_accessed": "2022-03-23T00:00:00Z", "date_published": "2019-07-07T00:00:00Z", "refs": [ "https://securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html" ], "source": "MITRE", "title": "Croatia government agencies targeted with news SilentTrinity malware" }, "related": [], "uuid": "b4945fc0-b89b-445c-abfb-14959deba3d0", "value": "Security Affairs SILENTTRINITY July 2019" }, { "description": "Paul Vixie. (n.d.). crontab(5) - Linux man page. Retrieved December 19, 2017.", "meta": { "date_accessed": "2017-12-19T00:00:00Z", "refs": [ "https://linux.die.net/man/5/crontab" ], "source": "MITRE", "title": "crontab(5) - Linux man page" }, "related": [], "uuid": "0339c2ab-7a08-4976-90eb-1637c23c5644", "value": "Die.net Linux crontab Man Page" }, { "description": "Bingham, J. (2013, February 11). Cross-Platform Frutas RAT Builder and Back Door. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2013-02-11T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/cross-platform-frutas-rat-builder-and-back-door" ], "source": "MITRE", "title": "Cross-Platform Frutas RAT Builder and Back Door" }, "related": [], "uuid": "8d9f88be-9ddf-485b-9333-7e41704ec64f", "value": "Symantec Frutas Feb 2013" }, { "description": "Kervella, R. (2019, August 4). Cross-platform General Purpose Implant Framework Written in Golang. Retrieved July 30, 2021.", "meta": { "date_accessed": "2021-07-30T00:00:00Z", "date_published": "2019-08-04T00:00:00Z", "refs": [ "https://labs.bishopfox.com/tech-blog/sliver" ], "source": "MITRE", "title": "Cross-platform General Purpose Implant Framework Written in Golang" }, "related": [], "uuid": "51e67e37-2d61-4228-999b-bec6f80cf106", "value": "Bishop Fox Sliver Framework August 2019" }, { "description": "Crowdstrike. (2013, October 16). CrowdCasts Monthly: You Have an Adversary Problem. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2013-10-16T00:00:00Z", "refs": [ "https://www.slideshare.net/CrowdStrike/crowd-casts-monthly-you-have-an-adversary-problem" ], "source": "MITRE", "title": "CrowdCasts Monthly: You Have an Adversary Problem" }, "related": [], "uuid": "2062a229-58b3-4610-99cb-8907e7fbb350", "value": "Crowdstrike CrowdCast Oct 2013" }, { "description": "CrowdStrike. (2018, February 26). CrowdStrike 2018 Global Threat Report. Retrieved October 10, 2018.", "meta": { "date_accessed": "2018-10-10T00:00:00Z", "date_published": "2018-02-26T00:00:00Z", "refs": [ "https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report" ], "source": "MITRE", "title": "CrowdStrike 2018 Global Threat Report" }, "related": [], "uuid": "6c1ace5b-66b2-4c56-9301-822aad2c3c16", "value": "Crowdstrike Global Threat Report Feb 2018" }, { "description": "CrowdStrike. (2021, June 7). CrowdStrike 2021 Global Threat Report. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2021-06-07T00:00:00Z", "refs": [ "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf" ], "source": "MITRE", "title": "CrowdStrike 2021 Global Threat Report" }, "related": [], "uuid": "ec58e524-6de5-4cbb-a5d3-984b9b652f26", "value": "CrowdStrike GTR 2021 June 2021" }, { "description": "CrowdStrike. (2022, June 01). CrowdStrike Adversary Carbon Spider. Retrieved June 01, 2022.", "meta": { "date_accessed": "2022-06-01T00:00:00Z", "refs": [ "https://adversary.crowdstrike.com/en-US/adversary/carbon-spider/" ], "source": "Tidal Cyber", "title": "CrowdStrike Adversary Carbon Spider" }, "related": [], "uuid": "9e28d375-c4a7-405f-9fff-7374c19f3af7", "value": "CrowdStrike Adversary Carbon Spider" }, { "description": "CrowdStrike. (2022, May 4). CrowdStrike Adversary Cozy Bear. Retrieved May 4, 2022.", "meta": { "date_accessed": "2022-05-04T00:00:00Z", "refs": [ "https://adversary.crowdstrike.com/en-US/adversary/cozy-bear/" ], "source": "Tidal Cyber", "title": "CrowdStrike Adversary Cozy Bear" }, "related": [], "uuid": "0998ad7a-b4aa-44af-a665-dc58a3a6f800", "value": "CrowdStrike Adversary Cozy Bear" }, { "description": "CrowdStrike. (2022, February 1). CrowdStrike Adversary Labyrinth Chollima. Retrieved February 1, 2022.", "meta": { "date_accessed": "2022-02-01T00:00:00Z", "date_published": "2022-02-01T00:00:00Z", "refs": [ "https://web.archive.org/web/20210723190317/https://adversary.crowdstrike.com/en-US/adversary/labyrinth-chollima/" ], "source": "MITRE", "title": "CrowdStrike Adversary Labyrinth Chollima" }, "related": [], "uuid": "ffe31bbf-a40d-4285-96a0-53c54298a680", "value": "CrowdStrike Labyrinth Chollima Feb 2022" }, { "description": "CrowdStrike. (2022, June 25). CrowdStrike Adversary Ocean Bufallo. Retrieved June 25, 2022.", "meta": { "date_accessed": "2022-06-25T00:00:00Z", "refs": [ "https://adversary.crowdstrike.com/en-US/adversary/ocean-buffalo/" ], "source": "Tidal Cyber", "title": "CrowdStrike Adversary Ocean Buffalo" }, "related": [], "uuid": "466795cb-0269-4d0c-a48c-d71e9dfd9a3c", "value": "CrowdStrike Adversary Ocean Buffalo" }, { "description": "CrowdStrike. (2022, May 4). CrowdStrike Adversary Venomous Bear. Retrieved May 4, 2022.", "meta": { "date_accessed": "2022-05-04T00:00:00Z", "refs": [ "https://adversary.crowdstrike.com/en-US/adversary/venomous-bear/" ], "source": "Tidal Cyber", "title": "CrowdStrike Adversary Venomous Bear" }, "related": [], "uuid": "8c04f2b8-74ba-44a5-9580-96eabdbbcda9", "value": "CrowdStrike Adversary Venomous Bear" }, { "description": "CrowdStrike. (2022, June 23). CrowdStrike Adversary Wizard Spider. Retrieved June 23, 2022.", "meta": { "date_accessed": "2022-06-23T00:00:00Z", "refs": [ "https://adversary.crowdstrike.com/en-US/adversary/wizard-spider/" ], "source": "Tidal Cyber", "title": "CrowdStrike Adversary Wizard Spider" }, "related": [], "uuid": "05f382c4-5163-49e0-a8a0-cf3a5992ef18", "value": "CrowdStrike Adversary Wizard Spider" }, { "description": "Thomas, W. et al. (2022, February 25). CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2022-02-25T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/" ], "source": "MITRE", "title": "CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks" }, "related": [], "uuid": "4f01e901-58f8-4fdb-ac8c-ef4b6bfd068e", "value": "Crowdstrike DriveSlayer February 2022" }, { "description": "Crowdstrike Global Intelligence Team. (2014, June 9). CrowdStrike Intelligence Report: Putter Panda. Retrieved January 22, 2016.", "meta": { "date_accessed": "2016-01-22T00:00:00Z", "date_published": "2014-06-09T00:00:00Z", "refs": [ "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf" ], "source": "MITRE, Tidal Cyber", "title": "CrowdStrike Intelligence Report: Putter Panda" }, "related": [], "uuid": "413962d0-bd66-4000-a077-38c2677995d1", "value": "CrowdStrike Putter Panda" }, { "description": "Cimpanu, C.. (2016, September 9). Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives. Retrieved October 12, 2016.", "meta": { "date_accessed": "2016-10-12T00:00:00Z", "date_published": "2016-09-09T00:00:00Z", "refs": [ "http://news.softpedia.com/news/cryptocurrency-mining-malware-discovered-targeting-seagate-nas-hard-drives-508119.shtml" ], "source": "MITRE", "title": "Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives" }, "related": [], "uuid": "087b9bf1-bd9e-4cd6-a386-d9d2c812c927", "value": "Softpedia MinerC" }, { "description": "Microsoft Threat Intelligence. (2023, July 25). Cryptojacking: Understanding and defending against cloud compute resource abuse. Retrieved September 5, 2023.", "meta": { "date_accessed": "2023-09-05T00:00:00Z", "date_published": "2023-07-25T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defending-against-cloud-compute-resource-abuse/" ], "source": "MITRE", "title": "Cryptojacking: Understanding and defending against cloud compute resource abuse" }, "related": [], "uuid": "e2dbc963-b913-5a44-bb61-88a3f0d8d8a3", "value": "Microsoft Cryptojacking 2023" }, { "description": "Microsoft. (2018, April 12). CryptUnprotectData function. Retrieved June 18, 2019.", "meta": { "date_accessed": "2019-06-18T00:00:00Z", "date_published": "2018-04-12T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/desktop/api/dpapi/nf-dpapi-cryptunprotectdata" ], "source": "MITRE", "title": "CryptUnprotectData function" }, "related": [], "uuid": "258088ae-96c2-4520-8eb5-1a7e540a9a24", "value": "Microsoft CryptUnprotectData April 2018" }, { "description": "LOLBAS. (2018, May 25). Csc.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Csc/" ], "source": "Tidal Cyber", "title": "Csc.exe" }, "related": [], "uuid": "276c9e55-4673-426d-8f49-06edee2e3b30", "value": "Csc.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Cscript.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Cscript/" ], "source": "Tidal Cyber", "title": "Cscript.exe" }, "related": [], "uuid": "428b6223-63b7-497f-b13a-e472b4583a9f", "value": "Cscript.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). csi.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Csi/" ], "source": "Tidal Cyber", "title": "csi.exe" }, "related": [], "uuid": "b810ee91-de4e-4c7b-8fa8-24dca95133e5", "value": "csi.exe - LOLBAS Project" }, { "description": "Albinowax Timo Goosen. (n.d.). CSV Injection. Retrieved February 7, 2022.", "meta": { "date_accessed": "2022-02-07T00:00:00Z", "refs": [ "https://owasp.org/www-community/attacks/CSV_Injection" ], "source": "MITRE", "title": "CSV Injection" }, "related": [], "uuid": "0cdde66c-a7ae-48a2-8ade-067643de304d", "value": "OWASP CSV Injection" }, { "description": "Microsoft. (n.d.). CurrentControlSet\\Services Subkey Entries. Retrieved November 30, 2014.", "meta": { "date_accessed": "2014-11-30T00:00:00Z", "refs": [ "http://support.microsoft.com/KB/103000" ], "source": "MITRE", "title": "CurrentControlSet\\Services Subkey Entries" }, "related": [], "uuid": "be233077-7bb4-48be-aecf-03258931527d", "value": "Microsoft Subkey" }, { "description": "MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2020-12-13T00:00:00Z", "refs": [ "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/" ], "source": "MITRE", "title": "Customer Guidance on Recent Nation-State Cyber Attacks" }, "related": [], "uuid": "b486ae40-a854-4998-bf1b-aaf6ea2047ed", "value": "Microsoft SolarWinds Customer Guidance" }, { "description": "MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 30, 2020.", "meta": { "date_accessed": "2020-12-30T00:00:00Z", "date_published": "2020-12-13T00:00:00Z", "refs": [ "https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/" ], "source": "MITRE", "title": "Customer Guidance on Recent Nation-State Cyber Attacks" }, "related": [], "uuid": "47031992-841f-4ef4-87c6-bb4c077fb8dc", "value": "Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks" }, { "description": "Apple. (2016, September 13). Customizing Login and Logout. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2016-09-13T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CustomLogin.html" ], "source": "MITRE", "title": "Customizing Login and Logout" }, "related": [], "uuid": "9c0094b6-a8e3-4f4d-8d2e-33b408d44a06", "value": "Login Scripts Apple Dev" }, { "description": "Microsoft. (n.d.). Customizing the Desktop. Retrieved December 5, 2017.", "meta": { "date_accessed": "2017-12-05T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/cc938799.aspx" ], "source": "MITRE", "title": "Customizing the Desktop" }, "related": [], "uuid": "7cf8056e-6d3b-4930-9d2c-160d7d9636ac", "value": "TechNet Screensaver GP" }, { "description": "LOLBAS. (2021, November 14). CustomShellHost.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-11-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/CustomShellHost/" ], "source": "Tidal Cyber", "title": "CustomShellHost.exe" }, "related": [], "uuid": "96324ab1-7eb8-42dc-b19a-fa1d9f85e239", "value": "CustomShellHost.exe - LOLBAS Project" }, { "description": "Symantec Security Response. (2012, June 18). CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid). Retrieved February 22, 2018.", "meta": { "date_accessed": "2018-02-22T00:00:00Z", "date_published": "2012-06-18T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/cve-2012-1875-exploited-wild-part-1-trojannaid" ], "source": "MITRE", "title": "CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid)" }, "related": [], "uuid": "e1531171-709c-4043-9e3a-af9e37f3ac57", "value": "Symantec Naid in the Wild June 2012" }, { "description": "National Vulnerability Database. (2017, September 24). CVE-2014-7169 Detail. Retrieved April 3, 2018.", "meta": { "date_accessed": "2018-04-03T00:00:00Z", "date_published": "2017-09-24T00:00:00Z", "refs": [ "https://nvd.nist.gov/vuln/detail/CVE-2014-7169" ], "source": "MITRE", "title": "CVE-2014-7169 Detail" }, "related": [], "uuid": "c3aab918-51c6-4773-8677-a89b27a00eb1", "value": "NVD CVE-2014-7169" }, { "description": "National Vulnerability Database. (2017, February 2). CVE-2016-6662 Detail. Retrieved April 3, 2018.", "meta": { "date_accessed": "2018-04-03T00:00:00Z", "date_published": "2017-02-02T00:00:00Z", "refs": [ "https://nvd.nist.gov/vuln/detail/CVE-2016-6662" ], "source": "MITRE", "title": "CVE-2016-6662 Detail" }, "related": [], "uuid": "1813c26d-da68-4a82-a959-27351dd5e51b", "value": "NVD CVE-2016-6662" }, { "description": "National Vulnerability Database. (2017, June 22). CVE-2017-0176 Detail. Retrieved April 3, 2018.", "meta": { "date_accessed": "2018-04-03T00:00:00Z", "date_published": "2017-06-22T00:00:00Z", "refs": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0176" ], "source": "MITRE", "title": "CVE-2017-0176 Detail" }, "related": [], "uuid": "82602351-0ab0-48d7-90dd-f4536b4d009b", "value": "NVD CVE-2017-0176" }, { "description": "Berry, A., Galang, L., Jiang, G., Leathery, J., Mohandas, R. (2017, April 11). CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler. Retrieved October 27, 2017.", "meta": { "date_accessed": "2017-10-27T00:00:00Z", "date_published": "2017-04-11T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html" ], "source": "MITRE", "title": "CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler" }, "related": [], "uuid": "1876a476-b2ff-4605-a78b-89443d21b063", "value": "FireEye Attacks Leveraging HTA" }, { "description": "Microsoft. (2017, August 8). CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability. Retrieved October 3, 2018.", "meta": { "date_accessed": "2018-10-03T00:00:00Z", "date_published": "2017-08-08T00:00:00Z", "refs": [ "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625" ], "source": "MITRE", "title": "CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability" }, "related": [], "uuid": "402cb526-ef57-4d27-b96b-f98008abe716", "value": "Microsoft CVE-2017-8625 Aug 2017" }, { "description": "National Vulnerability Database. (2019, October 9). CVE-2019-3610 Detail. Retrieved April 14, 2021.", "meta": { "date_accessed": "2021-04-14T00:00:00Z", "date_published": "2019-10-09T00:00:00Z", "refs": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-3610" ], "source": "MITRE", "title": "CVE-2019-3610 Detail" }, "related": [], "uuid": "889b742e-7572-4aad-8944-7f071483b613", "value": "NVD CVE-2019-3610" }, { "description": "Mickey Jin. (2021, June 3). CVE-2021-30724: CVMServer Vulnerability in macOS and iOS. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2021-06-03T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/21/f/CVE-2021-30724_CVMServer_Vulnerability_in_macOS_and_iOS.html" ], "source": "MITRE", "title": "CVE-2021-30724: CVMServer Vulnerability in macOS and iOS" }, "related": [], "uuid": "6f83da0c-d2ce-4923-ba32-c6886eb22587", "value": "CVMServer Vuln" }, { "description": "Manoj Ahuje. (2022, January 31). CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit. Retrieved July 6, 2022.", "meta": { "date_accessed": "2022-07-06T00:00:00Z", "date_published": "2022-01-31T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/cve-2022-0185-kubernetes-container-escape-using-linux-kernel-exploit/" ], "source": "MITRE", "title": "CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit" }, "related": [], "uuid": "84d5f015-9014-417c-b2a9-f650fe19d448", "value": "Crowdstrike Kubernetes Container Escape" }, { "description": "Naim, D.. (2016, September 15). CyberArk Labs: From Safe Mode to Domain Compromise. Retrieved June 23, 2021.", "meta": { "date_accessed": "2021-06-23T00:00:00Z", "date_published": "2016-09-15T00:00:00Z", "refs": [ "https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise" ], "source": "MITRE", "title": "CyberArk Labs: From Safe Mode to Domain Compromise" }, "related": [], "uuid": "bd9c14dd-0e2a-447b-a245-f548734d2400", "value": "CyberArk Labs Safe Mode 2016" }, { "description": "Cyware. (2019, May 29). Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems. Retrieved September 15, 2020.", "meta": { "date_accessed": "2020-09-15T00:00:00Z", "date_published": "2019-05-29T00:00:00Z", "refs": [ "https://cyware.com/news/cyber-attackers-leverage-tunneling-service-to-drop-lokibot-onto-victims-systems-6f610e44" ], "source": "MITRE", "title": "Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems" }, "related": [], "uuid": "583a01b6-cb4e-41e7-aade-ac2fd19bda4e", "value": "Cyware Ngrok May 2019" }, { "description": "Burt, T. (2020, October 28). Cyberattacks target international conference attendees. Retrieved March 8, 2021.", "meta": { "date_accessed": "2021-03-08T00:00:00Z", "date_published": "2020-10-28T00:00:00Z", "refs": [ "https://blogs.microsoft.com/on-the-issues/2020/10/28/cyberattacks-phosphorus-t20-munich-security-conference/" ], "source": "MITRE", "title": "Cyberattacks target international conference attendees" }, "related": [], "uuid": "8986c21c-16a0-4a53-8e37-9935bbbfaa4b", "value": "Microsoft Phosphorus Oct 2020" }, { "description": "Mercer, W., et al. (2017, October 22). \"Cyber Conflict\" Decoy Document Used in Real Cyber Conflict. Retrieved November 2, 2018.", "meta": { "date_accessed": "2018-11-02T00:00:00Z", "date_published": "2017-10-22T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html" ], "source": "MITRE", "title": "\"Cyber Conflict\" Decoy Document Used in Real Cyber Conflict" }, "related": [], "uuid": "2db77619-72df-461f-84bf-2d1c3499a5c0", "value": "Talos Seduploader Oct 2017" }, { "description": "FBI. (2022, December 21). Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-12-21T00:00:00Z", "refs": [ "https://www.ic3.gov/Media/Y2022/PSA221221" ], "source": "MITRE", "title": "Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users" }, "related": [], "uuid": "deea5b42-bfab-50af-8d85-cc04fd317a82", "value": "FBI-search" }, { "description": "CTU. (2018, September 27). Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2018-09-27T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish" ], "source": "MITRE", "title": "Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish" }, "related": [], "uuid": "cda529b2-e152-4ff0-a6b3-d0305b09fef9", "value": "Secureworks GOLD KINGSWOOD September 2018" }, { "description": "Amit Serper. (2016). Cybereason Lab Analysis OSX.Pirrit. Retrieved December 10, 2021.", "meta": { "date_accessed": "2021-12-10T00:00:00Z", "date_published": "2016-01-01T00:00:00Z", "refs": [ "https://cdn2.hubspot.net/hubfs/3354902/Content%20PDFs/Cybereason-Lab-Analysis-OSX-Pirrit-4-6-16.pdf" ], "source": "MITRE", "title": "Cybereason Lab Analysis OSX.Pirrit" }, "related": [], "uuid": "ebdf09ed-6eec-450f-aaea-067504ec25ca", "value": "Cybereason OSX Pirrit" }, { "description": "Cimpanu, C.. (2018, December 5). Cyber-espionage group uses Chrome extension to infect victims. Retrieved August 26, 2019.", "meta": { "date_accessed": "2019-08-26T00:00:00Z", "date_published": "2018-12-05T00:00:00Z", "refs": [ "https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/" ], "source": "MITRE", "title": "Cyber-espionage group uses Chrome extension to infect victims" }, "related": [], "uuid": "b17acdc3-0163-4c98-b5fb-a457a7e6b58d", "value": "Zdnet Kimsuky Dec 2018" }, { "description": "Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017.", "meta": { "date_accessed": "2017-06-18T00:00:00Z", "date_published": "2017-05-14T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html" ], "source": "MITRE, Tidal Cyber", "title": "Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations" }, "related": [], "uuid": "b72d017b-a70f-4003-b3d9-90d79aca812d", "value": "FireEye APT32 May 2017" }, { "description": "Adair, S., Moran, N. (2012, May 15). Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results. Retrieved March 13, 2018.", "meta": { "date_accessed": "2018-03-13T00:00:00Z", "date_published": "2012-05-15T00:00:00Z", "refs": [ "http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-serving-dangerous-results/" ], "source": "MITRE", "title": "Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results" }, "related": [], "uuid": "cf531866-ac3c-4078-b847-5b4af7eb161f", "value": "Shadowserver Strategic Web Compromise" }, { "description": "Cyberknow20. (2022, July 7). CyberKnow Tweet July 7 2022. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2022-07-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://twitter.com/Cyberknow20/status/1545059177587871749" ], "source": "Tidal Cyber", "title": "CyberKnow Tweet July 7 2022" }, "related": [], "uuid": "a37564a4-ff83-4ce0-818e-80750172f302", "value": "CyberKnow Tweet July 7 2022" }, { "description": "NSA/NCSC. (2019, October 21). Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "date_published": "2019-10-21T00:00:00Z", "refs": [ "https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_Turla_20191021%20ver%204%20-%20nsa.gov.pdf" ], "source": "MITRE", "title": "Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims" }, "related": [], "uuid": "3e86a807-5188-4278-9a58-babd23b86410", "value": "NSA NCSC Turla OilRig" }, { "description": "Cybersecurity Resource Center. (n.d.). CYBERSECURITY INCIDENTS. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "refs": [ "https://www.opm.gov/cybersecurity/cybersecurity-incidents/" ], "source": "MITRE", "title": "CYBERSECURITY INCIDENTS" }, "related": [], "uuid": "b67ed4e9-ed44-460a-bd59-c978bdfda32f", "value": "OPM Leak" }, { "description": "ExpressVPN Security Team. (2021, November 16). Cybersecurity lessons: A PATH vulnerability in Windows. Retrieved September 28, 2023.", "meta": { "date_accessed": "2023-09-28T00:00:00Z", "date_published": "2021-11-16T00:00:00Z", "refs": [ "https://www.expressvpn.com/blog/cybersecurity-lessons-a-path-vulnerability-in-windows/" ], "source": "MITRE", "title": "Cybersecurity lessons: A PATH vulnerability in Windows" }, "related": [], "uuid": "26096485-1dd6-512a-a2a1-27dbbfb6fde0", "value": "ExpressVPN PATH env Windows 2021" }, { "description": "NCSC. (2022, February 23). Cyclops Blink Malware Analysis Report. Retrieved March 3, 2022.", "meta": { "date_accessed": "2022-03-03T00:00:00Z", "date_published": "2022-02-23T00:00:00Z", "refs": [ "https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf" ], "source": "MITRE", "title": "Cyclops Blink Malware Analysis Report" }, "related": [], "uuid": "91ed6adf-f066-49e4-8ec7-1989bc6615a6", "value": "NCSC Cyclops Blink February 2022" }, { "description": "Haquebord, F. et al. (2022, March 17). Cyclops Blink Sets Sights on Asus Routers. Retrieved March 17, 2022.", "meta": { "date_accessed": "2022-03-17T00:00:00Z", "date_published": "2022-03-17T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html" ], "source": "MITRE", "title": "Cyclops Blink Sets Sights on Asus Routers" }, "related": [], "uuid": "64e9a24f-f386-4774-9874-063e0ebfb8e1", "value": "Trend Micro Cyclops Blink March 2022" }, { "description": "Gold, B. (2020, April 27). Cynet Detection Report: Ragnar Locker Ransomware. Retrieved June 29, 2020.", "meta": { "date_accessed": "2020-06-29T00:00:00Z", "date_published": "2020-04-27T00:00:00Z", "refs": [ "https://www.cynet.com/blog/cynet-detection-report-ragnar-locker-ransomware/" ], "source": "MITRE", "title": "Cynet Detection Report: Ragnar Locker Ransomware" }, "related": [], "uuid": "aeb637ea-0b83-42a0-8f68-9fdc59aa462a", "value": "Cynet Ragnar Apr 2020" }, { "description": "Microsoft. (2018, May 30). DACLs and ACEs. Retrieved August 19, 2018.", "meta": { "date_accessed": "2018-08-19T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/desktop/secauthz/dacls-and-aces" ], "source": "MITRE", "title": "DACLs and ACEs" }, "related": [], "uuid": "32a250ca-a7eb-4d7f-af38-f3e6a09540e2", "value": "Microsoft DACL May 2018" }, { "description": "Apple. (2016, September 13). Daemons and Services Programming Guide - Creating Launch Daemons and Agents. Retrieved February 24, 2021.", "meta": { "date_accessed": "2021-02-24T00:00:00Z", "date_published": "2016-09-13T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html" ], "source": "MITRE", "title": "Daemons and Services Programming Guide - Creating Launch Daemons and Agents" }, "related": [], "uuid": "41311827-3d81-422a-9b07-ee8ddc2fc7f1", "value": "Apple Developer Doco Archive Launchd" }, { "description": "Huseyin Can Yuceel. (2022, October 24). Daixin Team Targets Healthcare Organizations with Ransomware Attacks. Retrieved December 1, 2023.", "meta": { "date_accessed": "2023-12-01T00:00:00Z", "date_published": "2022-10-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.picussecurity.com/resource/blog/daixin-team-targets-healthcare-organizations-with-ransomware-attacks" ], "source": "Tidal Cyber", "title": "Daixin Team Targets Healthcare Organizations with Ransomware Attacks" }, "related": [], "uuid": "eba3b1b9-d0a0-4c03-8c14-21f7bbcc8a02", "value": "Picus Daixin Team October 24 2022" }, { "description": "Salem, E. (2021, April 19). Dancing With Shellcodes: Cracking the latest version of Guloader. Retrieved July 7, 2021.", "meta": { "date_accessed": "2021-07-07T00:00:00Z", "date_published": "2021-04-19T00:00:00Z", "refs": [ "https://elis531989.medium.com/dancing-with-shellcodes-cracking-the-latest-version-of-guloader-75083fb15cb4" ], "source": "MITRE", "title": "Dancing With Shellcodes: Cracking the latest version of Guloader" }, "related": [], "uuid": "87c5e84a-b96d-489d-aa10-db95b78c5a93", "value": "Medium Eli Salem GuLoader April 2021" }, { "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2018-01-18T00:00:00Z", "refs": [ "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Dark Caracal: Cyber-espionage at a Global Scale" }, "related": [], "uuid": "c558f5db-a426-4041-b883-995ec56e7155", "value": "Lookout Dark Caracal Jan 2018" }, { "description": "Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar Weippl. (2011, August). Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space. Retrieved July 14, 2022.", "meta": { "date_accessed": "2022-07-14T00:00:00Z", "date_published": "2011-08-01T00:00:00Z", "refs": [ "https://www.usenix.org/conference/usenix-security-11/dark-clouds-horizon-using-cloud-storage-attack-vector-and-online-slack" ], "source": "MITRE", "title": "Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space" }, "related": [], "uuid": "ee5d2c9c-c704-4f35-baeb-055a35dd04b5", "value": "Dark Clouds_Usenix_Mulazzani_08_2011" }, { "description": "TrendMicro. (2014, September 03). DARKCOMET. Retrieved November 6, 2018.", "meta": { "date_accessed": "2018-11-06T00:00:00Z", "date_published": "2014-09-03T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/DARKCOMET" ], "source": "MITRE", "title": "DARKCOMET" }, "related": [], "uuid": "fb365600-4961-43ed-8292-1c07cbc530ef", "value": "TrendMicro DarkComet Sept 2014" }, { "description": "Jakob Nordenlund. (2023, September 6). DarkGate Loader delivered via Teams - Truesec. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "date_published": "2023-09-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.truesec.com/hub/blog/darkgate-loader-delivered-via-teams" ], "source": "Tidal Cyber", "title": "DarkGate Loader delivered via Teams - Truesec" }, "related": [], "uuid": "4222a06f-9528-4076-8037-a27012c2930c", "value": "DarkGate Loader delivered via Teams - Truesec" }, { "description": "Sergiu Gatlan. (2023, October 14). DarkGate malware spreads through compromised Skype accounts. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "date_published": "2023-10-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.bleepingcomputer.com/news/security/darkgate-malware-spreads-through-compromised-skype-accounts/" ], "source": "Tidal Cyber", "title": "DarkGate malware spreads through compromised Skype accounts" }, "related": [], "uuid": "313e5558-d8f9-4457-9004-810d9fa5340c", "value": "Bleeping Computer DarkGate October 14 2023" }, { "description": "Trent Bessell, Ryan Maglaque, Aira Marcelo, Jack Walsh, David Walsh. (2023, October 12). DarkGate Opens Organizations for Attack via Skype, Teams. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "date_published": "2023-10-12T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html" ], "source": "Tidal Cyber", "title": "DarkGate Opens Organizations for Attack via Skype, Teams" }, "related": [], "uuid": "81650f5b-628b-4e76-80d6-2c15cf70d37a", "value": "Trend Micro DarkGate October 12 2023" }, { "description": "0xToxin. (n.d.). DarkGate - Threat Breakdown Journey. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://0xtoxin.github.io/threat%20breakdown/DarkGate-Camapign-Analysis/" ], "source": "Tidal Cyber", "title": "DarkGate - Threat Breakdown Journey" }, "related": [], "uuid": "8a1ac4b8-05f6-4be9-a866-e3026bc92c7f", "value": "DarkGate - Threat Breakdown Journey" }, { "description": "Kwiatkoswki, I. and Delcher, P. (2021, September 29). DarkHalo After SolarWinds: the Tomiris connection. Retrieved December 27, 2021.", "meta": { "date_accessed": "2021-12-27T00:00:00Z", "date_published": "2021-09-29T00:00:00Z", "refs": [ "https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/" ], "source": "MITRE", "title": "DarkHalo After SolarWinds: the Tomiris connection" }, "related": [], "uuid": "a881a7e4-a1df-4ad2-b67f-ef03caddb721", "value": "Kaspersky Tomiris Sep 2021" }, { "description": "Cash, D. et al. (2020, December 14). Dark Halo Leverages SolarWinds Compromise to Breach Organizations. Retrieved December 29, 2020.", "meta": { "date_accessed": "2020-12-29T00:00:00Z", "date_published": "2020-12-14T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/" ], "source": "MITRE", "title": "Dark Halo Leverages SolarWinds Compromise to Breach Organizations" }, "related": [], "uuid": "355cecf8-ef3e-4a6e-a652-3bf26fe46d88", "value": "Volexity SolarWinds" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2015, August 10). Darkhotel's attacks in 2015. Retrieved November 2, 2018.", "meta": { "date_accessed": "2018-11-02T00:00:00Z", "date_published": "2015-08-10T00:00:00Z", "refs": [ "https://securelist.com/darkhotels-attacks-in-2015/71713/" ], "source": "MITRE, Tidal Cyber", "title": "Darkhotel's attacks in 2015" }, "related": [], "uuid": "5a45be49-f5f1-4d5b-b7da-0a2f38194ec1", "value": "Securelist Darkhotel Aug 2015" }, { "description": "Lee, B., Falcone, R. (2019, January 18). DarkHydrus delivers new Trojan that can use Google Drive for C2 communications. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2019-01-18T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/" ], "source": "MITRE", "title": "DarkHydrus delivers new Trojan that can use Google Drive for C2 communications" }, "related": [], "uuid": "eb235504-d142-4c6d-9ffd-3c0b0dd23e80", "value": "Unit42 DarkHydrus Jan 2019" }, { "description": "Falcone, R. (2018, August 07). DarkHydrus Uses Phishery to Harvest Credentials in the Middle East. Retrieved August 10, 2018.", "meta": { "date_accessed": "2018-08-10T00:00:00Z", "date_published": "2018-08-07T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/08/unit42-darkhydrus-uses-phishery-harvest-credentials-middle-east/" ], "source": "MITRE", "title": "DarkHydrus Uses Phishery to Harvest Credentials in the Middle East" }, "related": [], "uuid": "ab9d59c1-8ea5-4f9c-b733-b16223ffe84a", "value": "Unit 42 Phishery Aug 2018" }, { "description": "Cybereason Nocturnus. (2021, April 1). Cybereason vs. Darkside Ransomware. Retrieved August 18, 2021.", "meta": { "date_accessed": "2021-08-18T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware" ], "source": "MITRE", "title": "Darkside Ransomware" }, "related": [], "uuid": "eded380e-33e9-4fdc-8e1f-b51d650b9731", "value": "Darkside Ransomware Cybereason" }, { "description": "Ramarcus Baylor. (2021, May 12). DarkSide Ransomware Gang: An Overview. Retrieved August 30, 2022.", "meta": { "date_accessed": "2022-08-30T00:00:00Z", "date_published": "2021-05-12T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/darkside-ransomware/" ], "source": "MITRE", "title": "DarkSide Ransomware Gang: An Overview" }, "related": [], "uuid": "5f8d49e8-22da-425f-b63b-a799b97ec2b5", "value": "DarkSide Ransomware Gang" }, { "description": "Secureworks Counter Threat Unit Research Team. (2022, August 17). DarkTortilla Malware Analysis. Retrieved November 3, 2022.", "meta": { "date_accessed": "2022-11-03T00:00:00Z", "date_published": "2022-08-17T00:00:00Z", "refs": [ "https://www.secureworks.com/research/darktortilla-malware-analysis" ], "source": "MITRE", "title": "DarkTortilla Malware Analysis" }, "related": [], "uuid": "4b48cc22-55ac-5b61-b183-9008f7db37fd", "value": "Secureworks DarkTortilla Aug 2022" }, { "description": "Golovanov, S. (2018, December 6). DarkVishnya: Banks attacked through direct connection to local network. Retrieved May 15, 2020.", "meta": { "date_accessed": "2020-05-15T00:00:00Z", "date_published": "2018-12-06T00:00:00Z", "refs": [ "https://securelist.com/darkvishnya/89169/" ], "source": "MITRE, Tidal Cyber", "title": "DarkVishnya: Banks attacked through direct connection to local network" }, "related": [], "uuid": "da9ac5a7-c644-45fa-ab96-30ac6bfc9f81", "value": "Securelist DarkVishnya Dec 2018" }, { "description": "Smith, S., Stafford, M. (2021, December 14). DarkWatchman: A new evolution in fileless techniques. Retrieved January 10, 2022.", "meta": { "date_accessed": "2022-01-10T00:00:00Z", "date_published": "2021-12-14T00:00:00Z", "refs": [ "https://www.prevailion.com/darkwatchman-new-fileless-techniques/" ], "source": "MITRE", "title": "DarkWatchman: A new evolution in fileless techniques" }, "related": [], "uuid": "449e7b5c-7c62-4a63-a676-80026a597fc9", "value": "Prevailion DarkWatchman 2021" }, { "description": "Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwin’s Favorite APT Group [Blog]. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-09-03T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html" ], "source": "MITRE, Tidal Cyber", "title": "Darwin’s Favorite APT Group [Blog]" }, "related": [], "uuid": "15ef155b-7628-4b18-bc53-1d30be4eac5d", "value": "Moran 2014" }, { "description": "LOLBAS. (2020, December 1). DataSvcUtil.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-12-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/DataSvcUtil/" ], "source": "Tidal Cyber", "title": "DataSvcUtil.exe" }, "related": [], "uuid": "0c373780-3202-4036-8c83-f3d468155b35", "value": "DataSvcUtil.exe - LOLBAS Project" }, { "description": "Z3RO. (2019, March 10). Day 70: Hijacking VNC (Enum, Brute, Access and Crack). Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2019-03-10T00:00:00Z", "refs": [ "https://int0x33.medium.com/day-70-hijacking-vnc-enum-brute-access-and-crack-d3d18a4601cc" ], "source": "MITRE", "title": "Day 70: Hijacking VNC (Enum, Brute, Access and Crack)" }, "related": [], "uuid": "7a58938f-058b-4c84-aa95-9c37dcdda1fb", "value": "Hijacking VNC" }, { "description": "Microsoft. (n.d.). DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1. Retrieved November 22, 2017.", "meta": { "date_accessed": "2017-11-22T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/desktop/com/dcom-security-enhancements-in-windows-xp-service-pack-2-and-windows-server-2003-service-pack-1" ], "source": "MITRE", "title": "DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1" }, "related": [], "uuid": "88769217-57f1-46d4-977c-2cb2969db437", "value": "Microsoft COM ACL" }, { "description": "Delpy, B. & LE TOUX, V. (n.d.). DCShadow. Retrieved March 20, 2018.", "meta": { "date_accessed": "2018-03-20T00:00:00Z", "refs": [ "https://www.dcshadow.com/" ], "source": "MITRE", "title": "DCShadow" }, "related": [], "uuid": "37514816-b8b3-499f-842b-2d8cce9e140b", "value": "DCShadow Blog" }, { "description": "Spencer S. (2018, February 22). DCSYNCMonitor. Retrieved March 30, 2018.", "meta": { "date_accessed": "2018-03-30T00:00:00Z", "date_published": "2018-02-22T00:00:00Z", "refs": [ "https://github.com/shellster/DCSYNCMonitor" ], "source": "MITRE", "title": "DCSYNCMonitor" }, "related": [], "uuid": "be03c794-d9f3-4678-8198-257abf6dcdbd", "value": "GitHub DCSYNCMonitor" }, { "description": "Kerrisk, M. (2020, February 2). DD(1) User Commands. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2020-02-02T00:00:00Z", "refs": [ "http://man7.org/linux/man-pages/man1/dd.1.html" ], "source": "MITRE", "title": "DD(1) User Commands" }, "related": [], "uuid": "f64bee0d-e37d-45d5-9968-58e622e89bfe", "value": "DD Man" }, { "description": "ASERT Team, Netscout Arbor. (2012, April 24). DDoS Attacks on SSL: Something Old, Something New. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2012-04-24T00:00:00Z", "refs": [ "https://www.netscout.com/blog/asert/ddos-attacks-ssl-something-old-something-new" ], "source": "MITRE", "title": "DDoS Attacks on SSL: Something Old, Something New" }, "related": [], "uuid": "b5de4376-0deb-45de-83a0-09df98480464", "value": "Arbor SSLDoS April 2012" }, { "description": "Meintanis, S., Revuelto, V., Socha, K.. (2017, March 10). DDoS Overview and Response Guide. Retrieved April 24, 2019.", "meta": { "date_accessed": "2019-04-24T00:00:00Z", "date_published": "2017-03-10T00:00:00Z", "refs": [ "http://cert.europa.eu/static/WhitePapers/CERT-EU_Security_Whitepaper_DDoS_17-003.pdf" ], "source": "MITRE", "title": "DDoS Overview and Response Guide" }, "related": [], "uuid": "64341348-f448-4e56-bf78-442b92e6d435", "value": "CERT-EU DDoS March 2017" }, { "description": "Lee, B., Falcone, R. (2018, December 12). Dear Joohn: The Sofacy Group’s Global Campaign. Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "date_published": "2018-12-12T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/" ], "source": "MITRE", "title": "Dear Joohn: The Sofacy Group’s Global Campaign" }, "related": [], "uuid": "540c4c33-d4c2-4324-94cd-f57646666e32", "value": "Unit42 Sofacy Dec 2018" }, { "description": "Patrick Wardle. (2017). Death by 1000 installers; it's all broken!. Retrieved August 8, 2019.", "meta": { "date_accessed": "2019-08-08T00:00:00Z", "date_published": "2017-01-01T00:00:00Z", "refs": [ "https://speakerdeck.com/patrickwardle/defcon-2017-death-by-1000-installers-its-all-broken?slide=8" ], "source": "MITRE", "title": "Death by 1000 installers; it's all broken!" }, "related": [], "uuid": "2ae99e9b-cd00-4e60-ba9e-bcc50e709e88", "value": "Death by 1000 installers; it's all broken!" }, { "description": "Andy Robbins. (2020, August 17). Death from Above: Lateral Movement from Azure to On-Prem AD. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "date_published": "2020-08-17T00:00:00Z", "refs": [ "https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d" ], "source": "MITRE", "title": "Death from Above: Lateral Movement from Azure to On-Prem AD" }, "related": [], "uuid": "eb97d3d6-21cb-5f27-9a78-1e8576acecdc", "value": "SpecterOps Lateral Movement from Azure to On-Prem AD 2020" }, { "description": "Microsoft. (2023, March 2). $DebugPreference. Retrieved August 30, 2023.", "meta": { "date_accessed": "2023-08-30T00:00:00Z", "date_published": "2023-03-02T00:00:00Z", "refs": [ "https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_preference_variables?view=powershell-7.3#debugpreference" ], "source": "MITRE", "title": "$DebugPreference" }, "related": [], "uuid": "ece52a64-1c8d-547d-aedc-ff43d7418cd2", "value": "Microsoft PowerShell SilentlyContinue" }, { "description": "virtualization.info. (Interviewer) & Liguori, A. (Interviewee). (2006, August 11). Debunking Blue Pill myth [Interview transcript]. Retrieved November 13, 2014.", "meta": { "date_accessed": "2014-11-13T00:00:00Z", "date_published": "2006-08-11T00:00:00Z", "refs": [ "http://virtualization.info/en/news/2006/08/debunking-blue-pill-myth.html" ], "source": "MITRE", "title": "Debunking Blue Pill myth [Interview transcript]" }, "related": [], "uuid": "8ff8fb53-e468-4df7-b7e3-b344be1507ae", "value": "virtualization.info 2006" }, { "description": "Lunghi, D and Horejsi, J. (2018, February 13). Deciphering Confucius: A Look at the Group's Cyberespionage Operations. Retrieved December 26, 2021.", "meta": { "date_accessed": "2021-12-26T00:00:00Z", "date_published": "2018-02-13T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/18/b/deciphering-confucius-cyberespionage-operations.html" ], "source": "MITRE, Tidal Cyber", "title": "Deciphering Confucius: A Look at the Group's Cyberespionage Operations" }, "related": [], "uuid": "d1d5a708-75cb-4d41-b2a3-d035a14ac956", "value": "TrendMicro Confucius APT Feb 2018" }, { "description": "Pedrero, R.. (2021, July). Decoding malicious RTF files. Retrieved November 16, 2021.", "meta": { "date_accessed": "2021-11-16T00:00:00Z", "date_published": "2021-07-01T00:00:00Z", "refs": [ "https://ciberseguridad.blog/decodificando-ficheros-rtf-maliciosos/" ], "source": "MITRE", "title": "Decoding malicious RTF files" }, "related": [], "uuid": "82d2451b-300f-4891-b1e7-ade53dff1126", "value": "Ciberseguridad Decoding malicious RTF files" }, { "description": "Pantazopoulos, N. (2018, April 17). Decoding network data from a Gh0st RAT variant. Retrieved November 2, 2018.", "meta": { "date_accessed": "2018-11-02T00:00:00Z", "date_published": "2018-04-17T00:00:00Z", "refs": [ "https://research.nccgroup.com/2018/04/17/decoding-network-data-from-a-gh0st-rat-variant/" ], "source": "MITRE", "title": "Decoding network data from a Gh0st RAT variant" }, "related": [], "uuid": "4476aa0a-b1ef-4ac6-9e44-5721a0b3e92b", "value": "Nccgroup Gh0st April 2018" }, { "description": "Segura, J. (2017, October 13). Decoy Microsoft Word document delivers malware through a RAT. Retrieved July 21, 2018.", "meta": { "date_accessed": "2018-07-21T00:00:00Z", "date_published": "2017-10-13T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2017/10/decoy-microsoft-word-document-delivers-malware-through-rat/" ], "source": "MITRE", "title": "Decoy Microsoft Word document delivers malware through a RAT" }, "related": [], "uuid": "7ef0ab1f-c7d6-46fe-b489-fab4db623e0a", "value": "MalwareBytes Template Injection OCT 2017" }, { "description": "Crowdstrike. (2022, March 1). Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities. Retrieved March 1, 2022.", "meta": { "date_accessed": "2022-03-01T00:00:00Z", "date_published": "2022-03-01T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine" ], "source": "MITRE", "title": "Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities" }, "related": [], "uuid": "8659fea7-7d65-4ee9-8ceb-cf41204b57e0", "value": "Crowdstrike PartyTicket March 2022" }, { "description": "Xiaopeng Zhang. (2017, May 3). Deep Analysis of New Emotet Variant – Part 1. Retrieved April 1, 2019.", "meta": { "date_accessed": "2019-04-01T00:00:00Z", "date_published": "2017-05-03T00:00:00Z", "refs": [ "https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-emotet-variant-part-1.html" ], "source": "MITRE", "title": "Deep Analysis of New Emotet Variant – Part 1" }, "related": [], "uuid": "2b8b6ab4-906f-4732-94f8-eaac5ec0151d", "value": "Fortinet Emotet May 2017" }, { "description": "Kol, Roi. Morag, A. (2020, August 25). Deep Analysis of TeamTNT Techniques Using Container Images to Attack. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2020-08-25T00:00:00Z", "refs": [ "https://blog.aquasec.com/container-security-tnt-container-attack" ], "source": "MITRE", "title": "Deep Analysis of TeamTNT Techniques Using Container Images to Attack" }, "related": [], "uuid": "ca10ad0d-1a47-4006-8f76-c2246aee7752", "value": "Aqua TeamTNT August 2020" }, { "description": "Martin Zugec. (2021, July 27). Deep Dive Into a FIN8 Attack - A Forensic Investigation. Retrieved September 1, 2021.", "meta": { "date_accessed": "2021-09-01T00:00:00Z", "date_published": "2021-07-27T00:00:00Z", "refs": [ "https://businessinsights.bitdefender.com/deep-dive-into-a-fin8-attack-a-forensic-investigation" ], "source": "MITRE", "title": "Deep Dive Into a FIN8 Attack - A Forensic Investigation" }, "related": [], "uuid": "aee3179e-1536-40ab-9965-1c10bdaa6dff", "value": "Bitdefender FIN8 July 2021" }, { "description": "Karl Ackerman. (2023, June 12). Deep dive into the Pikabot cyber threat. Retrieved January 11, 2024.", "meta": { "date_accessed": "2024-01-11T00:00:00Z", "date_published": "2023-06-12T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://news.sophos.com/en-us/2023/06/12/deep-dive-into-the-pikabot-cyber-threat/" ], "source": "Tidal Cyber", "title": "Deep dive into the Pikabot cyber threat" }, "related": [], "uuid": "f10c37d8-2efe-4d9e-8987-8978beef7e9d", "value": "Sophos Pikabot June 12 2023" }, { "description": "MSTIC, CDOC, 365 Defender Research Team. (2021, January 20). Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop . Retrieved January 22, 2021.", "meta": { "date_accessed": "2021-01-22T00:00:00Z", "date_published": "2021-01-20T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/" ], "source": "MITRE", "title": "Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop" }, "related": [], "uuid": "ddd70eef-ab94-45a9-af43-c396c9e3fbc6", "value": "Microsoft Deep Dive Solorigate January 2021" }, { "description": "Dr. Nestori Syynimaa. (2021, March 3). Deep-dive to Azure AD device join. Retrieved March 9, 2022.", "meta": { "date_accessed": "2022-03-09T00:00:00Z", "date_published": "2021-03-03T00:00:00Z", "refs": [ "https://o365blog.com/post/devices/" ], "source": "MITRE", "title": "Deep-dive to Azure AD device join" }, "related": [], "uuid": "978b408d-f9e9-422c-b2d7-741f6cc298d4", "value": "AADInternals - Device Registration" }, { "description": "Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-07-07T00:00:00Z", "refs": [ "https://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/" ], "source": "MITRE, Tidal Cyber", "title": "Deep in Thought: Chinese Targeting of National Security Think Tanks" }, "related": [], "uuid": "72e19be9-35dd-4199-bc07-bd9d0c664df6", "value": "Alperovitch 2014" }, { "description": "LOLBAS. (2020, October 1). DefaultPack.EXE. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-10-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/DefaultPack/" ], "source": "Tidal Cyber", "title": "DefaultPack.EXE" }, "related": [], "uuid": "106efc3e-5816-44ae-a384-5e026e68ab89", "value": "DefaultPack.EXE - LOLBAS Project" }, { "description": "Arunpreet Singh, Clemens Kolbitsch. (2015, November 5). Defeating Darkhotel Just-In-Time Decryption. Retrieved April 15, 2021.", "meta": { "date_accessed": "2021-04-15T00:00:00Z", "date_published": "2015-11-05T00:00:00Z", "refs": [ "https://www.lastline.com/labsblog/defeating-darkhotel-just-in-time-decryption/" ], "source": "MITRE", "title": "Defeating Darkhotel Just-In-Time Decryption" }, "related": [], "uuid": "e43341ae-178f-43ba-9d66-f4d0380d2c59", "value": "Lastline DarkHotel Just In Time Decryption Nov 2015" }, { "description": "Antonio Piazza (4n7m4n). (2021, November 23). Defeating Malicious Launch Persistence. Retrieved April 19, 2022.", "meta": { "date_accessed": "2022-04-19T00:00:00Z", "date_published": "2021-11-23T00:00:00Z", "refs": [ "https://antman1p-30185.medium.com/defeating-malicious-launch-persistence-156e2b40fc67" ], "source": "MITRE", "title": "Defeating Malicious Launch Persistence" }, "related": [], "uuid": "8a3591f2-34b0-4914-bb42-d4621966faed", "value": "piazza launch agent mitigation" }, { "description": "vector_sec. (2017, August 11). Defenders watching launches of cmd? What about forfiles?. Retrieved January 22, 2018.", "meta": { "date_accessed": "2018-01-22T00:00:00Z", "date_published": "2017-08-11T00:00:00Z", "refs": [ "https://twitter.com/vector_sec/status/896049052642533376" ], "source": "MITRE", "title": "Defenders watching launches of cmd? What about forfiles?" }, "related": [], "uuid": "8088d15d-9512-4d12-a99a-c76ad9dc3390", "value": "VectorSec ForFiles Aug 2017" }, { "description": "Pierce, Sean. (2015, November). Defending Against Malicious Application Compatibility Shims. Retrieved June 22, 2017.", "meta": { "date_accessed": "2017-06-22T00:00:00Z", "date_published": "2015-11-01T00:00:00Z", "refs": [ "https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf" ], "source": "MITRE", "title": "Defending Against Malicious Application Compatibility Shims" }, "related": [], "uuid": "19e3cddb-b077-40cf-92e0-131b12efa4f7", "value": "Black Hat 2015 App Shim" }, { "description": "Koeller, B.. (2018, February 21). Defending Against Rules and Forms Injection. Retrieved November 5, 2019.", "meta": { "date_accessed": "2019-11-05T00:00:00Z", "date_published": "2018-02-21T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/" ], "source": "MITRE", "title": "Defending Against Rules and Forms Injection" }, "related": [], "uuid": "c7f9bd2f-254a-4254-8a92-a3ab02455fcb", "value": "TechNet O365 Outlook Rules" }, { "description": "Harshal Tupsamudre. (2022, June 20). Defending Against Scheduled Tasks. Retrieved July 5, 2022.", "meta": { "date_accessed": "2022-07-05T00:00:00Z", "date_published": "2022-06-20T00:00:00Z", "refs": [ "https://blog.qualys.com/vulnerabilities-threat-research/2022/06/20/defending-against-scheduled-task-attacks-in-windows-environments" ], "source": "MITRE", "title": "Defending Against Scheduled Tasks" }, "related": [], "uuid": "111d21df-5531-4927-a173-fac9cd7672b3", "value": "Defending Against Scheduled Task Attacks in Windows Environments" }, { "description": "Eoin Miller. (2021, March 23). Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange. Retrieved October 27, 2022.", "meta": { "date_accessed": "2022-10-27T00:00:00Z", "date_published": "2021-03-23T00:00:00Z", "refs": [ "https://www.rapid7.com/blog/post/2021/03/23/defending-against-the-zero-day-analyzing-attacker-behavior-post-exploitation-of-microsoft-exchange/" ], "source": "MITRE", "title": "Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange" }, "related": [], "uuid": "cf05d229-c2ba-54f2-a79d-4b7c9185c663", "value": "Rapid7 HAFNIUM Mar 2021" }, { "description": "Microsoft Threat Intelligence. (2023, October 3). Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement. Retrieved October 3, 2023.", "meta": { "date_accessed": "2023-10-03T00:00:00Z", "date_published": "2023-10-03T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/" ], "source": "MITRE", "title": "Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement" }, "related": [], "uuid": "a904fde8-b8f9-5411-ab46-0dacf39cc81f", "value": "Microsoft SQL Server" }, { "description": "Ariel silver. (2022, February 1). Defense Evasion Techniques. Retrieved April 8, 2022.", "meta": { "date_accessed": "2022-04-08T00:00:00Z", "date_published": "2022-02-01T00:00:00Z", "refs": [ "https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques/" ], "source": "MITRE", "title": "Defense Evasion Techniques" }, "related": [], "uuid": "0f31f0ff-9ddb-4ea9-88d0-7b3b688764af", "value": "rundll32.exe defense evasion" }, { "description": "Chandel, R. (2021, April 22). Defense Evasion: Windows Event Logging (T1562.002). Retrieved September 14, 2021.", "meta": { "date_accessed": "2021-09-14T00:00:00Z", "date_published": "2021-04-22T00:00:00Z", "refs": [ "https://www.hackingarticles.in/defense-evasion-windows-event-logging-t1562-002/" ], "source": "MITRE", "title": "Defense Evasion: Windows Event Logging (T1562.002)" }, "related": [], "uuid": "166e3a8a-047a-4798-b6cb-5aa36903a764", "value": "def_ev_win_event_logging" }, { "description": "Global Research & Analysis Team. (2022, October 3). DeftTorero: tactics, techniques and procedures of intrusions revealed. Retrieved October 25, 2023.", "meta": { "date_accessed": "2023-10-25T00:00:00Z", "date_published": "2022-10-03T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://securelist.com/defttorero-tactics-techniques-and-procedures/107610/" ], "source": "Tidal Cyber", "title": "DeftTorero: tactics, techniques and procedures of intrusions revealed" }, "related": [], "uuid": "f6b43988-4d8b-455f-865e-3150e43d4f11", "value": "Kaspersky DeftTorero October 3 2022" }, { "description": "Microsoft. (n.d.). Del. Retrieved April 22, 2016.", "meta": { "date_accessed": "2016-04-22T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc771049.aspx" ], "source": "MITRE", "title": "Del" }, "related": [], "uuid": "01fc44b9-0eb3-4fd2-b755-d611825374ae", "value": "TechNet Del" }, { "description": "Delegate access with a shared access signature. (2019, December 18). Delegate access with a shared access signature. Retrieved March 2, 2022.", "meta": { "date_accessed": "2022-03-02T00:00:00Z", "date_published": "2019-12-18T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/rest/api/storageservices/delegate-access-with-shared-access-signature" ], "source": "MITRE", "title": "Delegate access with a shared access signature" }, "related": [], "uuid": "f6ffe1ef-13f3-4225-b714-cfb89aaaf3fa", "value": "Azure Shared Access Signature" }, { "description": "Thomson, I. (2017, September 26). Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2017-09-26T00:00:00Z", "refs": [ "https://www.theregister.com/2017/09/26/deloitte_leak_github_and_google/" ], "source": "MITRE", "title": "Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'" }, "related": [], "uuid": "e6b10687-8666-4c9c-ac77-1988378e096d", "value": "Register Deloitte" }, { "description": "Rascagneres, P., Mercer, W. (2017, June 19). Delphi Used To Score Against Palestine. Retrieved November 13, 2018.", "meta": { "date_accessed": "2018-11-13T00:00:00Z", "date_published": "2017-06-19T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2017/06/palestine-delphi.html" ], "source": "MITRE", "title": "Delphi Used To Score Against Palestine" }, "related": [], "uuid": "c727152c-079a-4ff9-a0e5-face919cf59b", "value": "Talos Micropsia June 2017" }, { "description": "Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.", "meta": { "date_accessed": "2022-07-01T00:00:00Z", "date_published": "2022-01-01T00:00:00Z", "refs": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf" ], "source": "MITRE", "title": "Delving Deep: An Analysis of Earth Lusca’s Operations" }, "related": [], "uuid": "f6e1bffd-e35b-4eae-b9bf-c16a82bf7004", "value": "TrendMicro EarthLusca 2022" }, { "description": "Warren, R. (2017, August 2). Demiguise: virginkey.js. Retrieved January 17, 2019.", "meta": { "date_accessed": "2019-01-17T00:00:00Z", "date_published": "2017-08-02T00:00:00Z", "refs": [ "https://github.com/nccgroup/demiguise/blob/master/examples/virginkey.js" ], "source": "MITRE", "title": "Demiguise: virginkey.js" }, "related": [], "uuid": "2e55d33a-fe75-4397-b6f0-a28d397b4c24", "value": "Demiguise Guardrail Router Logo" }, { "description": "FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016.", "meta": { "date_accessed": "2016-01-25T00:00:00Z", "date_published": "2015-07-13T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html" ], "source": "MITRE", "title": "Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak" }, "related": [], "uuid": "c1e798b8-6771-4ba7-af25-69c640321e40", "value": "FireEye Hacking Team" }, { "description": "Bellavance, Ned. (2019, July 16). Demystifying Azure AD Service Principals. Retrieved January 19, 2020.", "meta": { "date_accessed": "2020-01-19T00:00:00Z", "date_published": "2019-07-16T00:00:00Z", "refs": [ "https://nedinthecloud.com/2019/07/16/demystifying-azure-ad-service-principals/" ], "source": "MITRE", "title": "Demystifying Azure AD Service Principals" }, "related": [], "uuid": "3e285884-2191-4773-9243-74100ce177c8", "value": "Demystifying Azure AD Service Principals" }, { "description": "Tran, T. (2020, November 24). Demystifying Ransomware Attacks Against Microsoft Defender Solution. Retrieved January 26, 2022.", "meta": { "date_accessed": "2022-01-26T00:00:00Z", "date_published": "2020-11-24T00:00:00Z", "refs": [ "https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947" ], "source": "MITRE", "title": "Demystifying Ransomware Attacks Against Microsoft Defender Solution" }, "related": [], "uuid": "3dc684c7-14de-4dc0-9f11-79160c4f5038", "value": "demystifying_ryuk" }, { "description": "DOJ. (2020, September 17). Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community. Retrieved December 10, 2020.", "meta": { "date_accessed": "2020-12-10T00:00:00Z", "date_published": "2020-09-17T00:00:00Z", "refs": [ "https://www.justice.gov/opa/pr/department-justice-and-partner-departments-and-agencies-conduct-coordinated-actions-disrupt" ], "source": "MITRE", "title": "Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community" }, "related": [], "uuid": "f30a77dd-d1d0-41b8-b82a-461dd6cd126f", "value": "DOJ Iran Indictments September 2020" }, { "description": "Microsoft. (2017, June 16). Deploy code integrity policies: steps. Retrieved June 28, 2017.", "meta": { "date_accessed": "2017-06-28T00:00:00Z", "date_published": "2017-06-16T00:00:00Z", "refs": [ "https://github.com/Microsoft/windows-itpro-docs/blob/master/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md" ], "source": "MITRE", "title": "Deploy code integrity policies: steps" }, "related": [], "uuid": "9646af1a-19fe-44c9-96ca-3c8ec097c3db", "value": "Microsoft GitHub Device Guard CI Policies" }, { "description": "Microsoft. (n.d.). Deploying Active Directory Federation Services in Azure. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs" ], "source": "MITRE", "title": "Deploying Active Directory Federation Services in Azure" }, "related": [], "uuid": "beeb460e-4dba-42fb-8109-0861cd0df562", "value": "Microsoft Deploying AD Federation" }, { "description": "Apple. (n.d.). Deprecated Kernel Extensions and System Extension Alternatives. Retrieved November 4, 2020.", "meta": { "date_accessed": "2020-11-04T00:00:00Z", "refs": [ "https://developer.apple.com/support/kernel-extensions/" ], "source": "MITRE", "title": "Deprecated Kernel Extensions and System Extension Alternatives" }, "related": [], "uuid": "86053c5a-f2dd-4eb3-9dc2-6a6a4e1c2ae5", "value": "Apple Kernel Extension Deprecation" }, { "description": "Amazon. (n.d.). describe-instance-information. Retrieved March 3, 2020.", "meta": { "date_accessed": "2020-03-03T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-information.html" ], "source": "MITRE", "title": "describe-instance-information" }, "related": [], "uuid": "c0b6a8a4-0d94-414d-b5ab-cf5485240dee", "value": "Amazon Describe Instance" }, { "description": "Amazon. (n.d.). DescribeInstances. Retrieved May 26, 2020.", "meta": { "date_accessed": "2020-05-26T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html" ], "source": "MITRE", "title": "DescribeInstances" }, "related": [], "uuid": "95629746-43d2-4f41-87da-4bd44a43ef4a", "value": "Amazon Describe Instances API" }, { "description": "Amazon Web Services, Inc. . (2022). DescribeSecurityGroups. Retrieved January 28, 2022.", "meta": { "date_accessed": "2022-01-28T00:00:00Z", "date_published": "2022-01-01T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html" ], "source": "MITRE", "title": "DescribeSecurityGroups" }, "related": [], "uuid": "aa953df5-40b5-42d2-9e33-a227a093497f", "value": "DescribeSecurityGroups - Amazon Elastic Compute Cloud" }, { "description": "Microsoft. (2018, August 20). Description of the RunOnceEx Registry Key. Retrieved June 29, 2018.", "meta": { "date_accessed": "2018-06-29T00:00:00Z", "date_published": "2018-08-20T00:00:00Z", "refs": [ "https://support.microsoft.com/help/310593/description-of-the-runonceex-registry-key" ], "source": "MITRE", "title": "Description of the RunOnceEx Registry Key" }, "related": [], "uuid": "f80bb86f-ce75-4778-bdee-777cf37a6de7", "value": "Microsoft RunOnceEx APR 2018" }, { "description": "Apple. (n.d.). Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/DesigningDaemons.html" ], "source": "MITRE", "title": "Designing Daemons Apple Dev" }, "related": [], "uuid": "4baac228-1f6a-4c65-ae98-5a542600dfc6", "value": "Designing Daemons Apple Dev" }, { "description": "LOLBAS. (2022, April 21). Desk.cpl. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-04-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Desk/" ], "source": "Tidal Cyber", "title": "Desk.cpl" }, "related": [], "uuid": "487a54d9-9f90-478e-b305-bd041af55e12", "value": "Desk.cpl - LOLBAS Project" }, { "description": "Free Desktop. (2006, February 13). Desktop Application Autostart Specification. Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "date_published": "2006-02-13T00:00:00Z", "refs": [ "https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html" ], "source": "MITRE", "title": "Desktop Application Autostart Specification" }, "related": [], "uuid": "0885434e-3908-4425-9597-ce6abe531ca5", "value": "Free Desktop Application Autostart Feb 2006" }, { "description": "LOLBAS. (2020, June 28). Desktopimgdownldr.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-06-28T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Desktopimgdownldr/" ], "source": "Tidal Cyber", "title": "Desktopimgdownldr.exe" }, "related": [], "uuid": "1df3aacf-76c4-472a-92c8-2a85ae9e2860", "value": "Desktopimgdownldr.exe - LOLBAS Project" }, { "description": "CISA. (2022, February 26). Destructive Malware Targeting Organizations in Ukraine. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2022-02-26T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-057a" ], "source": "MITRE", "title": "Destructive Malware Targeting Organizations in Ukraine" }, "related": [], "uuid": "18684085-c156-4610-8b1f-cc9646f2c06e", "value": "CISA AA22-057A Destructive Malware February 2022" }, { "description": "MSTIC. (2022, January 15). Destructive malware targeting Ukrainian organizations. Retrieved March 10, 2022.", "meta": { "date_accessed": "2022-03-10T00:00:00Z", "date_published": "2022-01-15T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/" ], "source": "MITRE", "title": "Destructive malware targeting Ukrainian organizations" }, "related": [], "uuid": "e0c1fcd3-b7a8-42af-8984-873a6f969975", "value": "Microsoft WhisperGate January 2022" }, { "description": "NSA and ASD. (2020, April 3). Detect and Prevent Web Shell Malware. Retrieved July 23, 2021.", "meta": { "date_accessed": "2021-07-23T00:00:00Z", "date_published": "2020-04-03T00:00:00Z", "refs": [ "https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF" ], "source": "MITRE", "title": "Detect and Prevent Web Shell Malware" }, "related": [], "uuid": "e9a882a5-1a88-4fdf-9349-205f4fa167c9", "value": "NSA and ASD Detect and Prevent Web Shells 2020" }, { "description": "Fox, C., Vangel, D. (2018, April 22). Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365. Retrieved February 4, 2019.", "meta": { "date_accessed": "2019-02-04T00:00:00Z", "date_published": "2018-04-22T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/office365/securitycompliance/detect-and-remediate-outlook-rules-forms-attack" ], "source": "MITRE", "title": "Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365" }, "related": [], "uuid": "fd63775c-8482-477d-ab41-8c64ca17b602", "value": "Microsoft Detect Outlook Forms" }, { "description": "Lucand,G. (2018, February 18). Detect DCShadow, impossible?. Retrieved March 30, 2018.", "meta": { "date_accessed": "2018-03-30T00:00:00Z", "date_published": "2018-02-18T00:00:00Z", "refs": [ "https://adds-security.blogspot.fr/2018/02/detecter-dcshadow-impossible.html" ], "source": "MITRE", "title": "Detect DCShadow, impossible?" }, "related": [], "uuid": "c1cd4767-b5a1-4821-8574-b5782a83920f", "value": "ADDSecurity DCShadow Feb 2018" }, { "description": "Chen, L., Wang, T.. (2017, May 5). Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods . Retrieved April 26, 2019.", "meta": { "date_accessed": "2019-04-26T00:00:00Z", "date_published": "2017-05-05T00:00:00Z", "refs": [ "http://csis.pace.edu/~ctappert/srd2017/2017PDF/d4.pdf" ], "source": "MITRE", "title": "Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods" }, "related": [], "uuid": "7a4e7e05-986b-4549-a021-8c3c729bd3cc", "value": "Pace University Detecting DGA May 2017" }, { "description": "MDSec Research. (n.d.). Detecting and Advancing In-Memory .NET Tradecraft. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "refs": [ "https://www.mdsec.co.uk/2020/06/detecting-and-advancing-in-memory-net-tradecraft/" ], "source": "MITRE", "title": "Detecting and Advancing In-Memory .NET Tradecraft" }, "related": [], "uuid": "a7952f0e-6690-48de-ad93-9922d6d6989c", "value": "MDSec Detecting DOTNET" }, { "description": "Cisco. (n.d.). Detecting and Analyzing Network Threats With NetFlow. Retrieved April 25, 2019.", "meta": { "date_accessed": "2019-04-25T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf" ], "source": "MITRE", "title": "Detecting and Analyzing Network Threats With NetFlow" }, "related": [], "uuid": "ce447063-ec9a-4729-aaec-64ec123077ce", "value": "Cisco DoSdetectNetflow" }, { "description": "Adair, S. (2017, February 17). Detecting and Responding to Advanced Threats within Exchange Environments. Retrieved March 20, 2017.", "meta": { "date_accessed": "2017-03-20T00:00:00Z", "date_published": "2017-02-17T00:00:00Z", "refs": [ "https://published-prd.lanyonevents.com/published/rsaus17/sessionsFiles/5009/HTA-F02-Detecting-and-Responding-to-Advanced-Threats-within-Exchange-Environments.pdf" ], "source": "MITRE", "title": "Detecting and Responding to Advanced Threats within Exchange Environments" }, "related": [], "uuid": "005a276c-3369-4d29-bf0e-c7fa4e7d90bb", "value": "RSA2017 Detect and Respond Adair" }, { "description": "Nmap. (n.d.). Chapter 10. Detecting and Subverting Firewalls and Intrusion Detection Systems. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "refs": [ "https://nmap.org/book/firewalls.html" ], "source": "MITRE", "title": "Detecting and Subverting Firewalls and Intrusion Detection Systems" }, "related": [], "uuid": "c696ac8c-2c7a-4708-a369-0832a493e0a6", "value": "Nmap Firewalls NIDS" }, { "description": "French, D. (2018, October 2). Detecting Attempts to Steal Passwords from Memory. Retrieved October 11, 2019.", "meta": { "date_accessed": "2019-10-11T00:00:00Z", "date_published": "2018-10-02T00:00:00Z", "refs": [ "https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea" ], "source": "MITRE", "title": "Detecting Attempts to Steal Passwords from Memory" }, "related": [], "uuid": "63955204-3cf9-4628-88d2-361de4dae94f", "value": "Medium Detecting Attempts to Steal Passwords from Memory" }, { "description": "Seetharaman, N. (2018, July 7). Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon.. Retrieved August 6, 2018.", "meta": { "date_accessed": "2018-08-06T00:00:00Z", "date_published": "2018-07-07T00:00:00Z", "refs": [ "http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/" ], "source": "MITRE", "title": "Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon." }, "related": [], "uuid": "d67901a4-8774-42d3-98de-c20158f88eb6", "value": "Endurant CMSTP July 2018" }, { "description": "Brown, J. (2020, May 7). Detecting COR_PROFILER manipulation for persistence. Retrieved June 24, 2020.", "meta": { "date_accessed": "2020-06-24T00:00:00Z", "date_published": "2020-05-07T00:00:00Z", "refs": [ "https://redcanary.com/blog/cor_profiler-for-persistence/" ], "source": "MITRE", "title": "Detecting COR_PROFILER manipulation for persistence" }, "related": [], "uuid": "3d8cb4d3-1cbe-416a-95b5-15003cbc2beb", "value": "Red Canary COR_PROFILER May 2020" }, { "description": "NVISO Labs. (2017, October 11). Detecting DDE in MS Office documents. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-10-11T00:00:00Z", "refs": [ "https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/" ], "source": "MITRE", "title": "Detecting DDE in MS Office documents" }, "related": [], "uuid": "75ccde9a-2d51-4492-9a8a-02fce30f9167", "value": "NVisio Labs DDE Detection Oct 2017" }, { "description": "Zhang, H., Papadopoulos, C., & Massey, D. (2013, April). Detecting encrypted botnet traffic. Retrieved August 19, 2015.", "meta": { "date_accessed": "2015-08-19T00:00:00Z", "date_published": "2013-04-01T00:00:00Z", "refs": [ "http://www.netsec.colostate.edu/~zhang/DetectingEncryptedBotnetTraffic.pdf" ], "source": "MITRE", "title": "Detecting encrypted botnet traffic" }, "related": [], "uuid": "29edb7ad-3b3a-4fdb-9c4e-bb99fc2a1c67", "value": "Zhang 2013" }, { "description": "Metcalf, S. (2015, May 03). Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory. Retrieved December 23, 2015.", "meta": { "date_accessed": "2015-12-23T00:00:00Z", "date_published": "2015-05-03T00:00:00Z", "refs": [ "https://adsecurity.org/?p=1515" ], "source": "MITRE", "title": "Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory" }, "related": [], "uuid": "4c328a1a-6a83-4399-86c5-d6e1586da8a3", "value": "ADSecurity Detecting Forged Tickets" }, { "description": "Bani, M. (2018, February 23). Detecting Kerberoasting activity using Azure Security Center. Retrieved March 23, 2018.", "meta": { "date_accessed": "2018-03-23T00:00:00Z", "date_published": "2018-02-23T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-security-center/" ], "source": "MITRE", "title": "Detecting Kerberoasting activity using Azure Security Center" }, "related": [], "uuid": "b36d82a8-82ca-4f22-85c0-ee82be3b6940", "value": "Microsoft Detecting Kerberoasting Feb 2018" }, { "description": "French, D. (2018, September 30). Detecting Lateral Movement Using Sysmon and Splunk. Retrieved October 11, 2019.", "meta": { "date_accessed": "2019-10-11T00:00:00Z", "date_published": "2018-09-30T00:00:00Z", "refs": [ "https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc" ], "source": "MITRE", "title": "Detecting Lateral Movement Using Sysmon and Splunk" }, "related": [], "uuid": "91bea3c2-df54-424e-8667-035e6e15fe38", "value": "Medium Detecting Lateral Movement" }, { "description": "Nick Miles. (2017, November 30). Detecting macOS High Sierra root account without authentication. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2017-11-30T00:00:00Z", "refs": [ "https://www.tenable.com/blog/detecting-macos-high-sierra-root-account-without-authentication" ], "source": "MITRE", "title": "Detecting macOS High Sierra root account without authentication" }, "related": [], "uuid": "4dc6ea85-a41b-4218-a9ae-e1eea841f2f2", "value": "macOS root VNC login without authentication" }, { "description": "Keragala, D. (2016, January 16). Detecting Malware and Sandbox Evasion Techniques. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2016-01-16T00:00:00Z", "refs": [ "https://www.sans.org/reading-room/whitepapers/forensics/detecting-malware-sandbox-evasion-techniques-36667" ], "source": "MITRE", "title": "Detecting Malware and Sandbox Evasion Techniques" }, "related": [], "uuid": "5d3d567c-dc25-44c1-8d2a-71ae00b60dbe", "value": "Sans Virtual Jan 2016" }, { "description": "Mike Burns. (2020, September 30). Detecting Microsoft 365 and Azure Active Directory Backdoors. Retrieved September 28, 2022.", "meta": { "date_accessed": "2022-09-28T00:00:00Z", "date_published": "2020-09-30T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/detecting-microsoft-365-azure-active-directory-backdoors" ], "source": "MITRE", "title": "Detecting Microsoft 365 and Azure Active Directory Backdoors" }, "related": [], "uuid": "7b4502ff-a45c-4ba7-b00e-ca9f6e9c2ac8", "value": "Mandiant Azure AD Backdoors" }, { "description": "Loh, I. (2018, December 21). Detecting Parent PID Spoofing. Retrieved June 3, 2019.", "meta": { "date_accessed": "2019-06-03T00:00:00Z", "date_published": "2018-12-21T00:00:00Z", "refs": [ "https://www.countercept.com/blog/detecting-parent-pid-spoofing/" ], "source": "MITRE", "title": "Detecting Parent PID Spoofing" }, "related": [], "uuid": "a1fdb8db-4c5f-4fb9-a013-b232cd8471f8", "value": "CounterCept PPID Spoofing Dec 2018" }, { "description": "CISA. (2021, January 8). Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments. Retrieved January 8, 2021.", "meta": { "date_accessed": "2021-01-08T00:00:00Z", "date_published": "2021-01-08T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/aa21-008a" ], "source": "MITRE", "title": "Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments" }, "related": [], "uuid": "b8fd5fe3-dbfa-4f28-a9b5-39f1d7db9e62", "value": "CISA SolarWinds Cloud Detection" }, { "description": "Aaron Greetham. (2021, May 27). Detecting Rclone – An Effective Tool for Exfiltration. Retrieved August 30, 2022.", "meta": { "date_accessed": "2022-08-30T00:00:00Z", "date_published": "2021-05-27T00:00:00Z", "refs": [ "https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/" ], "source": "MITRE", "title": "Detecting Rclone – An Effective Tool for Exfiltration" }, "related": [], "uuid": "2e44290c-32f5-4e7f-96de-9874df79fe89", "value": "Detecting Rclone" }, { "description": "French, D. (2018, October 9). Detecting & Removing an Attacker’s WMI Persistence. Retrieved October 11, 2019.", "meta": { "date_accessed": "2019-10-11T00:00:00Z", "date_published": "2018-10-09T00:00:00Z", "refs": [ "https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96" ], "source": "MITRE", "title": "Detecting & Removing an Attacker’s WMI Persistence" }, "related": [], "uuid": "539e7cd0-d1e9-46ba-96fe-d8a1061c857e", "value": "Medium Detecting WMI Persistence" }, { "description": "Okta. (2022, August 25). Detecting Scatter Swine: Insights into a Relentless Phishing Campaign. Retrieved February 24, 2023.", "meta": { "date_accessed": "2023-02-24T00:00:00Z", "date_published": "2022-08-25T00:00:00Z", "refs": [ "https://sec.okta.com/scatterswine" ], "source": "MITRE", "title": "Detecting Scatter Swine: Insights into a Relentless Phishing Campaign" }, "related": [], "uuid": "66d1b6e2-c069-5832-b549-fc5f0edeed40", "value": "Okta Scatter Swine 2022" }, { "description": "Stoner, J. (2021, January 21). Detecting Supernova Malware: SolarWinds Continued. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2021-01-21T00:00:00Z", "refs": [ "https://www.splunk.com/en_us/blog/security/detecting-supernova-malware-solarwinds-continued.html" ], "source": "MITRE", "title": "Detecting Supernova Malware: SolarWinds Continued" }, "related": [], "uuid": "7e43bda5-0978-46aa-b3b3-66ffb62b9fdb", "value": "Splunk Supernova Jan 2021" }, { "description": "Cap, P., et al. (2017, January 25). Detecting threat actors in recent German industrial attacks with Windows Defender ATP. Retrieved February 8, 2017.", "meta": { "date_accessed": "2017-02-08T00:00:00Z", "date_published": "2017-01-25T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/" ], "source": "MITRE", "title": "Detecting threat actors in recent German industrial attacks with Windows Defender ATP" }, "related": [], "uuid": "6b63fac9-4bde-4fc8-a016-e77c8485fab7", "value": "Microsoft Winnti Jan 2017" }, { "description": "stderr. (2014, February 14). Detecting Userland Preload Rootkits. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2014-02-14T00:00:00Z", "refs": [ "http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html" ], "source": "MITRE", "title": "Detecting Userland Preload Rootkits" }, "related": [], "uuid": "16c00830-eade-40e2-9ee6-6e1af4b58e5d", "value": "Chokepoint preload rootkits" }, { "description": "Sygnia. (2020, December). Detection and Hunting of Golden SAML Attack. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2020-12-01T00:00:00Z", "refs": [ "https://www.sygnia.co/golden-saml-advisory" ], "source": "MITRE", "title": "Detection and Hunting of Golden SAML Attack" }, "related": [], "uuid": "1a6673b0-2a30-481e-a2a4-9e17e2676c5d", "value": "Sygnia Golden SAML" }, { "description": "Bromiley, M. et al. (2021, March 4). Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities. Retrieved March 9, 2021.", "meta": { "date_accessed": "2021-03-09T00:00:00Z", "date_published": "2021-03-04T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html" ], "source": "MITRE", "title": "Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities" }, "related": [], "uuid": "5e5452a4-c3f5-4802-bcb4-198612cc8282", "value": "FireEye Exchange Zero Days March 2021" }, { "description": "Microsoft. (2022, March 22). DEV-0537 criminal actor targeting organizations for data exfiltration and destruction. Retrieved March 23, 2022.", "meta": { "date_accessed": "2022-03-23T00:00:00Z", "date_published": "2022-03-22T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/" ], "source": "MITRE", "title": "DEV-0537 criminal actor targeting organizations for data exfiltration and destruction" }, "related": [], "uuid": "2f7a59f3-620d-4e2e-8595-af96cd4e16c3", "value": "Microsoft DEV-0537" }, { "description": "MSTIC, DART, M365 Defender. (2022, March 24). DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction. Retrieved May 17, 2022.", "meta": { "date_accessed": "2022-05-17T00:00:00Z", "date_published": "2022-03-24T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/" ], "source": "MITRE", "title": "DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction" }, "related": [], "uuid": "a9ce7e34-6e7d-4681-9869-8e8f2b5b0390", "value": "MSTIC DEV-0537 Mar 2022" }, { "description": "MSTIC. (2022, November 17). DEV-0569 finds new ways to deliver Royal ransomware, various payloads. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2022-11-17T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/" ], "source": "MITRE", "title": "DEV-0569 finds new ways to deliver Royal ransomware, various payloads" }, "related": [], "uuid": "91efc6bf-e15c-514a-96c1-e838268d222f", "value": "Microsoft Royal ransomware November 2022" }, { "description": "Felix 'FX' Lindner. (2008, February). Developments in Cisco IOS Forensics. Retrieved October 21, 2020.", "meta": { "date_accessed": "2020-10-21T00:00:00Z", "date_published": "2008-02-01T00:00:00Z", "refs": [ "https://www.recurity-labs.com/research/RecurityLabs_Developments_in_IOS_Forensics.pdf" ], "source": "MITRE", "title": "Developments in Cisco IOS Forensics" }, "related": [], "uuid": "95fdf251-f40d-4f7a-bb12-8762e9c961b9", "value": "Cisco IOS Forensics Developments" }, { "description": "LOLBAS. (2021, August 16). DeviceCredentialDeployment.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-08-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/DeviceCredentialDeployment/" ], "source": "Tidal Cyber", "title": "DeviceCredentialDeployment.exe" }, "related": [], "uuid": "fef281e8-8138-4420-b11b-66d1e6a19805", "value": "DeviceCredentialDeployment.exe - LOLBAS Project" }, { "description": "Graeber, M. (2016, November 13). DeviceGuardBypassMitigationRules. Retrieved November 30, 2016.", "meta": { "date_accessed": "2016-11-30T00:00:00Z", "date_published": "2016-11-13T00:00:00Z", "refs": [ "https://github.com/mattifestation/DeviceGuardBypassMitigationRules" ], "source": "MITRE", "title": "DeviceGuardBypassMitigationRules" }, "related": [], "uuid": "4ecd64b4-8014-447a-91d2-a431f4adbfcd", "value": "GitHub mattifestation DeviceGuardBypass" }, { "description": "LOLBAS. (2022, January 20). Devinit.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-01-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Devinit/" ], "source": "Tidal Cyber", "title": "Devinit.exe" }, "related": [], "uuid": "27343583-c17d-4c11-a7e3-14d725756556", "value": "Devinit.exe - LOLBAS Project" }, { "description": "LOLBAS. (2019, October 4). Devtoolslauncher.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-10-04T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Devtoolslauncher/" ], "source": "Tidal Cyber", "title": "Devtoolslauncher.exe" }, "related": [], "uuid": "cb263978-019c-40c6-b6de-61db0e7a8941", "value": "Devtoolslauncher.exe - LOLBAS Project" }, { "description": "LOLBAS. (2023, September 16). devtunnel.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-09-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/devtunnels/" ], "source": "Tidal Cyber", "title": "devtunnel.exe" }, "related": [], "uuid": "657c8b4c-1eee-4997-8461-c7592eaed9e8", "value": "devtunnel.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Dfshim.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Dfshim/" ], "source": "Tidal Cyber", "title": "Dfshim.dll" }, "related": [], "uuid": "30503e42-6047-46a9-8189-e6caa5f4deb0", "value": "Dfshim.dll - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Dfsvc.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Dfsvc/" ], "source": "Tidal Cyber", "title": "Dfsvc.exe" }, "related": [], "uuid": "7f3a78c0-68b2-4a9d-ae6a-6e63e8ddac3f", "value": "Dfsvc.exe - LOLBAS Project" }, { "description": "Microsoft. (2006, August 31). DHCP Server Operational Events. Retrieved March 7, 2022.", "meta": { "date_accessed": "2022-03-07T00:00:00Z", "date_published": "2006-08-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn800668(v=ws.11)" ], "source": "MITRE", "title": "DHCP Server Operational Events" }, "related": [], "uuid": "e2b1e810-2a78-4553-8927-38ed5fba0f38", "value": "dhcp_serv_op_events" }, { "description": "Mello, V. (2018, March 8). Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64). Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2018-03-08T00:00:00Z", "refs": [ "https://github.com/m0nad/Diamorphine" ], "source": "MITRE", "title": "Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)" }, "related": [], "uuid": "92993055-d2e6-46b2-92a3-ad70b62e4cc0", "value": "GitHub Diamorphine" }, { "description": "Living Off The Land Binaries, Scripts and Libraries (LOLBAS). (n.d.). Diantz.exe. Retrieved October 25, 2021.", "meta": { "date_accessed": "2021-10-25T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Diantz/" ], "source": "MITRE", "title": "Diantz.exe" }, "related": [], "uuid": "66652db8-5594-414f-8a6b-83d708a0c1fa", "value": "diantz.exe_lolbas" }, { "description": "Neeamni, D., Rubinfeld, A.. (2021, July 1). Diavol - A New Ransomware Used By Wizard Spider?. Retrieved November 12, 2021.", "meta": { "date_accessed": "2021-11-12T00:00:00Z", "date_published": "2021-07-01T00:00:00Z", "refs": [ "https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider" ], "source": "MITRE", "title": "Diavol - A New Ransomware Used By Wizard Spider?" }, "related": [], "uuid": "28c650f2-8ce8-4c78-ab4a-cae56c1548ed", "value": "Fortinet Diavol July 2021" }, { "description": "DFIR Report. (2021, December 13). Diavol Ransomware. Retrieved March 9, 2022.", "meta": { "date_accessed": "2022-03-09T00:00:00Z", "date_published": "2021-12-13T00:00:00Z", "refs": [ "https://thedfirreport.com/2021/12/13/diavol-ransomware/" ], "source": "MITRE", "title": "Diavol Ransomware" }, "related": [], "uuid": "eb89f18d-684c-4220-b2a8-967f1f8f9162", "value": "DFIR Diavol Ransomware December 2021" }, { "description": "Guarnieri, C. (2015, June 19). Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag. Retrieved January 22, 2018.", "meta": { "date_accessed": "2018-01-22T00:00:00Z", "date_published": "2015-06-19T00:00:00Z", "refs": [ "https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/" ], "source": "MITRE", "title": "Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag" }, "related": [], "uuid": "3b85fff0-88d8-4df6-af0b-66e57492732e", "value": "Überwachung APT28 Forfiles June 2015" }, { "description": "Microsoft. (2017, June 1). Digital Signatures for Kernel Modules on Windows. Retrieved April 22, 2021.", "meta": { "date_accessed": "2021-04-22T00:00:00Z", "date_published": "2017-06-01T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653559(v=vs.85)?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Digital Signatures for Kernel Modules on Windows" }, "related": [], "uuid": "451bdfe3-0b30-425c-97a0-44727b70c1da", "value": "Microsoft DSE June 2017" }, { "description": "ESET, et al. (2018, January). Diplomats in Eastern Europe bitten by a Turla mosquito. Retrieved July 3, 2018.", "meta": { "date_accessed": "2018-07-03T00:00:00Z", "date_published": "2018-01-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf" ], "source": "MITRE", "title": "Diplomats in Eastern Europe bitten by a Turla mosquito" }, "related": [], "uuid": "cd177c2e-ef22-47be-9926-61e25fd5f33b", "value": "ESET Turla Mosquito Jan 2018" }, { "description": "Microsoft. (n.d.). Dir. Retrieved April 18, 2016.", "meta": { "date_accessed": "2016-04-18T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc755121.aspx" ], "source": "MITRE", "title": "Dir" }, "related": [], "uuid": "f1eb8631-6bea-4688-a5ff-a388b1fdceb0", "value": "TechNet Dir" }, { "description": "Ulf Frisk. (2016, August 5). Direct Memory Attack the Kernel. Retrieved March 30, 2018.", "meta": { "date_accessed": "2018-03-30T00:00:00Z", "date_published": "2016-08-05T00:00:00Z", "refs": [ "https://www.youtube.com/watch?v=fXthwl6ShOg" ], "source": "MITRE", "title": "Direct Memory Attack the Kernel" }, "related": [], "uuid": "c504485b-2daa-4159-96da-481a0b97a979", "value": "Frisk DMA August 2016" }, { "description": "Feichter, D. (2023, June 30). Direct Syscalls vs Indirect Syscalls. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "date_published": "2023-06-30T00:00:00Z", "refs": [ "https://redops.at/en/blog/direct-syscalls-vs-indirect-syscalls" ], "source": "MITRE", "title": "Direct Syscalls vs Indirect Syscalls" }, "related": [], "uuid": "dd8c2edd-b5ba-5a41-b65d-c3a2951d07b8", "value": "Redops Syscalls" }, { "description": "Dormann, W. (2017, October 20). Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016. Retrieved February 3, 2018.", "meta": { "date_accessed": "2018-02-03T00:00:00Z", "date_published": "2017-10-20T00:00:00Z", "refs": [ "https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b" ], "source": "MITRE", "title": "Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016" }, "related": [], "uuid": "eea0dd34-4efa-4093-bd11-a59d1601868f", "value": "GitHub Disable DDEAUTO Oct 2017" }, { "description": "wordmann. (2022, February 8). Disable Disc Imgage. Retrieved February 8, 2022.", "meta": { "date_accessed": "2022-02-08T00:00:00Z", "date_published": "2022-02-08T00:00:00Z", "refs": [ "https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7" ], "source": "MITRE", "title": "Disable Disc Imgage" }, "related": [], "uuid": "2155591e-eacf-4575-b7a6-f031675ef1b3", "value": "Disable automount for ISO" }, { "description": "dmcxblue. (n.d.). Disable Windows Event Logging. Retrieved September 10, 2021.", "meta": { "date_accessed": "2021-09-10T00:00:00Z", "refs": [ "https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-windows-event-logging" ], "source": "MITRE", "title": "Disable Windows Event Logging" }, "related": [], "uuid": "0fa5e507-33dc-40ea-b960-bcd9aa024ab1", "value": "Disable_Win_Event_Logging" }, { "description": "wdormann. (2019, August 29). Disable Windows Explorer file associations for Disc Image Mount. Retrieved April 16, 2022.", "meta": { "date_accessed": "2022-04-16T00:00:00Z", "date_published": "2019-08-29T00:00:00Z", "refs": [ "https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7" ], "source": "MITRE", "title": "Disable Windows Explorer file associations for Disc Image Mount" }, "related": [], "uuid": "044aa74a-9320-496a-9d15-37d8b934c244", "value": "GitHub MOTW" }, { "description": "Apple. (n.d.). Disabling and Enabling System Integrity Protection. Retrieved April 22, 2021.", "meta": { "date_accessed": "2021-04-22T00:00:00Z", "refs": [ "https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection" ], "source": "MITRE", "title": "Disabling and Enabling System Integrity Protection" }, "related": [], "uuid": "d7545e0c-f0b7-4be4-800b-06a02240385e", "value": "Apple Disable SIP" }, { "description": "Microsoft. (2009, February 9). Disabling Bluetooth and Infrared Beaming. Retrieved July 26, 2018.", "meta": { "date_accessed": "2018-07-26T00:00:00Z", "date_published": "2009-02-09T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/dd252791.aspx" ], "source": "MITRE", "title": "Disabling Bluetooth and Infrared Beaming" }, "related": [], "uuid": "27573597-5269-4894-87fb-24afcdb8f30a", "value": "Microsoft GPO Bluetooth FEB 2009" }, { "description": "Kondratiev, A. (n.d.). Disabling dangerous PHP functions. Retrieved July 26, 2021.", "meta": { "date_accessed": "2021-07-26T00:00:00Z", "refs": [ "https://itsyndicate.org/blog/disabling-dangerous-php-functions/" ], "source": "MITRE", "title": "Disabling dangerous PHP functions" }, "related": [], "uuid": "6e91f485-5777-4a06-94a3-cdc4718a8e39", "value": "ITSyndicate Disabling PHP functions" }, { "description": "TheDFIRReport. (2022, March 1). Disabling notifications on Synology servers before ransom. Retrieved October 19, 2022.", "meta": { "date_accessed": "2022-10-19T00:00:00Z", "date_published": "2022-03-01T00:00:00Z", "refs": [ "https://twitter.com/TheDFIRReport/status/1498657590259109894" ], "source": "MITRE", "title": "Disabling notifications on Synology servers before ransom" }, "related": [], "uuid": "d53e8f89-df78-565b-a316-cf2644c5ed36", "value": "disable_notif_synology_ransom" }, { "description": "LOLBAS. (2018, May 25). Diskshadow.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Diskshadow/" ], "source": "Tidal Cyber", "title": "Diskshadow.exe" }, "related": [], "uuid": "27a3f0b4-e699-4319-8b52-8eae4581faa2", "value": "Diskshadow.exe - LOLBAS Project" }, { "description": "Vrabie, V. (2020, November). Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. Retrieved September 19, 2022.", "meta": { "date_accessed": "2022-09-19T00:00:00Z", "date_published": "2020-11-01T00:00:00Z", "refs": [ "https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf" ], "source": "MITRE", "title": "Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions" }, "related": [], "uuid": "b62a9f2c-02ca-4dfa-95fc-5dc6ad9568de", "value": "Bitdefender FunnyDream Campaign November 2020" }, { "description": "Maniath, S. and Kadam P. (2019, March 19). Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing. Retrieved January 7, 2021.", "meta": { "date_accessed": "2021-01-07T00:00:00Z", "date_published": "2019-03-19T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/dissecting-netwire-phishing-campaigns-usage-process-hollowing" ], "source": "MITRE", "title": "Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing" }, "related": [], "uuid": "404d4f7e-62de-4483-9320-a90fb255e783", "value": "FireEye NETWIRE March 2019" }, { "description": "Sternfeld, U. (2016). Dissecting Domain Generation Algorithms: Eight Real World DGA Variants. Retrieved February 18, 2019.", "meta": { "date_accessed": "2019-02-18T00:00:00Z", "date_published": "2016-01-01T00:00:00Z", "refs": [ "http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-Dissecting-DGAs-Eight-Real-World-DGA-Variants.pdf" ], "source": "MITRE", "title": "Dissecting Domain Generation Algorithms: Eight Real World DGA Variants" }, "related": [], "uuid": "9888cdb6-fe85-49b4-937c-75005ac9660d", "value": "Cybereason Dissecting DGAs" }, { "description": "Dunwoody, M.. (2017, April 3). Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY). Retrieved April 5, 2017.", "meta": { "date_accessed": "2017-04-05T00:00:00Z", "date_published": "2017-04-03T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html" ], "source": "MITRE", "title": "Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)" }, "related": [], "uuid": "b1271e05-80d7-4761-a13f-b6f0db7d7e5a", "value": "FireEye POSHSPY April 2017" }, { "description": "Microsoft. (2011, January 12). Distributed Transaction Coordinator. Retrieved February 25, 2016.", "meta": { "date_accessed": "2016-02-25T00:00:00Z", "date_published": "2011-01-12T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc759136(v=ws.10).aspx" ], "source": "MITRE", "title": "Distributed Transaction Coordinator" }, "related": [], "uuid": "d2a1aab3-a4c9-4583-9cf8-170eeb77d828", "value": "Microsoft DTC" }, { "description": "Nick Harbour. (2010, September 1). DLL Search Order Hijacking Revisited. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "date_published": "2010-09-01T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2010/08/dll-search-order-hijacking-revisited.html" ], "source": "MITRE", "title": "DLL Search Order Hijacking Revisited" }, "related": [], "uuid": "0ba2675d-4d7f-406a-81fa-b87e62d7a539", "value": "FireEye DLL Search Order Hijacking" }, { "description": "Mandiant. (2010, August 31). DLL Search Order Hijacking Revisited. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "date_published": "2010-08-31T00:00:00Z", "refs": [ "https://www.mandiant.com/blog/dll-search-order-hijacking-revisited/" ], "source": "MITRE", "title": "DLL Search Order Hijacking Revisited" }, "related": [], "uuid": "2f602a6c-0305-457c-b329-a17b55d8e094", "value": "Mandiant Search Order" }, { "description": "Stewart, A. (2014). DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading.pdf" ], "source": "MITRE", "title": "DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry" }, "related": [], "uuid": "813905b5-7aa5-4bab-b2ac-eaafdea55805", "value": "Stewart 2014" }, { "description": "LOLBAS. (2018, May 25). Dnscmd.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Dnscmd/" ], "source": "Tidal Cyber", "title": "Dnscmd.exe" }, "related": [], "uuid": "3571ca9d-3388-4e74-8b30-dd92ef2b5f10", "value": "Dnscmd.exe - LOLBAS Project" }, { "description": "Microsoft. (2023, February 3). Dnscmd Microsoft. Retrieved July 11, 2023.", "meta": { "date_accessed": "2023-07-11T00:00:00Z", "date_published": "2023-02-03T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/dnscmd" ], "source": "Tidal Cyber", "title": "Dnscmd Microsoft" }, "related": [], "uuid": "24b1cb7b-357f-470f-9715-fa0ec3958cbb", "value": "Dnscmd Microsoft" }, { "description": "Hacker Target. (n.d.). DNS Dumpster. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "refs": [ "https://dnsdumpster.com/" ], "source": "MITRE", "title": "DNS Dumpster" }, "related": [], "uuid": "0bbe1e50-28af-4265-a493-4bb4fd693bad", "value": "DNS Dumpster" }, { "description": "Mercer, W., Rascagneres, P. (2018, November 27). DNSpionage Campaign Targets Middle East. Retrieved October 9, 2020.", "meta": { "date_accessed": "2020-10-09T00:00:00Z", "date_published": "2018-11-27T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html" ], "source": "MITRE", "title": "DNSpionage Campaign Targets Middle East" }, "related": [], "uuid": "d597ad7d-f808-4289-b42a-79807248c2d6", "value": "Talos DNSpionage Nov 2018" }, { "description": "Hinchliffe, A. (2019, March 15). DNS Tunneling: how DNS can be (ab)used by malicious actors. Retrieved October 3, 2020.", "meta": { "date_accessed": "2020-10-03T00:00:00Z", "date_published": "2019-03-15T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/" ], "source": "MITRE", "title": "DNS Tunneling: how DNS can be (ab)used by malicious actors" }, "related": [], "uuid": "e41fde80-5ced-4f66-9852-392d1ef79520", "value": "Unit42 DNS Mar 2019" }, { "description": "LOLBAS. (2018, May 25). dnx.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dnx/" ], "source": "Tidal Cyber", "title": "dnx.exe" }, "related": [], "uuid": "50652a27-c47b-41d4-a2eb-2ebf74e5bd09", "value": "dnx.exe - LOLBAS Project" }, { "description": "Docker. (n.d.). DockerD CLI. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://docs.docker.com/engine/reference/commandline/dockerd/" ], "source": "MITRE", "title": "DockerD CLI" }, "related": [], "uuid": "ea86eae4-6ad4-4d79-9dd3-dd965a7feb5c", "value": "Docker Daemon CLI" }, { "description": "Docker. (n.d.). Docker Engine API v1.41 Reference. Retrieved March 31, 2021.", "meta": { "date_accessed": "2021-03-31T00:00:00Z", "refs": [ "https://docs.docker.com/engine/api/v1.41/" ], "source": "MITRE", "title": "Docker Engine API v1.41 Reference" }, "related": [], "uuid": "b8ec1e37-7286-40e8-9577-ff9c54801086", "value": "Docker API" }, { "description": "Docker. ( null). Docker Engine API v1.41 Reference - Build an Image. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "refs": [ "https://docs.docker.com/engine/api/v1.41/#operation/ImageBuild" ], "source": "MITRE", "title": "Docker Engine API v1.41 Reference - Build an Image" }, "related": [], "uuid": "ee708b64-57f3-4b47-af05-1e26b698c21f", "value": "Docker Build Image" }, { "description": "Docker. (n.d.). Docker Engine API v1.41 Reference - Container. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://docs.docker.com/engine/api/v1.41/#tag/Container" ], "source": "MITRE", "title": "Docker Engine API v1.41 Reference - Container" }, "related": [], "uuid": "2351cb32-23d6-4557-9c52-e6e228402bab", "value": "Docker Containers API" }, { "description": "Docker. (n.d.). Docker Exec. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://docs.docker.com/engine/reference/commandline/exec/" ], "source": "MITRE", "title": "Docker Exec" }, "related": [], "uuid": "5f1ace27-6584-4585-98de-52cb71d419c1", "value": "Docker Exec" }, { "description": "Docker. (n.d.). Docker Images. Retrieved April 6, 2021.", "meta": { "date_accessed": "2021-04-06T00:00:00Z", "refs": [ "https://docs.docker.com/engine/reference/commandline/images/" ], "source": "MITRE", "title": "Docker Images" }, "related": [], "uuid": "9b4d1e80-61e9-4557-a562-5eda66d0bbf7", "value": "Docker Images" }, { "description": "Docker. (n.d.). Docker Overview. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "refs": [ "https://docs.docker.com/get-started/overview/" ], "source": "MITRE", "title": "Docker Overview" }, "related": [], "uuid": "52954bb1-16b0-4717-a72c-8a6dec97610b", "value": "Docker Overview" }, { "description": "Docker. (n.d.). Docker run reference. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime" ], "source": "MITRE", "title": "Docker run reference" }, "related": [], "uuid": "c80ad3fd-d7fc-4a7a-8565-da3feaa4a915", "value": "Docker Entrypoint" }, { "description": "Microsoft. (2012, November 15). Domain controller: Allow server operators to schedule tasks. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2012-11-15T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/jj852168.aspx" ], "source": "MITRE", "title": "Domain controller: Allow server operators to schedule tasks" }, "related": [], "uuid": "a9497afa-42c8-499e-a6b6-4231b1c22f6e", "value": "TechNet Server Operator Scheduled Task" }, { "description": "Scarfo, A. (2016, October 10). Domain Generation Algorithms – Why so effective?. Retrieved February 18, 2019.", "meta": { "date_accessed": "2019-02-18T00:00:00Z", "date_published": "2016-10-10T00:00:00Z", "refs": [ "https://umbrella.cisco.com/blog/2016/10/10/domain-generation-algorithms-effective/" ], "source": "MITRE", "title": "Domain Generation Algorithms – Why so effective?" }, "related": [], "uuid": "5dbe2bcb-40b9-4ff8-a37a-0893a7a6cb58", "value": "Cisco Umbrella DGA" }, { "description": "Microsoft. (n.d.). Domain.GetAllTrustRelationships Method. Retrieved February 14, 2019.", "meta": { "date_accessed": "2019-02-14T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectory.domain.getalltrustrelationships?redirectedfrom=MSDN&view=netframework-4.7.2#System_DirectoryServices_ActiveDirectory_Domain_GetAllTrustRelationships" ], "source": "MITRE", "title": "Domain.GetAllTrustRelationships Method" }, "related": [], "uuid": "571086ce-42d3-4416-9521-315f694647a6", "value": "Microsoft GetAllTrustRelationships" }, { "description": "ICANN Security and Stability Advisory Committee. (2005, July 12). Domain Name Hijacking: Incidents, Threats, Risks and Remediation. Retrieved March 6, 2017.", "meta": { "date_accessed": "2017-03-06T00:00:00Z", "date_published": "2005-07-12T00:00:00Z", "refs": [ "https://www.icann.org/groups/ssac/documents/sac-007-en" ], "source": "MITRE", "title": "Domain Name Hijacking: Incidents, Threats, Risks and Remediation" }, "related": [], "uuid": "96c5ec6c-d53d-49c3-bca1-0b6abe0080e6", "value": "ICANNDomainNameHijacking" }, { "description": "Janos Szurdi, Rebekah Houser and Daiping Liu. (2022, September 21). Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime. Retrieved March 7, 2023.", "meta": { "date_accessed": "2023-03-07T00:00:00Z", "date_published": "2022-09-21T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/domain-shadowing/" ], "source": "MITRE", "title": "Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime" }, "related": [], "uuid": "ec460017-fd25-5975-b697-c8c11fee960d", "value": "Palo Alto Unit 42 Domain Shadowing 2022" }, { "description": "Schwarz, D., Sopko J. (2018, March 08). Donot Team Leverages New Modular Malware Framework in South Asia. Retrieved June 11, 2018.", "meta": { "date_accessed": "2018-06-11T00:00:00Z", "date_published": "2018-03-08T00:00:00Z", "refs": [ "https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia/" ], "source": "MITRE", "title": "Donot Team Leverages New Modular Malware Framework in South Asia" }, "related": [], "uuid": "a1b987cc-7789-411c-9673-3cf6357b207c", "value": "ASERT Donot March 2018" }, { "description": "Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved August 4, 2023.", "meta": { "date_accessed": "2023-08-04T00:00:00Z", "date_published": "2023-05-22T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse" ], "source": "MITRE", "title": "Don't @ Me: URL Obfuscation Through Schema Abuse" }, "related": [], "uuid": "b63f5934-2ace-5326-89be-7a850469a563", "value": "Mandiant URL Obfuscation 2023" }, { "description": "TheWover. (2019, May 9). donut. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2019-05-09T00:00:00Z", "refs": [ "https://github.com/TheWover/donut" ], "source": "MITRE", "title": "donut" }, "related": [], "uuid": "5f28c41f-6903-4779-93d4-3de99e031b70", "value": "Donut Github" }, { "description": "The Wover. (2019, May 9). Donut - Injecting .NET Assemblies as Shellcode. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2019-05-09T00:00:00Z", "refs": [ "https://thewover.github.io/Introducing-Donut/" ], "source": "MITRE", "title": "Donut - Injecting .NET Assemblies as Shellcode" }, "related": [], "uuid": "8fd099c6-e002-44d0-8b7f-65f290a42c07", "value": "Introducing Donut" }, { "description": "LOLBAS. (2019, November 12). Dotnet.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-11-12T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dotnet/" ], "source": "Tidal Cyber", "title": "Dotnet.exe" }, "related": [], "uuid": "8abe21ad-88d1-4a5c-b79e-8216b4b06862", "value": "Dotnet.exe - LOLBAS Project" }, { "description": "Itkin, Liora. (2022, September 1). Double-bounced attacks with email spoofing . Retrieved February 24, 2023.", "meta": { "date_accessed": "2023-02-24T00:00:00Z", "date_published": "2022-09-01T00:00:00Z", "refs": [ "https://blog.cyberproof.com/blog/double-bounced-attacks-with-email-spoofing-2022-trends" ], "source": "MITRE", "title": "Double-bounced attacks with email spoofing" }, "related": [], "uuid": "4406d688-c392-5244-b438-6995f38dfc61", "value": "cyberproof-double-bounce" }, { "description": "Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.", "meta": { "date_accessed": "2019-09-23T00:00:00Z", "date_published": "2019-08-07T00:00:00Z", "refs": [ "https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Double DragonAPT41, a dual espionage and cyber crime operation APT41" }, "related": [], "uuid": "20f8e252-0a95-4ebd-857c-d05b0cde0904", "value": "FireEye APT41 Aug 2019" }, { "description": "FireEye. (2019). Double DragonAPT41, a dual espionage andcyber crime operationAPT41. Retrieved September 23, 2019.", "meta": { "date_accessed": "2019-09-23T00:00:00Z", "date_published": "2019-01-01T00:00:00Z", "refs": [ "https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf" ], "source": "MITRE", "title": "Double DragonAPT41, a dual espionage andcyber crime operationAPT41" }, "related": [], "uuid": "daa31f35-15a6-413b-9319-80d6921d1598", "value": "FireEye APT41 2019" }, { "description": "Threat Intelligence Team. (2022, March 18). Double header: IsaacWiper and CaddyWiper . Retrieved April 11, 2022.", "meta": { "date_accessed": "2022-04-11T00:00:00Z", "date_published": "2022-03-18T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/" ], "source": "MITRE", "title": "Double header: IsaacWiper and CaddyWiper" }, "related": [], "uuid": "931aed95-a629-4f94-8762-aad580f5d3e2", "value": "Malwarebytes IssacWiper CaddyWiper March 2022" }, { "description": "Team Cinnamon. (2017, February 3). Downgrade Attacks. Retrieved December 9, 2021.", "meta": { "date_accessed": "2021-12-09T00:00:00Z", "date_published": "2017-02-03T00:00:00Z", "refs": [ "https://tlseminar.github.io/downgrade-attacks/" ], "source": "MITRE", "title": "Downgrade Attacks" }, "related": [], "uuid": "8b5d46bf-fb4e-4ecd-b8a9-9c084c1864a3", "value": "tlseminar_downgrade_att" }, { "description": "Foss, G. (2014, October 3). Do You Trust Your Computer?. Retrieved December 17, 2018.", "meta": { "date_accessed": "2018-12-17T00:00:00Z", "date_published": "2014-10-03T00:00:00Z", "refs": [ "https://logrhythm.com/blog/do-you-trust-your-computer/" ], "source": "MITRE", "title": "Do You Trust Your Computer?" }, "related": [], "uuid": "88a84f9a-e077-4fdd-9936-30fc7b290476", "value": "LogRhythm Do You Trust Oct 2014" }, { "description": "Sergiu Gatlan. (2019, November 22). Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2019-11-22T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/dozens-of-vnc-vulnerabilities-found-in-linux-windows-solutions/" ], "source": "MITRE", "title": "Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions" }, "related": [], "uuid": "3ec5440a-cb3b-4aa9-8e0e-0f92525ef51c", "value": "VNC Vulnerabilities" }, { "description": "Accenture Security. (2018, January 27). DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES. Retrieved November 14, 2018.", "meta": { "date_accessed": "2018-11-14T00:00:00Z", "date_published": "2018-01-27T00:00:00Z", "refs": [ "https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf" ], "source": "MITRE", "title": "DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES" }, "related": [], "uuid": "f692c6fa-7b3a-4d1d-9002-b1a59f7116f4", "value": "Accenture Dragonfish Jan 2018" }, { "description": "Symantec Security Response. (2014, June 30). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.", "meta": { "date_accessed": "2016-04-08T00:00:00Z", "date_published": "2014-06-30T00:00:00Z", "refs": [ "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments" ], "source": "MITRE, Tidal Cyber", "title": "Dragonfly: Cyberespionage Attacks Against Energy Suppliers" }, "related": [], "uuid": "9514c5cd-2ed6-4dbf-aa9e-1c425e969226", "value": "Symantec Dragonfly" }, { "description": "Symantec Security Response. (2014, July 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 9, 2017.", "meta": { "date_accessed": "2017-09-09T00:00:00Z", "date_published": "2014-07-07T00:00:00Z", "refs": [ "https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers" ], "source": "MITRE", "title": "Dragonfly: Western energy sector targeted by sophisticated attack group" }, "related": [], "uuid": "11bbeafc-ed5d-4d2b-9795-a0a9544fb64e", "value": "Symantec Dragonfly Sept 2017" }, { "description": "Symantec. (2017, October 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved April 19, 2022.", "meta": { "date_accessed": "2022-04-19T00:00:00Z", "date_published": "2017-10-07T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks" ], "source": "MITRE", "title": "Dragonfly: Western energy sector targeted by sophisticated attack group" }, "related": [], "uuid": "a0439d4a-a3ea-4be5-9a01-f223ca259681", "value": "Symantec Dragonfly 2.0 October 2017" }, { "description": "Slepogin, N. (2017, May 25). Dridex: A History of Evolution. Retrieved May 31, 2019.", "meta": { "date_accessed": "2019-05-31T00:00:00Z", "date_published": "2017-05-25T00:00:00Z", "refs": [ "https://securelist.com/dridex-a-history-of-evolution/78531/" ], "source": "MITRE", "title": "Dridex: A History of Evolution" }, "related": [], "uuid": "52c48bc3-2b53-4214-85c3-7e5dd036c969", "value": "Kaspersky Dridex May 2017" }, { "description": "Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, October 13). Dridex (Bugat v5) Botnet Takeover Operation. Retrieved May 31, 2019.", "meta": { "date_accessed": "2019-05-31T00:00:00Z", "date_published": "2015-10-13T00:00:00Z", "refs": [ "https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation" ], "source": "MITRE", "title": "Dridex (Bugat v5) Botnet Takeover Operation" }, "related": [], "uuid": "f81ce947-d875-4631-9709-b54c8b5d25bc", "value": "Dell Dridex Oct 2015" }, { "description": "Red Canary. (2021, February 9). Dridex - Red Canary Threat Detection Report. Retrieved August 3, 2023.", "meta": { "date_accessed": "2023-08-03T00:00:00Z", "date_published": "2021-02-09T00:00:00Z", "refs": [ "https://redcanary.com/threat-detection-report/threats/dridex/" ], "source": "MITRE", "title": "Dridex - Red Canary Threat Detection Report" }, "related": [], "uuid": "3be25132-6655-5fa9-92cb-772d02f49d2b", "value": "Red Canary Dridex Threat Report 2021" }, { "description": "Adair, S., Lancaster, T., Volexity Threat Research. (2022, June 15). DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach. Retrieved July 1, 2022.", "meta": { "date_accessed": "2022-07-01T00:00:00Z", "date_published": "2022-06-15T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/" ], "source": "MITRE", "title": "DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach" }, "related": [], "uuid": "85bee18e-216d-4ea6-b34e-b071e3f63382", "value": "volexity_0day_sophos_FW" }, { "description": "Microsoft. (n.d.). driverquery. Retrieved March 28, 2023.", "meta": { "date_accessed": "2023-03-28T00:00:00Z", "refs": [ "https://learn.microsoft.com/windows-server/administration/windows-commands/driverquery" ], "source": "MITRE", "title": "driverquery" }, "related": [], "uuid": "7302dc00-a75a-5787-a04c-88ef4922ac09", "value": "Microsoft Driverquery" }, { "description": "David Talbot. (2013, August 21). Dropbox and Similar Services Can Sync Malware. Retrieved May 31, 2023.", "meta": { "date_accessed": "2023-05-31T00:00:00Z", "date_published": "2013-08-21T00:00:00Z", "refs": [ "https://www.technologyreview.com/2013/08/21/83143/dropbox-and-similar-services-can-sync-malware/" ], "source": "MITRE", "title": "Dropbox and Similar Services Can Sync Malware" }, "related": [], "uuid": "06ca63fa-8c6c-501c-96d3-5e7e45ca1e04", "value": "Dropbox Malware Sync" }, { "description": "Dahan, A. et al. (2019, December 11). DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE. Retrieved September 10, 2020.", "meta": { "date_accessed": "2020-09-10T00:00:00Z", "date_published": "2019-12-11T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware" ], "source": "MITRE", "title": "DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE" }, "related": [], "uuid": "a8dc5598-9963-4a1d-a473-bee8d2c72c57", "value": "Cyberreason Anchor December 2019" }, { "description": "SambaWiki. (n.d.). DRSUAPI. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "refs": [ "https://wiki.samba.org/index.php/DRSUAPI" ], "source": "MITRE", "title": "DRSUAPI" }, "related": [], "uuid": "79e8f598-9962-4124-b884-eb10f86885af", "value": "Samba DRSUAPI" }, { "description": "LOLBAS. (2023, May 31). dsdbutil.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-05-31T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dsdbutil/" ], "source": "Tidal Cyber", "title": "dsdbutil.exe" }, "related": [], "uuid": "fc982faf-a37d-4d0b-949c-f7a27adc3030", "value": "dsdbutil.exe - LOLBAS Project" }, { "description": "Microsoft. (n.d.). Dsquery. Retrieved April 18, 2016.", "meta": { "date_accessed": "2016-04-18T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc732952.aspx" ], "source": "MITRE", "title": "Dsquery" }, "related": [], "uuid": "bbbb4a45-2963-4f04-901a-fb2752800e12", "value": "TechNet Dsquery" }, { "description": "Hod Gavriel. (2019, November 21). Dtrack: In-depth analysis of APT on a nuclear power plant. Retrieved January 20, 2021.", "meta": { "date_accessed": "2021-01-20T00:00:00Z", "date_published": "2019-11-21T00:00:00Z", "refs": [ "https://www.cyberbit.com/blog/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/" ], "source": "MITRE", "title": "Dtrack: In-depth analysis of APT on a nuclear power plant" }, "related": [], "uuid": "1ac944f4-868c-4312-8b5d-1580fd6542a0", "value": "CyberBit Dtrack" }, { "description": "Kaspersky Global Research and Analysis Team. (2019, September 23). DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers. Retrieved January 20, 2021.", "meta": { "date_accessed": "2021-01-20T00:00:00Z", "date_published": "2019-09-23T00:00:00Z", "refs": [ "https://usa.kaspersky.com/about/press-releases/2019_dtrack-previously-unknown-spy-tool-hits-financial-institutions-and-research-centers" ], "source": "MITRE", "title": "DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers" }, "related": [], "uuid": "0122ee35-938d-493f-a3bb-bc75fc808f62", "value": "Kaspersky Dtrack" }, { "description": "CS. (2020, October 7). Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2. Retrieved September 27, 2021.", "meta": { "date_accessed": "2021-09-27T00:00:00Z", "date_published": "2020-10-07T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/duck-hunting-with-falcon-complete-qakbot-zip-based-campaign/" ], "source": "MITRE", "title": "Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2" }, "related": [], "uuid": "636a9b94-8260-45cc-bd74-a764cd8f50b0", "value": "Crowdstrike Qakbot October 2020" }, { "description": "LOLBAS. (2021, November 16). Dump64.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-11-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dump64/" ], "source": "Tidal Cyber", "title": "Dump64.exe" }, "related": [], "uuid": "b0186447-a6d5-40d7-a11d-ab2e9fb93087", "value": "Dump64.exe - LOLBAS Project" }, { "description": "Metcalf, S. (2015, November 22). Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync. Retrieved November 15, 2021.", "meta": { "date_accessed": "2021-11-15T00:00:00Z", "date_published": "2015-11-22T00:00:00Z", "refs": [ "https://adsecurity.org/?p=2053" ], "source": "MITRE", "title": "Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync" }, "related": [], "uuid": "bd1d7e75-feee-47fd-abfb-7e3dfc648a72", "value": "dump_pwd_dcsync" }, { "description": "Mantvydas Baranauskas. (2019, November 16). Dumping and Cracking mscash - Cached Domain Credentials. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2019-11-16T00:00:00Z", "refs": [ "https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-and-cracking-mscash-cached-domain-credentials" ], "source": "MITRE", "title": "Dumping and Cracking mscash - Cached Domain Credentials" }, "related": [], "uuid": "5b643e7d-1ace-4517-88c2-96115cac1209", "value": "ired mscache" }, { "description": "Mantvydas Baranauskas. (2019, November 16). Dumping LSA Secrets. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2019-11-16T00:00:00Z", "refs": [ "https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsa-secrets" ], "source": "MITRE", "title": "Dumping LSA Secrets" }, "related": [], "uuid": "cf883397-11e9-4f94-977a-bbe46e3107f5", "value": "ired Dumping LSA Secrets" }, { "description": "LOLBAS. (2022, January 20). DumpMinitool.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-01-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/DumpMinitool/" ], "source": "Tidal Cyber", "title": "DumpMinitool.exe" }, "related": [], "uuid": "4634e025-c005-46fe-b97c-5d7dda455ba0", "value": "DumpMinitool.exe - LOLBAS Project" }, { "description": "Wikipedia. (2017, December 29). Duqu. Retrieved April 10, 2018.", "meta": { "date_accessed": "2018-04-10T00:00:00Z", "date_published": "2017-12-29T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Duqu" ], "source": "MITRE", "title": "Duqu" }, "related": [], "uuid": "5cf0101e-c036-4c1c-b322-48f04e2aef0b", "value": "Wikipedia Duqu" }, { "description": "LOLBAS. (2018, May 25). Dxcap.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dxcap/" ], "source": "Tidal Cyber", "title": "Dxcap.exe" }, "related": [], "uuid": "7611eb7a-46b7-4c76-9728-67c1fbf20e17", "value": "Dxcap.exe - LOLBAS Project" }, { "description": "Fitzl, C. (2019, July 9). DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX. Retrieved March 26, 2020.", "meta": { "date_accessed": "2020-03-26T00:00:00Z", "date_published": "2019-07-09T00:00:00Z", "refs": [ "https://theevilbit.github.io/posts/dyld_insert_libraries_dylib_injection_in_macos_osx_deep_dive/" ], "source": "MITRE", "title": "DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX" }, "related": [], "uuid": "bd27026c-81eb-480e-b092-f861472ac775", "value": "TheEvilBit DYLD_INSERT_LIBRARIES" }, { "description": "Patrick Wardle. (2015, March 1). Dylib Hijacking on OS X. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "date_published": "2015-03-01T00:00:00Z", "refs": [ "https://www.virusbulletin.com/uploads/pdf/magazine/2015/vb201503-dylib-hijacking.pdf" ], "source": "MITRE", "title": "Dylib Hijacking on OS X" }, "related": [], "uuid": "c78d8c94-4fe3-4aa9-b879-f0b0e9d2714b", "value": "Wardle Dylib Hijacking OSX 2015" }, { "description": "Dragos. (n.d.). DYMALLOY. Retrieved August 20, 2020.", "meta": { "date_accessed": "2020-08-20T00:00:00Z", "refs": [ "https://www.dragos.com/threat/dymalloy/" ], "source": "MITRE", "title": "DYMALLOY" }, "related": [], "uuid": "d2785c6e-e0d1-4e90-a2d5-2c302176d5d3", "value": "Dragos DYMALLOY" }, { "description": "Hillman, M. (2015, August 8). Dynamic Hooking Techniques: User Mode. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2015-08-08T00:00:00Z", "refs": [ "https://www.mwrinfosecurity.com/our-thinking/dynamic-hooking-techniques-user-mode/" ], "source": "MITRE", "title": "Dynamic Hooking Techniques: User Mode" }, "related": [], "uuid": "3cb6d0b1-4d6b-4f2d-bd7d-e4b2dcde081d", "value": "MWRInfoSecurity Dynamic Hooking 2015" }, { "description": "Droms, R. (1997, March). Dynamic Host Configuration Protocol. Retrieved March 9, 2022.", "meta": { "date_accessed": "2022-03-09T00:00:00Z", "date_published": "1997-03-01T00:00:00Z", "refs": [ "https://datatracker.ietf.org/doc/html/rfc2131" ], "source": "MITRE", "title": "Dynamic Host Configuration Protocol" }, "related": [], "uuid": "b16bd2d5-162b-44cb-a812-7becd6684021", "value": "rfc2131" }, { "description": "J. Bound, et al. (2003, July). Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Retrieved June 27, 2022.", "meta": { "date_accessed": "2022-06-27T00:00:00Z", "date_published": "2003-07-01T00:00:00Z", "refs": [ "https://datatracker.ietf.org/doc/html/rfc3315" ], "source": "MITRE", "title": "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" }, "related": [], "uuid": "9349f864-79e9-4481-ad77-44099621795a", "value": "rfc3315" }, { "description": "Microsoft. (n.d.). Dynamic-Link Library Redirection. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "refs": [ "http://msdn.microsoft.com/en-US/library/ms682600" ], "source": "MITRE", "title": "Dynamic-Link Library Redirection" }, "related": [], "uuid": "ac60bb28-cb14-4ff9-bc05-df48273a28a9", "value": "Microsoft DLL Redirection" }, { "description": "Microsoft. (2018, May 31). Dynamic-Link Library Redirection. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-redirection?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Dynamic-Link Library Redirection" }, "related": [], "uuid": "72458590-ee1b-4447-adb8-ca4f486d1db5", "value": "Microsoft Dynamic-Link Library Redirection" }, { "description": "Microsoft. (n.d.). Dynamic-Link Library Search Order. Retrieved November 30, 2014.", "meta": { "date_accessed": "2014-11-30T00:00:00Z", "refs": [ "http://msdn.microsoft.com/en-US/library/ms682586" ], "source": "MITRE", "title": "Dynamic-Link Library Search Order" }, "related": [], "uuid": "c157444d-bf2b-4806-b069-519122b7a459", "value": "Microsoft DLL Search" }, { "description": "Microsoft. (2018, May 31). Dynamic-Link Library Search Order. Retrieved November 30, 2014.", "meta": { "date_accessed": "2014-11-30T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Dynamic-Link Library Search Order" }, "related": [], "uuid": "7b1f945b-2547-4bc6-98bf-30248bdf3587", "value": "Microsoft Dynamic Link Library Search Order" }, { "description": "Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.", "meta": { "date_accessed": "2016-07-25T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/ff919712.aspx" ], "source": "MITRE", "title": "Dynamic-Link Library Security" }, "related": [], "uuid": "5d1d1916-cef4-49d1-b8e2-a6d18fb297f6", "value": "MSDN DLL Security" }, { "description": "Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.", "meta": { "date_accessed": "2016-07-25T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Dynamic-Link Library Security" }, "related": [], "uuid": "e087442a-0a53-4cc8-9fd6-772cbd0295d5", "value": "Microsoft Dynamic-Link Library Security" }, { "description": "Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved November 27, 2017.", "meta": { "date_accessed": "2017-11-27T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx" ], "source": "MITRE", "title": "Dynamic-Link Library Security" }, "related": [], "uuid": "584490c7-b155-4f62-b68d-a5a2a1799e60", "value": "Microsoft DLL Security" }, { "description": "Symantec Security Response. (2015, June 23). Dyre: Emerging threat on financial fraud landscape. Retrieved August 23, 2018.", "meta": { "date_accessed": "2018-08-23T00:00:00Z", "date_published": "2015-06-23T00:00:00Z", "refs": [ "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dyre-emerging-threat.pdf" ], "source": "MITRE", "title": "Dyre: Emerging threat on financial fraud landscape" }, "related": [], "uuid": "a9780bb0-302f-44c2-8252-b53d94da24e6", "value": "Symantec Dyre June 2015" }, { "description": "Anthony Spadafora. (2021, June 11). EA hack reportedly used stolen cookies and Slack to target gaming giant. Retrieved May 31, 2022.", "meta": { "date_accessed": "2022-05-31T00:00:00Z", "date_published": "2021-06-11T00:00:00Z", "refs": [ "https://www.techradar.com/news/ea-hack-reportedly-used-stolen-cookies-and-slack-to-hack-gaming-giant" ], "source": "MITRE", "title": "EA hack reportedly used stolen cookies and Slack to target gaming giant" }, "related": [], "uuid": "3362e1df-cfb9-4281-a0a1-9a3710d76945", "value": "EA Hacked via Slack - June 2021" }, { "description": "CrowdStrike. (2022, January 27). Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign. Retrieved February 7, 2022.", "meta": { "date_accessed": "2022-02-07T00:00:00Z", "date_published": "2022-01-27T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/" ], "source": "MITRE", "title": "Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign" }, "related": [], "uuid": "149c1446-d6a1-4a63-9420-def9272d6cb9", "value": "CrowdStrike StellarParticle January 2022" }, { "description": "Peretz, A. and Theck, E. (2021, March 5). Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East. Retrieved March 18, 2021.", "meta": { "date_accessed": "2021-03-18T00:00:00Z", "date_published": "2021-03-05T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html" ], "source": "MITRE", "title": "Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East" }, "related": [], "uuid": "16b4b834-2f44-4bac-b810-f92080c41f09", "value": "Trend Micro Muddy Water March 2021" }, { "description": "U.S. SEC. (n.d.). EDGAR - Search and Access. Retrieved August 27, 2021.", "meta": { "date_accessed": "2021-08-27T00:00:00Z", "refs": [ "https://www.sec.gov/edgar/search-and-access" ], "source": "MITRE", "title": "EDGAR - Search and Access" }, "related": [], "uuid": "97958143-80c5-41f6-9fa6-4748e90e9f12", "value": "SEC EDGAR Search" }, { "description": "Bichet, J. (2020, November 12). Egregor – Prolock: Fraternal Twins ?. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2020-11-12T00:00:00Z", "refs": [ "https://www.intrinsec.com/egregor-prolock/?cn-reloaded=1" ], "source": "MITRE", "title": "Egregor – Prolock: Fraternal Twins ?" }, "related": [], "uuid": "e55604da-b419-411a-85cf-073f2d78e0c1", "value": "Intrinsec Egregor Nov 2020" }, { "description": "Rochberger, L. (2020, November 26). Cybereason vs. Egregor Ransomware. Retrieved December 30, 2020.", "meta": { "date_accessed": "2020-12-30T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/cybereason-vs-egregor-ransomware" ], "source": "MITRE", "title": "Egregor Ransomware" }, "related": [], "uuid": "c36b38d4-cfa2-4f1e-a410-6d629a24be62", "value": "Cybereason Egregor Nov 2020" }, { "description": "Cybleinc. (2020, October 31). Egregor Ransomware – A Deep Dive Into Its Activities and Techniques. Retrieved December 29, 2020.", "meta": { "date_accessed": "2020-12-29T00:00:00Z", "date_published": "2020-10-31T00:00:00Z", "refs": [ "https://cybleinc.com/2020/10/31/egregor-ransomware-a-deep-dive-into-its-activities-and-techniques/" ], "source": "MITRE", "title": "Egregor Ransomware – A Deep Dive Into Its Activities and Techniques" }, "related": [], "uuid": "545a131d-88fc-4b34-923c-0b759b45fc7f", "value": "Cyble Egregor Oct 2020" }, { "description": "NHS Digital. (2020, November 26). Egregor Ransomware The RaaS successor to Maze. Retrieved December 29, 2020.", "meta": { "date_accessed": "2020-12-29T00:00:00Z", "date_published": "2020-11-26T00:00:00Z", "refs": [ "https://digital.nhs.uk/cyber-alerts/2020/cc-3681#summary" ], "source": "MITRE", "title": "Egregor Ransomware The RaaS successor to Maze" }, "related": [], "uuid": "92f74037-2a20-4667-820d-2ccc0e4dbd3d", "value": "NHS Digital Egregor Nov 2020" }, { "description": "Meskauskas, T.. (2020, October 29). Egregor: Sekhmet’s Cousin. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2020-10-29T00:00:00Z", "refs": [ "https://securityboulevard.com/2020/10/egregor-sekhmets-cousin/" ], "source": "MITRE", "title": "Egregor: Sekhmet’s Cousin" }, "related": [], "uuid": "cd37a000-9e15-45a3-a7c9-bb508c10e55d", "value": "Security Boulevard Egregor Oct 2020" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2020, June 30). EINSTEIN Data Trends – 30-day Lookback. Retrieved October 25, 2023.", "meta": { "date_accessed": "2023-10-25T00:00:00Z", "date_published": "2020-06-30T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-182a" ], "source": "Tidal Cyber", "title": "EINSTEIN Data Trends – 30-day Lookback" }, "related": [], "uuid": "b97e9a02-4cc5-4845-8058-0be4c566cd7c", "value": "U.S. CISA Trends June 30 2020" }, { "description": "Dragos. (2020, February 3). EKANS Ransomware and ICS Operations. Retrieved February 9, 2021.", "meta": { "date_accessed": "2021-02-09T00:00:00Z", "date_published": "2020-02-03T00:00:00Z", "refs": [ "https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/" ], "source": "MITRE", "title": "EKANS Ransomware and ICS Operations" }, "related": [], "uuid": "c8a018c5-caa3-4af1-b210-b65bbf94c8b2", "value": "Dragos EKANS" }, { "description": "Edwards, M. (2007, March 14). EldoS Provides Raw Disk Access for Vista and XP. Retrieved March 26, 2019.", "meta": { "date_accessed": "2019-03-26T00:00:00Z", "date_published": "2007-03-14T00:00:00Z", "refs": [ "https://www.itprotoday.com/windows-78/eldos-provides-raw-disk-access-vista-and-xp" ], "source": "MITRE", "title": "EldoS Provides Raw Disk Access for Vista and XP" }, "related": [], "uuid": "a6cf3d1d-2310-42bb-9324-495b4e94d329", "value": "EldoS RawDisk ITpro" }, { "description": "Burt, T. (2020, September 10). New cyberattacks targeting U.S. elections. Retrieved March 24, 2021.", "meta": { "date_accessed": "2021-03-24T00:00:00Z", "refs": [ "https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/" ], "source": "MITRE, Tidal Cyber", "title": "elections" }, "related": [], "uuid": "1d7070fd-01be-4776-bb21-13368a6173b1", "value": "Microsoft Targeting Elections September 2020" }, { "description": "Secureworks CTU. (2021, May 28). USAID-Themed Phishing Campaign Leverages U.S. Elections Lure. Retrieved February 24, 2022.", "meta": { "date_accessed": "2022-02-24T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/usaid-themed-phishing-campaign-leverages-us-elections-lure" ], "source": "MITRE", "title": "Elections Lure" }, "related": [], "uuid": "0d42c329-5847-4970-9580-2318a566df4e", "value": "Secureworks IRON RITUAL USAID Phish May 2021" }, { "description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.", "meta": { "date_accessed": "2020-06-10T00:00:00Z", "date_published": "2017-01-01T00:00:00Z", "refs": [ "https://www.dragos.com/resource/electrum/" ], "source": "MITRE", "title": "ELECTRUM Threat Profile" }, "related": [], "uuid": "494f7056-7a39-4fa0-958d-fb1172d01852", "value": "Dragos ELECTRUM" }, { "description": "Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.", "meta": { "date_accessed": "2019-04-10T00:00:00Z", "date_published": "2019-03-27T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage" ], "source": "MITRE", "title": "Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S." }, "related": [], "uuid": "55671ede-f309-4924-a1b4-3d597517b27e", "value": "Symantec Elfin Mar 2019" }, { "description": "backtrace. (2016, April 22). ELF SHARED LIBRARY INJECTION FORENSICS. Retrieved June 15, 2020.", "meta": { "date_accessed": "2020-06-15T00:00:00Z", "date_published": "2016-04-22T00:00:00Z", "refs": [ "https://backtrace.io/blog/backtrace/elf-shared-library-injection-forensics/" ], "source": "MITRE", "title": "ELF SHARED LIBRARY INJECTION FORENSICS" }, "related": [], "uuid": "1c8fa804-6579-4e68-a0b3-d16e0bee5654", "value": "Backtrace VDSO" }, { "description": "Kaspersky Global Research and Analysis Team. (2014, August 20). El Machete. Retrieved September 13, 2019.", "meta": { "date_accessed": "2019-09-13T00:00:00Z", "date_published": "2014-08-20T00:00:00Z", "refs": [ "https://securelist.com/el-machete/66108/" ], "source": "MITRE, Tidal Cyber", "title": "El Machete" }, "related": [], "uuid": "fc7be240-bd15-4ec4-bc01-f8891d7210d9", "value": "Securelist Machete Aug 2014" }, { "description": "The Cylance Threat Research Team. (2017, March 22). El Machete's Malware Attacks Cut Through LATAM. Retrieved September 13, 2019.", "meta": { "date_accessed": "2019-09-13T00:00:00Z", "date_published": "2017-03-22T00:00:00Z", "refs": [ "https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html" ], "source": "MITRE, Tidal Cyber", "title": "El Machete's Malware Attacks Cut Through LATAM" }, "related": [], "uuid": "92a9a311-1e0b-4819-9856-2dfc8dbfc08d", "value": "Cylance Machete Mar 2017" }, { "description": "Microsoft. (2022, February 15). Email exfiltration controls for connectors. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2022-02-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/power-platform/admin/block-forwarded-email-from-power-automate" ], "source": "MITRE", "title": "Email exfiltration controls for connectors" }, "related": [], "uuid": "79eeaadf-5c1e-4608-84a5-6c903966a7f3", "value": "Power Automate Email Exfiltration Controls" }, { "description": "Hackers Arise. (n.d.). Email Scraping and Maltego. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "refs": [ "https://www.hackers-arise.com/email-scraping-and-maltego" ], "source": "MITRE", "title": "Email Scraping and Maltego" }, "related": [], "uuid": "b6aefd99-fd97-4ca0-b717-f9dc147c9413", "value": "HackersArise Email" }, { "description": "Stepanic, D.. (2020, January 13). Embracing offensive tooling: Building detections against Koadic using EQL. Retrieved November 30, 2020.", "meta": { "date_accessed": "2020-11-30T00:00:00Z", "date_published": "2020-01-13T00:00:00Z", "refs": [ "https://www.elastic.co/blog/embracing-offensive-tooling-building-detections-against-koadic-using-eql" ], "source": "MITRE", "title": "Embracing offensive tooling: Building detections against Koadic using EQL" }, "related": [], "uuid": "689b71f4-f8e5-455f-91c2-c599c8650f11", "value": "Elastic - Koadiac Detection with EQL" }, { "description": "Pantazopoulos, N., Henry T. (2018, May 18). Emissary Panda – A potential new malicious tool. Retrieved June 25, 2018.", "meta": { "date_accessed": "2018-06-25T00:00:00Z", "date_published": "2018-05-18T00:00:00Z", "refs": [ "https://research.nccgroup.com/2018/05/18/emissary-panda-a-potential-new-malicious-tool/" ], "source": "MITRE", "title": "Emissary Panda – A potential new malicious tool" }, "related": [], "uuid": "e279c308-fabc-47d3-bdeb-296266c80988", "value": "Nccgroup Emissary Panda May 2018" }, { "description": "Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.", "meta": { "date_accessed": "2019-07-09T00:00:00Z", "date_published": "2019-05-28T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/" ], "source": "MITRE", "title": "Emissary Panda Attacks Middle East Government Sharepoint Servers" }, "related": [], "uuid": "3a3ec86c-88da-40ab-8e5f-a7d5102c026b", "value": "Unit42 Emissary Panda May 2019" }, { "description": "Falcone, R. and Miller-Osborn, J. (2016, February 3). Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?. Retrieved February 15, 2016.", "meta": { "date_accessed": "2016-02-15T00:00:00Z", "date_published": "2016-02-03T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/" ], "source": "MITRE", "title": "Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?" }, "related": [], "uuid": "580ce22f-b76b-4a92-9fab-26ce8f449ab6", "value": "Emissary Trojan Feb 2016" }, { "description": "Brandt, A.. (2019, May 5). Emotet 101, stage 4: command and control. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2019-05-05T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2019/03/05/emotet-101-stage-4-command-and-control/" ], "source": "MITRE", "title": "Emotet 101, stage 4: command and control" }, "related": [], "uuid": "0bd01e6c-6fb5-4bae-9fe9-395de061c1da", "value": "Sophos Emotet Apr 2019" }, { "description": "CIS. (2017, April 28). Emotet Changes TTPs and Arrives in United States. Retrieved January 17, 2019.", "meta": { "date_accessed": "2019-01-17T00:00:00Z", "date_published": "2017-04-28T00:00:00Z", "refs": [ "https://www.cisecurity.org/blog/emotet-changes-ttp-and-arrives-in-united-states/" ], "source": "MITRE", "title": "Emotet Changes TTPs and Arrives in United States" }, "related": [], "uuid": "8dc7653f-84ef-4f0a-91f6-9b10ff50b756", "value": "CIS Emotet Apr 2017" }, { "description": "Binary Defense. (n.d.). Emotet Evolves With new Wi-Fi Spreader. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "refs": [ "https://www.binarydefense.com/resources/blog/emotet-evolves-with-new-wi-fi-spreader/" ], "source": "MITRE", "title": "Emotet Evolves With new Wi-Fi Spreader" }, "related": [], "uuid": "05e624ee-c53d-5cd1-8fd2-6b2d38344bfd", "value": "Binary Defense Emotes Wi-Fi Spreader" }, { "description": "ESET . (2018, November 9). Emotet launches major new spam campaign. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2018-11-09T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/11/09/emotet-launches-major-new-spam-campaign/" ], "source": "MITRE", "title": "Emotet launches major new spam campaign" }, "related": [], "uuid": "e954c9aa-4995-452c-927e-11d0a6e2f442", "value": "ESET Emotet Nov 2018" }, { "description": "Cybercrime & Digital Threat Team. (2020, February 13). Emotet Now Spreads via Wi-Fi. Retrieved February 16, 2022.", "meta": { "date_accessed": "2022-02-16T00:00:00Z", "date_published": "2020-02-13T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi" ], "source": "MITRE", "title": "Emotet Now Spreads via Wi-Fi" }, "related": [], "uuid": "150327e6-db4b-4588-8cf2-ee131569150b", "value": "Trend Micro Emotet 2020" }, { "description": "Brumaghin, E.. (2019, January 15). Emotet re-emerges after the holidays. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2019-01-15T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2019/01/return-of-emotet.html" ], "source": "MITRE", "title": "Emotet re-emerges after the holidays" }, "related": [], "uuid": "83180391-89b6-4431-87f4-2703b47cb81b", "value": "Talos Emotet Jan 2019" }, { "description": "The DFIR Report. (2022, November 8). Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware. Retrieved March 6, 2023.", "meta": { "date_accessed": "2023-03-06T00:00:00Z", "date_published": "2022-11-08T00:00:00Z", "refs": [ "https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/" ], "source": "MITRE", "title": "Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware" }, "related": [], "uuid": "02e6c7bf-f81c-53a3-b771-fd77d4cdb5a0", "value": "Emotet shutdown" }, { "description": "Lee, S.. (2019, April 24). Emotet Using WMI to Launch PowerShell Encoded Code. Retrieved May 24, 2019.", "meta": { "date_accessed": "2019-05-24T00:00:00Z", "date_published": "2019-04-24T00:00:00Z", "refs": [ "https://www.carbonblack.com/2019/04/24/cb-tau-threat-intelligence-notification-emotet-utilizing-wmi-to-launch-powershell-encoded-code/" ], "source": "MITRE", "title": "Emotet Using WMI to Launch PowerShell Encoded Code" }, "related": [], "uuid": "db8fe753-d674-4668-9ee5-c1269085a7a1", "value": "Carbon Black Emotet Apr 2019" }, { "description": "Manea, D.. (2019, May 25). Emotet v4 Analysis. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2019-05-25T00:00:00Z", "refs": [ "https://danielmanea.com/category/reverseengineering/" ], "source": "MITRE", "title": "Emotet v4 Analysis" }, "related": [], "uuid": "578e44f2-9ff5-4bed-8dee-a992711df8ce", "value": "DanielManea Emotet May 2017" }, { "description": "Empire. (2018, March 8). Empire keychaindump_decrypt Module. Retrieved April 14, 2022.", "meta": { "date_accessed": "2022-04-14T00:00:00Z", "date_published": "2018-03-08T00:00:00Z", "refs": [ "https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/modules/python/collection/osx/keychaindump_decrypt.py" ], "source": "MITRE", "title": "Empire keychaindump_decrypt Module" }, "related": [], "uuid": "41075230-73a2-4195-b716-379f9e5ae93b", "value": "Empire Keychain Decrypt" }, { "description": "Wardle, P., Ross, C. (2018, April 8). EmpireProject Create Dylib Hijacker. Retrieved April 1, 2021.", "meta": { "date_accessed": "2021-04-01T00:00:00Z", "date_published": "2018-04-08T00:00:00Z", "refs": [ "https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/modules/python/persistence/osx/CreateHijacker.py" ], "source": "MITRE", "title": "EmpireProject Create Dylib Hijacker" }, "related": [], "uuid": "2908418d-54cf-4245-92c6-63f616b04e91", "value": "Github EmpireProject CreateHijacker Dylib" }, { "description": "Wardle, P., Ross, C. (2017, September 21). Empire Project Dylib Hijack Vulnerability Scanner. Retrieved April 1, 2021.", "meta": { "date_accessed": "2021-04-01T00:00:00Z", "date_published": "2017-09-21T00:00:00Z", "refs": [ "https://github.com/EmpireProject/Empire/blob/master/lib/modules/python/situational_awareness/host/osx/HijackScanner.py" ], "source": "MITRE", "title": "Empire Project Dylib Hijack Vulnerability Scanner" }, "related": [], "uuid": "c83e8833-9648-4178-b5be-6fa0af8f737f", "value": "Github EmpireProject HijackScanner" }, { "description": "Brower, N. & D'Souza-Wiltshire, I. (2017, November 9). Enable Attack surface reduction. Retrieved February 3, 2018.", "meta": { "date_accessed": "2018-02-03T00:00:00Z", "date_published": "2017-11-09T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction" ], "source": "MITRE", "title": "Enable Attack surface reduction" }, "related": [], "uuid": "1cb445f6-a366-4ae6-a698-53da6c61b4c9", "value": "Microsoft ASR Nov 2017" }, { "description": "Microsoft. (2021, February 15). Enable Loading of Test Signed Drivers. Retrieved April 22, 2021.", "meta": { "date_accessed": "2021-04-22T00:00:00Z", "date_published": "2021-02-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration-option" ], "source": "MITRE", "title": "Enable Loading of Test Signed Drivers" }, "related": [], "uuid": "c04153f9-d4c7-4349-9bef-3f883eec0028", "value": "Microsoft TESTSIGNING Feb 2021" }, { "description": "Microsoft. (n.d.). Enable or Disable DCOM. Retrieved November 22, 2017.", "meta": { "date_accessed": "2017-11-22T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/cc771387.aspx" ], "source": "MITRE", "title": "Enable or Disable DCOM" }, "related": [], "uuid": "1aeac4da-f5fd-4fa3-9cc0-b1a50427c121", "value": "Microsoft Disable DCOM" }, { "description": "Microsoft. (n.d.). Enable or disable macros in Office files. Retrieved September 13, 2018.", "meta": { "date_accessed": "2018-09-13T00:00:00Z", "refs": [ "https://support.office.com/article/enable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6" ], "source": "MITRE", "title": "Enable or disable macros in Office files" }, "related": [], "uuid": "cfe592a1-c06d-4555-a30f-c5d533dfd73e", "value": "Microsoft Disable Macros" }, { "description": "Microsoft. (n.d.). Enable the Remote Registry Service. Retrieved May 1, 2015.", "meta": { "date_accessed": "2015-05-01T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc754820.aspx" ], "source": "MITRE", "title": "Enable the Remote Registry Service" }, "related": [], "uuid": "331d59e3-ce7f-483c-b77d-001c8a9ae1df", "value": "Microsoft Remote" }, { "description": "PCMag. (n.d.). Encyclopedia: double extension. Retrieved August 4, 2021.", "meta": { "date_accessed": "2021-08-04T00:00:00Z", "refs": [ "https://www.pcmag.com/encyclopedia/term/double-extension" ], "source": "MITRE", "title": "Encyclopedia: double extension" }, "related": [], "uuid": "a729519d-8c9f-477c-b992-434076a9d294", "value": "PCMag DoubleExtension" }, { "description": "FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html" ], "source": "MITRE", "title": "Engineering and Maritime Industries" }, "related": [], "uuid": "8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f", "value": "FireEye Periscope March 2018" }, { "description": "NCCIC. (2017, February 10). Enhanced Analysis of GRIZZLY STEPPE Activity. Retrieved April 12, 2021.", "meta": { "date_accessed": "2021-04-12T00:00:00Z", "date_published": "2017-02-10T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf" ], "source": "MITRE", "title": "Enhanced Analysis of GRIZZLY STEPPE Activity" }, "related": [], "uuid": "b930e838-649b-42ab-86dc-0443667276de", "value": "NCCIC AR-17-20045 February 2017" }, { "description": "ESET. (2016, October). En Route with Sednit - Part 1: Approaching the Target. Retrieved November 8, 2016.", "meta": { "date_accessed": "2016-11-08T00:00:00Z", "date_published": "2016-10-01T00:00:00Z", "refs": [ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf" ], "source": "MITRE", "title": "En Route with Sednit - Part 1: Approaching the Target" }, "related": [], "uuid": "a2016103-ead7-46b3-bae5-aa97c45a12b7", "value": "ESET Sednit Part 1" }, { "description": "ESET. (2016, October). En Route with Sednit - Part 2: Observing the Comings and Goings. Retrieved November 21, 2016.", "meta": { "date_accessed": "2016-11-21T00:00:00Z", "date_published": "2016-10-01T00:00:00Z", "refs": [ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf" ], "source": "MITRE", "title": "En Route with Sednit - Part 2: Observing the Comings and Goings" }, "related": [], "uuid": "aefb9eda-df5a-437f-af2a-ec1b6c04628b", "value": "ESET Sednit Part 2" }, { "description": "ESET. (2016, October). En Route with Sednit - Part 3: A Mysterious Downloader. Retrieved November 21, 2016.", "meta": { "date_accessed": "2016-11-21T00:00:00Z", "date_published": "2016-10-01T00:00:00Z", "refs": [ "http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf" ], "source": "MITRE", "title": "En Route with Sednit - Part 3: A Mysterious Downloader" }, "related": [], "uuid": "7c2be444-a947-49bc-b5f6-8f6bec870c6a", "value": "ESET Sednit Part 3" }, { "description": "Google. (2011, June 1). Ensuring your information is safe online. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2011-06-01T00:00:00Z", "refs": [ "https://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html" ], "source": "MITRE", "title": "Ensuring your information is safe online" }, "related": [], "uuid": "ad3eda19-08eb-4d59-a2c9-3b5ed8302205", "value": "Google Ensuring Your Information is Safe" }, { "description": "Fortinet Blog. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "date_published": "2018-11-13T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.fortinet.com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign" ], "source": "Tidal Cyber", "title": "Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign" }, "related": [], "uuid": "1b9b5c48-d504-4c73-aedc-37e935c47f17", "value": "Fortinet Blog November 13 2018" }, { "description": "Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved January 24, 2024.", "meta": { "date_accessed": "2024-01-24T00:00:00Z", "date_published": "2024-01-17T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.splunk.com/en_us/blog/security/enter-the-gates-an-analysis-of-the-darkgate-autoit-loader.html" ], "source": "Tidal Cyber", "title": "Enter The Gates: An Analysis of the DarkGate AutoIt Loader" }, "related": [], "uuid": "a45a920c-3bda-4442-8650-4ad78f950283", "value": "Splunk DarkGate January 17 2024" }, { "description": "Microsoft. (2021, October 12). EnumDeviceDrivers function (psapi.h). Retrieved March 28, 2023.", "meta": { "date_accessed": "2023-03-28T00:00:00Z", "date_published": "2021-10-12T00:00:00Z", "refs": [ "https://learn.microsoft.com/windows/win32/api/psapi/nf-psapi-enumdevicedrivers" ], "source": "MITRE", "title": "EnumDeviceDrivers function (psapi.h)" }, "related": [], "uuid": "647ffc70-8eab-5f2f-abf4-9bbf42554043", "value": "Microsoft EnumDeviceDrivers" }, { "description": "Riordan, J., Schneier, B. (1998, June 18). Environmental Key Generation towards Clueless Agents. Retrieved January 18, 2019.", "meta": { "date_accessed": "2019-01-18T00:00:00Z", "date_published": "1998-06-18T00:00:00Z", "refs": [ "https://www.schneier.com/academic/paperfiles/paper-clueless-agents.pdf" ], "source": "MITRE", "title": "Environmental Key Generation towards Clueless Agents" }, "related": [], "uuid": "ef7409d2-af39-4ad8-8469-76f0165687bd", "value": "EK Clueless Agents" }, { "description": "Torello, A. & Guibernau, F. (n.d.). Environment Awareness. Retrieved May 18, 2021.", "meta": { "date_accessed": "2021-05-18T00:00:00Z", "refs": [ "https://drive.google.com/file/d/1t0jn3xr4ff2fR30oQAUn_RsWSnMpOAQc" ], "source": "MITRE", "title": "Environment Awareness" }, "related": [], "uuid": "af842a1f-8f39-4b4f-b4d2-0bbb810e6c31", "value": "Deloitte Environment Awareness" }, { "description": "Microsoft. (n.d.). Environment Property. Retrieved July 27, 2016.", "meta": { "date_accessed": "2016-07-27T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/fd7hxfdd.aspx" ], "source": "MITRE", "title": "Environment Property" }, "related": [], "uuid": "79ea888c-2dd7-40cb-9149-e2469a35ea3a", "value": "MSDN Environment Property" }, { "description": "Microsoft. (2011, October 24). Environment Property. Retrieved July 27, 2016.", "meta": { "date_accessed": "2016-07-27T00:00:00Z", "date_published": "2011-10-24T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions//fd7hxfdd(v=vs.85)?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Environment Property" }, "related": [], "uuid": "64598969-864d-4bc7-805e-c289cccb7bc6", "value": "Microsoft Environment Property" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (2015, February). Equation Group: Questions and Answers. Retrieved December 21, 2015.", "meta": { "date_accessed": "2015-12-21T00:00:00Z", "date_published": "2015-02-01T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Equation Group: Questions and Answers" }, "related": [], "uuid": "34674802-fbd9-4cdb-8611-c58665c430e5", "value": "Kaspersky Equation QA" }, { "description": "Cisco. (2022, August 16). erase - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2022-08-16T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/D_through_E.html#wp3557227463" ], "source": "MITRE", "title": "erase - Cisco IOS Configuration Fundamentals Command Reference" }, "related": [], "uuid": "4c90eba9-118e-5d50-ad58-27bcb0e1e228", "value": "erase_cmd_cisco" }, { "description": "0xn3va. (n.d.). Escaping. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "refs": [ "https://0xn3va.gitbook.io/cheat-sheets/container/escaping" ], "source": "MITRE", "title": "Escaping" }, "related": [], "uuid": "8248917a-9afd-4ec6-a086-1a97a68deff1", "value": "Container Escape" }, { "description": "Microsoft. (2016, August 30). Esentutl. Retrieved September 3, 2019.", "meta": { "date_accessed": "2019-09-03T00:00:00Z", "date_published": "2016-08-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh875546(v=ws.11)" ], "source": "MITRE", "title": "Esentutl" }, "related": [], "uuid": "08fb9e84-495f-4710-bd1e-417eb8191a10", "value": "Microsoft Esentutl" }, { "description": "LOLBAS. (n.d.). Esentutl.exe. Retrieved September 3, 2019.", "meta": { "date_accessed": "2019-09-03T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Esentutl/" ], "source": "MITRE", "title": "Esentutl.exe" }, "related": [], "uuid": "691b4907-3544-4ad0-989c-b5c845e0330f", "value": "LOLBAS Esentutl" }, { "description": "Cherepanov, Anton. (2019, November 10). ESETresearch discovered a trojanized IDA Pro installer. Retrieved March 2, 2022.", "meta": { "date_accessed": "2022-03-02T00:00:00Z", "date_published": "2019-11-10T00:00:00Z", "refs": [ "https://twitter.com/ESETresearch/status/1458438155149922312" ], "source": "MITRE", "title": "ESETresearch discovered a trojanized IDA Pro installer" }, "related": [], "uuid": "6d079207-a7c0-4023-b504-1010dd538221", "value": "ESET Twitter Ida Pro Nov 2021" }, { "description": "ESET Research. (2020, October 1). ESET Research Tweet Linking Slothfulmedia and PowerPool. Retrieved November 17, 2020.", "meta": { "date_accessed": "2020-11-17T00:00:00Z", "date_published": "2020-10-01T00:00:00Z", "refs": [ "https://twitter.com/ESETresearch/status/1311762215490461696" ], "source": "MITRE", "title": "ESET Research Tweet Linking Slothfulmedia and PowerPool" }, "related": [], "uuid": "d583b409-35bd-45ea-8f2a-c0d566a6865b", "value": "ESET PowerPool Code October 2020" }, { "description": "Kafka, F. (2018, January). ESET's Guide to Deobfuscating and Devirtualizing FinFisher. Retrieved August 12, 2019.", "meta": { "date_accessed": "2019-08-12T00:00:00Z", "date_published": "2018-01-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf" ], "source": "MITRE", "title": "ESET's Guide to Deobfuscating and Devirtualizing FinFisher" }, "related": [], "uuid": "be169308-19e8-4ee9-8ff6-e08eb9291ef8", "value": "ESET FinFisher Jan 2018" }, { "description": "Boutin, J. (2020, October 12). ESET takes part in global operation to disrupt Trickbot. Retrieved March 15, 2021.", "meta": { "date_accessed": "2021-03-15T00:00:00Z", "date_published": "2020-10-12T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/" ], "source": "MITRE", "title": "ESET takes part in global operation to disrupt Trickbot" }, "related": [], "uuid": "c3320c11-4631-4e02-8025-5c1e5b54e521", "value": "ESET Trickbot Oct 2020" }, { "description": "Jean-Ian Boutin, Tomáš Procházka. (2022, April 19). ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity. Retrieved May 10, 2023.", "meta": { "date_accessed": "2023-05-10T00:00:00Z", "date_published": "2022-04-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/" ], "source": "Tidal Cyber", "title": "ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity" }, "related": [], "uuid": "f86845b9-03c4-446b-845f-b31b79b247ee", "value": "WeLiveSecurity April 19 2022" }, { "description": "Klijnsma, Y. (2018, January 23). Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors. Retrieved November 6, 2018.", "meta": { "date_accessed": "2018-11-06T00:00:00Z", "date_published": "2018-01-23T00:00:00Z", "refs": [ "https://web.archive.org/web/20180124082756/https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/" ], "source": "MITRE", "title": "Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors" }, "related": [], "uuid": "a641a41c-dcd8-47e5-9b29-109dd2eb7f1e", "value": "Riskiq Remcos Jan 2018" }, { "description": "Core Technologies. (2021, May 24). Essential Windows Services: EventLog / Windows Event Log. Retrieved September 14, 2021.", "meta": { "date_accessed": "2021-09-14T00:00:00Z", "date_published": "2021-05-24T00:00:00Z", "refs": [ "https://www.coretechnologies.com/blog/windows-services/eventlog/" ], "source": "MITRE", "title": "Essential Windows Services: EventLog / Windows Event Log" }, "related": [], "uuid": "2a1f452f-57b6-4764-b474-befa7787642d", "value": "EventLog_Core_Technologies" }, { "description": "Kolbitsch, C. (2017, November 1). Evasive Malware Tricks: How Malware Evades Detection by Sandboxes. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "date_published": "2017-11-01T00:00:00Z", "refs": [ "https://www.isaca.org/resources/isaca-journal/issues/2017/volume-6/evasive-malware-tricks-how-malware-evades-detection-by-sandboxes" ], "source": "MITRE", "title": "Evasive Malware Tricks: How Malware Evades Detection by Sandboxes" }, "related": [], "uuid": "a071bf02-066b-46e6-a554-f43d0c170807", "value": "ISACA Malware Tricks" }, { "description": "Shelmire, A.. (2015, July 6). Evasive Maneuvers. Retrieved January 22, 2016.", "meta": { "date_accessed": "2016-01-22T00:00:00Z", "date_published": "2015-07-06T00:00:00Z", "refs": [ "https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop" ], "source": "MITRE", "title": "Evasive Maneuvers" }, "related": [], "uuid": "de6bc044-6275-4cab-80a1-feefebd3c1f0", "value": "ThreatStream Evasion Analysis" }, { "description": "Shelmire, A. (2015, July 06). Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels. Retrieved November 15, 2018.", "meta": { "date_accessed": "2018-11-15T00:00:00Z", "date_published": "2015-07-06T00:00:00Z", "refs": [ "https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop" ], "source": "MITRE", "title": "Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels" }, "related": [], "uuid": "471ae30c-2753-468e-8e4d-6e7a3be599c9", "value": "Anomali Evasive Maneuvers July 2015" }, { "description": "Unit42. (2016, May 1). Evasive Serpens Unit 42 Playbook Viewer. Retrieved February 6, 2023.", "meta": { "date_accessed": "2023-02-06T00:00:00Z", "date_published": "2016-05-01T00:00:00Z", "refs": [ "https://pan-unit42.github.io/playbook_viewer/?pb=evasive-serpens" ], "source": "MITRE", "title": "Evasive Serpens Unit 42 Playbook Viewer" }, "related": [], "uuid": "e38902bb-9bab-5beb-817b-668a67a76541", "value": "Unit42 OilRig Playbook 2023" }, { "description": "Microsoft. (n.d.). EventLog.Clear Method (). Retrieved July 2, 2018.", "meta": { "date_accessed": "2018-07-02T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/system.diagnostics.eventlog.clear.aspx" ], "source": "MITRE", "title": "EventLog.Clear Method ()" }, "related": [], "uuid": "b2711ad3-981c-4c77-bb64-643b547bfda6", "value": "Microsoft EventLog.Clear" }, { "description": "svch0st. (2020, September 30). Event Log Tampering Part 1: Disrupting the EventLog Service. Retrieved September 14, 2021.", "meta": { "date_accessed": "2021-09-14T00:00:00Z", "date_published": "2020-09-30T00:00:00Z", "refs": [ "https://svch0st.medium.com/event-log-tampering-part-1-disrupting-the-eventlog-service-8d4b7d67335c" ], "source": "MITRE", "title": "Event Log Tampering Part 1: Disrupting the EventLog Service" }, "related": [], "uuid": "7757bbc6-8058-4584-a5aa-14b647d932a6", "value": "evt_log_tampering" }, { "description": "Microsoft. (2018, May 30). Event Tracing. Retrieved September 6, 2018.", "meta": { "date_accessed": "2018-09-06T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/desktop/etw/event-tracing-portal" ], "source": "MITRE", "title": "Event Tracing" }, "related": [], "uuid": "876f8690-1874-41c0-bd38-d3bd41c96acc", "value": "Microsoft ETW May 2018" }, { "description": "LOLBAS. (2018, November 1). Eventvwr.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-11-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Eventvwr/" ], "source": "Tidal Cyber", "title": "Eventvwr.exe" }, "related": [], "uuid": "0c09812a-a936-4282-b574-35a00f631857", "value": "Eventvwr.exe - LOLBAS Project" }, { "description": "Kuehn, E. (2018, April 11). Ever Run a Relay? Why SMB Relays Should Be On Your Mind. Retrieved February 7, 2019.", "meta": { "date_accessed": "2019-02-07T00:00:00Z", "date_published": "2018-04-11T00:00:00Z", "refs": [ "https://blog.secureideas.com/2018/04/ever-run-a-relay-why-smb-relays-should-be-on-your-mind.html" ], "source": "MITRE", "title": "Ever Run a Relay? Why SMB Relays Should Be On Your Mind" }, "related": [], "uuid": "ac4b2e91-f338-44c3-8950-435102136991", "value": "Secure Ideas SMB Relay" }, { "description": "Ishaq Mohammed . (2021, January 10). Everything about CSV Injection and CSV Excel Macro Injection. Retrieved February 7, 2022.", "meta": { "date_accessed": "2022-02-07T00:00:00Z", "date_published": "2021-01-10T00:00:00Z", "refs": [ "https://blog.securelayer7.net/how-to-perform-csv-excel-macro-injection/" ], "source": "MITRE", "title": "Everything about CSV Injection and CSV Excel Macro Injection" }, "related": [], "uuid": "22c871ff-2701-4809-9f5b-fb29da7481e8", "value": "CSV Excel Macro Injection" }, { "description": "Avertium. (n.d.). EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING. Retrieved February 2, 2023.", "meta": { "date_accessed": "2023-02-02T00:00:00Z", "refs": [ "https://www.avertium.com/resources/threat-reports/everything-you-need-to-know-about-callback-phishing" ], "source": "MITRE", "title": "EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING" }, "related": [], "uuid": "abeb1146-e5e5-5ecc-9b70-b348fba097f6", "value": "Avertium callback phishing" }, { "description": "Rosenberg, J. (2017, September 20). Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner. Retrieved February 13, 2018.", "meta": { "date_accessed": "2018-02-13T00:00:00Z", "date_published": "2017-09-20T00:00:00Z", "refs": [ "http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/" ], "source": "MITRE", "title": "Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner" }, "related": [], "uuid": "b2999bd7-50d5-4d49-8893-8c0903d49104", "value": "Intezer Aurora Sept 2017" }, { "description": "Marschalek, M.. (2014, December 16). EvilBunny: Malware Instrumented By Lua. Retrieved June 28, 2019.", "meta": { "date_accessed": "2019-06-28T00:00:00Z", "date_published": "2014-12-16T00:00:00Z", "refs": [ "https://web.archive.org/web/20150311013500/http://www.cyphort.com/evilbunny-malware-instrumented-lua/" ], "source": "MITRE", "title": "EvilBunny: Malware Instrumented By Lua" }, "related": [], "uuid": "a0218d0f-3378-4508-9d3c-a7cd3e00a156", "value": "Cyphort EvilBunny Dec 2014" }, { "description": "Hegt, S. (2019, May 5). Evil Clippy: MS Office maldoc assistant. Retrieved September 17, 2020.", "meta": { "date_accessed": "2020-09-17T00:00:00Z", "date_published": "2019-05-05T00:00:00Z", "refs": [ "https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/" ], "source": "MITRE", "title": "Evil Clippy: MS Office maldoc assistant" }, "related": [], "uuid": "aafa27e8-5df7-4fc6-9fe5-9a438f2b507a", "value": "Evil Clippy May 2019" }, { "description": "Gretzky, K.. (2018, July 26). Evilginx 2 - Next Generation of Phishing 2FA Tokens. Retrieved October 14, 2019.", "meta": { "date_accessed": "2019-10-14T00:00:00Z", "date_published": "2018-07-26T00:00:00Z", "refs": [ "https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/" ], "source": "MITRE", "title": "Evilginx 2 - Next Generation of Phishing 2FA Tokens" }, "related": [], "uuid": "9099b5aa-25eb-4cb7-9e3a-da4c3244f15a", "value": "Evilginx 2 July 2018" }, { "description": "Matthew Conway. (2023, December 14). Evilginx Phishing Proxy. Retrieved January 3, 2023.", "meta": { "date_accessed": "2023-01-03T00:00:00Z", "date_published": "2023-12-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://sourcesmethods.com/evilginx-phishing-proxy/" ], "source": "Tidal Cyber", "title": "Evilginx Phishing Proxy" }, "related": [], "uuid": "13bdabb2-5956-492a-baf9-b0c3a0629806", "value": "Evilginx Sources & Methods December 2023" }, { "description": "Phil Stokes. (2020, July 8). “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One. Retrieved April 1, 2021.", "meta": { "date_accessed": "2021-04-01T00:00:00Z", "date_published": "2020-07-08T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/evilquest-a-new-macos-malware-rolls-ransomware-spyware-and-data-theft-into-one/" ], "source": "MITRE", "title": "“EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One" }, "related": [], "uuid": "4dc26c77-d0ce-4836-a4cc-0490b6d7f115", "value": "SentinelOne EvilQuest Ransomware Spyware 2020" }, { "description": "Graham Holmes. (2015, October 8). Evolution of attacks on Cisco IOS devices. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2015-10-08T00:00:00Z", "refs": [ "https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices" ], "source": "MITRE", "title": "Evolution of attacks on Cisco IOS devices" }, "related": [], "uuid": "29301297-8343-4f75-8096-7fe229812f75", "value": "Cisco Synful Knock Evolution" }, { "description": "Fedor Sinitsyn. (2021, May 25). Evolution of JSWorm Ransomware. Retrieved August 18, 2021.", "meta": { "date_accessed": "2021-08-18T00:00:00Z", "date_published": "2021-05-25T00:00:00Z", "refs": [ "https://securelist.com/evolution-of-jsworm-ransomware/102428/" ], "source": "MITRE", "title": "Evolution of JSWorm Ransomware" }, "related": [], "uuid": "c29ca9f2-1e48-4913-b10b-15e558868ed8", "value": "Securelist JSWorm" }, { "description": "Salinas, M., Holguin, J. (2017, June). Evolution of Trickbot. Retrieved July 31, 2018.", "meta": { "date_accessed": "2018-07-31T00:00:00Z", "date_published": "2017-06-01T00:00:00Z", "refs": [ "https://www.securityartwork.es/wp-content/uploads/2017/07/Trickbot-report-S2-Grupo.pdf" ], "source": "MITRE", "title": "Evolution of Trickbot" }, "related": [], "uuid": "28faff77-3e68-4f5c-974d-dc7c9d06ce5e", "value": "S2 Grupo TrickBot June 2017" }, { "description": "Duncan, B. (2020, July 24). Evolution of Valak, from Its Beginnings to Mass Distribution. Retrieved August 31, 2020.", "meta": { "date_accessed": "2020-08-31T00:00:00Z", "date_published": "2020-07-24T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/valak-evolution/" ], "source": "MITRE", "title": "Evolution of Valak, from Its Beginnings to Mass Distribution" }, "related": [], "uuid": "9a96da13-5795-49bc-ab82-dfd4f964d9d0", "value": "Unit 42 Valak July 2020" }, { "description": "Microsoft 365 Defender Threat Intelligence Team. (2022, January 26). Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA. Retrieved March 4, 2022.", "meta": { "date_accessed": "2022-03-04T00:00:00Z", "date_published": "2022-01-26T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa" ], "source": "MITRE", "title": "Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA" }, "related": [], "uuid": "3f42fc18-2adc-46ef-ae0a-c2d530518435", "value": "Microsoft - Device Registration" }, { "description": "Amnesty International. (2019, August 16). Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa. Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "date_published": "2019-08-16T00:00:00Z", "refs": [ "https://www.amnesty.org/en/latest/research/2019/08/evolving-phishing-attacks-targeting-journalists-and-human-rights-defenders-from-the-middle-east-and-north-africa/" ], "source": "MITRE", "title": "Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa" }, "related": [], "uuid": "0b0f9cf6-f0af-4f86-9699-a63ff36c49e2", "value": "Amnesty OAuth Phishing Attacks, August 2019" }, { "description": "Maccaglia, S. (2015, November 4). Evolving Threats: dissection of a CyberEspionage attack. Retrieved April 4, 2018.", "meta": { "date_accessed": "2018-04-04T00:00:00Z", "date_published": "2015-11-04T00:00:00Z", "refs": [ "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.04_Evolving_Threats/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf" ], "source": "MITRE", "title": "Evolving Threats: dissection of a CyberEspionage attack" }, "related": [], "uuid": "a6cb597e-e25b-4f49-bbb0-d270b1ac53f2", "value": "RSAC 2015 Abu Dhabi Stefano Maccaglia" }, { "description": "MSTIC. (2021, November 16). Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021. Retrieved January 12, 2023.", "meta": { "date_accessed": "2023-01-12T00:00:00Z", "date_published": "2021-11-16T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021" ], "source": "MITRE", "title": "Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021" }, "related": [], "uuid": "78d39ee7-1cd5-5cb8-844a-1c3649e367a1", "value": "Microsoft Iranian Threat Actor Trends November 2021" }, { "description": "Vicky Ray and Rob Downs. (2014, October 29). Examining a VBA-Initiated Infostealer Campaign. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "date_published": "2014-10-29T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/examining-vba-initiated-infostealer-campaign/" ], "source": "MITRE", "title": "Examining a VBA-Initiated Infostealer Campaign" }, "related": [], "uuid": "c3eccab6-b12b-513a-9a04-396f7b3dcf63", "value": "Palo Alto Unit 42 VBA Infostealer 2014" }, { "description": "Gonzalez, I., Chavez I., et al. (2022, May 9). Examining the Black Basta Ransomware’s Infection Routine. Retrieved March 7, 2023.", "meta": { "date_accessed": "2023-03-07T00:00:00Z", "date_published": "2022-05-09T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/22/e/examining-the-black-basta-ransomwares-infection-routine.html" ], "source": "MITRE", "title": "Examining the Black Basta Ransomware’s Infection Routine" }, "related": [], "uuid": "b0351b0a-112f-543f-8909-f4b4a9f23e2e", "value": "Trend Micro Black Basta May 2022" }, { "description": "Glyer, C. (2010). Examples of Recent APT Persistence Mechanism. Retrieved December 18, 2020.", "meta": { "date_accessed": "2020-12-18T00:00:00Z", "date_published": "2010-01-01T00:00:00Z", "refs": [ "https://digital-forensics.sans.org/summit-archives/2010/35-glyer-apt-persistence-mechanisms.pdf" ], "source": "MITRE", "title": "Examples of Recent APT Persistence Mechanism" }, "related": [], "uuid": "bb336a6f-d76e-4535-ba81-0c7932ae91e3", "value": "Mandiant Glyer APT 2010" }, { "description": "LOLBAS. (2019, July 19). Excel.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-07-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Excel/" ], "source": "Tidal Cyber", "title": "Excel.exe" }, "related": [], "uuid": "9a2458f7-63ca-4eca-8c61-b6098ec0798f", "value": "Excel.exe - LOLBAS Project" }, { "description": "McMichael, T.. (2015, June 8). Exchange and Office 365 Mail Forwarding. Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "date_published": "2015-06-08T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/timmcmic/2015/06/08/exchange-and-office-365-mail-forwarding-2/" ], "source": "MITRE", "title": "Exchange and Office 365 Mail Forwarding" }, "related": [], "uuid": "b5bf8e12-0133-46ea-85e3-b48c9901b518", "value": "Microsoft Tim McMichael Exchange Mail Forwarding 2" }, { "description": "DFIR Report. (2021, November 15). Exchange Exploit Leads to Domain Wide Ransomware. Retrieved January 5, 2023.", "meta": { "date_accessed": "2023-01-05T00:00:00Z", "date_published": "2021-11-15T00:00:00Z", "refs": [ "https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/" ], "source": "MITRE", "title": "Exchange Exploit Leads to Domain Wide Ransomware" }, "related": [], "uuid": "0156d408-a36d-5876-96fd-f0b0cf296ea2", "value": "DFIR Phosphorus November 2021" }, { "description": "Microsoft. (2017, September 25). ExchangePowerShell. Retrieved June 10, 2022.", "meta": { "date_accessed": "2022-06-10T00:00:00Z", "date_published": "2017-09-25T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/exchange/?view=exchange-ps#mailboxes" ], "source": "MITRE", "title": "ExchangePowerShell" }, "related": [], "uuid": "8af67c2a-15e2-48c9-9ec2-b62ffca0f677", "value": "ExchangePowerShell Module" }, { "description": "Faou, M., Tartare, M., Dupuy, T. (2021, March 10). Exchange servers under siege from at least 10 APT groups. Retrieved May 21, 2021.", "meta": { "date_accessed": "2021-05-21T00:00:00Z", "date_published": "2021-03-10T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/" ], "source": "MITRE, Tidal Cyber", "title": "Exchange servers under siege from at least 10 APT groups" }, "related": [], "uuid": "c83f1810-22bb-4def-ab2f-3f3d67703f47", "value": "ESET Exchange Mar 2021" }, { "description": "Stefan Kanthak. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved December 4, 2014.", "meta": { "date_accessed": "2014-12-04T00:00:00Z", "date_published": "2015-12-08T00:00:00Z", "refs": [ "https://seclists.org/fulldisclosure/2015/Dec/34" ], "source": "MITRE", "title": "Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege" }, "related": [], "uuid": "5c2791d4-556d-426a-b305-44e23b50f013", "value": "Executable Installers are Vulnerable" }, { "description": "Kanthak, S. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe\tallows remote code execution with escalation of privilege. Retrieved March 10, 2017.", "meta": { "date_accessed": "2017-03-10T00:00:00Z", "date_published": "2015-12-08T00:00:00Z", "refs": [ "http://seclists.org/fulldisclosure/2015/Dec/34" ], "source": "MITRE", "title": "Executable installers are vulnerable^WEVIL (case 7): 7z*.exe\tallows remote code execution with escalation of privilege" }, "related": [], "uuid": "f2ebfc35-1bd9-4bc5-8a54-e2dea4e1caf5", "value": "Seclists Kanthak 7zip Installer" }, { "description": "Hawkins, J. (2018, July 18). Executing Macros From a DOCX With Remote Template Injection. Retrieved October 12, 2018.", "meta": { "date_accessed": "2018-10-12T00:00:00Z", "date_published": "2018-07-18T00:00:00Z", "refs": [ "http://blog.redxorblue.com/2018/07/executing-macros-from-docx-with-remote.html" ], "source": "MITRE", "title": "Executing Macros From a DOCX With Remote Template Injection" }, "related": [], "uuid": "bce1cd78-b55e-40cf-8a90-64240db867ac", "value": "Redxorblue Remote Template Injection" }, { "description": "Babinec, K. (2014, April 28). Executing PowerShell scripts from C#. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2014-04-28T00:00:00Z", "refs": [ "https://blogs.msdn.microsoft.com/kebab/2014/04/28/executing-powershell-scripts-from-c/" ], "source": "MITRE", "title": "Executing PowerShell scripts from C#" }, "related": [], "uuid": "83e346d5-1894-4c46-98eb-88a61ce7f003", "value": "Microsoft PSfromCsharp APR 2014" }, { "description": "Fernández, J. M. (2018, June 27). Exfiltrating credentials via PAM backdoors & DNS requests. Retrieved June 26, 2020.", "meta": { "date_accessed": "2020-06-26T00:00:00Z", "date_published": "2018-06-27T00:00:00Z", "refs": [ "https://x-c3ll.github.io/posts/PAM-backdoor-DNS/" ], "source": "MITRE", "title": "Exfiltrating credentials via PAM backdoors & DNS requests" }, "related": [], "uuid": "aa9d5bdd-2102-4322-8736-56db8e083fc0", "value": "PAM Creds" }, { "description": "Microsoft. (2017, October 15). Expand. Retrieved February 19, 2019.", "meta": { "date_accessed": "2019-02-19T00:00:00Z", "date_published": "2017-10-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/expand" ], "source": "MITRE", "title": "Expand" }, "related": [], "uuid": "bf73a375-87b7-4603-8734-9f3d8d11967e", "value": "Microsoft Expand Utility" }, { "description": "LOLBAS. (n.d.). Expand.exe. Retrieved February 19, 2019.", "meta": { "date_accessed": "2019-02-19T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Expand/" ], "source": "MITRE", "title": "Expand.exe" }, "related": [], "uuid": "689b058e-a4ec-45bf-b0f8-8885eb8d8b63", "value": "LOLBAS Expand" }, { "description": "James Nugent, Foti Castelan, Doug Bienstock, Justin Moore, Josh Murchie. (2023, July 21). Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519). Retrieved July 24, 2023.", "meta": { "date_accessed": "2023-07-24T00:00:00Z", "date_published": "2023-07-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.mandiant.com/resources/blog/citrix-zero-day-espionage" ], "source": "Tidal Cyber", "title": "Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)" }, "related": [], "uuid": "4404ed65-3020-453d-8c51-2885018ba03b", "value": "Mandiant CVE-2023-3519 Exploitation" }, { "description": "Offensive Security. (n.d.). Exploit Database. Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "refs": [ "https://www.exploit-db.com/" ], "source": "MITRE", "title": "Exploit Database" }, "related": [], "uuid": "38f7b3ea-9959-4dfb-8216-a745d071e7e2", "value": "Exploit Database" }, { "description": "Rhino Labs. (2019, August). Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "date_published": "2019-08-01T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/" ], "source": "MITRE", "title": "Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)" }, "related": [], "uuid": "8fb46ed8-0c21-4b57-b2a6-89cb28f0abaf", "value": "Rhino Labs Cloud Image Backdoor Technique Sept 2019" }, { "description": "Dr. Nestori Syynimaa. (2022, September 20). Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials. Retrieved September 28, 2022.", "meta": { "date_accessed": "2022-09-28T00:00:00Z", "date_published": "2022-09-20T00:00:00Z", "refs": [ "https://o365blog.com/post/pta/" ], "source": "MITRE", "title": "Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials" }, "related": [], "uuid": "a0ddb60b-5445-46b3-94c5-b47e76de553d", "value": "Azure AD PTA Vulnerabilities" }, { "description": "Zhaohui Wang & Angelos Stavrou. (n.d.). Exploiting Smart-Phone USB Connectivity For Fun And Profit. Retrieved May 25, 2022.", "meta": { "date_accessed": "2022-05-25T00:00:00Z", "refs": [ "https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf" ], "source": "MITRE", "title": "Exploiting Smart-Phone USB Connectivity For Fun And Profit" }, "related": [], "uuid": "573796bd-4553-4ae1-884a-9af71b5de873", "value": "Exploiting Smartphone USB" }, { "description": "VerSprite. (2018, January 24). Exploiting VyprVPN for MacOS. Retrieved April 20, 2022.", "meta": { "date_accessed": "2022-04-20T00:00:00Z", "date_published": "2018-01-24T00:00:00Z", "refs": [ "https://versprite.com/blog/exploiting-vyprvpn-for-macos/" ], "source": "MITRE", "title": "Exploiting VyprVPN for MacOS" }, "related": [], "uuid": "5e65d8cc-142b-4724-8a07-8e21558e0f64", "value": "versprite xpc vpn" }, { "description": "LOLBAS. (2020, June 24). Explorer.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-06-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Explorer/" ], "source": "Tidal Cyber", "title": "Explorer.exe" }, "related": [], "uuid": "9ba3d54c-02d1-45bd-bfe8-939e84d9d44b", "value": "Explorer.exe - LOLBAS Project" }, { "description": "Trend Micro. (2019, January 16). Exploring Emotet's Activities . Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2019-01-16T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/white_papers/ExploringEmotetsActivities_Final.pdf" ], "source": "MITRE", "title": "Exploring Emotet's Activities" }, "related": [], "uuid": "a81f1dad-5841-4142-80c1-483b240fd67d", "value": "Trend Micro Emotet Jan 2019" }, { "description": "Borges, E. (2019, March 5). Exploring Google Hacking Techniques. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2019-03-05T00:00:00Z", "refs": [ "https://securitytrails.com/blog/google-hacking-techniques" ], "source": "MITRE", "title": "Exploring Google Hacking Techniques" }, "related": [], "uuid": "3e7fdeaf-24a7-4cb5-8ed3-6057c9035303", "value": "SecurityTrails Google Hacking" }, { "description": "Jain, M. (2019, September 16). Export & Download — SSL Certificate from Server (Site URL). Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2019-09-16T00:00:00Z", "refs": [ "https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2" ], "source": "MITRE", "title": "Export & Download — SSL Certificate from Server (Site URL)" }, "related": [], "uuid": "6502425f-3435-4162-8c96-9e10a789d362", "value": "Medium SSL Cert" }, { "description": "Stolyarov, V. (2022, March 17). Exposing initial access broker with ties to Conti. Retrieved August 18, 2022.", "meta": { "date_accessed": "2022-08-18T00:00:00Z", "date_published": "2022-03-17T00:00:00Z", "refs": [ "https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/" ], "source": "MITRE", "title": "Exposing initial access broker with ties to Conti" }, "related": [], "uuid": "19d2cb48-bdb2-41fe-ba24-0769d7bd4d94", "value": "Google EXOTIC LILY March 2022" }, { "description": "Microsoft. (2022, June 2). Exposing POLONIUM activity and infrastructure targeting Israeli organizations. Retrieved July 1, 2022.", "meta": { "date_accessed": "2022-07-01T00:00:00Z", "date_published": "2022-06-02T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/" ], "source": "MITRE", "title": "Exposing POLONIUM activity and infrastructure targeting Israeli organizations" }, "related": [], "uuid": "689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd", "value": "Microsoft POLONIUM June 2022" }, { "description": "Alex Rymdeko-Harvey, Steve Borosh. (2016, May 14). External to DA, the OS X Way. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2016-05-14T00:00:00Z", "refs": [ "http://www.slideshare.net/StephanBorosh/external-to-da-the-os-x-way" ], "source": "MITRE", "title": "External to DA, the OS X Way" }, "related": [], "uuid": "b714e6a9-5c12-4a3b-89f9-d379c0284f06", "value": "External to DA, the OS X Way" }, { "description": "LOLBAS. (2018, May 25). Extexport.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Extexport/" ], "source": "Tidal Cyber", "title": "Extexport.exe" }, "related": [], "uuid": "2aa09a10-a492-4753-bbd8-aacd31e4fee3", "value": "Extexport.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Extrac32.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Extrac32/" ], "source": "Tidal Cyber", "title": "Extrac32.exe" }, "related": [], "uuid": "ae632afc-336c-488e-81f6-91ffe1829595", "value": "Extrac32.exe - LOLBAS Project" }, { "description": "Harrell, C. (2012, December 11). Extracting ZeroAccess from NTFS Extended Attributes. Retrieved June 3, 2016.", "meta": { "date_accessed": "2016-06-03T00:00:00Z", "date_published": "2012-12-11T00:00:00Z", "refs": [ "http://journeyintoir.blogspot.com/2012/12/extracting-zeroaccess-from-ntfs.html" ], "source": "MITRE", "title": "Extracting ZeroAccess from NTFS Extended Attributes" }, "related": [], "uuid": "e9dff187-fe7d-469d-81cb-30ad520dbd3d", "value": "Journey into IR ZeroAccess NTFS EA" }, { "description": "Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.", "meta": { "date_accessed": "2015-09-29T00:00:00Z", "date_published": "2014-07-11T00:00:00Z", "refs": [ "https://airbus-cyber-security.com/the-eye-of-the-tiger/" ], "source": "MITRE, Tidal Cyber", "title": "Eye of the Tiger" }, "related": [], "uuid": "a4617ef4-e6d2-47e7-8f81-68e7380279bf", "value": "Bizeul 2014" }, { "description": "O'Donnell, L. (2020, October 20). Facebook: A Top Launching Pad For Phishing Attacks. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2020-10-20T00:00:00Z", "refs": [ "https://threatpost.com/facebook-launching-pad-phishing-attacks/160351/" ], "source": "MITRE", "title": "Facebook: A Top Launching Pad For Phishing Attacks" }, "related": [], "uuid": "186c1213-d0c5-4eb6-aa0f-0fd61b07a1f7", "value": "ThreatPost Social Media Phishing" }, { "description": "Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 29, 2022.", "meta": { "date_accessed": "2022-09-29T00:00:00Z", "date_published": "2021-01-11T00:00:00Z", "refs": [ "https://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/" ], "source": "MITRE", "title": "FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts" }, "related": [], "uuid": "34dc9010-e800-420c-ace4-4f426c915d2f", "value": "SentinelLabs reversing run-only applescripts 2021" }, { "description": "Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2021-01-11T00:00:00Z", "refs": [ "https://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/" ], "source": "MITRE", "title": "FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts" }, "related": [], "uuid": "785f7692-2be8-4f5d-921e-51efdfe0c0b9", "value": "Sentinel Labs" }, { "description": "Dumont, R. (2019, March 20). Fake or Fake: Keeping up with OceanLotus decoys. Retrieved April 1, 2019.", "meta": { "date_accessed": "2019-04-01T00:00:00Z", "date_published": "2019-03-20T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/" ], "source": "MITRE", "title": "Fake or Fake: Keeping up with OceanLotus decoys" }, "related": [], "uuid": "b2745f5c-a181-48e1-b1cf-37a1ffe1fdf0", "value": "ESET OceanLotus Mar 2019" }, { "description": "ZScaler. (2020, February 11). Fake Sites Stealing Steam Credentials. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2020-02-11T00:00:00Z", "refs": [ "https://www.zscaler.com/blogs/security-research/fake-sites-stealing-steam-credentials" ], "source": "MITRE", "title": "Fake Sites Stealing Steam Credentials" }, "related": [], "uuid": "c2f01a3b-a164-59b7-be5d-5eec4eb69ee5", "value": "ZScaler BitB 2020" }, { "description": "FalconFeedsio. (2023, October 9). FalconFeedsio Tweet October 9 2023. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2023-10-09T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://twitter.com/FalconFeedsio/status/1711251161289003465" ], "source": "Tidal Cyber", "title": "FalconFeedsio Tweet October 9 2023" }, "related": [], "uuid": "e9810a28-f060-468b-b4ea-ffed9403ae8b", "value": "FalconFeedsio Tweet October 9 2023" }, { "description": "FalconFeedsio. (2023, September 28). FalconFeedsio Tweet September 28 2023. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2023-09-28T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://twitter.com/FalconFeedsio/status/1707330146842169831" ], "source": "Tidal Cyber", "title": "FalconFeedsio Tweet September 28 2023" }, "related": [], "uuid": "78128031-bcbb-42c2-8bed-4613a10a02ca", "value": "FalconFeedsio Tweet September 28 2023" }, { "description": "Falcon OverWatch Team. (2022, March 23). Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack. Retrieved May 5, 2022.", "meta": { "date_accessed": "2022-05-05T00:00:00Z", "date_published": "2022-03-23T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/falcon-overwatch-contributes-to-blackcat-protection/" ], "source": "MITRE", "title": "Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack" }, "related": [], "uuid": "9d0ff77c-09e9-4d58-86f4-e2398f298ca9", "value": "falconoverwatch_blackcat_attack" }, { "description": "Alexander, G., et al. (2018, August 8). Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces. Retrieved June 17, 2019.", "meta": { "date_accessed": "2019-06-17T00:00:00Z", "date_published": "2018-08-08T00:00:00Z", "refs": [ "https://citizenlab.ca/2018/08/familiar-feeling-a-malware-campaign-targeting-the-tibetan-diaspora-resurfaces/" ], "source": "MITRE", "title": "Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces" }, "related": [], "uuid": "5c662775-9703-4d01-844b-40a0e5c24fb9", "value": "CitizenLab Tropic Trooper Aug 2018" }, { "description": "DHS/CISA. (2020, August 26). FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2020-08-26T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/aa20-239a" ], "source": "MITRE, Tidal Cyber", "title": "FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks" }, "related": [], "uuid": "a8a2e3f2-3967-4e82-a36a-2436c654fb3f", "value": "CISA AA20-239A BeagleBoyz August 2020" }, { "description": "Albors, Josep. (2017, January 12). Fast Flux networks: What are they and how do they work?. Retrieved March 11, 2020.", "meta": { "date_accessed": "2020-03-11T00:00:00Z", "date_published": "2017-01-12T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2017/01/12/fast-flux-networks-work/" ], "source": "MITRE", "title": "Fast Flux networks: What are they and how do they work?" }, "related": [], "uuid": "e232d739-663e-4878-b13b-9248cd81e657", "value": "Fast Flux - Welivesecurity" }, { "description": "Mehta, L. (2014, December 17). Fast Flux Networks Working and Detection, Part 1. Retrieved March 6, 2017.", "meta": { "date_accessed": "2017-03-06T00:00:00Z", "date_published": "2014-12-17T00:00:00Z", "refs": [ "https://resources.infosecinstitute.com/fast-flux-networks-working-detection-part-1/#gref" ], "source": "MITRE", "title": "Fast Flux Networks Working and Detection, Part 1" }, "related": [], "uuid": "5f169cae-6b59-4879-9a8f-93fdcea5cc58", "value": "MehtaFastFluxPt1" }, { "description": "Mehta, L. (2014, December 23). Fast Flux Networks Working and Detection, Part 2. Retrieved March 6, 2017.", "meta": { "date_accessed": "2017-03-06T00:00:00Z", "date_published": "2014-12-23T00:00:00Z", "refs": [ "https://resources.infosecinstitute.com/fast-flux-networks-working-detection-part-2/#gref" ], "source": "MITRE", "title": "Fast Flux Networks Working and Detection, Part 2" }, "related": [], "uuid": "f8a98e55-c91e-4b5e-b6f3-0065ef07375d", "value": "MehtaFastFluxPt2" }, { "description": "FBI. (2022). FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "date_published": "2022-01-01T00:00:00Z", "refs": [ "https://www.fbi.gov/file-repository/fy-2022-fbi-congressional-report-business-email-compromise-and-real-estate-wire-fraud-111422.pdf/view" ], "source": "MITRE", "title": "FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud" }, "related": [], "uuid": "3388bfec-7822-56dc-a384-95aa79f42fe8", "value": "FBI-BEC" }, { "description": "The Record. (2022, January 7). FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware. Retrieved January 14, 2022.", "meta": { "date_accessed": "2022-01-14T00:00:00Z", "date_published": "2022-01-07T00:00:00Z", "refs": [ "https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/" ], "source": "MITRE", "title": "FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware" }, "related": [], "uuid": "42dc957c-007b-4f90-88c6-1afd6d1032e8", "value": "FBI Flash FIN7 USB" }, { "description": "FBI National Press Office. (2023, September 6). FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com. Retrieved September 13, 2023.", "meta": { "date_accessed": "2023-09-13T00:00:00Z", "date_published": "2023-09-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.fbi.gov/news/press-releases/fbi-identifies-lazarus-group-cyber-actors-as-responsible-for-theft-of-41-million-from-stakecom" ], "source": "Tidal Cyber", "title": "FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com" }, "related": [], "uuid": "d753c01c-c0f6-4382-ae79-5605a28c94d5", "value": "FBI Lazarus Stake.com Theft Attribution September 2023" }, { "description": "Hakobyan, A. (2009, January 8). FDump - Dumping File Sectors Directly from Disk using Logical Offsets. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2009-01-08T00:00:00Z", "refs": [ "http://www.codeproject.com/Articles/32169/FDump-Dumping-File-Sectors-Directly-from-Disk-usin" ], "source": "MITRE", "title": "FDump - Dumping File Sectors Directly from Disk using Logical Offsets" }, "related": [], "uuid": "d92f6dc0-e902-4a4a-9083-8d1667a7003e", "value": "Hakobyan 2009" }, { "description": "Google. (n.d.). Federating Google Cloud with Active Directory. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "refs": [ "https://cloud.google.com/solutions/federating-gcp-with-active-directory-introduction" ], "source": "MITRE", "title": "Federating Google Cloud with Active Directory" }, "related": [], "uuid": "4e17ca9b-5c98-409b-9496-7c37fe9ee837", "value": "Google Federating GC" }, { "description": "GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2021-06-16T00:00:00Z", "refs": [ "https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/" ], "source": "MITRE, Tidal Cyber", "title": "Ferocious Kitten: 6 Years of Covert Surveillance in Iran" }, "related": [], "uuid": "b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50", "value": "Kaspersky Ferocious Kitten Jun 2021" }, { "description": "Fidelis Cybersecurity. (2013, June 28). Fidelis Threat Advisory #1009: \"njRAT\" Uncovered. Retrieved June 4, 2019.", "meta": { "date_accessed": "2019-06-04T00:00:00Z", "date_published": "2013-06-28T00:00:00Z", "refs": [ "https://www.threatminer.org/_reports/2013/fta-1009---njrat-uncovered-1.pdf" ], "source": "MITRE", "title": "Fidelis Threat Advisory #1009: \"njRAT\" Uncovered" }, "related": [], "uuid": "6c985470-a923-48fd-82c9-9128b6d59bcb", "value": "Fidelis njRAT June 2013" }, { "description": "Fidelis Cybersecurity. (2015, December 16). Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign. Retrieved March 24, 2016.", "meta": { "date_accessed": "2016-03-24T00:00:00Z", "date_published": "2015-12-16T00:00:00Z", "refs": [ "https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL_0.pdf" ], "source": "MITRE", "title": "Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign" }, "related": [], "uuid": "9d9c0c71-d5a2-41e4-aa90-d1046e0742c7", "value": "Fidelis INOCNATION" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (2017, February 8). Fileless attacks against enterprise networks. Retrieved February 8, 2017.", "meta": { "date_accessed": "2017-02-08T00:00:00Z", "date_published": "2017-02-08T00:00:00Z", "refs": [ "https://securelist.com/fileless-attacks-against-enterprise-networks/77403/" ], "source": "MITRE", "title": "Fileless attacks against enterprise networks" }, "related": [], "uuid": "b58d9c32-89c5-449a-88e7-1c7dd3f8380e", "value": "Securelist fileless attacks Feb 2017" }, { "description": "Dove, A. (2016, March 23). Fileless Malware – A Behavioural Analysis Of Kovter Persistence. Retrieved December 5, 2017.", "meta": { "date_accessed": "2017-12-05T00:00:00Z", "date_published": "2016-03-23T00:00:00Z", "refs": [ "https://airbus-cyber-security.com/fileless-malware-behavioural-analysis-kovter-persistence/" ], "source": "MITRE", "title": "Fileless Malware – A Behavioural Analysis Of Kovter Persistence" }, "related": [], "uuid": "a8420828-9e00-45a1-90d7-a37f898204f9", "value": "Airbus Security Kovter Analysis" }, { "description": "Microsoft. (2023, February 6). Fileless threats. Retrieved March 23, 2023.", "meta": { "date_accessed": "2023-03-23T00:00:00Z", "date_published": "2023-02-06T00:00:00Z", "refs": [ "https://learn.microsoft.com/microsoft-365/security/intelligence/fileless-threats" ], "source": "MITRE", "title": "Fileless threats" }, "related": [], "uuid": "263fc1ab-f928-583f-986d-1e1bae9b3c85", "value": "Microsoft Fileless" }, { "description": "Nelson, M. (2016, August 15). \"Fileless\" UAC Bypass using eventvwr.exe and Registry Hijacking. Retrieved December 27, 2016.", "meta": { "date_accessed": "2016-12-27T00:00:00Z", "date_published": "2016-08-15T00:00:00Z", "refs": [ "https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/" ], "source": "MITRE", "title": "\"Fileless\" UAC Bypass using eventvwr.exe and Registry Hijacking" }, "related": [], "uuid": "74b16ca4-9494-4f10-97c5-103a8521818f", "value": "enigma0x3 Fileless UAC Bypass" }, { "description": "Nelson, M. (2017, March 17). \"Fileless\" UAC Bypass Using sdclt.exe. Retrieved May 25, 2017.", "meta": { "date_accessed": "2017-05-25T00:00:00Z", "date_published": "2017-03-17T00:00:00Z", "refs": [ "https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/" ], "source": "MITRE", "title": "\"Fileless\" UAC Bypass Using sdclt.exe" }, "related": [], "uuid": "5e5597e2-ea05-41e0-8752-ca95a89a5aa3", "value": "enigma0x3 sdclt bypass" }, { "description": "Microsoft. (2018, May 31). File Management (Local File Systems). Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/fileio/file-management" ], "source": "MITRE", "title": "File Management (Local File Systems)" }, "related": [], "uuid": "e6d84416-5808-4e7d-891b-ba67dada8726", "value": "Microsoft File Mgmt" }, { "description": "Microsoft. (n.d.). File Streams. Retrieved December 2, 2014.", "meta": { "date_accessed": "2014-12-02T00:00:00Z", "refs": [ "http://msdn.microsoft.com/en-us/library/aa364404" ], "source": "MITRE", "title": "File Streams" }, "related": [], "uuid": "ef3f58da-e735-4b1d-914c-fafabb7439bf", "value": "Microsoft File Streams" }, { "description": "YesWeRHackers. (2021, June 16). File Upload Attacks (Part 2). Retrieved August 23, 2022.", "meta": { "date_accessed": "2022-08-23T00:00:00Z", "date_published": "2021-06-16T00:00:00Z", "refs": [ "https://blog.yeswehack.com/yeswerhackers/file-upload-attacks-part-2/" ], "source": "MITRE", "title": "File Upload Attacks (Part 2)" }, "related": [], "uuid": "4f7c7d6c-ad56-594f-bcb8-79523f436f2c", "value": "file_upload_attacks_pt2" }, { "description": "Microsoft. (2018, May 30). Filtering the Scope of a GPO. Retrieved March 13, 2019.", "meta": { "date_accessed": "2019-03-13T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/desktop/Policy/filtering-the-scope-of-a-gpo" ], "source": "MITRE", "title": "Filtering the Scope of a GPO" }, "related": [], "uuid": "327caed7-a53f-4245-8774-a9f170932012", "value": "Microsoft GPO Security Filtering" }, { "description": "FireEye iSIGHT Intelligence. (2017, June 16). FIN10: Anatomy of a Cyber Extortion Operation. Retrieved June 25, 2017.", "meta": { "date_accessed": "2017-06-25T00:00:00Z", "date_published": "2017-06-16T00:00:00Z", "refs": [ "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf" ], "source": "MITRE, Tidal Cyber", "title": "FIN10: Anatomy of a Cyber Extortion Operation" }, "related": [], "uuid": "9d5c3956-7169-48d5-b4d0-f7a56a742adf", "value": "FireEye FIN10 June 2017" }, { "description": "Joshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly. (2021, October 7). FIN12 Group Profile. Retrieved September 22, 2023.", "meta": { "date_accessed": "2023-09-22T00:00:00Z", "date_published": "2021-10-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.mandiant.com/sites/default/files/2021-10/fin12-group-profile.pdf" ], "source": "Tidal Cyber", "title": "FIN12 Group Profile" }, "related": [], "uuid": "7af84b3d-bbd6-449f-b29b-2f14591c9f05", "value": "Mandiant FIN12 Group Profile October 07 2021" }, { "description": "Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.", "meta": { "date_accessed": "2023-06-15T00:00:00Z", "date_published": "2021-10-07T00:00:00Z", "refs": [ "https://www.mandiant.com/sites/default/files/2021-10/fin12-group-profile.pdf" ], "source": "MITRE", "title": "FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets" }, "related": [], "uuid": "4514d7cc-b999-5711-a398-d90e5d3570f2", "value": "Mandiant FIN12 Oct 2021" }, { "description": "CERT-FR. (2023, September 18). FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel. Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "date_published": "2023-09-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-007.pdf" ], "source": "Tidal Cyber", "title": "FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel" }, "related": [], "uuid": "0f4a03c5-79b3-418e-a77d-305d5a32caca", "value": "CERTFR-2023-CTI-007" }, { "description": "Ta, V., et al. (2022, August 8). FIN13: A Cybercriminal Threat Actor Focused on Mexico. Retrieved February 9, 2023.", "meta": { "date_accessed": "2023-02-09T00:00:00Z", "date_published": "2022-08-08T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/fin13-cybercriminal-mexico" ], "source": "MITRE", "title": "FIN13: A Cybercriminal Threat Actor Focused on Mexico" }, "related": [], "uuid": "ebd9d479-1954-5a4a-b7f0-d5372489733c", "value": "Mandiant FIN13 Aug 2022" }, { "description": "Dennesen, K. et al.. (2014, November 30). FIN4: Stealing Insider Information for an Advantage in Stock Trading?. Retrieved December 17, 2018.", "meta": { "date_accessed": "2018-12-17T00:00:00Z", "date_published": "2014-11-30T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html" ], "source": "MITRE", "title": "FIN4: Stealing Insider Information for an Advantage in Stock Trading?" }, "related": [], "uuid": "b27f1040-46e5-411a-b238-0b40f6160680", "value": "FireEye FIN4 Stealing Insider NOV 2014" }, { "description": "Visa Public. (2019, February). FIN6 Cybercrime Group Expands Threat to eCommerce Merchants. Retrieved September 16, 2019.", "meta": { "date_accessed": "2019-09-16T00:00:00Z", "date_published": "2019-02-01T00:00:00Z", "refs": [ "https://usa.visa.com/dam/VCOM/global/support-legal/documents/fin6-cybercrime-group-expands-threat-To-ecommerce-merchants.pdf" ], "source": "MITRE", "title": "FIN6 Cybercrime Group Expands Threat to eCommerce Merchants" }, "related": [], "uuid": "9e9e8811-1d8e-4400-8688-e634f859c4e0", "value": "Visa FIN6 Feb 2019" }, { "description": "Kremez, V. (2019, September 19). FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals. Retrieved September 8, 2020.", "meta": { "date_accessed": "2020-09-08T00:00:00Z", "date_published": "2019-09-19T00:00:00Z", "refs": [ "https://labs.sentinelone.com/fin6-frameworkpos-point-of-sale-malware-analysis-internals-2/" ], "source": "MITRE", "title": "FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals" }, "related": [], "uuid": "054d7827-3d0c-40a7-b2a0-1428ad7729ea", "value": "SentinelOne FrameworkPOS September 2019" }, { "description": "Namestnikov, Y. and Aime, F. (2019, May 8). FIN7.5: the infamous cybercrime rig “FIN7” continues its activities. Retrieved October 11, 2019.", "meta": { "date_accessed": "2019-10-11T00:00:00Z", "date_published": "2019-05-08T00:00:00Z", "refs": [ "https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/" ], "source": "MITRE", "title": "FIN7.5: the infamous cybercrime rig “FIN7” continues its activities" }, "related": [], "uuid": "42e196e4-42a7-427d-a69b-d78fa6375f8c", "value": "SecureList Griffon May 2019" }, { "description": "Seals, T. (2021, May 14). FIN7 Backdoor Masquerades as Ethical Hacking Tool. Retrieved February 2, 2022.", "meta": { "date_accessed": "2022-02-02T00:00:00Z", "date_published": "2021-05-14T00:00:00Z", "refs": [ "https://threatpost.com/fin7-backdoor-ethical-hacking-tool/166194/" ], "source": "MITRE", "title": "FIN7 Backdoor Masquerades as Ethical Hacking Tool" }, "related": [], "uuid": "1b89f62f-586d-4dee-b6dd-e5a5cd090a0e", "value": "Threatpost Lizar May 2021" }, { "description": "Carr, N., et al. (2017, April 24). FIN7 Evolution and the Phishing LNK. Retrieved April 24, 2017.", "meta": { "date_accessed": "2017-04-24T00:00:00Z", "date_published": "2017-04-24T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html" ], "source": "MITRE", "title": "FIN7 Evolution and the Phishing LNK" }, "related": [], "uuid": "6ee27fdb-1753-4fdf-af72-3295b072ff10", "value": "FireEye FIN7 April 2017" }, { "description": "Abdo, B., et al. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved April 5, 2022.", "meta": { "date_accessed": "2022-04-05T00:00:00Z", "date_published": "2022-04-04T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/evolution-of-fin7" ], "source": "MITRE", "title": "FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7" }, "related": [], "uuid": "be9919c0-ca52-593b-aea0-c5e9a262b570", "value": "Mandiant FIN7 Apr 2022" }, { "description": "Gemini Advisory. (2021, October 21). FIN7 Recruits Talent For Push Into Ransomware. Retrieved February 2, 2022.", "meta": { "date_accessed": "2022-02-02T00:00:00Z", "date_published": "2021-10-21T00:00:00Z", "refs": [ "https://geminiadvisory.io/fin7-ransomware-bastion-secure/" ], "source": "MITRE", "title": "FIN7 Recruits Talent For Push Into Ransomware" }, "related": [], "uuid": "bbaef178-8577-4398-8e28-604faf0950b4", "value": "Gemini FIN7 Oct 2021" }, { "description": "Platt, J. and Reeves, J.. (2019, March). FIN7 Revisited: Inside Astra Panel and SQLRat Malware. Retrieved June 18, 2019.", "meta": { "date_accessed": "2019-06-18T00:00:00Z", "date_published": "2019-03-01T00:00:00Z", "refs": [ "https://www.flashpoint-intel.com/blog/fin7-revisited-inside-astra-panel-and-sqlrat-malware/" ], "source": "MITRE", "title": "FIN7 Revisited: Inside Astra Panel and SQLRat Malware" }, "related": [], "uuid": "b09453a3-c0df-4e96-b399-e7b34e068e9d", "value": "Flashpoint FIN 7 March 2019" }, { "description": "Miller, S., et al. (2017, March 7). FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings. Retrieved March 8, 2017.", "meta": { "date_accessed": "2017-03-08T00:00:00Z", "date_published": "2017-03-07T00:00:00Z", "refs": [ "https://web.archive.org/web/20180808125108/https:/www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html" ], "source": "MITRE, Tidal Cyber", "title": "FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings" }, "related": [], "uuid": "7987bb91-ec41-42f8-bd2d-dabc26509a08", "value": "FireEye FIN7 March 2017" }, { "description": "Gorelik, M.. (2017, June 9). FIN7 Takes Another Bite at the Restaurant Industry. Retrieved July 13, 2017.", "meta": { "date_accessed": "2017-07-13T00:00:00Z", "date_published": "2017-06-09T00:00:00Z", "refs": [ "http://blog.morphisec.com/fin7-attacks-restaurant-industry" ], "source": "MITRE", "title": "FIN7 Takes Another Bite at the Restaurant Industry" }, "related": [], "uuid": "3831173c-7c67-4f16-b652-ad992a7ce411", "value": "Morphisec FIN7 June 2017" }, { "description": "Waterman, S. (2017, October 16). Fin7 weaponization of DDE is just their latest slick move, say researchers. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://www.cyberscoop.com/fin7-dde-morphisec-fileless-malware/" ], "source": "MITRE", "title": "Fin7 weaponization of DDE is just their latest slick move, say researchers" }, "related": [], "uuid": "e38adff1-7f53-4b0c-9d58-a4640b09b10d", "value": "CyberScoop FIN7 Oct 2017" }, { "description": "Vrabie, V., et al. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved September 8, 2021.", "meta": { "date_accessed": "2021-09-08T00:00:00Z", "date_published": "2021-03-10T00:00:00Z", "refs": [ "https://www.bitdefender.com/files/News/CaseStudies/study/394/Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf" ], "source": "MITRE", "title": "FIN8 Returns with Improved BADHATCH Toolkit" }, "related": [], "uuid": "958cfc9a-901c-549d-96c2-956272b240e3", "value": "BitDefender BADHATCH Mar 2021" }, { "description": "Bitdefender. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved October 30, 2023.", "meta": { "date_accessed": "2023-10-30T00:00:00Z", "date_published": "2021-03-10T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.bitdefender.com/files/News/CaseStudies/study/394/Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf" ], "source": "Tidal Cyber", "title": "FIN8 Returns with Improved BADHATCH Toolkit" }, "related": [], "uuid": "501b6391-e09e-47dc-9cfc-c8ed4c034aca", "value": "Bitdefender FIN8 BADHATCH Report" }, { "description": "Budaca, E., et al. (2021, August 25). FIN8 Threat Actor Goes Agile with New Sardonic Backdoor. Retrieved August 9, 2023.", "meta": { "date_accessed": "2023-08-09T00:00:00Z", "date_published": "2021-08-25T00:00:00Z", "refs": [ "https://www.bitdefender.com/files/News/CaseStudies/study/401/Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN.pdf" ], "source": "MITRE", "title": "FIN8 Threat Actor Goes Agile with New Sardonic Backdoor" }, "related": [], "uuid": "8e9d05c9-6783-5738-ac85-a444810a8074", "value": "Bitdefender Sardonic Aug 2021" }, { "description": "Symantec Threat Hunter Team. (2023, July 18). FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware. Retrieved August 9, 2023.", "meta": { "date_accessed": "2023-08-09T00:00:00Z", "date_published": "2023-07-18T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor" ], "source": "MITRE", "title": "FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware" }, "related": [], "uuid": "9b08b7f0-1a33-5d76-817f-448fac0d165a", "value": "Symantec FIN8 Jul 2023" }, { "description": "Fisher, D. (2012, October 31). Final Report on DigiNotar Hack Shows Total Compromise of CA Servers. Retrieved March 6, 2017.", "meta": { "date_accessed": "2017-03-06T00:00:00Z", "date_published": "2012-10-31T00:00:00Z", "refs": [ "https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112/77170/" ], "source": "MITRE", "title": "Final Report on DigiNotar Hack Shows Total Compromise of CA Servers" }, "related": [], "uuid": "3c9b7b9a-d30a-4865-a96c-6e68d9e20452", "value": "DiginotarCompromise" }, { "description": "Brubaker, N. Zafra, D. K. Lunden, K. Proska, K. Hildebrandt, C.. (2020, July 15). Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families. Retrieved February 15, 2021.", "meta": { "date_accessed": "2021-02-15T00:00:00Z", "date_published": "2020-07-15T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html" ], "source": "MITRE", "title": "Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families" }, "related": [], "uuid": "4bd514b8-1f79-4946-b001-110ce5cf29a9", "value": "FireEye Financial Actors Moving into OT" }, { "description": "Jason (jxb5151). (2021, January 28). findapihash.py. Retrieved August 22, 2022.", "meta": { "date_accessed": "2022-08-22T00:00:00Z", "date_published": "2021-01-28T00:00:00Z", "refs": [ "https://github.com/MITRECND/malchive/blob/main/malchive/utilities/findapihash.py" ], "source": "MITRE", "title": "findapihash.py" }, "related": [], "uuid": "2260f0a1-2a6c-4373-9e3a-624fd89446e3", "value": "MITRECND FindAPIHash" }, { "description": "A. Randazzo, B. Manahan and S. Lipton. (2020, April 28). Finding Evil in AWS. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "date_published": "2020-04-28T00:00:00Z", "refs": [ "https://expel.io/blog/finding-evil-in-aws/" ], "source": "MITRE", "title": "Finding Evil in AWS" }, "related": [], "uuid": "4c2424d6-670b-4db0-a752-868b4c954e29", "value": "Expel IO Evil in AWS" }, { "description": "Butler, M. (2013, November). Finding Hidden Threats by Decrypting SSL. Retrieved April 5, 2016.", "meta": { "date_accessed": "2016-04-05T00:00:00Z", "date_published": "2013-11-01T00:00:00Z", "refs": [ "http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840" ], "source": "MITRE", "title": "Finding Hidden Threats by Decrypting SSL" }, "related": [], "uuid": "d251a79b-8516-41a7-b394-47a761d0ab3b", "value": "SANS Decrypting SSL" }, { "description": "Sancho, D., Hacquebord, F., Link, R. (2014, July 22). Finding Holes Operation Emmental. Retrieved February 9, 2016.", "meta": { "date_accessed": "2016-02-09T00:00:00Z", "date_published": "2014-07-22T00:00:00Z", "refs": [ "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf" ], "source": "MITRE", "title": "Finding Holes Operation Emmental" }, "related": [], "uuid": "36443369-4fa9-4802-8b21-68cc382b949f", "value": "Operation Emmental" }, { "description": "Sean Metcalf. (2015, December 28). Finding Passwords in SYSVOL & Exploiting Group Policy Preferences. Retrieved February 17, 2020.", "meta": { "date_accessed": "2020-02-17T00:00:00Z", "date_published": "2015-12-28T00:00:00Z", "refs": [ "https://adsecurity.org/?p=2288" ], "source": "MITRE", "title": "Finding Passwords in SYSVOL & Exploiting Group Policy Preferences" }, "related": [], "uuid": "538def90-5de4-4b8c-b535-0e2570ba1841", "value": "ADSecurity Finding Passwords in SYSVOL" }, { "description": "LOLBAS. (2018, May 25). Findstr.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Findstr/" ], "source": "Tidal Cyber", "title": "Findstr.exe" }, "related": [], "uuid": "fc4b7b28-ac74-4a8f-a39d-ce55df5fca08", "value": "Findstr.exe - LOLBAS Project" }, { "description": "FinFisher. (n.d.). Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "refs": [ "http://www.finfisher.com/FinFisher/index.html" ], "source": "MITRE", "title": "FinFisher Citation" }, "related": [], "uuid": "6ef0b8d8-ba98-49ce-807d-5a85d111b027", "value": "FinFisher Citation" }, { "description": "Allievi, A.,Flori, E. (2018, March 01). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved July 9, 2018.", "meta": { "date_accessed": "2018-07-09T00:00:00Z", "date_published": "2018-03-01T00:00:00Z", "refs": [ "https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/" ], "source": "MITRE", "title": "FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines" }, "related": [], "uuid": "88c97a9a-ef14-4695-bde0-9de2b5f5343b", "value": "Microsoft FinFisher March 2018" }, { "description": "Microsoft Defender Security Research Team. (2018, March 1). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved January 27, 2022.", "meta": { "date_accessed": "2022-01-27T00:00:00Z", "date_published": "2018-03-01T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/" ], "source": "MITRE", "title": "FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines" }, "related": [], "uuid": "b2f4541e-f981-4b25-abf4-1bec92b16faa", "value": "FinFisher exposed" }, { "description": "LOLBAS. (2021, August 30). Finger.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-08-30T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Finger/" ], "source": "Tidal Cyber", "title": "Finger.exe" }, "related": [], "uuid": "e32d01eb-d904-43dc-a7e2-bdcf42f3ebb2", "value": "Finger.exe - LOLBAS Project" }, { "description": "FireEye. (n.d.). Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/ib-entertainment.pdf" ], "source": "MITRE", "title": "FireEye Cyber Threats to Media Industries" }, "related": [], "uuid": "7b9bd753-01b7-4923-9964-19c59123ace2", "value": "FireEye Cyber Threats to Media Industries" }, { "description": "Amanda Steward. (2014). FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading.pdf" ], "source": "MITRE", "title": "FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry" }, "related": [], "uuid": "9d58bcbb-5b96-4e12-8ff2-e0b084c3eb8c", "value": "FireEye DLL Side-Loading" }, { "description": "FireEye. (2016, November 30). FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region. Retrieved January 11, 2017.", "meta": { "date_accessed": "2017-01-11T00:00:00Z", "date_published": "2016-11-30T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html" ], "source": "MITRE", "title": "FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region" }, "related": [], "uuid": "44b2eb6b-4902-4ca0-80e5-7333d620e075", "value": "FireEye Shamoon Nov 2016" }, { "description": "Goody, K., et al (2019, January 11). A Nasty Trick: From Credential Theft Malware to Business Disruption. Retrieved May 12, 2020.", "meta": { "date_accessed": "2020-05-12T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html" ], "source": "MITRE", "title": "FireEye Ryuk and Trickbot January 2019" }, "related": [], "uuid": "b29dc755-f1f0-4206-9ecf-29257a1909ee", "value": "FireEye Ryuk and Trickbot January 2019" }, { "description": "Kelly Jackson Higgins. (2021, January 7). FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack. Retrieved April 18, 2022.", "meta": { "date_accessed": "2022-04-18T00:00:00Z", "date_published": "2021-01-07T00:00:00Z", "refs": [ "https://www.darkreading.com/threat-intelligence/fireeye-s-mandia-severity-zero-alert-led-to-discovery-of-solarwinds-attack" ], "source": "MITRE", "title": "FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack" }, "related": [], "uuid": "a662c764-8954-493f-88e5-e022e093a785", "value": "DarkReading FireEye SolarWinds" }, { "description": "Jiang, G., et al. (2017, September 12). FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2017-09-12T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html" ], "source": "MITRE", "title": "FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY" }, "related": [], "uuid": "142cf7a3-2ca2-4cf3-b95a-9f4b3bc1cdce", "value": "FireEye FinSpy Sept 2017" }, { "description": "Klijnsma, Y.. (2018, January 16). First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks. Retrieved October 10, 2018.", "meta": { "date_accessed": "2018-10-10T00:00:00Z", "date_published": "2018-01-16T00:00:00Z", "refs": [ "https://web.archive.org/web/20190508170147/https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/" ], "source": "MITRE", "title": "First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks" }, "related": [], "uuid": "7d48b679-d44d-466e-b12b-16f0f9858d15", "value": "RiskIQ Cobalt Jan 2018" }, { "description": "Brinkmann, M. (2017, September 19). First Chrome extension with JavaScript Crypto Miner detected. Retrieved November 16, 2017.", "meta": { "date_accessed": "2017-11-16T00:00:00Z", "date_published": "2017-09-19T00:00:00Z", "refs": [ "https://www.ghacks.net/2017/09/19/first-chrome-extension-with-javascript-crypto-miner-detected/" ], "source": "MITRE", "title": "First Chrome extension with JavaScript Crypto Miner detected" }, "related": [], "uuid": "ae28f530-40da-451e-89b8-b472340c3e0a", "value": "Chrome Extension Crypto Miner" }, { "description": "Michael Katchinskiy, Assaf Morag. (2023, April 21). First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. Retrieved July 14, 2023.", "meta": { "date_accessed": "2023-07-14T00:00:00Z", "date_published": "2023-04-21T00:00:00Z", "refs": [ "https://blog.aquasec.com/leveraging-kubernetes-rbac-to-backdoor-clusters" ], "source": "MITRE", "title": "First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters" }, "related": [], "uuid": "6d6e2fc8-9806-5480-bfaa-a43a962a4980", "value": "Aquasec Kubernetes Attack 2023" }, { "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.", "meta": { "date_accessed": "2016-12-22T00:00:00Z", "date_published": "2016-08-24T00:00:00Z", "refs": [ "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/" ], "source": "MITRE", "title": "First Twitter-controlled Android botnet discovered" }, "related": [], "uuid": "845896a6-b21d-489d-b75c-1e35b3ec78e0", "value": "ESET-Twitoor" }, { "description": "Baldwin, M., Flores, J., Kess, B.. (2018, June 17). Five steps to securing your identity infrastructure. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2018-06-17T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity#block-end-user-consent" ], "source": "MITRE", "title": "Five steps to securing your identity infrastructure" }, "related": [], "uuid": "3a0c4458-c8ec-44f9-95cc-0eb136a927cb", "value": "Microsoft Azure AD Admin Consent" }, { "description": "Hada, H. (2021, December 28). Flagpro The new malware used by BlackTech. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2021-12-28T00:00:00Z", "refs": [ "https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech" ], "source": "MITRE", "title": "Flagpro The new malware used by BlackTech" }, "related": [], "uuid": "c0f523fa-7f3b-4c85-b48f-19ae770e9f3b", "value": "NTT Security Flagpro new December 2021" }, { "description": "Gostev, A. (2012, May 30). Flame: Bunny, Frog, Munch and BeetleJuice…. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2012-05-30T00:00:00Z", "refs": [ "https://securelist.com/flame-bunny-frog-munch-and-beetlejuice-2/32855/" ], "source": "MITRE", "title": "Flame: Bunny, Frog, Munch and BeetleJuice…" }, "related": [], "uuid": "c7d030ad-0ecf-458f-85d4-93778d759dc1", "value": "Kaspersky Flame Functionality" }, { "description": "sKyWIper Analysis Team. (2012, May 31). sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks. Retrieved September 6, 2018.", "meta": { "date_accessed": "2018-09-06T00:00:00Z", "refs": [ "https://www.crysys.hu/publications/files/skywiper.pdf" ], "source": "MITRE", "title": "Flamer): A complex malware for targeted attacks" }, "related": [], "uuid": "ea35f530-b0fd-4e27-a7a9-6ba41566154c", "value": "Crysys Skywiper" }, { "description": "Symantec Security Response. (2012, May 31). Flamer: A Recipe for Bluetoothache. Retrieved February 25, 2017.", "meta": { "date_accessed": "2017-02-25T00:00:00Z", "date_published": "2012-05-31T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/flamer-recipe-bluetoothache" ], "source": "MITRE", "title": "Flamer: A Recipe for Bluetoothache" }, "related": [], "uuid": "691ada65-fe64-4917-b379-1db2573eea32", "value": "Symantec Beetlejuice" }, { "description": "LOLBAS. (2021, September 18). fltMC.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/FltMC/" ], "source": "Tidal Cyber", "title": "fltMC.exe" }, "related": [], "uuid": "cf9b4bd3-92f0-405b-85e7-95e65d548b79", "value": "fltMC.exe - LOLBAS Project" }, { "description": "Iran Threats . (2017, December 5). Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code. Retrieved May 28, 2020.", "meta": { "date_accessed": "2020-05-28T00:00:00Z", "date_published": "2017-12-05T00:00:00Z", "refs": [ "https://iranthreats.github.io/resources/attribution-flying-rocket-kitten/" ], "source": "MITRE", "title": "Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code" }, "related": [], "uuid": "8338ad75-89f2-47d8-b85b-7cbf331bd7cd", "value": "IranThreats Kittens Dec 2017" }, { "description": "Ramin Nafisi. (2021, September 27). FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2021-09-27T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/" ], "source": "MITRE", "title": "FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor" }, "related": [], "uuid": "1ef61100-c5e7-4725-8456-e508c5f6d68a", "value": "MSTIC FoggyWeb September 2021" }, { "description": "Dan Whalen. (2019, September 10). Following the CloudTrail: Generating strong AWS security signals with Sumo Logic. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "date_published": "2019-09-10T00:00:00Z", "refs": [ "https://expel.io/blog/following-cloudtrail-generating-aws-security-signals-sumo-logic/" ], "source": "MITRE", "title": "Following the CloudTrail: Generating strong AWS security signals with Sumo Logic" }, "related": [], "uuid": "96560211-59b3-4eae-b8a3-2f988f6fdca3", "value": "Following the CloudTrail: Generating strong AWS security signals with Sumo Logic" }, { "description": "Skulkin, O. (2019, August 5). Following the RTM Forensic examination of a computer infected with a banking trojan. Retrieved May 11, 2020.", "meta": { "date_accessed": "2020-05-11T00:00:00Z", "date_published": "2019-08-05T00:00:00Z", "refs": [ "https://www.group-ib.com/blog/rtm" ], "source": "MITRE", "title": "Following the RTM Forensic examination of a computer infected with a banking trojan" }, "related": [], "uuid": "739da2f2-2aea-4f65-bc4d-ec6723f90520", "value": "Group IB RTM August 2019" }, { "description": "Bermejo, L., et al. (2017, June 22). Following the Trail of BlackTech’s Cyber Espionage Campaigns. Retrieved May 5, 2020.", "meta": { "date_accessed": "2020-05-05T00:00:00Z", "date_published": "2017-06-22T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/" ], "source": "MITRE, Tidal Cyber", "title": "Following the Trail of BlackTech’s Cyber Espionage Campaigns" }, "related": [], "uuid": "abb9cb19-d30e-4048-b106-eb29a6dad7fc", "value": "TrendMicro BlackTech June 2017" }, { "description": "FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved June 1, 2016.", "meta": { "date_accessed": "2016-06-01T00:00:00Z", "date_published": "2016-04-01T00:00:00Z", "refs": [ "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6" }, "related": [], "uuid": "8c0997e1-b285-42dd-9492-75065eac8f8b", "value": "FireEye FIN6 April 2016" }, { "description": "Vladislav Hrčka. (2021, January 1). FontOnLake. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "date_published": "2021-01-01T00:00:00Z", "refs": [ "https://web-assets.esetstatic.com/wls/2021/10/eset_fontonlake.pdf" ], "source": "MITRE", "title": "FontOnLake" }, "related": [], "uuid": "dbcced87-91ee-514f-98c8-29a85d967384", "value": "ESET FontOnLake Analysis 2021" }, { "description": "Amnesty International Security Lab. (2021, July 18). Forensic Methodology Report: How to catch NSO Group’s Pegasus. Retrieved February 22, 2022.", "meta": { "date_accessed": "2022-02-22T00:00:00Z", "date_published": "2021-07-18T00:00:00Z", "refs": [ "https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/" ], "source": "MITRE", "title": "Forensic Methodology Report: How to catch NSO Group’s Pegasus" }, "related": [], "uuid": "9e40d93a-fe91-504a-a6f2-e6546067ba53", "value": "amnesty_nso_pegasus" }, { "description": "Microsoft. (2016, August 31). Forfiles. Retrieved January 22, 2018.", "meta": { "date_accessed": "2018-01-22T00:00:00Z", "date_published": "2016-08-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc753551(v=ws.11)" ], "source": "MITRE", "title": "Forfiles" }, "related": [], "uuid": "fd7eaa47-3512-4dbd-b881-bc679d06cd1b", "value": "Microsoft Forfiles Aug 2016" }, { "description": "LOLBAS. (2018, May 25). Forfiles.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Forfiles/" ], "source": "Tidal Cyber", "title": "Forfiles.exe" }, "related": [], "uuid": "9e2c3833-b667-431c-a9e5-1b412583cc5a", "value": "Forfiles.exe - LOLBAS Project" }, { "description": "Symantec Security Response. (2015, July 13). “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory. Retrieved July 22, 2015.", "meta": { "date_accessed": "2015-07-22T00:00:00Z", "date_published": "2015-07-13T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/forkmeiamfamous-seaduke-latest-weapon-duke-armory" ], "source": "MITRE", "title": "“Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory" }, "related": [], "uuid": "5ec05c01-8767-44c1-9855-e1b0e5ee0002", "value": "Symantec Seaduke 2015" }, { "description": "McCarthy, K. (2015, February 28). FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2015-02-28T00:00:00Z", "refs": [ "https://www.theregister.com/2015/02/28/uber_subpoenas_github_for_hacker_details/" ], "source": "MITRE", "title": "FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers" }, "related": [], "uuid": "89b85928-a962-4230-875c-63742b3c9d37", "value": "Register Uber" }, { "description": "Cisco. (2022, August 16). format - Cisco IOS Configuration Fundamentals Command Reference. Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2022-08-16T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668" ], "source": "MITRE", "title": "format - Cisco IOS Configuration Fundamentals Command Reference" }, "related": [], "uuid": "9442e08d-0858-5aa5-b642-a6b1e46018bc", "value": "format_cmd_cisco" }, { "description": "ALEXANDER MARVI, BRAD SLAYBAUGH, DAN EBREO, TUFAIL AHMED, MUHAMMAD UMAIR, TINA JOHNSON. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved May 15, 2023.", "meta": { "date_accessed": "2023-05-15T00:00:00Z", "date_published": "2023-03-16T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem" ], "source": "MITRE", "title": "Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation" }, "related": [], "uuid": "a43dd8ce-23d6-5768-8522-6973dc45e1ac", "value": "Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation" }, { "description": "Marvi, A. et al.. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved March 22, 2023.", "meta": { "date_accessed": "2023-03-22T00:00:00Z", "date_published": "2023-03-16T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem" ], "source": "MITRE", "title": "Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation" }, "related": [], "uuid": "7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7", "value": "Mandiant Fortinet Zero Day" }, { "description": "Apple. (n.d.). Foundation. Retrieved July 1, 2020.", "meta": { "date_accessed": "2020-07-01T00:00:00Z", "refs": [ "https://developer.apple.com/documentation/foundation" ], "source": "MITRE", "title": "Foundation" }, "related": [], "uuid": "ea194268-0a8f-4494-be09-ef5f679f68fe", "value": "macOS Foundation" }, { "description": "Stokes, P. (2020, July 27). Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform. Retrieved August 7, 2020.", "meta": { "date_accessed": "2020-08-07T00:00:00Z", "date_published": "2020-07-27T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/" ], "source": "MITRE", "title": "Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform" }, "related": [], "uuid": "489c52a2-34cc-47ff-b42b-9d48f83b9e90", "value": "SentinelOne Lazarus macOS July 2020" }, { "description": "Department of Justice. (2022, March 24). Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide. Retrieved April 5, 2022.", "meta": { "date_accessed": "2022-04-05T00:00:00Z", "date_published": "2022-03-24T00:00:00Z", "refs": [ "https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical" ], "source": "MITRE", "title": "Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide" }, "related": [], "uuid": "768a0ec6-b767-4044-acad-82834508640f", "value": "DOJ Russia Targeting Critical Infrastructure March 2022" }, { "description": "ClearSky. (2020, February 16). Fox Kitten – Widespread Iranian Espionage-Offensive Campaign. Retrieved December 21, 2020.", "meta": { "date_accessed": "2020-12-21T00:00:00Z", "date_published": "2020-02-16T00:00:00Z", "refs": [ "https://www.clearskysec.com/fox-kitten/" ], "source": "MITRE, Tidal Cyber", "title": "Fox Kitten – Widespread Iranian Espionage-Offensive Campaign" }, "related": [], "uuid": "a5ad6321-897a-4adc-9cdd-034a2538e3d6", "value": "ClearkSky Fox Kitten February 2020" }, { "description": "FS-ISAC. (2012, September 17). Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud. Retrieved April 18, 2019.", "meta": { "date_accessed": "2019-04-18T00:00:00Z", "date_published": "2012-09-17T00:00:00Z", "refs": [ "https://www.ic3.gov/media/2012/FraudAlertFinancialInstitutionEmployeeCredentialsTargeted.pdf" ], "source": "MITRE", "title": "Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud" }, "related": [], "uuid": "9c8772eb-6d1d-4742-a2db-a5e1006effaa", "value": "FSISAC FraudNetDoS September 2012" }, { "description": "Segura, J. (2020, February 26). Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server. Retrieved September 15, 2020.", "meta": { "date_accessed": "2020-09-15T00:00:00Z", "date_published": "2020-02-26T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/" ], "source": "MITRE", "title": "Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server" }, "related": [], "uuid": "531206c7-11ec-46bf-a35c-0464244a58c9", "value": "MalwareBytes Ngrok February 2020" }, { "description": "Faou, M. (2020, May). From Agent.btz to ComRAT v4: A ten-year journey. Retrieved June 15, 2020.", "meta": { "date_accessed": "2020-06-15T00:00:00Z", "date_published": "2020-05-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf" ], "source": "MITRE", "title": "From Agent.btz to ComRAT v4: A ten-year journey" }, "related": [], "uuid": "cd9043b8-4d14-449b-a6b2-2e9b99103bb0", "value": "ESET ComRAT May 2020" }, { "description": "Sean Metcalf. (2020, May 27). From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path. Retrieved September 28, 2022.", "meta": { "date_accessed": "2022-09-28T00:00:00Z", "date_published": "2020-05-27T00:00:00Z", "refs": [ "https://adsecurity.org/?p=4277" ], "source": "MITRE", "title": "From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path" }, "related": [], "uuid": "087d07a9-0d33-4253-b7c1-d55be13c0467", "value": "Azure AD to AD" }, { "description": "Pereira, T. Huey, C. (2022, March 17). From BlackMatter to BlackCat: Analyzing two attacks from one affiliate. Retrieved May 5, 2022.", "meta": { "date_accessed": "2022-05-05T00:00:00Z", "date_published": "2022-03-17T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html" ], "source": "MITRE", "title": "From BlackMatter to BlackCat: Analyzing two attacks from one affiliate" }, "related": [], "uuid": "605b58ea-9544-49b8-b3c8-0a97b2b155dc", "value": "blackmatter_blackcat" }, { "description": "Samantha Stallings, Brad Duncan. (2023, December 29). From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence. Retrieved January 11, 2024.", "meta": { "date_accessed": "2024-01-11T00:00:00Z", "date_published": "2023-12-29T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://unit42.paloaltonetworks.com/unit42-threat-intelligence-roundup/" ], "source": "Tidal Cyber", "title": "From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence" }, "related": [], "uuid": "a18e19b5-9046-4c2c-bd94-2cd5061064bf", "value": "Unit42 Malware Roundup December 29 2023" }, { "description": "Reaqta. (2017, December 16). From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2017-12-16T00:00:00Z", "refs": [ "https://reaqta.com/2017/12/mavinject-microsoft-injector/" ], "source": "MITRE", "title": "From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector" }, "related": [], "uuid": "5c0e0c84-2992-4098-8913-66a20ca61bf4", "value": "Reaqta Mavinject" }, { "description": "Del Fierro, C. Kessem, L.. (2020, January 8). From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications. Retrieved February 15, 2021.", "meta": { "date_accessed": "2021-02-15T00:00:00Z", "date_published": "2020-01-08T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/from-mega-to-giga-cross-version-comparison-of-top-megacortex-modifications/" ], "source": "MITRE", "title": "From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications" }, "related": [], "uuid": "3d70d9b7-88e4-411e-a59a-bc862da965a7", "value": "IBM MegaCortex" }, { "description": "BI.ZONE Cyber Threats Research Team. (2021, May 13). From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit. Retrieved February 2, 2022.", "meta": { "date_accessed": "2022-02-02T00:00:00Z", "date_published": "2021-05-13T00:00:00Z", "refs": [ "https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319" ], "source": "MITRE", "title": "From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit" }, "related": [], "uuid": "315f47e1-69e5-4dcb-94b2-59583e91dd26", "value": "BiZone Lizar May 2021" }, { "description": "Kaspersky Lab. (2017, March 7). From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond. Retrieved March 14, 2019.", "meta": { "date_accessed": "2019-03-14T00:00:00Z", "date_published": "2017-03-07T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf" ], "source": "MITRE", "title": "From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond" }, "related": [], "uuid": "e2637cb3-c449-4609-af7b-ac78a900cc8b", "value": "Kaspersky StoneDrill 2017" }, { "description": "LOLBAS. (2021, September 26). FsiAnyCpu.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/FsiAnyCpu/" ], "source": "Tidal Cyber", "title": "FsiAnyCpu.exe" }, "related": [], "uuid": "87031d31-b6d7-4860-b11b-5a0dc8774d92", "value": "FsiAnyCpu.exe - LOLBAS Project" }, { "description": "LOLBAS. (2021, September 26). Fsi.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Fsi/" ], "source": "Tidal Cyber", "title": "Fsi.exe" }, "related": [], "uuid": "4e14e87f-2ad9-4959-8cb2-8585b67931c0", "value": "Fsi.exe - LOLBAS Project" }, { "description": "Microsoft. (2021, September 27). fsutil behavior. Retrieved January 14, 2022.", "meta": { "date_accessed": "2022-01-14T00:00:00Z", "date_published": "2021-09-27T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-behavior" ], "source": "MITRE", "title": "fsutil behavior" }, "related": [], "uuid": "07712696-b1fd-4704-b157-9e420840fb2c", "value": "fsutil_behavior" }, { "description": "LOLBAS. (2021, August 16). Fsutil.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-08-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Fsutil/" ], "source": "Tidal Cyber", "title": "Fsutil.exe" }, "related": [], "uuid": "e2305dac-4245-4fac-8813-69cb210e9cd3", "value": "Fsutil.exe - LOLBAS Project" }, { "description": "Microsoft. (2021, July 21). ftp. Retrieved February 25, 2022.", "meta": { "date_accessed": "2022-02-25T00:00:00Z", "date_published": "2021-07-21T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ftp" ], "source": "MITRE", "title": "ftp" }, "related": [], "uuid": "970f8d16-f5b7-44e2-b81f-738b931c60d9", "value": "Microsoft FTP" }, { "description": "N/A. (n.d.). ftp(1) - Linux man page. Retrieved February 25, 2022.", "meta": { "date_accessed": "2022-02-25T00:00:00Z", "refs": [ "https://linux.die.net/man/1/ftp" ], "source": "MITRE", "title": "ftp(1) - Linux man page" }, "related": [], "uuid": "021ea6bc-abff-48de-a6bb-315dbbfa6147", "value": "Linux FTP" }, { "description": "LOLBAS. (2018, December 10). Ftp.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-12-10T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Ftp/" ], "source": "Tidal Cyber", "title": "Ftp.exe" }, "related": [], "uuid": "3b51993d-6062-4138-bfc6-a2c0fc5d039a", "value": "Ftp.exe - LOLBAS Project" }, { "description": "Microsoft. (2008, September 11). Fun with WMI Filters in Group Policy. Retrieved March 13, 2019.", "meta": { "date_accessed": "2019-03-13T00:00:00Z", "date_published": "2008-09-11T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/askds/2008/09/11/fun-with-wmi-filters-in-group-policy/" ], "source": "MITRE", "title": "Fun with WMI Filters in Group Policy" }, "related": [], "uuid": "2894c3bf-6f8d-4338-8206-4dc873e3bb8d", "value": "Microsoft WMI Filters" }, { "description": "NCSC, CISA, FBI, NSA. (2021, May 7). Further TTPs associated with SVR cyber actors. Retrieved July 29, 2021.", "meta": { "date_accessed": "2021-07-29T00:00:00Z", "date_published": "2021-05-07T00:00:00Z", "refs": [ "https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf" ], "source": "MITRE", "title": "Further TTPs associated with SVR cyber actors" }, "related": [], "uuid": "e18c1b56-f29d-4ea9-a425-a6af8ac6a347", "value": "Cybersecurity Advisory SVR TTP May 2021" }, { "description": "Klijnsma, Y.. (2017, November 28). Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions. Retrieved October 10, 2018.", "meta": { "date_accessed": "2018-10-10T00:00:00Z", "date_published": "2017-11-28T00:00:00Z", "refs": [ "https://web.archive.org/web/20190508170630/https://www.riskiq.com/blog/labs/cobalt-strike/" ], "source": "MITRE", "title": "Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions" }, "related": [], "uuid": "ebf961c5-bd68-42f3-8fd3-000946c7ae9c", "value": "RiskIQ Cobalt Nov 2017" }, { "description": "Unit 42. (2022, June 13). GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool. Retrieved August 7, 2022.", "meta": { "date_accessed": "2022-08-07T00:00:00Z", "date_published": "2022-06-13T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/pingpull-gallium/" ], "source": "MITRE", "title": "GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool" }, "related": [], "uuid": "ac6491ab-6ef1-4091-8a15-50e2cbafe157", "value": "Unit 42 PingPull Jun 2022" }, { "description": "MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.", "meta": { "date_accessed": "2021-01-13T00:00:00Z", "date_published": "2019-12-12T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/" ], "source": "MITRE, Tidal Cyber", "title": "GALLIUM: Targeting global telecom" }, "related": [], "uuid": "5bc76b47-ff68-4031-a347-f2dc0daba203", "value": "Microsoft GALLIUM December 2019" }, { "description": "Symantec Security Response. (2018, October 10). Gallmaker: New Attack Group Eschews Malware to Live off the Land. Retrieved November 27, 2018.", "meta": { "date_accessed": "2018-11-27T00:00:00Z", "date_published": "2018-10-10T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group" ], "source": "MITRE, Tidal Cyber", "title": "Gallmaker: New Attack Group Eschews Malware to Live off the Land" }, "related": [], "uuid": "f47b3e2b-acdd-4487-88b9-de5cbe45cf33", "value": "Symantec Gallmaker Oct 2018" }, { "description": "Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.", "meta": { "date_accessed": "2020-05-19T00:00:00Z", "date_published": "2020-04-17T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/" ], "source": "MITRE", "title": "Gamaredon APT Group Use Covid-19 Lure in Campaigns" }, "related": [], "uuid": "3800cfc2-0260-4b36-b629-7a336b9f9f10", "value": "TrendMicro Gamaredon April 2020" }, { "description": "Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.", "meta": { "date_accessed": "2020-06-16T00:00:00Z", "date_published": "2020-06-11T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/" ], "source": "MITRE", "title": "Gamaredon group grows its game" }, "related": [], "uuid": "6532664d-2311-4b38-8960-f43762471729", "value": "ESET Gamaredon June 2020" }, { "description": "CERT-EE. (2021, January 27). Gamaredon Infection: From Dropper to Entry. Retrieved February 17, 2022.", "meta": { "date_accessed": "2022-02-17T00:00:00Z", "date_published": "2021-01-27T00:00:00Z", "refs": [ "https://www.ria.ee/sites/default/files/content-editors/kuberturve/tale_of_gamaredon_infection.pdf" ], "source": "MITRE", "title": "Gamaredon Infection: From Dropper to Entry" }, "related": [], "uuid": "fec320ed-29c1-40db-ad2e-701fda428922", "value": "CERT-EE Gamaredon January 2021" }, { "description": "Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.", "meta": { "date_accessed": "2016-01-14T00:00:00Z", "date_published": "2015-06-22T00:00:00Z", "refs": [ "https://securelist.com/games-are-over/70991/" ], "source": "MITRE", "title": "Games are over: Winnti is now targeting pharmaceutical companies" }, "related": [], "uuid": "86504950-0f4f-42bc-b003-24f60ae97c99", "value": "Kaspersky Winnti June 2015" }, { "description": "Matrosov, A. (2013, March 19). Gapz and Redyms droppers based on Power Loader code. Retrieved December 16, 2017.", "meta": { "date_accessed": "2017-12-16T00:00:00Z", "date_published": "2013-03-19T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2013/03/19/gapz-and-redyms-droppers-based-on-power-loader-code/" ], "source": "MITRE", "title": "Gapz and Redyms droppers based on Power Loader code" }, "related": [], "uuid": "b8d328b7-2eb3-4851-8d44-2e1bad7710c2", "value": "WeLiveSecurity Gapz and Redyms Mar 2013" }, { "description": "Csaba Fitzl. (2021, June 29). GateKeeper - Not a Bypass (Again). Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2021-06-29T00:00:00Z", "refs": [ "https://theevilbit.github.io/posts/gatekeeper_not_a_bypass/" ], "source": "MITRE", "title": "GateKeeper - Not a Bypass (Again)" }, "related": [], "uuid": "d00f373d-2133-47c3-9b0a-104ecc9a6869", "value": "theevilbit gatekeeper bypass 2021" }, { "description": "Kaspersky Lab. (2012, August). Gauss: Abnormal Distribution. Retrieved January 17, 2019.", "meta": { "date_accessed": "2019-01-17T00:00:00Z", "date_published": "2012-08-01T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20134940/kaspersky-lab-gauss.pdf" ], "source": "MITRE", "title": "Gauss: Abnormal Distribution" }, "related": [], "uuid": "4bf39390-f3ca-4132-841e-b35abefe7dee", "value": "Kaspersky Gauss Whitepaper" }, { "description": "GReAT. (2019, April 10). Gaza Cybergang Group1, operation SneakyPastes. Retrieved May 13, 2020.", "meta": { "date_accessed": "2020-05-13T00:00:00Z", "date_published": "2019-04-10T00:00:00Z", "refs": [ "https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/" ], "source": "MITRE", "title": "Gaza Cybergang Group1, operation SneakyPastes" }, "related": [], "uuid": "38216a34-5ffd-4e79-80b1-7270743b728e", "value": "Kaspersky MoleRATs April 2019" }, { "description": "ESET. (2017, August). Gazing at Gazer: Turla’s new second stage backdoor. Retrieved September 14, 2017.", "meta": { "date_accessed": "2017-09-14T00:00:00Z", "date_published": "2017-08-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf" ], "source": "MITRE", "title": "Gazing at Gazer: Turla’s new second stage backdoor" }, "related": [], "uuid": "9d1c40af-d4bc-4d4a-b667-a17378942685", "value": "ESET Gazer Aug 2017" }, { "description": "Kessler, G. (2022, December 9). GCK'S FILE SIGNATURES TABLE. Retrieved August 23, 2022.", "meta": { "date_accessed": "2022-08-23T00:00:00Z", "date_published": "2022-12-09T00:00:00Z", "refs": [ "https://www.garykessler.net/library/file_sigs.html" ], "source": "MITRE", "title": "GCK'S FILE SIGNATURES TABLE" }, "related": [], "uuid": "4bc3a8af-d0c1-514d-9edd-dcebb3344db8", "value": "file_sig_table" }, { "description": "Google Cloud. (2022, March 31). gcloud compute instances add-metadata. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2022-03-31T00:00:00Z", "refs": [ "https://cloud.google.com/sdk/gcloud/reference/compute/instances/add-metadata" ], "source": "MITRE", "title": "gcloud compute instances add-metadata" }, "related": [], "uuid": "eba4b850-8784-4da2-b87d-54b5bd0f58d6", "value": "Google Cloud Add Metadata" }, { "description": "Google. (n.d.). gcloud compute instances list. Retrieved May 26, 2020.", "meta": { "date_accessed": "2020-05-26T00:00:00Z", "refs": [ "https://cloud.google.com/sdk/gcloud/reference/compute/instances/list" ], "source": "MITRE", "title": "gcloud compute instances list" }, "related": [], "uuid": "ae09e791-a00c-487b-b0e5-7768df0679a3", "value": "Google Compute Instances" }, { "description": "Google. (n.d.). gcloud compute os-login ssh-keys add. Retrieved October 1, 2020.", "meta": { "date_accessed": "2020-10-01T00:00:00Z", "refs": [ "https://cloud.google.com/sdk/gcloud/reference/compute/os-login/ssh-keys/add" ], "source": "MITRE", "title": "gcloud compute os-login ssh-keys add" }, "related": [], "uuid": "372b6cfd-abdc-41b7-be78-4b1dc0426044", "value": "GCP SSH Key Add" }, { "description": "Google. (2020, June 23). gcloud iam service-accounts list. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "date_published": "2020-06-23T00:00:00Z", "refs": [ "https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/list" ], "source": "MITRE", "title": "gcloud iam service-accounts list" }, "related": [], "uuid": "3ffad706-1dac-41dd-b197-06f22fec3b30", "value": "Google Cloud - IAM Servie Accounts List API" }, { "description": "Dupuy, T. and Faou, M. (2021, June). Gelsemium. Retrieved November 30, 2021.", "meta": { "date_accessed": "2021-11-30T00:00:00Z", "date_published": "2021-06-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2021/06/eset_gelsemium.pdf" ], "source": "MITRE", "title": "Gelsemium" }, "related": [], "uuid": "ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5", "value": "ESET Gelsemium June 2021" }, { "description": "Microsoft. (n.d.). General Task Registration. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/dd315590.aspx" ], "source": "MITRE", "title": "General Task Registration" }, "related": [], "uuid": "344703ac-f67c-465b-8c56-c9617675a00b", "value": "TechNet Scheduled Task Events" }, { "description": "Morrow, T., Pitts, J. (2016, October 28). Genetic Malware: Designing Payloads for Specific Targets. Retrieved January 18, 2019.", "meta": { "date_accessed": "2019-01-18T00:00:00Z", "date_published": "2016-10-28T00:00:00Z", "refs": [ "https://github.com/Genetic-Malware/Ebowla/blob/master/Eko_2016_Morrow_Pitts_Master.pdf" ], "source": "MITRE", "title": "Genetic Malware: Designing Payloads for Specific Targets" }, "related": [], "uuid": "8c65dbc1-33ad-470c-b172-7497c6fd2480", "value": "Ebowla: Genetic Malware" }, { "description": "Proofpoint. (2020, December 2). Geofenced NetWire Campaigns. Retrieved January 7, 2021.", "meta": { "date_accessed": "2021-01-07T00:00:00Z", "date_published": "2020-12-02T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/geofenced-netwire-campaigns" ], "source": "MITRE", "title": "Geofenced NetWire Campaigns" }, "related": [], "uuid": "5a974fc5-31bb-44b5-9834-ef98175402ec", "value": "Proofpoint NETWIRE December 2020" }, { "description": "Hartrell, Greg. (2002, August). Get a handle on cd00r: The invisible backdoor. Retrieved October 13, 2018.", "meta": { "date_accessed": "2018-10-13T00:00:00Z", "date_published": "2002-08-01T00:00:00Z", "refs": [ "https://www.giac.org/paper/gcih/342/handle-cd00r-invisible-backdoor/103631" ], "source": "MITRE", "title": "Get a handle on cd00r: The invisible backdoor" }, "related": [], "uuid": "739e6517-10f5-484d-8000-8818d63e7341", "value": "Hartrell cd00r 2002" }, { "description": "The Kubernetes Authors. (n.d.). Get a Shell to a Running Container. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/" ], "source": "MITRE", "title": "Get a Shell to a Running Container" }, "related": [], "uuid": "ffb9c0ca-533f-4911-8c0c-a2653410a76d", "value": "Kubectl Exec Get Shell" }, { "description": "Microsoft. (n.d.). Get-GlobalAddressList. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/exchange/email-addresses-and-address-books/get-globaladdresslist" ], "source": "MITRE", "title": "Get-GlobalAddressList" }, "related": [], "uuid": "a4948a80-d11c-44ed-ae63-e3f5660463f9", "value": "Microsoft getglobaladdresslist" }, { "description": "Satiro, J. (2011, September 14). GetHooks. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2011-09-14T00:00:00Z", "refs": [ "https://github.com/jay/gethooks" ], "source": "MITRE", "title": "GetHooks" }, "related": [], "uuid": "228ac239-3a97-446f-8e1c-d5c0f580710c", "value": "Jay GetHooks Sept 2011" }, { "description": "Microsoft. (n.d.). Get-InboxRule. Retrieved June 10, 2021.", "meta": { "date_accessed": "2021-06-10T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/exchange/get-inboxrule?view=exchange-ps" ], "source": "MITRE", "title": "Get-InboxRule" }, "related": [], "uuid": "c6a1b00c-22d4-407a-a515-fbce5c197606", "value": "Microsoft Get-InboxRule" }, { "description": "Microsoft. (n.d.). Get-MsolRole. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrole?view=azureadps-1.0" ], "source": "MITRE", "title": "Get-MsolRole" }, "related": [], "uuid": "e36f4e3a-61c9-4fdc-98de-d51a2b3b4865", "value": "Microsoft Msolrole" }, { "description": "Microsoft. (n.d.). Get-MsolRoleMember. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrolemember?view=azureadps-1.0" ], "source": "MITRE", "title": "Get-MsolRoleMember" }, "related": [], "uuid": "ca28494c-d834-4afc-9237-ab78dcfc427b", "value": "Microsoft msolrolemember" }, { "description": "Craig Rowland. (2019, July 25). Getting an Attacker IP Address from a Malicious Linux At Job. Retrieved October 15, 2021.", "meta": { "date_accessed": "2021-10-15T00:00:00Z", "date_published": "2019-07-25T00:00:00Z", "refs": [ "https://www.linkedin.com/pulse/getting-attacker-ip-address-from-malicious-linux-job-craig-rowland/" ], "source": "MITRE", "title": "Getting an Attacker IP Address from a Malicious Linux At Job" }, "related": [], "uuid": "85056eba-c587-4619-b5e4-dff9680be7b3", "value": "rowland linux at 2019" }, { "description": "Ryan, T. (2010). “Getting In Bed with Robin Sage.”. Retrieved March 6, 2017.", "meta": { "date_accessed": "2017-03-06T00:00:00Z", "date_published": "2010-01-01T00:00:00Z", "refs": [ "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf" ], "source": "MITRE", "title": "“Getting In Bed with Robin Sage.”" }, "related": [], "uuid": "82068e93-a3f8-4d05-9358-6fe76a0055bb", "value": "BlackHatRobinSage" }, { "description": "Dr. Nestori Syynimaa. (2020, June 4). Getting root access to Azure VMs as a Azure AD Global Administrator. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "date_published": "2020-06-04T00:00:00Z", "refs": [ "https://aadinternals.com/post/azurevms/" ], "source": "MITRE", "title": "Getting root access to Azure VMs as a Azure AD Global Administrator" }, "related": [], "uuid": "7080ae79-bec4-5886-9a43-6039d0cfd32f", "value": "AADInternals Root Access to Azure VMs" }, { "description": "Patrick Wardle. (2019, July 2). Getting Root with Benign AppStore Apps. Retrieved March 31, 2021.", "meta": { "date_accessed": "2021-03-31T00:00:00Z", "date_published": "2019-07-02T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x46.html" ], "source": "MITRE", "title": "Getting Root with Benign AppStore Apps" }, "related": [], "uuid": "128b4e3f-bb58-45e0-b8d9-bff9fc3ec3df", "value": "Wardle Dylib Hijack Vulnerable Apps" }, { "description": "Austin, J. (2017, June 6). Getting Started with VBA in Office. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2017-06-06T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/vba/office-shared-vba/articles/getting-started-with-vba-in-office" ], "source": "MITRE", "title": "Getting Started with VBA in Office" }, "related": [], "uuid": "9c44416d-1f3d-4d99-b497-4615ed6f5546", "value": "MSDN VBA in Office" }, { "description": "Viviano, A. (2021, August 17). Getting started with Windows drivers: User mode and kernel mode. Retrieved September 24, 2021.", "meta": { "date_accessed": "2021-09-24T00:00:00Z", "date_published": "2021-08-17T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/user-mode-and-kernel-mode" ], "source": "MITRE", "title": "Getting started with Windows drivers: User mode and kernel mode" }, "related": [], "uuid": "1b93e7ba-6afa-45ff-a9e2-3586cdae822c", "value": "Windows Getting Started Drivers" }, { "description": "Bloxham, B. (n.d.). Getting Windows to Play with Itself [PowerPoint slides]. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "refs": [ "https://www.defcon.org/images/defcon-22/dc-22-presentations/Bloxham/DEFCON-22-Brady-Bloxham-Windows-API-Abuse-UPDATED.pdf" ], "source": "MITRE", "title": "Getting Windows to Play with Itself [PowerPoint slides]" }, "related": [], "uuid": "b212d16f-5347-49ab-8339-432b4fd1ef50", "value": "Bloxham" }, { "description": "Microsoft. (n.d.). GetWindowLong function. Retrieved December 16, 2017.", "meta": { "date_accessed": "2017-12-16T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms633584.aspx" ], "source": "MITRE", "title": "GetWindowLong function" }, "related": [], "uuid": "4366217a-2325-4056-ab68-f5f4d2a0703c", "value": "Microsoft GetWindowLong function" }, { "description": "Microsoft. (2017, May 23). GFlags Overview. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2017-05-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-hardware/drivers/debugger/gflags-overview" ], "source": "MITRE", "title": "GFlags Overview" }, "related": [], "uuid": "9c11c382-b420-4cf9-9db2-eaa7b60aee2d", "value": "Microsoft GFlags Mar 2017" }, { "description": "LOLBAS. (2019, December 27). GfxDownloadWrapper.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-12-27T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/HonorableMentions/GfxDownloadWrapper/" ], "source": "Tidal Cyber", "title": "GfxDownloadWrapper.exe" }, "related": [], "uuid": "5d97b7d7-428e-4408-a4d3-00f52cf4bf15", "value": "GfxDownloadWrapper.exe - LOLBAS Project" }, { "description": "Sergiu Gatlan. (2023, April 21). GhostToken GCP flaw let attackers backdoor Google accounts. Retrieved September 18, 2023.", "meta": { "date_accessed": "2023-09-18T00:00:00Z", "date_published": "2023-04-21T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/ghosttoken-gcp-flaw-let-attackers-backdoor-google-accounts/" ], "source": "MITRE", "title": "GhostToken GCP flaw let attackers backdoor Google accounts" }, "related": [], "uuid": "3f87bd65-4194-5be6-93a1-acde6eaef547", "value": "GhostToken GCP flaw" }, { "description": "jpillora. (n.d.). GitHub Chisel. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/jpillora/chisel" ], "source": "Tidal Cyber", "title": "GitHub Chisel" }, "related": [], "uuid": "4a60fb46-06b7-44ea-a9f6-8d6fa81e9363", "value": "GitHub Chisel" }, { "description": "Gretzky, Kuba. (2019, April 10). Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "refs": [ "https://github.com/kgretzky/evilginx2" ], "source": "MITRE", "title": "Github evilginx2" }, "related": [], "uuid": "322e5d90-5095-47ea-b0e2-e7e5fb45fcca", "value": "Github evilginx2" }, { "description": "kgretzky. (n.d.). GitHub evilginx2. Retrieved December 14, 2023.", "meta": { "date_accessed": "2023-12-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/kgretzky/evilginx2" ], "source": "Tidal Cyber", "title": "GitHub evilginx2" }, "related": [], "uuid": "eea178f4-80bd-49d1-84b1-f80671e9a3e4", "value": "GitHub evilginx2" }, { "description": "Mudge, R. (2014, July 14). Github Malleable-C2-Profiles safebrowsing.profile. Retrieved June 18, 2017.", "meta": { "date_accessed": "2017-06-18T00:00:00Z", "date_published": "2014-07-14T00:00:00Z", "refs": [ "https://github.com/rsmudge/Malleable-C2-Profiles/blob/master/normal/safebrowsing.profile" ], "source": "MITRE", "title": "Github Malleable-C2-Profiles safebrowsing.profile" }, "related": [], "uuid": "0a609b90-dbaf-47bc-a642-1d180ca56498", "value": "GitHub Malleable C2" }, { "description": "GitHub. (n.d.). GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive. Retrieved June 22, 2023.", "meta": { "date_accessed": "2023-06-22T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/meganz/MEGAsync" ], "source": "Tidal Cyber", "title": "GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive" }, "related": [], "uuid": "6e59c47d-597c-4687-942f-9f1cf1db75d5", "value": "GitHub meganz MEGAsync" }, { "description": "Leo Pitt. (2020, November 11). Github - PersistentJXA/BashProfilePersist.js. Retrieved January 11, 2021.", "meta": { "date_accessed": "2021-01-11T00:00:00Z", "date_published": "2020-11-11T00:00:00Z", "refs": [ "https://github.com/D00MFist/PersistentJXA/blob/master/BashProfilePersist.js" ], "source": "MITRE", "title": "Github - PersistentJXA/BashProfilePersist.js" }, "related": [], "uuid": "b76d3ed0-e484-4ed1-aa6b-892a6f34e478", "value": "code_persistence_zsh" }, { "description": "Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.", "meta": { "date_accessed": "2016-04-28T00:00:00Z", "refs": [ "https://github.com/PowerShellEmpire/Empire" ], "source": "MITRE", "title": "Github PowerShellEmpire" }, "related": [], "uuid": "017ec673-454c-492a-a65b-10d3a20dfdab", "value": "Github PowerShell Empire" }, { "description": "Nicolas Verdier. (n.d.). Retrieved January 29, 2018.", "meta": { "date_accessed": "2018-01-29T00:00:00Z", "refs": [ "https://github.com/n1nj4sec/pupy" ], "source": "MITRE", "title": "GitHub Pupy" }, "related": [], "uuid": "69d5cb59-6545-4405-8ca6-733db99d3ee9", "value": "GitHub Pupy" }, { "description": "threatexpress. (n.d.). GitHub random_c2_profile. Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/threatexpress/random_c2_profile" ], "source": "Tidal Cyber", "title": "GitHub random_c2_profile" }, "related": [], "uuid": "dcb30328-6aa4-461b-8333-451d6af4b384", "value": "GitHub random_c2_profile" }, { "description": "llkat. (n.d.). GitHub rsockstun. Retrieved December 14, 2023.", "meta": { "date_accessed": "2023-12-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/llkat/rsockstun" ], "source": "Tidal Cyber", "title": "GitHub rsockstun" }, "related": [], "uuid": "1644457f-75d6-4064-a11b-9217249fa5e6", "value": "GitHub rsockstun" }, { "description": "fortra. (n.d.). GitHub secretsdump. Retrieved November 16, 2023.", "meta": { "date_accessed": "2023-11-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/fortra/impacket/blob/master/examples/secretsdump.py" ], "source": "Tidal Cyber", "title": "GitHub secretsdump" }, "related": [], "uuid": "c29a90a7-016f-49b7-a970-334290964f19", "value": "GitHub secretsdump" }, { "description": "djhohnstein. (n.d.). GitHub SharpChromium. Retrieved December 14, 2023.", "meta": { "date_accessed": "2023-12-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/djhohnstein/SharpChromium" ], "source": "Tidal Cyber", "title": "GitHub SharpChromium" }, "related": [], "uuid": "ca1956a5-72f2-43ad-a17f-a52ca97bd84e", "value": "GitHub SharpChromium" }, { "description": "GhostPack. (n.d.). GitHub SharpRoast. Retrieved September 22, 2023.", "meta": { "date_accessed": "2023-09-22T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/GhostPack/SharpRoast" ], "source": "Tidal Cyber", "title": "GitHub SharpRoast" }, "related": [], "uuid": "43a2e05d-4662-4a5c-9c99-3165f0d71169", "value": "GitHub SharpRoast" }, { "description": "Salvati, M (2019, August 6). SILENTTRINITY. Retrieved March 23, 2022.", "meta": { "date_accessed": "2022-03-23T00:00:00Z", "refs": [ "https://github.com/byt3bl33d3r/SILENTTRINITY" ], "source": "MITRE", "title": "GitHub SILENTTRINITY March 2022" }, "related": [], "uuid": "cff66280-c592-4e3c-a56c-32a9620cf95c", "value": "GitHub SILENTTRINITY March 2022" }, { "description": "xmrig. (n.d.). GitHub xmrig-proxy. Retrieved October 25, 2023.", "meta": { "date_accessed": "2023-10-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/xmrig/xmrig-proxy" ], "source": "Tidal Cyber", "title": "GitHub xmrig-proxy" }, "related": [], "uuid": "bd2a5de0-f55f-4eeb-a11f-8ec1e9f2ae2b", "value": "GitHub xmrig-proxy" }, { "description": "Michael Henriksen. (2018, June 9). Gitrob: Putting the Open Source in OSINT. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2018-06-09T00:00:00Z", "refs": [ "https://github.com/michenriksen/gitrob" ], "source": "MITRE", "title": "Gitrob: Putting the Open Source in OSINT" }, "related": [], "uuid": "1dee0842-15cc-4835-b8a8-938e0c94807b", "value": "GitHub Gitrob" }, { "description": "Hirani, M., Jones, S., Read, B. (2019, January 10). Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. Retrieved October 9, 2020.", "meta": { "date_accessed": "2020-10-09T00:00:00Z", "date_published": "2019-01-10T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html" ], "source": "MITRE", "title": "Global DNS Hijacking Campaign: DNS Record Manipulation at Scale" }, "related": [], "uuid": "2c696e90-11eb-4196-9946-b5c4c11ccddc", "value": "FireEye DNS Hijack 2019" }, { "description": "McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.", "meta": { "date_accessed": "2018-02-19T00:00:00Z", "date_published": "2011-02-10T00:00:00Z", "refs": [ "https://scadahacker.com/library/Documents/Cyber_Events/McAfee%20-%20Night%20Dragon%20-%20Global%20Energy%20Cyberattacks.pdf" ], "source": "MITRE", "title": "Global Energy Cyberattacks: “Night Dragon”" }, "related": [], "uuid": "242d2933-ca2b-4511-803a-454727a3acc5", "value": "McAfee Night Dragon" }, { "description": "GMER. (n.d.). GMER. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "refs": [ "http://www.gmer.net/" ], "source": "MITRE", "title": "GMER" }, "related": [], "uuid": "f43e9881-4919-4ccc-b2ed-929d7838b2b4", "value": "GMER Rootkits" }, { "description": "Pascal Nowack. (n.d.). Retrieved September 21, 2021.", "meta": { "date_accessed": "2021-09-21T00:00:00Z", "refs": [ "https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/grd-settings.c#L207" ], "source": "MITRE", "title": "Gnome Remote Desktop grd-settings" }, "related": [], "uuid": "8f494ff3-b02b-470b-a57d-d2275989f541", "value": "Gnome Remote Desktop grd-settings" }, { "description": "Pascal Nowack. (n.d.). Retrieved September 21, 2021.", "meta": { "date_accessed": "2021-09-21T00:00:00Z", "refs": [ "https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/org.gnome.desktop.remote-desktop.gschema.xml.in" ], "source": "MITRE", "title": "Gnome Remote Desktop gschema" }, "related": [], "uuid": "c7c749d5-b1b0-4a0f-8d14-eef47cfa1279", "value": "Gnome Remote Desktop gschema" }, { "description": "Upham, K. (2014, March). Going Deep into the BIOS with MITRE Firmware Security Research. Retrieved January 5, 2016.", "meta": { "date_accessed": "2016-01-05T00:00:00Z", "date_published": "2014-03-01T00:00:00Z", "refs": [ "http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-security-research" ], "source": "MITRE", "title": "Going Deep into the BIOS with MITRE Firmware Security Research" }, "related": [], "uuid": "25f52172-293e-4b23-9239-201a0ddbcdf1", "value": "MITRE Trustworthy Firmware Measurement" }, { "description": "Secureworks Counter Threat Unit. (2022, March 1). Gold Blackburn Threat Profile. Retrieved June 15, 2023.", "meta": { "date_accessed": "2023-06-15T00:00:00Z", "date_published": "2022-03-01T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/gold-blackburn" ], "source": "MITRE", "title": "Gold Blackburn Threat Profile" }, "related": [], "uuid": "b6b27fa9-488c-5b6d-8e12-fe8371846cd3", "value": "Secureworks Gold Blackburn Mar 2022" }, { "description": "Secureworks. (n.d.). GOLD CABIN Threat Profile. Retrieved March 17, 2021.", "meta": { "date_accessed": "2021-03-17T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/gold-cabin" ], "source": "MITRE, Tidal Cyber", "title": "GOLD CABIN Threat Profile" }, "related": [], "uuid": "778babec-e7d3-4341-9e33-aab361f2b98a", "value": "Secureworks GOLD CABIN" }, { "description": "Sherstobitoff, R., Saavedra-Morales, J. (2018, February 02). Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems. Retrieved June 6, 2018.", "meta": { "date_accessed": "2018-06-06T00:00:00Z", "date_published": "2018-02-02T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/" ], "source": "MITRE", "title": "Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems" }, "related": [], "uuid": "4bdfa92b-cbbd-43e6-aa3e-422561ff8d7a", "value": "McAfee Gold Dragon" }, { "description": "Reiner, S. (2017, November 21). Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2017-11-21T00:00:00Z", "refs": [ "https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps" ], "source": "MITRE", "title": "Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps" }, "related": [], "uuid": "58083370-8126-47d3-827c-1910ed3f4b2a", "value": "Cyberark Golden SAML" }, { "description": "Trustwave SpiderLabs. (2020, June 26). GoldenSpy: Chapter Two – The Uninstaller. Retrieved July 23, 2020.", "meta": { "date_accessed": "2020-07-23T00:00:00Z", "date_published": "2020-06-26T00:00:00Z", "refs": [ "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-two-the-uninstaller/" ], "source": "MITRE", "title": "GoldenSpy: Chapter Two – The Uninstaller" }, "related": [], "uuid": "5031e82e-66e8-4ae0-be47-53daa87ddf94", "value": "Trustwave GoldenSpy2 June 2020" }, { "description": "Secureworks. (n.d.). GOLD KINGSWOOD. Retrieved October 18, 2021.", "meta": { "date_accessed": "2021-10-18T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/gold-kingswood?filter=item-financial-gain" ], "source": "MITRE", "title": "GOLD KINGSWOOD" }, "related": [], "uuid": "36035bbb-1609-4461-be27-ef4a920b814c", "value": "Secureworks GOLD KINGSWOOD Threat Profile" }, { "description": "Nafisi, R., Lelli, A. (2021, March 4). GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence. Retrieved March 8, 2021.", "meta": { "date_accessed": "2021-03-08T00:00:00Z", "date_published": "2021-03-04T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/" ], "source": "MITRE", "title": "GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence" }, "related": [], "uuid": "8688a0a9-d644-4b96-81bb-031f1f898652", "value": "MSTIC NOBELIUM Mar 2021" }, { "description": "CTU. (n.d.). GOLD NIAGARA. Retrieved September 21, 2021.", "meta": { "date_accessed": "2021-09-21T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/gold-niagara" ], "source": "MITRE", "title": "GOLD NIAGARA" }, "related": [], "uuid": "b11276cb-f6dd-4e91-90cd-9c287fb3e6b1", "value": "Secureworks GOLD NIAGARA Threat Profile" }, { "description": "Secureworks. (n.d.). GOLD SOUTHFIELD. Retrieved October 6, 2020.", "meta": { "date_accessed": "2020-10-06T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/gold-southfield" ], "source": "MITRE", "title": "GOLD SOUTHFIELD" }, "related": [], "uuid": "01d1ffaa-16b3-41c4-bb5a-afe2b41f1142", "value": "Secureworks GOLD SOUTHFIELD" }, { "description": "Google. (n.d.). Retrieved March 16, 2021.", "meta": { "date_accessed": "2021-03-16T00:00:00Z", "refs": [ "https://cloud.google.com/identity/docs/reference/rest" ], "source": "MITRE", "title": "Google Cloud Identity API Documentation" }, "related": [], "uuid": "67f2719e-74fd-4bc1-9eeb-07d3095a5191", "value": "Google Cloud Identity API Documentation" }, { "description": "Spencer Gietzen. (2019, February 26). Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation. Retrieved March 4, 2022.", "meta": { "date_accessed": "2022-03-04T00:00:00Z", "date_published": "2019-02-26T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/gcp/google-cloud-platform-gcp-bucket-enumeration/" ], "source": "MITRE", "title": "Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation" }, "related": [], "uuid": "d956e1f6-37ca-4352-b275-84c174888b88", "value": "GCPBucketBrute" }, { "description": "Offensive Security. (n.d.). Google Hacking Database. Retrieved October 23, 2020.", "meta": { "date_accessed": "2020-10-23T00:00:00Z", "refs": [ "https://www.exploit-db.com/google-hacking-database" ], "source": "MITRE", "title": "Google Hacking Database" }, "related": [], "uuid": "29714b88-a1ff-4684-a3b0-35c3a2c78947", "value": "ExploitDB GoogleHacking" }, { "description": "Google. (n.d.). Retrieved March 16, 2021.", "meta": { "date_accessed": "2021-03-16T00:00:00Z", "refs": [ "https://support.google.com/a/answer/166870?hl=en" ], "source": "MITRE", "title": "Google Workspace Global Access List" }, "related": [], "uuid": "5104f0ea-1fb6-4260-a9b6-95922b3a8e5b", "value": "Google Workspace Global Access List" }, { "description": "Szappanos, G. & Brandt, A. (2021, March 1). “Gootloader” expands its payload delivery options. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2021-03-01T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/" ], "source": "MITRE", "title": "“Gootloader” expands its payload delivery options" }, "related": [], "uuid": "63357292-0f08-4405-a45a-34b606ab7110", "value": "Sophos Gootloader" }, { "description": "McCabe, A. (2020, January 23). The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks. Retrieved June 2, 2020.", "meta": { "date_accessed": "2020-06-02T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/" ], "source": "MITRE", "title": "Government Agency Targeted in Spear-Phishing Attacks" }, "related": [], "uuid": "b65442ca-18ca-42e0-8be0-7c2b66c26d02", "value": "Unit 42 CARROTBAT January 2020" }, { "description": "Counter Threat Unit Research Team. (2023, May 24). Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations. Retrieved July 27, 2023.", "meta": { "date_accessed": "2023-07-27T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations" ], "source": "MITRE", "title": "Government and Defense Organizations" }, "related": [], "uuid": "77624549-e170-5894-9219-a15b4aa31726", "value": "Secureworks BRONZE SILHOUETTE May 2023" }, { "description": "Patil, S. and Williams, M.. (2019, June 5). Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities. Retrieved June 20, 2019.", "meta": { "date_accessed": "2019-06-20T00:00:00Z", "date_published": "2019-06-05T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html" ], "source": "MITRE", "title": "Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities" }, "related": [], "uuid": "c88150b1-8c0a-4fc5-b5b7-11e242af1c43", "value": "FireEye HAWKBALL Jun 2019" }, { "description": "CISA. (2020, December 1). Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets. Retrieved December 9, 2021.", "meta": { "date_accessed": "2021-12-09T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions" ], "source": "MITRE, Tidal Cyber", "title": "Government Targets" }, "related": [], "uuid": "c7bc4b25-2043-4f43-8320-590f82d0e09a", "value": "CISA AA20-296A Berserk Bear December 2020" }, { "description": "Campbell, C. (2012, May 24). GPP Password Retrieval with PowerShell. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2012-05-24T00:00:00Z", "refs": [ "https://obscuresecurity.blogspot.co.uk/2012/05/gpp-password-retrieval-with-powershell.html" ], "source": "MITRE", "title": "GPP Password Retrieval with PowerShell" }, "related": [], "uuid": "54351cf9-8d2a-47fb-92d5-fe64b628ab06", "value": "Obscuresecurity Get-GPPPassword" }, { "description": "Microsoft. (2017, October 16). gpresult. Retrieved August 6, 2021.", "meta": { "date_accessed": "2021-08-06T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult" ], "source": "MITRE", "title": "gpresult" }, "related": [], "uuid": "88af38e8-e437-4153-80af-a1be8c6a8629", "value": "Microsoft gpresult" }, { "description": "LOLBAS. (2018, May 25). Gpscript.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Gpscript/" ], "source": "Tidal Cyber", "title": "Gpscript.exe" }, "related": [], "uuid": "619f57d9-d93b-4e9b-aae0-6ce89d91deb6", "value": "Gpscript.exe - LOLBAS Project" }, { "description": "ESET. (2020, April 28). Grandoreiro: How engorged can an EXE get?. Retrieved November 13, 2020.", "meta": { "date_accessed": "2020-11-13T00:00:00Z", "date_published": "2020-04-28T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2020/04/28/grandoreiro-how-engorged-can-exe-get/" ], "source": "MITRE", "title": "Grandoreiro: How engorged can an EXE get?" }, "related": [], "uuid": "d6270492-986b-4fb6-bdbc-2e364947847c", "value": "ESET Grandoreiro April 2020" }, { "description": "Abramov, D. (2020, April 13). Grandoreiro Malware Now Targeting Banks in Spain. Retrieved November 12, 2020.", "meta": { "date_accessed": "2020-11-12T00:00:00Z", "date_published": "2020-04-13T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/grandoreiro-malware-now-targeting-banks-in-spain/" ], "source": "MITRE", "title": "Grandoreiro Malware Now Targeting Banks in Spain" }, "related": [], "uuid": "a2d4bca5-d57d-4a77-95c6-409f90115e2f", "value": "IBM Grandoreiro April 2020" }, { "description": "AWS. (n.d.). Granting a user permissions to pass a role to an AWS service. Retrieved July 10, 2023.", "meta": { "date_accessed": "2023-07-10T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html" ], "source": "MITRE", "title": "Granting a user permissions to pass a role to an AWS service" }, "related": [], "uuid": "01e0c198-dd59-5dd1-b632-73cb316eafe0", "value": "AWS PassRole" }, { "description": "Microsoft. (n.d.). Graphics.CopyFromScreen Method. Retrieved March 24, 2020.", "meta": { "date_accessed": "2020-03-24T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen?view=netframework-4.8" ], "source": "MITRE", "title": "Graphics.CopyFromScreen Method" }, "related": [], "uuid": "b9733af4-ffb4-416e-884e-d51649aecbce", "value": "CopyFromScreen .NET" }, { "description": "Mercer, W., Rascagneres, P. (2018, April 26). GravityRAT - The Two-Year Evolution Of An APT Targeting India. Retrieved May 16, 2018.", "meta": { "date_accessed": "2018-05-16T00:00:00Z", "date_published": "2018-04-26T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html" ], "source": "MITRE", "title": "GravityRAT - The Two-Year Evolution Of An APT Targeting India" }, "related": [], "uuid": "2d7a1d72-cc9a-4b0b-a89a-e24ca836879b", "value": "Talos GravityRAT" }, { "description": "Dunwoody, M. (2016, February 11). Greater Visibility Through PowerShell Logging. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2016-02-11T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html" ], "source": "MITRE", "title": "Greater Visibility Through PowerShell Logging" }, "related": [], "uuid": "02ee8297-60e8-42bf-8791-2461ebc29207", "value": "FireEye PowerShell Logging" }, { "description": "Dunwoody, M. (2016, February 11). GREATER VISIBILITY THROUGH POWERSHELL LOGGING. Retrieved February 16, 2016.", "meta": { "date_accessed": "2016-02-16T00:00:00Z", "date_published": "2016-02-11T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html" ], "source": "MITRE", "title": "GREATER VISIBILITY THROUGH POWERSHELL LOGGING" }, "related": [], "uuid": "eb1e9dc7-b935-42ae-bbde-d2fdda5953db", "value": "FireEye PowerShell Logging 2016" }, { "description": "Sandvik, Runa. (2021, October 18). Green Lambert and ATT&CK. Retrieved March 21, 2022.", "meta": { "date_accessed": "2022-03-21T00:00:00Z", "date_published": "2021-10-18T00:00:00Z", "refs": [ "https://www.glitch-cat.com/blog/green-lambert-and-attack" ], "source": "MITRE", "title": "Green Lambert and ATT&CK" }, "related": [], "uuid": "f22d033c-4474-4bd7-b194-c7a4d9819a2b", "value": "Glitch-Cat Green Lambert ATTCK Oct 2021" }, { "description": "Cherepanov, A. (2018, October). GREYENERGY A successor to BlackEnergy. Retrieved November 15, 2018.", "meta": { "date_accessed": "2018-11-15T00:00:00Z", "date_published": "2018-10-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf" ], "source": "MITRE", "title": "GREYENERGY A successor to BlackEnergy" }, "related": [], "uuid": "f3e70f41-6c22-465c-b872-a7ec5e6a3e67", "value": "ESET GreyEnergy Oct 2018" }, { "description": "Department of Homeland Security and Federal Bureau of Investigation. (2016, December 29). GRIZZLY STEPPE – Russian Malicious Cyber Activity. Retrieved January 11, 2017.", "meta": { "date_accessed": "2017-01-11T00:00:00Z", "date_published": "2016-12-29T00:00:00Z", "refs": [ "https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf" ], "source": "MITRE", "title": "GRIZZLY STEPPE – Russian Malicious Cyber Activity" }, "related": [], "uuid": "4b26d274-497f-49bc-a2a5-b93856a49893", "value": "GRIZZLY STEPPE JAR" }, { "description": "Scott-Railton, J., et al. (2016, August 2). Group5: Syria and the Iranian Connection. Retrieved September 26, 2016.", "meta": { "date_accessed": "2016-09-26T00:00:00Z", "date_published": "2016-08-02T00:00:00Z", "refs": [ "https://citizenlab.ca/2016/08/group5-syria/" ], "source": "MITRE, Tidal Cyber", "title": "Group5: Syria and the Iranian Connection" }, "related": [], "uuid": "ffbec5e8-947a-4363-b7e1-812dfd79935a", "value": "Citizen Lab Group5" }, { "description": "GroupIB_TI. (2023, October 9). Group-IB Threat Intelligence Tweet October 9 2023. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2023-10-09T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://twitter.com/GroupIB_TI/status/1711234869060358562" ], "source": "Tidal Cyber", "title": "Group-IB Threat Intelligence Tweet October 9 2023" }, "related": [], "uuid": "2df546ed-6577-44b2-9b26-0a17c3622df7", "value": "Group-IB Threat Intelligence Tweet October 9 2023" }, { "description": "srachui. (2012, February 13). Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object. Retrieved March 5, 2019.", "meta": { "date_accessed": "2019-03-05T00:00:00Z", "date_published": "2012-02-13T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/13/group-policy-basics-part-1-understanding-the-structure-of-a-group-policy-object/" ], "source": "MITRE", "title": "Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object" }, "related": [], "uuid": "9b9c8c6c-c272-424e-a594-a34b7bf62477", "value": "TechNet Group Policy Basics" }, { "description": "Microsoft. (2016, August 31). Group Policy Preferences. Retrieved March 9, 2020.", "meta": { "date_accessed": "2020-03-09T00:00:00Z", "date_published": "2016-08-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)" ], "source": "MITRE", "title": "Group Policy Preferences" }, "related": [], "uuid": "fa3beaf1-81e7-411b-849a-24cffaf7c552", "value": "Microsoft GPP 2016" }, { "description": "Blachman, Y. (2020, April 22). Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities. Retrieved June 24, 2020.", "meta": { "date_accessed": "2020-06-24T00:00:00Z", "date_published": "2020-04-22T00:00:00Z", "refs": [ "https://www.venafi.com/blog/growing-abuse-ssh-keys-commodity-malware-campaigns-now-equipped-ssh-capabilities" ], "source": "MITRE", "title": "Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities" }, "related": [], "uuid": "cba14230-13bc-47ad-8f3f-d798217657bd", "value": "Venafi SSH Key Abuse" }, { "description": "Wikibooks. (2018, August 19). Grsecurity/The RBAC System. Retrieved June 4, 2020.", "meta": { "date_accessed": "2020-06-04T00:00:00Z", "date_published": "2018-08-19T00:00:00Z", "refs": [ "https://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System" ], "source": "MITRE", "title": "Grsecurity/The RBAC System" }, "related": [], "uuid": "8a7abfa0-97e8-4cac-9d76-c886e9666a16", "value": "Wikibooks Grsecurity" }, { "description": "TrueSec. (n.d.). gsecdump v2.0b5. Retrieved September 29, 2015.", "meta": { "date_accessed": "2015-09-29T00:00:00Z", "refs": [ "https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5" ], "source": "MITRE", "title": "gsecdump v2.0b5" }, "related": [], "uuid": "ba1d07ed-2e18-4f5f-9d44-082530946f14", "value": "TrueSec Gsecdump" }, { "description": "Emilio Pinna, Andrea Cardaci. (n.d.). GTFOBins. Retrieved January 28, 2022.", "meta": { "date_accessed": "2022-01-28T00:00:00Z", "refs": [ "https://gtfobins.github.io/#+suid" ], "source": "MITRE", "title": "GTFOBins" }, "related": [], "uuid": "0b7d8e81-da8e-4f6a-a1b7-4ed81e441b4d", "value": "GTFOBins Suid" }, { "description": "Emilio Pinna, Andrea Cardaci. (n.d.). gtfobins at. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "refs": [ "https://gtfobins.github.io/gtfobins/at/" ], "source": "MITRE", "title": "gtfobins at" }, "related": [], "uuid": "3fad6618-5a85-4f7a-be2b-0600269d7768", "value": "GTFObins at" }, { "description": "Rotem Sde-Or. (2022, February 15). Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months. Retrieved October 23, 2023.", "meta": { "date_accessed": "2023-10-23T00:00:00Z", "date_published": "2022-02-15T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.fortinet.com/blog/threat-research/guard-your-drive-from-driveguard" ], "source": "Tidal Cyber", "title": "Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months" }, "related": [], "uuid": "4a435edb-18ae-4c31-beff-2b8f2e6cad34", "value": "Fortinet Moses Staff February 15 2022" }, { "description": "Duncan, B. (2020, April 3). GuLoader: Malspam Campaign Installing NetWire RAT. Retrieved January 7, 2021.", "meta": { "date_accessed": "2021-01-07T00:00:00Z", "date_published": "2020-04-03T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/" ], "source": "MITRE", "title": "GuLoader: Malspam Campaign Installing NetWire RAT" }, "related": [], "uuid": "b42f119d-144a-470a-b9fe-ccbf80a78fbb", "value": "Unit 42 NETWIRE April 2020" }, { "description": "Reynolds, J.. (2016, September 13). H1N1: Technical analysis reveals new capabilities. Retrieved September 26, 2016.", "meta": { "date_accessed": "2016-09-26T00:00:00Z", "date_published": "2016-09-13T00:00:00Z", "refs": [ "http://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities" ], "source": "MITRE", "title": "H1N1: Technical analysis reveals new capabilities" }, "related": [], "uuid": "03a2faca-1a47-4f68-9f26-3fa98145f2ab", "value": "Cisco H1N1 Part 1" }, { "description": "Reynolds, J.. (2016, September 14). H1N1: Technical analysis reveals new capabilities – part 2. Retrieved September 26, 2016.", "meta": { "date_accessed": "2016-09-26T00:00:00Z", "date_published": "2016-09-14T00:00:00Z", "refs": [ "http://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities-part-2" ], "source": "MITRE", "title": "H1N1: Technical analysis reveals new capabilities – part 2" }, "related": [], "uuid": "b53e55dc-078d-4535-a99f-c979ad8ca6e6", "value": "Cisco H1N1 Part 2" }, { "description": "Barrett, B.. (2019, July 11). Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2019-07-11T00:00:00Z", "refs": [ "https://www.wired.com/story/magecart-amazon-cloud-hacks/" ], "source": "MITRE", "title": "Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting" }, "related": [], "uuid": "47fb06ed-b4ce-454c-9bbe-21b28309f351", "value": "Wired Magecart S3 Buckets, 2019" }, { "description": "Andy Greenberg. (2017, January 21). Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach. Retrieved May 14, 2021.", "meta": { "date_accessed": "2021-05-14T00:00:00Z", "date_published": "2017-01-21T00:00:00Z", "refs": [ "https://www.wired.com/story/uber-paid-off-hackers-to-hide-a-57-million-user-data-breach/" ], "source": "MITRE", "title": "Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach" }, "related": [], "uuid": "3bdf88b3-8f41-4945-9292-e299bab4f98e", "value": "Wired Uber Breach" }, { "description": "Trendmicro. (2018, November 29). Hacker Infects Node.js Package to Steal from Bitcoin Wallets. Retrieved April 10, 2019.", "meta": { "date_accessed": "2019-04-10T00:00:00Z", "date_published": "2018-11-29T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets" ], "source": "MITRE", "title": "Hacker Infects Node.js Package to Steal from Bitcoin Wallets" }, "related": [], "uuid": "69eac1b0-1c50-4534-99e0-2d0fd738ab8f", "value": "Trendmicro NPM Compromise" }, { "description": "Mimoso, M.. (2014, June 18). Hacker Puts Hosting Service Code Spaces Out of Business. Retrieved December 15, 2020.", "meta": { "date_accessed": "2020-12-15T00:00:00Z", "date_published": "2014-06-18T00:00:00Z", "refs": [ "https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761/" ], "source": "MITRE", "title": "Hacker Puts Hosting Service Code Spaces Out of Business" }, "related": [], "uuid": "97d16d3a-98a0-4a7d-9f74-8877c8088ddf", "value": "Data Destruction - Threat Post" }, { "description": "Bill Toulas. (2023, August 2). Hackers exploited Salesforce zero-day in Facebook phishing attack. Retrieved September 18, 2023.", "meta": { "date_accessed": "2023-09-18T00:00:00Z", "date_published": "2023-08-02T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/hackers-exploited-salesforce-zero-day-in-facebook-phishing-attack/" ], "source": "MITRE", "title": "Hackers exploited Salesforce zero-day in Facebook phishing attack" }, "related": [], "uuid": "cbd360bb-f4b6-5326-8861-b05f3a2a8737", "value": "Salesforce zero-day in facebook phishing attack" }, { "description": "Hackett, R. (2017, September 6). Hackers Have Penetrated Energy Grid, Symantec Warns. Retrieved June 6, 2018.", "meta": { "date_accessed": "2018-06-06T00:00:00Z", "date_published": "2017-09-06T00:00:00Z", "refs": [ "http://fortune.com/2017/09/06/hack-energy-grid-symantec/" ], "source": "MITRE", "title": "Hackers Have Penetrated Energy Grid, Symantec Warns" }, "related": [], "uuid": "b56c5b41-b8e0-4fef-a6d8-183bb283dc7c", "value": "Fortune Dragonfly 2.0 Sept 2017" }, { "description": "Brennan, M. (2022, February 16). Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection. Retrieved August 22, 2022.", "meta": { "date_accessed": "2022-08-22T00:00:00Z", "date_published": "2022-02-16T00:00:00Z", "refs": [ "https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection" ], "source": "MITRE", "title": "Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection" }, "related": [], "uuid": "e9f91661-29e3-408e-bfdd-c7df22f3f400", "value": "Huntress API Hash" }, { "description": "Sergiu Gatlan. (2020, April 16). Hackers steal WiFi passwords using upgraded Agent Tesla malware. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "date_published": "2020-04-16T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/hackers-steal-wifi-passwords-using-upgraded-agent-tesla-malware/" ], "source": "MITRE", "title": "Hackers steal WiFi passwords using upgraded Agent Tesla malware" }, "related": [], "uuid": "93b5ecd2-35a3-5bd8-9d6e-87bace012546", "value": "BleepingComputer Agent Tesla steal wifi passwords" }, { "description": "Kan, M. (2019, October 24). Hackers Try to Phish United Nations Staffers With Fake Login Pages. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2019-10-24T00:00:00Z", "refs": [ "https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages" ], "source": "MITRE", "title": "Hackers Try to Phish United Nations Staffers With Fake Login Pages" }, "related": [], "uuid": "f652524c-7950-4a8a-9860-0e658a9581d8", "value": "PCMag FakeLogin" }, { "description": "Brian Krebs. (2016, October 31). Hackforums Shutters Booter Service Bazaar. Retrieved May 15, 2017.", "meta": { "date_accessed": "2017-05-15T00:00:00Z", "date_published": "2016-10-31T00:00:00Z", "refs": [ "https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/" ], "source": "MITRE", "title": "Hackforums Shutters Booter Service Bazaar" }, "related": [], "uuid": "b46efda2-18e0-451e-b945-28421c2d5274", "value": "Krebs-Bazaar" }, { "description": "Ilascu, I. (2020, December 14). Hacking group’s new malware abuses Google and Facebook services. Retrieved December 28, 2020.", "meta": { "date_accessed": "2020-12-28T00:00:00Z", "date_published": "2020-12-14T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/hacking-group-s-new-malware-abuses-google-and-facebook-services/" ], "source": "MITRE", "title": "Hacking group’s new malware abuses Google and Facebook services" }, "related": [], "uuid": "307108c8-9c72-4f31-925b-0b9bd4b31e7b", "value": "BleepingComputer Molerats Dec 2020" }, { "description": "Microsoft Secure Team. (2016, June 1). Hacking Team Breach: A Cyber Jurassic Park. Retrieved March 5, 2019.", "meta": { "date_accessed": "2019-03-05T00:00:00Z", "date_published": "2016-06-01T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2016/06/01/hacking-team-breach-a-cyber-jurassic-park/" ], "source": "MITRE", "title": "Hacking Team Breach: A Cyber Jurassic Park" }, "related": [], "uuid": "8daac742-6467-40db-9fe5-87efd2a96f09", "value": "Microsoft Hacking Team Breach" }, { "description": "Intel Security. (2005, July 16). HackingTeam's UEFI Rootkit Details. Retrieved March 20, 2017.", "meta": { "date_accessed": "2017-03-20T00:00:00Z", "date_published": "2005-07-16T00:00:00Z", "refs": [ "http://www.intelsecurity.com/advanced-threat-research/content/data/HT-UEFI-rootkit.html" ], "source": "MITRE", "title": "HackingTeam's UEFI Rootkit Details" }, "related": [], "uuid": "1c476cb2-8ce0-4559-8037-646d0ea09398", "value": "Intel HackingTeam UEFI Rootkit" }, { "description": "Lin, P. (2015, July 13). Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems. Retrieved December 11, 2015.", "meta": { "date_accessed": "2015-12-11T00:00:00Z", "date_published": "2015-07-13T00:00:00Z", "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/" ], "source": "MITRE", "title": "Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems" }, "related": [], "uuid": "24796535-d516-45e9-bcc7-8f03a3f3cd73", "value": "TrendMicro Hacking Team UEFI" }, { "description": "Temperton, J. (2015, August 10). Hacking Team zero-day used in new Darkhotel attacks. Retrieved March 9, 2017.", "meta": { "date_accessed": "2017-03-09T00:00:00Z", "date_published": "2015-08-10T00:00:00Z", "refs": [ "https://www.wired.co.uk/article/darkhotel-hacking-team-cyber-espionage" ], "source": "MITRE", "title": "Hacking Team zero-day used in new Darkhotel attacks" }, "related": [], "uuid": "4de7960b-bd62-452b-9e64-b52a0d580858", "value": "TempertonDarkHotel" }, { "description": "Vengerik, B. & Dennesen, K.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved January 15, 2019.", "meta": { "date_accessed": "2019-01-15T00:00:00Z", "date_published": "2014-12-05T00:00:00Z", "refs": [ "https://www2.fireeye.com/WBNR-14Q4NAMFIN4.html" ], "source": "MITRE", "title": "Hacking the Street? FIN4 Likely Playing the Market" }, "related": [], "uuid": "6dcfe3fb-c310-49cf-a657-f2cec65c5499", "value": "FireEye Hacking FIN4 Video Dec 2014" }, { "description": "Vengerik, B. et al.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved December 17, 2018.", "meta": { "date_accessed": "2018-12-17T00:00:00Z", "date_published": "2014-12-05T00:00:00Z", "refs": [ "https://www.mandiant.com/sites/default/files/2021-09/rpt-fin4.pdf" ], "source": "MITRE", "title": "Hacking the Street? FIN4 Likely Playing the Market" }, "related": [], "uuid": "c3ac1c2a-21cc-42a9-a214-88f302371766", "value": "FireEye Hacking FIN4 Dec 2014" }, { "description": "Vasilios Hioureas. (2019, September 13). Hacking with AWS: incorporating leaky buckets into your OSINT workflow. Retrieved February 14, 2022.", "meta": { "date_accessed": "2022-02-14T00:00:00Z", "date_published": "2019-09-13T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/researchers-corner/2019/09/hacking-with-aws-incorporating-leaky-buckets-osint-workflow/" ], "source": "MITRE", "title": "Hacking with AWS: incorporating leaky buckets into your OSINT workflow" }, "related": [], "uuid": "67ebcf71-828e-4202-b842-f071140883f8", "value": "Malwarebytes OSINT Leaky Buckets - Hioureas" }, { "description": "MSTIC. (2021, March 2). HAFNIUM targeting Exchange Servers with 0-day exploits. Retrieved March 3, 2021.", "meta": { "date_accessed": "2021-03-03T00:00:00Z", "date_published": "2021-03-02T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/" ], "source": "MITRE, Tidal Cyber", "title": "HAFNIUM targeting Exchange Servers with 0-day exploits" }, "related": [], "uuid": "6a986c46-79a3-49c6-94d2-d9b1f5db08f3", "value": "Microsoft HAFNIUM March 2020" }, { "description": "Luis Martin Garcia. (2008, February 1). Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security. Retrieved October 18, 2022.", "meta": { "date_accessed": "2022-10-18T00:00:00Z", "date_published": "2008-02-01T00:00:00Z", "refs": [ "http://recursos.aldabaknocking.com/libpcapHakin9LuisMartinGarcia.pdf" ], "source": "MITRE", "title": "Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security" }, "related": [], "uuid": "2803d0b8-78ee-4b19-aad3-daf84cd292b5", "value": "haking9 libpcap network sniffing" }, { "description": "FireEye Labs. (2015, July). HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Retrieved September 17, 2015.", "meta": { "date_accessed": "2015-09-17T00:00:00Z", "date_published": "2015-07-01T00:00:00Z", "refs": [ "https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf" ], "source": "MITRE", "title": "HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group" }, "related": [], "uuid": "78ead31e-7450-46e8-89cf-461ae1981994", "value": "FireEye APT29" }, { "description": "Anubhav, A., Jallepalli, D. (2016, September 23). Hancitor (AKA Chanitor) observed using multiple attack approaches. Retrieved August 13, 2020.", "meta": { "date_accessed": "2020-08-13T00:00:00Z", "date_published": "2016-09-23T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2016/09/hancitor_aka_chanit.html" ], "source": "MITRE", "title": "Hancitor (AKA Chanitor) observed using multiple attack approaches" }, "related": [], "uuid": "65a07c8c-5b29-445f-8f01-6e577df4ea62", "value": "FireEye Hancitor" }, { "description": "Matthews, M. and Backhouse, W. (2021, June 15). Handy guide to a new Fivehands ransomware variant. Retrieved June 24, 2021.", "meta": { "date_accessed": "2021-06-24T00:00:00Z", "date_published": "2021-06-15T00:00:00Z", "refs": [ "https://research.nccgroup.com/2021/06/15/handy-guide-to-a-new-fivehands-ransomware-variant/" ], "source": "MITRE", "title": "Handy guide to a new Fivehands ransomware variant" }, "related": [], "uuid": "33955c35-e8cd-4486-b1ab-6f992319c81c", "value": "NCC Group Fivehands June 2021" }, { "description": "Apple Inc.. (2021, January 1). Hardened Runtime: Manage security protections and resource access for your macOS apps.. Retrieved March 24, 2021.", "meta": { "date_accessed": "2021-03-24T00:00:00Z", "date_published": "2021-01-01T00:00:00Z", "refs": [ "https://developer.apple.com/documentation/security/hardened_runtime" ], "source": "MITRE", "title": "Hardened Runtime: Manage security protections and resource access for your macOS apps." }, "related": [], "uuid": "b41de1e5-63ab-4556-a61f-3baca1873283", "value": "Apple Developer Doco Hardened Runtime" }, { "description": "Bromiley, M., et al.. (2019, July 18). Hard Pass: Declining APT34’s Invite to Join Their Professional Network. Retrieved August 26, 2019.", "meta": { "date_accessed": "2019-08-26T00:00:00Z", "date_published": "2019-07-18T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html" ], "source": "MITRE", "title": "Hard Pass: Declining APT34’s Invite to Join Their Professional Network" }, "related": [], "uuid": "09a00ded-1afc-4555-894e-a151162796eb", "value": "FireEye APT34 July 2019" }, { "description": "Dunning, J. (2016, August 1). Hashjacking. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "date_published": "2016-08-01T00:00:00Z", "refs": [ "https://github.com/hob0/hashjacking" ], "source": "MITRE", "title": "Hashjacking" }, "related": [], "uuid": "d31f6612-c552-45e1-bf6b-889fe619ab5f", "value": "GitHub Hashjacking" }, { "description": "Swapnil Patil, Yogesh Londhe. (2017, July 25). HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign. Retrieved June 18, 2019.", "meta": { "date_accessed": "2019-06-18T00:00:00Z", "date_published": "2017-07-25T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/07/hawkeye-malware-distributed-in-phishing-campaign.html" ], "source": "MITRE", "title": "HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign" }, "related": [], "uuid": "7ad228a8-5450-45ec-86fc-ea038f7c6ef7", "value": "FireEye HawkEye Malware July 2017" }, { "description": "Maddalena, C.. (2018, September 12). Head in the Clouds. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2018-09-12T00:00:00Z", "refs": [ "https://posts.specterops.io/head-in-the-clouds-bd038bb69e48" ], "source": "MITRE", "title": "Head in the Clouds" }, "related": [], "uuid": "95d6d1ce-ceba-48ee-88c4-0fb30058bd80", "value": "Specter Ops - Cloud Credential Storage" }, { "description": "KONSTANTIN ZYKOV. (2019, September 23). Hello! My name is Dtrack. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2019-09-23T00:00:00Z", "refs": [ "https://securelist.com/my-name-is-dtrack/93338/" ], "source": "MITRE", "title": "Hello! My name is Dtrack" }, "related": [], "uuid": "a011b68a-30e0-4204-9bf3-fa73f2a238b4", "value": "Securelist Dtrack2" }, { "description": "Konstantin Zykov. (2019, September 23). Hello! My name is Dtrack. Retrieved January 20, 2021.", "meta": { "date_accessed": "2021-01-20T00:00:00Z", "date_published": "2019-09-23T00:00:00Z", "refs": [ "https://securelist.com/my-name-is-dtrack/93338/" ], "source": "MITRE", "title": "Hello! My name is Dtrack" }, "related": [], "uuid": "49bd8841-a4b5-4ced-adfa-0ad0c8625ccd", "value": "Securelist Dtrack" }, { "description": "Mark Baggett. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved November 8, 2012.", "meta": { "date_accessed": "2012-11-08T00:00:00Z", "date_published": "2012-11-08T00:00:00Z", "refs": [ "https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464" ], "source": "MITRE", "title": "Help eliminate unquoted path vulnerabilities" }, "related": [], "uuid": "23ad5a8c-cbe1-4f40-8757-f1784a4003a1", "value": "Help eliminate unquoted path" }, { "description": "Baggett, M. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved December 4, 2014.", "meta": { "date_accessed": "2014-12-04T00:00:00Z", "date_published": "2012-11-08T00:00:00Z", "refs": [ "https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464" ], "source": "MITRE", "title": "Help eliminate unquoted path vulnerabilities" }, "related": [], "uuid": "9b234329-5e05-4035-af38-dd8ab20fd68e", "value": "Baggett 2012" }, { "description": "Kellie Eickmeyer. (2022, February 7). Helping users stay safe: Blocking internet macros by default in Office. Retrieved February 7, 2022.", "meta": { "date_accessed": "2022-02-07T00:00:00Z", "date_published": "2022-02-07T00:00:00Z", "refs": [ "https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805" ], "source": "MITRE", "title": "Helping users stay safe: Blocking internet macros by default in Office" }, "related": [], "uuid": "d86883dd-3766-4971-91c7-b205ed13cc37", "value": "Default VBS macros Blocking" }, { "description": "Carr, N. (2018, January 31). Here is some early bad cmstp.exe... Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2018-01-31T00:00:00Z", "refs": [ "https://twitter.com/ItsReallyNick/status/958789644165894146" ], "source": "MITRE", "title": "Here is some early bad cmstp.exe.." }, "related": [], "uuid": "836621f3-83e1-4c55-8e3b-740fc9ba1e46", "value": "Twitter CMSTP Usage Jan 2018" }, { "description": "ESET. (2022, February 24). HermeticWiper: New data wiping malware hits Ukraine. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2022-02-24T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine" ], "source": "MITRE", "title": "HermeticWiper: New data wiping malware hits Ukraine" }, "related": [], "uuid": "07ef66e8-195b-4afe-a518-ce9e77220038", "value": "ESET Hermetic Wiper February 2022" }, { "description": "Guerrero-Saade, J. (2022, February 23). HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2022-02-23T00:00:00Z", "refs": [ "https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack" ], "source": "MITRE", "title": "HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine" }, "related": [], "uuid": "96825555-1936-4ee3-bb25-423dc16a9116", "value": "SentinelOne Hermetic Wiper February 2022" }, { "description": "Dragos. (n.d.). Hexane. Retrieved October 27, 2019.", "meta": { "date_accessed": "2019-10-27T00:00:00Z", "refs": [ "https://dragos.com/resource/hexane/" ], "source": "MITRE", "title": "Hexane" }, "related": [], "uuid": "11838e67-5032-4352-ad1f-81ba0398a14f", "value": "Dragos Hexane" }, { "description": "Sourceforge. (n.d.). Heyoka POC Exfiltration Tool. Retrieved October 11, 2022.", "meta": { "date_accessed": "2022-10-11T00:00:00Z", "refs": [ "https://heyoka.sourceforge.net/" ], "source": "MITRE", "title": "Heyoka POC Exfiltration Tool" }, "related": [], "uuid": "f6677391-cb7a-4abc-abb7-3a8cd47fbc90", "value": "Sourceforge Heyoka 2022" }, { "description": "LOLBAS. (2018, May 25). Hh.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Hh/" ], "source": "Tidal Cyber", "title": "Hh.exe" }, "related": [], "uuid": "4e09bfcf-f5be-46c5-9ebf-8742ac8d1edc", "value": "Hh.exe - LOLBAS Project" }, { "description": "Red Team Labs. (2018, April 24). Hidden Administrative Accounts: BloodHound to the Rescue. Retrieved October 28, 2020.", "meta": { "date_accessed": "2020-10-28T00:00:00Z", "date_published": "2018-04-24T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/hidden-administrative-accounts-bloodhound-to-the-rescue/" ], "source": "MITRE", "title": "Hidden Administrative Accounts: BloodHound to the Rescue" }, "related": [], "uuid": "fa99f290-e42c-4311-9f6d-c519c9ab89fe", "value": "CrowdStrike BloodHound April 2018" }, { "description": "Sherstobitoff, R. (2018, March 08). Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant. Retrieved May 18, 2018.", "meta": { "date_accessed": "2018-05-18T00:00:00Z", "date_published": "2018-03-08T00:00:00Z", "refs": [ "https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/" ], "source": "MITRE", "title": "Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant" }, "related": [], "uuid": "c748dc6c-8c19-4a5c-840f-3d47955a6c78", "value": "McAfee Bankshot" }, { "description": "Damian Pfammatter. (2018, September 17). Hidden Inbox Rules in Microsoft Exchange. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2018-09-17T00:00:00Z", "refs": [ "https://blog.compass-security.com/2018/09/hidden-inbox-rules-in-microsoft-exchange/" ], "source": "MITRE", "title": "Hidden Inbox Rules in Microsoft Exchange" }, "related": [], "uuid": "8a00b664-5a75-4365-9069-a32e0ed20a80", "value": "Pfammatter - Hidden Inbox Rules" }, { "description": "Sanmillan, I. (2019, May 29). HiddenWasp Malware Stings Targeted Linux Systems. Retrieved June 24, 2019.", "meta": { "date_accessed": "2019-06-24T00:00:00Z", "date_published": "2019-05-29T00:00:00Z", "refs": [ "https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/" ], "source": "MITRE", "title": "HiddenWasp Malware Stings Targeted Linux Systems" }, "related": [], "uuid": "dfef8451-031b-42a6-8b78-d25950cc9d23", "value": "Intezer HiddenWasp Map 2019" }, { "description": "Apple. (2020, November 30). Hide a user account in macOS. Retrieved December 10, 2021.", "meta": { "date_accessed": "2021-12-10T00:00:00Z", "date_published": "2020-11-30T00:00:00Z", "refs": [ "https://support.apple.com/en-us/HT203998" ], "source": "MITRE", "title": "Hide a user account in macOS" }, "related": [], "uuid": "e901df3b-76a6-41a5-9083-b28065e75aa2", "value": "Apple Support Hide a User Account" }, { "description": "Arntz, P. (2016, March 30). Hiding in Plain Sight. Retrieved August 3, 2020.", "meta": { "date_accessed": "2020-08-03T00:00:00Z", "date_published": "2016-03-30T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/cybercrime/2013/10/hiding-in-plain-sight/" ], "source": "MITRE", "title": "Hiding in Plain Sight" }, "related": [], "uuid": "d4eba34c-d76b-45b4-bcaf-0f13459daaad", "value": "Malwarebytes Wow6432Node 2016" }, { "description": "FireEye Labs/FireEye Threat Intelligence. (2015, May 14). Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic. Retrieved January 22, 2016.", "meta": { "date_accessed": "2016-01-22T00:00:00Z", "date_published": "2015-05-14T00:00:00Z", "refs": [ "https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic" }, "related": [], "uuid": "a303f97a-72dd-4833-bac7-a421addc3242", "value": "FireEye APT17" }, { "description": "Crowdstrike. (2018, July 18). Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises. Retrieved January 19, 2020.", "meta": { "date_accessed": "2020-01-19T00:00:00Z", "date_published": "2018-07-18T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/hiding-in-plain-sight-using-the-office-365-activities-api-to-investigate-business-email-compromises/" ], "source": "MITRE", "title": "Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises" }, "related": [], "uuid": "8612fb31-5806-47ca-ba43-265a590b61fb", "value": "Crowdstrike Hiding in Plain Sight 2018" }, { "description": "Aliz Hammond. (2019, August 15). Hiding Malicious Code with \"Module Stomping\": Part 1. Retrieved July 14, 2022.", "meta": { "date_accessed": "2022-07-14T00:00:00Z", "date_published": "2019-08-15T00:00:00Z", "refs": [ "https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/" ], "source": "MITRE", "title": "Hiding Malicious Code with \"Module Stomping\": Part 1" }, "related": [], "uuid": "88983d22-980d-4442-858a-3b70ec485b94", "value": "Hiding Malicious Code with Module Stomping" }, { "description": "Reitz, B. (2017, July 14). Hiding Registry keys with PSReflect. Retrieved August 9, 2018.", "meta": { "date_accessed": "2018-08-09T00:00:00Z", "date_published": "2017-07-14T00:00:00Z", "refs": [ "https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353" ], "source": "MITRE", "title": "Hiding Registry keys with PSReflect" }, "related": [], "uuid": "877a5ae4-ec5f-4f53-b69d-ba74ff9e1619", "value": "SpectorOps Hiding Reg Jul 2017" }, { "description": "FireEye. (2020, December 13). Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. Retrieved January 4, 2021.", "meta": { "date_accessed": "2021-01-04T00:00:00Z", "date_published": "2020-12-13T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html" ], "source": "MITRE, Tidal Cyber", "title": "Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor" }, "related": [], "uuid": "d006ed03-a8af-4887-9356-3481d81d43e4", "value": "FireEye SUNBURST Backdoor December 2020" }, { "description": "Mudge, R. (2017, February 6). High-reputation Redirectors and Domain Fronting. Retrieved July 11, 2022.", "meta": { "date_accessed": "2022-07-11T00:00:00Z", "date_published": "2017-02-06T00:00:00Z", "refs": [ "https://www.cobaltstrike.com/blog/high-reputation-redirectors-and-domain-fronting/" ], "source": "MITRE", "title": "High-reputation Redirectors and Domain Fronting" }, "related": [], "uuid": "42c81d97-b6ee-458e-bff3-e8c4de882cd6", "value": "Redirectors_Domain_Fronting" }, { "description": "Wardle, P. (2017, September 8). High Sierra’s ‘Secure Kernel Extension Loading’ is Broken. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2017-09-08T00:00:00Z", "refs": [ "https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/" ], "source": "MITRE", "title": "High Sierra’s ‘Secure Kernel Extension Loading’ is Broken" }, "related": [], "uuid": "647f6be8-fe95-4045-8778-f7d7ff00c96c", "value": "Synack Secure Kernel Extension Broken" }, { "description": "Chen, J. et al. (2021, February 3). Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes. Retrieved April 5, 2021.", "meta": { "date_accessed": "2021-04-05T00:00:00Z", "date_published": "2021-02-03T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/" ], "source": "MITRE", "title": "Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes" }, "related": [], "uuid": "0941cf0e-75d8-4c96-bc42-c99d809e75f9", "value": "Unit 42 Hildegard Malware" }, { "description": "drakonia. (2022, August 10). HInvoke and avoiding PInvoke. Retrieved August 22, 2022.", "meta": { "date_accessed": "2022-08-22T00:00:00Z", "date_published": "2022-08-10T00:00:00Z", "refs": [ "https://dr4k0nia.github.io/dotnet/coding/2022/08/10/HInvoke-and-avoiding-PInvoke.html?s=03" ], "source": "MITRE", "title": "HInvoke and avoiding PInvoke" }, "related": [], "uuid": "11d936fd-aba0-4eed-8007-aca71c340c59", "value": "Drakonia HInvoke" }, { "description": "Microsoft. (2021, August 5). HKLM\\SYSTEM\\CurrentControlSet\\Services Registry Tree. Retrieved August 25, 2021.", "meta": { "date_accessed": "2021-08-25T00:00:00Z", "date_published": "2021-08-05T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-services-registry-tree" ], "source": "MITRE", "title": "HKLM\\SYSTEM\\CurrentControlSet\\Services Registry Tree" }, "related": [], "uuid": "171cfdf1-d91c-4df3-831e-89b6237e3c8b", "value": "microsoft_services_registry_tree" }, { "description": "Microsoft. (2017, April 20). HKLM\\SYSTEM\\CurrentControlSet\\Services Registry Tree. Retrieved March 16, 2020.", "meta": { "date_accessed": "2020-03-16T00:00:00Z", "date_published": "2017-04-20T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-services-registry-tree" ], "source": "MITRE", "title": "HKLM\\SYSTEM\\CurrentControlSet\\Services Registry Tree" }, "related": [], "uuid": "cb9b5391-773f-4b56-8c41-d4f548c7b835", "value": "Microsoft CurrentControlSet Services" }, { "description": "Accenture Security. (2018, April 23). Hogfish Redleaves Campaign. Retrieved July 2, 2018.", "meta": { "date_accessed": "2018-07-02T00:00:00Z", "date_published": "2018-04-23T00:00:00Z", "refs": [ "http://web.archive.org/web/20220810112638/https:/www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf" ], "source": "MITRE", "title": "Hogfish Redleaves Campaign" }, "related": [], "uuid": "c8e9fee1-9981-499f-a62f-ffe59f4bb1e7", "value": "Accenture Hogfish April 2018" }, { "description": "Kafeine. (2016, December 13). Home Routers Under Attack via Malvertising on Windows, Android Devices. Retrieved January 16, 2019.", "meta": { "date_accessed": "2019-01-16T00:00:00Z", "date_published": "2016-12-13T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices" ], "source": "MITRE", "title": "Home Routers Under Attack via Malvertising on Windows, Android Devices" }, "related": [], "uuid": "b964139f-7c02-451d-8d22-a87975e60aa2", "value": "Proofpoint Router Malvertising" }, { "description": "Radoslaw Zdonczyk. (2023, July 30). Honeypot Recon: New Variant of SkidMap Targeting Redis. Retrieved September 29, 2023.", "meta": { "date_accessed": "2023-09-29T00:00:00Z", "date_published": "2023-07-30T00:00:00Z", "refs": [ "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-new-variant-of-skidmap-targeting-redis/" ], "source": "MITRE", "title": "Honeypot Recon: New Variant of SkidMap Targeting Redis" }, "related": [], "uuid": "300505ae-bb7a-503d-84c5-9ff021eb6f3a", "value": "Trustwave Honeypot SkidMap 2023" }, { "description": "Microsoft. (n.d.). Hooks Overview. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms644959.aspx" ], "source": "MITRE", "title": "Hooks Overview" }, "related": [], "uuid": "54997a52-f78b-4af4-8916-787bcb215ce1", "value": "Microsoft Hook Overview" }, { "description": "Atkinson, J. (2017, July 18). Host-based Threat Modeling & Indicator Design. Retrieved March 21, 2018.", "meta": { "date_accessed": "2018-03-21T00:00:00Z", "date_published": "2017-07-18T00:00:00Z", "refs": [ "https://posts.specterops.io/host-based-threat-modeling-indicator-design-a9dbbb53d5ea" ], "source": "MITRE", "title": "Host-based Threat Modeling & Indicator Design" }, "related": [], "uuid": "5fbf3a1d-eac2-44b8-a0a9-70feca168647", "value": "SpectorOps Host-Based Jul 2017" }, { "description": "Vaishnav Murthy and Joel Eng. (2023, January 30). How Adversaries Can Persist with AWS User Federation. Retrieved March 10, 2023.", "meta": { "date_accessed": "2023-03-10T00:00:00Z", "date_published": "2023-01-30T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/how-adversaries-persist-with-aws-user-federation/" ], "source": "MITRE", "title": "How Adversaries Can Persist with AWS User Federation" }, "related": [], "uuid": "8c4f806c-b6f2-5bde-8525-05da6692e59c", "value": "Crowdstrike AWS User Federation Persistence" }, { "description": "Andy Greenberg. (2017, June 28). How an Entire Nation Became Russia's Test Lab for Cyberwar. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "date_published": "2017-06-28T00:00:00Z", "refs": [ "https://www.wired.com/story/russian-hackers-attack-ukraine/" ], "source": "MITRE", "title": "How an Entire Nation Became Russia's Test Lab for Cyberwar" }, "related": [], "uuid": "6a013c48-3b58-5b87-9af5-0b7d01f27c48", "value": "Andy Greenberg June 2017" }, { "description": "Shinotsuka, H. (2013, February 22). How Attackers Steal Private Keys from Digital Certificates. Retrieved March 31, 2016.", "meta": { "date_accessed": "2016-03-31T00:00:00Z", "date_published": "2013-02-22T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/how-attackers-steal-private-keys-digital-certificates" ], "source": "MITRE", "title": "How Attackers Steal Private Keys from Digital Certificates" }, "related": [], "uuid": "4b4f0171-827d-45c3-8c89-66ea801e77e8", "value": "Symantec Digital Certificates" }, { "description": "Sean Metcalf. (2015, November 17). How Attackers Use Kerberos Silver Tickets to Exploit Systems. Retrieved February 27, 2020.", "meta": { "date_accessed": "2020-02-27T00:00:00Z", "date_published": "2015-11-17T00:00:00Z", "refs": [ "https://adsecurity.org/?p=2011" ], "source": "MITRE", "title": "How Attackers Use Kerberos Silver Tickets to Exploit Systems" }, "related": [], "uuid": "5185560e-b8f0-4c40-8c90-cb12348a0f7f", "value": "ADSecurity Silver Tickets" }, { "description": "Amazon. (2019, May 17). How can I secure the files in my Amazon S3 bucket?. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2019-05-17T00:00:00Z", "refs": [ "https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/" ], "source": "MITRE", "title": "How can I secure the files in my Amazon S3 bucket?" }, "related": [], "uuid": "4c434ca5-2544-45e0-82d9-71343d8aa960", "value": "Amazon S3 Security, 2019" }, { "description": "Microsoft. (2009, October 8). How Connection Manager Works. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2009-10-08T00:00:00Z", "refs": [ "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)" ], "source": "MITRE", "title": "How Connection Manager Works" }, "related": [], "uuid": "0b0880a8-82cc-4e23-afd9-95d099c753a4", "value": "Microsoft Connection Manager Oct 2009" }, { "description": "Abendan, O. (2012, June 14). How DNS Changer Trojans Direct Users to Threats. Retrieved October 28, 2021.", "meta": { "date_accessed": "2021-10-28T00:00:00Z", "date_published": "2012-06-14T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/125/how-dns-changer-trojans-direct-users-to-threats" ], "source": "MITRE", "title": "How DNS Changer Trojans Direct Users to Threats" }, "related": [], "uuid": "082a0fde-d9f9-45f2-915d-f14c77b62254", "value": "dns_changer_trojans" }, { "description": "Entrust Datacard. (2017, August 16). How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server?. Retrieved January 31, 2018.", "meta": { "date_accessed": "2018-01-31T00:00:00Z", "date_published": "2017-08-16T00:00:00Z", "refs": [ "http://www.entrust.net/knowledge-base/technote.cfm?tn=8165" ], "source": "MITRE", "title": "How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server?" }, "related": [], "uuid": "ad6dfcab-792a-4b4d-8ada-aa418e2ea1aa", "value": "Entrust Enable CAPI2 Aug 2017" }, { "description": "rjben. (2012, May 30). How do you find the culprit when unauthorized access to a computer is a problem?. Retrieved August 3, 2022.", "meta": { "date_accessed": "2022-08-03T00:00:00Z", "date_published": "2012-05-30T00:00:00Z", "refs": [ "https://discussions.apple.com/thread/3991574" ], "source": "MITRE", "title": "How do you find the culprit when unauthorized access to a computer is a problem?" }, "related": [], "uuid": "9254d3f5-7fc1-4710-b885-b0ddb3a3dca9", "value": "Apple Culprit Access" }, { "description": "Department of Justice. (2018, August 01). HOW FIN7 ATTACKED AND STOLE DATA. Retrieved August 24, 2018.", "meta": { "date_accessed": "2018-08-24T00:00:00Z", "date_published": "2018-08-01T00:00:00Z", "refs": [ "https://www.justice.gov/opa/press-release/file/1084361/download" ], "source": "MITRE", "title": "HOW FIN7 ATTACKED AND STOLE DATA" }, "related": [], "uuid": "6a588eff-2b79-41c3-9834-613a628a0355", "value": "DOJ FIN7 Aug 2018" }, { "description": "Charles McLellan. (2016, March 4). How hackers attacked Ukraine's power grid: Implications for Industrial IoT security. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "date_published": "2016-03-04T00:00:00Z", "refs": [ "https://www.zdnet.com/article/how-hackers-attacked-ukraines-power-grid-implications-for-industrial-iot-security/" ], "source": "MITRE", "title": "How hackers attacked Ukraine's power grid: Implications for Industrial IoT security" }, "related": [], "uuid": "a9156c24-42ad-5f15-a18e-2382f84d702e", "value": "Charles McLellan March 2016" }, { "description": "Cyware Hacker News. (2019, October 2). How Hackers Exploit Social Media To Break Into Your Company. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2019-10-02T00:00:00Z", "refs": [ "https://cyware.com/news/how-hackers-exploit-social-media-to-break-into-your-company-88e8da8e" ], "source": "MITRE", "title": "How Hackers Exploit Social Media To Break Into Your Company" }, "related": [], "uuid": "e6136a63-81fe-4363-8d98-f7d1e85a0f2b", "value": "Cyware Social Media" }, { "description": "Lawrence Abrams. (2004, September 10). How Malware hides and is installed as a Service. Retrieved August 30, 2021.", "meta": { "date_accessed": "2021-08-30T00:00:00Z", "date_published": "2004-09-10T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/tutorials/how-malware-hides-as-a-service/" ], "source": "MITRE", "title": "How Malware hides and is installed as a Service" }, "related": [], "uuid": "c5982f65-1782-452a-9667-a8732d31e89a", "value": "malware_hides_service" }, { "description": "Stokes, P. (2019, July 17). How Malware Persists on macOS. Retrieved March 27, 2020.", "meta": { "date_accessed": "2020-03-27T00:00:00Z", "date_published": "2019-07-17T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/how-malware-persists-on-macos/" ], "source": "MITRE", "title": "How Malware Persists on macOS" }, "related": [], "uuid": "ce952a0d-9c0d-4a51-9564-7cc5d9e43e2c", "value": "S1 macOs Persistence" }, { "description": "Stokes, Phil. (2019, June 17). HOW MALWARE PERSISTS ON MACOS. Retrieved September 10, 2019.", "meta": { "date_accessed": "2019-09-10T00:00:00Z", "date_published": "2019-06-17T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/how-malware-persists-on-macos/" ], "source": "MITRE", "title": "HOW MALWARE PERSISTS ON MACOS" }, "related": [], "uuid": "81a49043-cac5-40e0-a626-fd242d21c56d", "value": "sentinelone macos persist Jun 2019" }, { "description": "Golubev, S. (n.d.). How malware steals autofill data from browsers. Retrieved March 28, 2023.", "meta": { "date_accessed": "2023-03-28T00:00:00Z", "refs": [ "https://www.kaspersky.com/blog/browser-data-theft/27871/" ], "source": "MITRE", "title": "How malware steals autofill data from browsers" }, "related": [], "uuid": "561ff84d-17ce-511c-af0c-059310f3c129", "value": "Kaspersky Autofill" }, { "description": "How Notarization Works. (2020, August 28). How notarization works. Retrieved September 13, 2021.", "meta": { "date_accessed": "2021-09-13T00:00:00Z", "date_published": "2020-08-28T00:00:00Z", "refs": [ "https://eclecticlight.co/2020/08/28/how-notarization-works/" ], "source": "MITRE", "title": "How notarization works" }, "related": [], "uuid": "80c840ab-782a-4f15-bc7b-2d2ab4e51702", "value": "TheEclecticLightCompany apple notarization" }, { "description": "Phil Stokes. (2020, March 16). How Offensive Actors Use AppleScript For Attacking macOS. Retrieved July 17, 2020.", "meta": { "date_accessed": "2020-07-17T00:00:00Z", "date_published": "2020-03-16T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/how-offensive-actors-use-applescript-for-attacking-macos/" ], "source": "MITRE", "title": "How Offensive Actors Use AppleScript For Attacking macOS" }, "related": [], "uuid": "bb6aafcb-ed30-404a-a9d9-b90503a0ec7c", "value": "SentinelOne AppleScript" }, { "description": "Drew Todd. (2021, December 28). How Secure Is Your Slack Channel?. Retrieved May 31, 2022.", "meta": { "date_accessed": "2022-05-31T00:00:00Z", "date_published": "2021-12-28T00:00:00Z", "refs": [ "https://www.secureworld.io/industry-news/how-secure-is-your-slack-channel#:~:text=Electronic%20Arts%20hacked%20through%20Slack%20channel&text=In%20total%2C%20the%20hackers%20claim,credentials%20over%20a%20Slack%20channel." ], "source": "MITRE", "title": "How Secure Is Your Slack Channel?" }, "related": [], "uuid": "78199414-7b5e-45d8-8bda-d6f5a7c3988b", "value": "SecureWorld - How Secure Is Your Slack Channel - Dec 2021" }, { "description": "Windows OS Hub. (2021, November 10). How to Allow Multiple RDP Sessions in Windows 10 and 11?. Retrieved March 28, 2022.", "meta": { "date_accessed": "2022-03-28T00:00:00Z", "date_published": "2021-11-10T00:00:00Z", "refs": [ "http://woshub.com/how-to-allow-multiple-rdp-sessions-in-windows-10/" ], "source": "MITRE", "title": "How to Allow Multiple RDP Sessions in Windows 10 and 11?" }, "related": [], "uuid": "335480f8-8f40-4da7-b083-6a4b158496c1", "value": "Windows OS Hub RDP" }, { "description": "Chester, A. (2019, January 28). How to Argue like Cobalt Strike. Retrieved November 19, 2021.", "meta": { "date_accessed": "2021-11-19T00:00:00Z", "date_published": "2019-01-28T00:00:00Z", "refs": [ "https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/" ], "source": "MITRE", "title": "How to Argue like Cobalt Strike" }, "related": [], "uuid": "724464f6-1a86-46e3-9a81-192b136c73ba", "value": "Xpn Argue Like Cobalt 2019" }, { "description": "Seqrite. (n.d.). How to avoid dual attack and vulnerable files with double extension?. Retrieved July 27, 2021.", "meta": { "date_accessed": "2021-07-27T00:00:00Z", "refs": [ "https://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/" ], "source": "MITRE", "title": "How to avoid dual attack and vulnerable files with double extension?" }, "related": [], "uuid": "77af0be9-174a-4330-8122-d0bd0c754973", "value": "Seqrite DoubleExtension" }, { "description": "Bank of America. (n.d.). How to avoid telephone scams. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "refs": [ "https://business.bofa.com/en-us/content/what-is-vishing.html" ], "source": "MITRE", "title": "How to avoid telephone scams" }, "related": [], "uuid": "ee1abe19-f38b-5127-8377-f13f57f2abcb", "value": "BOA Telephone Scams" }, { "description": "Fehrman, B. (2017, April 13). How to Bypass Web-Proxy Filtering. Retrieved September 20, 2019.", "meta": { "date_accessed": "2019-09-20T00:00:00Z", "date_published": "2017-04-13T00:00:00Z", "refs": [ "https://www.blackhillsinfosec.com/bypass-web-proxy-filtering/" ], "source": "MITRE", "title": "How to Bypass Web-Proxy Filtering" }, "related": [], "uuid": "fab84597-99a0-4560-8c8c-11fd8c01d5fa", "value": "bypass_webproxy_filtering" }, { "description": "Aaron Kili. (2018, January 16). How to Control Systemd Services on Remote Linux Server. Retrieved July 26, 2021.", "meta": { "date_accessed": "2021-07-26T00:00:00Z", "date_published": "2018-01-16T00:00:00Z", "refs": [ "https://www.tecmint.com/control-systemd-services-on-remote-linux-server/" ], "source": "MITRE", "title": "How to Control Systemd Services on Remote Linux Server" }, "related": [], "uuid": "0461b58e-400e-4e3e-b7c4-eed7a9b0fdd6", "value": "Systemd Remote Control" }, { "description": "Microsoft. (n.d.). How to create and delete hidden or administrative shares on client computers. Retrieved November 20, 2014.", "meta": { "date_accessed": "2014-11-20T00:00:00Z", "refs": [ "http://support.microsoft.com/kb/314984" ], "source": "MITRE", "title": "How to create and delete hidden or administrative shares on client computers" }, "related": [], "uuid": "68d23cb0-b812-4d77-a3aa-34e24a923a50", "value": "Microsoft Admin Shares" }, { "description": "Delpy, B. (2017, December 12). howto ~ credential manager saved credentials. Retrieved November 23, 2020.", "meta": { "date_accessed": "2020-11-23T00:00:00Z", "date_published": "2017-12-12T00:00:00Z", "refs": [ "https://github.com/gentilkiwi/mimikatz/wiki/howto-~-credential-manager-saved-credentials" ], "source": "MITRE", "title": "howto ~ credential manager saved credentials" }, "related": [], "uuid": "24c6027b-e0d2-4c0c-83af-4536a631ea85", "value": "Delpy Mimikatz Crendential Manager" }, { "description": "Warren, J. (2019, February 26). How to Detect Overpass-the-Hash Attacks. Retrieved February 4, 2021.", "meta": { "date_accessed": "2021-02-04T00:00:00Z", "date_published": "2019-02-26T00:00:00Z", "refs": [ "https://stealthbits.com/blog/how-to-detect-overpass-the-hash-attacks/" ], "source": "MITRE", "title": "How to Detect Overpass-the-Hash Attacks" }, "related": [], "uuid": "e0bf051c-21ab-4454-a6b0-31ae29b6e162", "value": "Stealthbits Overpass-the-Hash" }, { "description": "Jeff Warren. (2019, February 19). How to Detect Pass-the-Ticket Attacks. Retrieved February 27, 2020.", "meta": { "date_accessed": "2020-02-27T00:00:00Z", "date_published": "2019-02-19T00:00:00Z", "refs": [ "https://blog.stealthbits.com/detect-pass-the-ticket-attacks" ], "source": "MITRE", "title": "How to Detect Pass-the-Ticket Attacks" }, "related": [], "uuid": "5bdb759e-949d-4470-a4e4-925b6579da54", "value": "Stealthbits Detect PtT 2019" }, { "description": "Carvey, H. (2013, July 23). HowTo: Determine/Detect the use of Anti-Forensics Techniques. Retrieved June 3, 2016.", "meta": { "date_accessed": "2016-06-03T00:00:00Z", "date_published": "2013-07-23T00:00:00Z", "refs": [ "http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html" ], "source": "MITRE", "title": "HowTo: Determine/Detect the use of Anti-Forensics Techniques" }, "related": [], "uuid": "646211a7-77be-4e5a-bd02-eeb70d67113d", "value": "WindowsIR Anti-Forensic Techniques" }, { "description": "Microsoft. (n.d.). How to disable the Autorun functionality in Windows. Retrieved April 20, 2016.", "meta": { "date_accessed": "2016-04-20T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/kb/967715" ], "source": "MITRE", "title": "How to disable the Autorun functionality in Windows" }, "related": [], "uuid": "64bcc943-29be-4dd8-92c8-8a5dd94cbda4", "value": "Microsoft Disable Autorun" }, { "description": "Matutiae, M. (2014, August 6). How to display password policy information for a user (Ubuntu)?. Retrieved April 5, 2018.", "meta": { "date_accessed": "2018-04-05T00:00:00Z", "date_published": "2014-08-06T00:00:00Z", "refs": [ "https://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubuntu" ], "source": "MITRE", "title": "How to display password policy information for a user (Ubuntu)?" }, "related": [], "uuid": "c0bbc881-594a-408c-86a2-211ce6279231", "value": "Superuser Linux Password Policies" }, { "description": "Confluence Support. (2021, September 8). How to enable command line audit logging in linux. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "date_published": "2021-09-08T00:00:00Z", "refs": [ "https://confluence.atlassian.com/confkb/how-to-enable-command-line-audit-logging-in-linux-956166545.html" ], "source": "MITRE", "title": "How to enable command line audit logging in linux" }, "related": [], "uuid": "9ac72e5a-0b00-4936-9a78-bf2694d956c9", "value": "Confluence Linux Command Line" }, { "description": "Atlassian. (2018, January 9). How to Enable User Access Logging. Retrieved April 4, 2018.", "meta": { "date_accessed": "2018-04-04T00:00:00Z", "date_published": "2018-01-09T00:00:00Z", "refs": [ "https://confluence.atlassian.com/confkb/how-to-enable-user-access-logging-182943.html" ], "source": "MITRE", "title": "How to Enable User Access Logging" }, "related": [], "uuid": "cd3ca4ce-c512-4612-94cc-3cf4d4dbba56", "value": "Atlassian Confluence Logging" }, { "description": "Abdou Rockikz. (2020, July). How to Execute Shell Commands in a Remote Machine in Python. Retrieved July 26, 2021.", "meta": { "date_accessed": "2021-07-26T00:00:00Z", "date_published": "2020-07-01T00:00:00Z", "refs": [ "https://www.thepythoncode.com/article/executing-bash-commands-remotely-in-python" ], "source": "MITRE", "title": "How to Execute Shell Commands in a Remote Machine in Python" }, "related": [], "uuid": "4ea54256-42f9-4b35-8f9e-e595ab9be9ce", "value": "Remote Shell Execution in Python" }, { "description": "Ruslana Lishchuk. (2021, March 26). How to Find a Saved Wi-Fi Password on a Mac. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "date_published": "2021-03-26T00:00:00Z", "refs": [ "https://mackeeper.com/blog/find-wi-fi-password-on-mac/" ], "source": "MITRE", "title": "How to Find a Saved Wi-Fi Password on a Mac" }, "related": [], "uuid": "695f3d20-7a46-5a4a-aef0-0a05a5e35304", "value": "Find Wi-Fi Password on Mac" }, { "description": "Microsoft. (2016, October 20). How to: Find the Web Application Root. Retrieved July 27, 2018.", "meta": { "date_accessed": "2018-07-27T00:00:00Z", "date_published": "2016-10-20T00:00:00Z", "source": "MITRE", "title": "How to: Find the Web Application Root" }, "related": [], "uuid": "bce1230a-5303-4e58-97c9-3e65ecd714d3", "value": "Microsoft Web Root OCT 2016" }, { "description": "Microsoft. (n.d.). How to grant the \"Replicating Directory Changes\" permission for the Microsoft Metadirectory Services ADMA service account. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "refs": [ "https://support.microsoft.com/help/303972/how-to-grant-the-replicating-directory-changes-permission-for-the-micr" ], "source": "MITRE", "title": "How to grant the \"Replicating Directory Changes\" permission for the Microsoft Metadirectory Services ADMA service account" }, "related": [], "uuid": "1b17e5ec-6f09-4668-949a-59be2d1f1b65", "value": "Microsoft Replication ACL" }, { "description": "Ji Mingkui. (2021, June 17). How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen. Retrieved March 15, 2022.", "meta": { "date_accessed": "2022-03-15T00:00:00Z", "date_published": "2021-06-17T00:00:00Z", "refs": [ "https://ubuntuhandbook.org/index.php/2021/06/hide-user-accounts-ubuntu-20-04-login-screen/" ], "source": "MITRE", "title": "How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen" }, "related": [], "uuid": "88c3c460-3792-4881-ae7d-031c8901610d", "value": "Hide GDM User Accounts" }, { "description": "Ewing, P. Strom, B. (2016, September 15). How to Hunt: Detecting Persistence & Evasion with the COM. Retrieved September 15, 2016.", "meta": { "date_accessed": "2016-09-15T00:00:00Z", "date_published": "2016-09-15T00:00:00Z", "refs": [ "https://www.elastic.co/blog/how-hunt-detecting-persistence-evasion-com" ], "source": "MITRE", "title": "How to Hunt: Detecting Persistence & Evasion with the COM" }, "related": [], "uuid": "bb325d97-5f69-4645-82d8-fdd6badecd9d", "value": "Elastic COM Hijacking" }, { "description": "Ewing, P. (2016, October 31). How to Hunt: The Masquerade Ball. Retrieved October 31, 2016.", "meta": { "date_accessed": "2016-10-31T00:00:00Z", "date_published": "2016-10-31T00:00:00Z", "refs": [ "https://www.elastic.co/blog/how-hunt-masquerade-ball" ], "source": "MITRE", "title": "How to Hunt: The Masquerade Ball" }, "related": [], "uuid": "29c17b60-f947-4482-afa6-c80ca5819d10", "value": "Elastic Masquerade Ball" }, { "description": "Henderson, B. (2006, September 24). How To Insert And Remove LKMs. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2006-09-24T00:00:00Z", "refs": [ "http://tldp.org/HOWTO/Module-HOWTO/x197.html" ], "source": "MITRE", "title": "How To Insert And Remove LKMs" }, "related": [], "uuid": "044d0df8-61e4-4a29-8a24-0bd1227d4317", "value": "Linux Loadable Kernel Module Insert and Remove LKMs" }, { "description": "DigiCert. (n.d.). How to Install an SSL Certificate. Retrieved April 19, 2021.", "meta": { "date_accessed": "2021-04-19T00:00:00Z", "refs": [ "https://www.digicert.com/kb/ssl-certificate-installation.htm" ], "source": "MITRE", "title": "How to Install an SSL Certificate" }, "related": [], "uuid": "a1d7d368-6092-4421-99de-44e458deee21", "value": "DigiCert Install SSL Cert" }, { "description": "Chris Hoffman. (2017, March 8). How to Make Windows Show File Extensions. Retrieved August 4, 2021.", "meta": { "date_accessed": "2021-08-04T00:00:00Z", "date_published": "2017-03-08T00:00:00Z", "refs": [ "https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/" ], "source": "MITRE", "title": "How to Make Windows Show File Extensions" }, "related": [], "uuid": "51584201-40a4-4e39-ad23-14453e1eea46", "value": "HowToGeek ShowExtension" }, { "description": "Microsoft. (2021, September 24). How to remove entries from the Remote Desktop Connection Computer box. Retrieved June 15, 2022.", "meta": { "date_accessed": "2022-06-15T00:00:00Z", "date_published": "2021-09-24T00:00:00Z", "refs": [ "https://docs.microsoft.com/troubleshoot/windows-server/remote/remove-entries-from-remote-desktop-connection-computer" ], "source": "MITRE", "title": "How to remove entries from the Remote Desktop Connection Computer box" }, "related": [], "uuid": "367d3f80-9b13-44fa-938a-744a95518571", "value": "Microsoft RDP Removal" }, { "description": "hoakley. (2021, September 16). How to run an app or tool at startup. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "date_published": "2021-09-16T00:00:00Z", "refs": [ "https://eclecticlight.co/2021/09/16/how-to-run-an-app-or-tool-at-startup/" ], "source": "MITRE", "title": "How to run an app or tool at startup" }, "related": [], "uuid": "397be6f9-a109-4185-85f7-8d994fb31eaa", "value": "Startup Items Eclectic" }, { "description": "Microsoft. (2020, January 23). How to turn off Visual Basic for Applications when you deploy Office. Retrieved September 17, 2020.", "meta": { "date_accessed": "2020-09-17T00:00:00Z", "date_published": "2020-01-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/office/troubleshoot/office-developer/turn-off-visual-basic-for-application" ], "source": "MITRE", "title": "How to turn off Visual Basic for Applications when you deploy Office" }, "related": [], "uuid": "104db93c-c5cd-431c-ac79-d76cb1694d7c", "value": "Microsoft Disable VBA Jan 2020" }, { "description": "Microsoft. (2015, August 14). How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages. Retrieved June 22, 2016.", "meta": { "date_accessed": "2016-06-22T00:00:00Z", "date_published": "2015-08-14T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/kb/249873" ], "source": "MITRE", "title": "How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages" }, "related": [], "uuid": "723ec577-5ea8-4ced-b6c3-b7aaabe1d7e8", "value": "Microsoft Regsvr32" }, { "description": "Microsoft. (2006, October 30). How to use the SysKey utility to secure the Windows Security Accounts Manager database. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2006-10-30T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/kb/310105" ], "source": "MITRE", "title": "How to use the SysKey utility to secure the Windows Security Accounts Manager database" }, "related": [], "uuid": "bde9acb0-c1c3-44e1-b3b1-cfc0898baead", "value": "Microsoft SAM" }, { "description": "Amazon Web Services. (n.d.). How Traffic Mirroring works. Retrieved March 17, 2022.", "meta": { "date_accessed": "2022-03-17T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-how-it-works.html" ], "source": "MITRE", "title": "How Traffic Mirroring works" }, "related": [], "uuid": "6b77a2f3-39b8-4574-8dee-cde7ba9debff", "value": "AWS Traffic Mirroring" }, { "description": "Fitzgerald, P. (2010, January 26). How Trojan.Hydraq Stays On Your Computer. Retrieved February 22, 2018.", "meta": { "date_accessed": "2018-02-22T00:00:00Z", "date_published": "2010-01-26T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/how-trojanhydraq-stays-your-computer" ], "source": "MITRE", "title": "How Trojan.Hydraq Stays On Your Computer" }, "related": [], "uuid": "b3ef4b78-2ed6-4cf4-afcc-4e4cb09d806a", "value": "Symantec Hydraq Persistence Jan 2010" }, { "description": "Montemayor, D. et al.. (2018, November 15). How User Account Control works. Retrieved June 3, 2019.", "meta": { "date_accessed": "2019-06-03T00:00:00Z", "date_published": "2018-11-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works" ], "source": "MITRE", "title": "How User Account Control works" }, "related": [], "uuid": "abda4184-18f9-4799-9c1f-3ba484473e35", "value": "Microsoft UAC Nov 2018" }, { "description": "Lich, B. (2016, May 31). How User Account Control Works. Retrieved June 3, 2016.", "meta": { "date_accessed": "2016-06-03T00:00:00Z", "date_published": "2016-05-31T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/how-user-account-control-works" ], "source": "MITRE", "title": "How User Account Control Works" }, "related": [], "uuid": "bbf8d1a3-115e-4bc8-be43-47ce3b295d45", "value": "TechNet How UAC Works" }, { "description": "PWC. (2020, July 16). How WellMess malware has been used to target COVID-19 vaccines. Retrieved September 24, 2020.", "meta": { "date_accessed": "2020-09-24T00:00:00Z", "date_published": "2020-07-16T00:00:00Z", "refs": [ "https://www.pwc.co.uk/issues/cyber-security-services/insights/cleaning-up-after-wellmess.html" ], "source": "MITRE", "title": "How WellMess malware has been used to target COVID-19 vaccines" }, "related": [], "uuid": "22794e37-3c55-444a-b659-e5a1a6bc2da0", "value": "PWC WellMess July 2020" }, { "description": "Huntley, S. (2020, October 16). How We're Tackling Evolving Online Threats. Retrieved March 24, 2021.", "meta": { "date_accessed": "2021-03-24T00:00:00Z", "date_published": "2020-10-16T00:00:00Z", "refs": [ "https://blog.google/threat-analysis-group/how-were-tackling-evolving-online-threats/" ], "source": "MITRE", "title": "How We're Tackling Evolving Online Threats" }, "related": [], "uuid": "8538a963-3e67-47fe-9afd-216b93a2be00", "value": "Google Election Threats October 2020" }, { "description": "Lich, B., Tobin, J. (2017, April 5). How Windows Defender Credential Guard works. Retrieved November 27, 2017.", "meta": { "date_accessed": "2017-11-27T00:00:00Z", "date_published": "2017-04-05T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-how-it-works" ], "source": "MITRE", "title": "How Windows Defender Credential Guard works" }, "related": [], "uuid": "aa52db88-5d03-42ae-b371-6210d7079a84", "value": "Microsoft Credential Guard April 2017" }, { "description": "Grzegorz Tworek. (2021, December 14). How winlogon.exe shares the cleartext password with custom DLLs. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2021-12-14T00:00:00Z", "refs": [ "https://www.youtube.com/watch?v=ggY3srD9dYs" ], "source": "MITRE", "title": "How winlogon.exe shares the cleartext password with custom DLLs" }, "related": [], "uuid": "6533d5df-7388-5c59-8c63-0923de34b61d", "value": "NPPSPY Video" }, { "description": "Cylance. (2019, July 3). hreat Spotlight: Sodinokibi Ransomware. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "date_published": "2019-07-03T00:00:00Z", "refs": [ "https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html" ], "source": "MITRE", "title": "hreat Spotlight: Sodinokibi Ransomware" }, "related": [], "uuid": "3ad8def7-3a8a-49bb-8f47-dea2e570c99e", "value": "Cylance Sodinokibi July 2019" }, { "description": "Wikipedia. (2017, October 14). HTML Application. Retrieved October 27, 2017.", "meta": { "date_accessed": "2017-10-27T00:00:00Z", "date_published": "2017-10-14T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/HTML_Application" ], "source": "MITRE", "title": "HTML Application" }, "related": [], "uuid": "f1f76055-91f8-4977-9392-bed347e4f181", "value": "Wikipedia HTML Application" }, { "description": "Microsoft. (n.d.). HTML Applications. Retrieved October 27, 2017.", "meta": { "date_accessed": "2017-10-27T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/ms536471.aspx" ], "source": "MITRE", "title": "HTML Applications" }, "related": [], "uuid": "2de103a8-8d72-40f9-b366-b908364dd090", "value": "MSDN HTML Applications" }, { "description": "Microsoft. (n.d.). HTML Help ActiveX Control Overview. Retrieved October 3, 2018.", "meta": { "date_accessed": "2018-10-03T00:00:00Z", "refs": [ "https://msdn.microsoft.com/windows/desktop/ms644670" ], "source": "MITRE", "title": "HTML Help ActiveX Control Overview" }, "related": [], "uuid": "ae5728bd-571a-451f-9ba3-3198067135b4", "value": "Microsoft HTML Help ActiveX" }, { "description": "Hegt, S. (2018, August 14). HTML smuggling explained. Retrieved May 20, 2021.", "meta": { "date_accessed": "2021-05-20T00:00:00Z", "date_published": "2018-08-14T00:00:00Z", "refs": [ "https://outflank.nl/blog/2018/08/14/html-smuggling-explained/" ], "source": "MITRE", "title": "HTML smuggling explained" }, "related": [], "uuid": "9a99f431-4d15-47f8-a31b-4f98671cd95d", "value": "Outlflank HTML Smuggling 2018" }, { "description": "Kurtz, G. (2012, November 19). HTTP iframe Injecting Linux Rootkit. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "date_published": "2012-11-19T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/" ], "source": "MITRE", "title": "HTTP iframe Injecting Linux Rootkit" }, "related": [], "uuid": "eb3590bf-ff12-4ccd-bf9d-cf8eacd82135", "value": "CrowdStrike Linux Rootkit" }, { "description": "Wikipedia. (2017, February 28). HTTP Public Key Pinning. Retrieved March 31, 2017.", "meta": { "date_accessed": "2017-03-31T00:00:00Z", "date_published": "2017-02-28T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning" ], "source": "MITRE", "title": "HTTP Public Key Pinning" }, "related": [], "uuid": "2da110e7-d3a8-433f-87c3-eb744adf811b", "value": "Wikipedia HPKP" }, { "description": "Mudge, R. (2019, January 2). https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/. Retrieved November 19, 2021.", "meta": { "date_accessed": "2021-11-19T00:00:00Z", "date_published": "2019-01-02T00:00:00Z", "refs": [ "https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/" ], "source": "MITRE", "title": "https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/" }, "related": [], "uuid": "e845f741-eabe-469b-97c1-f51a2aeb18b0", "value": "Cobalt Strike Arguments 2019" }, { "description": "Nick Biasini, Edmund Brumaghin, Chris Neal, and Paul Eubanks. (2021, April 7). https://blog.talosintelligence.com/collab-app-abuse/. Retrieved July 20, 2023.", "meta": { "date_accessed": "2023-07-20T00:00:00Z", "date_published": "2021-04-07T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/collab-app-abuse/" ], "source": "MITRE", "title": "https://blog.talosintelligence.com/collab-app-abuse/" }, "related": [], "uuid": "affa93d8-5c8b-557d-80b4-1366df13d77a", "value": "Talos Discord Webhook Abuse" }, { "description": "Donohue, B.. (2019, February 13). https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2019-02-13T00:00:00Z", "refs": [ "https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/" ], "source": "MITRE", "title": "https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/" }, "related": [], "uuid": "132915dc-d906-4c23-b1e3-885af817b840", "value": "Red Canary Emotet Feb 2019" }, { "description": "Microsoft. (2007, August 31). https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx. Retrieved April 20, 2016.", "meta": { "date_accessed": "2016-04-20T00:00:00Z", "date_published": "2007-08-31T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc772540(v=ws.10).aspx" ], "source": "MITRE", "title": "https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx" }, "related": [], "uuid": "db86cd0a-1188-4079-afed-1f986166a2e7", "value": "TechNet Removable Media Control" }, { "description": "Chromium. (n.d.). HTTP Strict Transport Security. Retrieved May 24, 2023.", "meta": { "date_accessed": "2023-05-24T00:00:00Z", "refs": [ "https://www.chromium.org/hsts/" ], "source": "MITRE", "title": "HTTP Strict Transport Security" }, "related": [], "uuid": "1ad03be3-d863-5a55-a371-42b6d3b7ed31", "value": "Chromium HSTS" }, { "description": "CISA, FBI, CNMF. (2020, October 27). https://us-cert.cisa.gov/ncas/alerts/aa20-301a. Retrieved November 4, 2020.", "meta": { "date_accessed": "2020-11-04T00:00:00Z", "date_published": "2020-10-27T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/aa20-301a" ], "source": "MITRE", "title": "https://us-cert.cisa.gov/ncas/alerts/aa20-301a" }, "related": [], "uuid": "685aa213-7902-46fb-b90a-64be5c851f73", "value": "CISA AA20-301A Kimsuky" }, { "description": "Singh, S., Yin, H. (2016, May 22). https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html. Retrieved April 5, 2018.", "meta": { "date_accessed": "2018-04-05T00:00:00Z", "date_published": "2016-05-22T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html" ], "source": "MITRE", "title": "https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html" }, "related": [], "uuid": "fedb3a9d-4f9e-495c-ac92-d5457688608d", "value": "FireEye Targeted Attacks Middle East Banks" }, { "description": "Brewster, T. (2017, May 4). https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a. Retrieved June 15, 2020.", "meta": { "date_accessed": "2020-06-15T00:00:00Z", "date_published": "2017-05-04T00:00:00Z", "refs": [ "https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a" ], "source": "MITRE", "title": "https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a" }, "related": [], "uuid": "8fb3ef2f-3652-4563-8921-2c601d1b9bc9", "value": "Forbes Dyre May 2017" }, { "description": "Dor Edry. (2022, August 24). Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps. Retrieved September 5, 2023.", "meta": { "date_accessed": "2023-09-05T00:00:00Z", "date_published": "2022-08-24T00:00:00Z", "refs": [ "https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/hunt-for-compromised-azure-subscriptions-using-microsoft/ba-p/3607121" ], "source": "MITRE", "title": "Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps" }, "related": [], "uuid": "e5944e4c-76c6-55d1-97ec-8367b7f98c28", "value": "Microsoft Subscription Hijacking 2022" }, { "description": "Jamie Harries. (2022, May 25). Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun. Retrieved October 18, 2022.", "meta": { "date_accessed": "2022-10-18T00:00:00Z", "date_published": "2022-05-25T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/" ], "source": "MITRE", "title": "Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun" }, "related": [], "uuid": "f68a59a1-cb07-4f58-b755-25c91938b611", "value": "crowdstrike bpf socket filters" }, { "description": "Koczwara, M. (2021, September 7). Hunting Cobalt Strike C2 with Shodan. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2021-09-07T00:00:00Z", "refs": [ "https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2" ], "source": "MITRE", "title": "Hunting Cobalt Strike C2 with Shodan" }, "related": [], "uuid": "e3984769-f6d7-43dd-8179-7df9d441512e", "value": "Koczwara Beacon Hunting Sep 2021" }, { "description": "Hamilton, C. (2019, June 4). Hunting COM Objects. Retrieved June 10, 2019.", "meta": { "date_accessed": "2019-06-10T00:00:00Z", "date_published": "2019-06-04T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html" ], "source": "MITRE", "title": "Hunting COM Objects" }, "related": [], "uuid": "84311e46-cea1-486a-a737-c4a4946ab837", "value": "Fireeye Hunting COM June 2019" }, { "description": "Pepe Berba. (2022, January 30). Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron. Retrieved March 20, 2023.", "meta": { "date_accessed": "2023-03-20T00:00:00Z", "date_published": "2022-01-30T00:00:00Z", "refs": [ "https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/" ], "source": "MITRE", "title": "Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron" }, "related": [], "uuid": "7dfd6a67-3935-506a-8661-1caa7eb508e2", "value": "Berba hunting linux systemd" }, { "description": "Desimone, J. (2017, June 13). Hunting in Memory. Retrieved December 7, 2017.", "meta": { "date_accessed": "2017-12-07T00:00:00Z", "date_published": "2017-06-13T00:00:00Z", "refs": [ "https://www.endgame.com/blog/technical-blog/hunting-memory" ], "source": "MITRE", "title": "Hunting in Memory" }, "related": [], "uuid": "8cd58716-4ff1-4ba2-b980-32c52cf7dee8", "value": "Elastic HuntingNMemory June 2017" }, { "description": "LogPoint. (n.d.). Hunting LockBit Variations using Logpoint. Retrieved May 19, 2023.", "meta": { "date_accessed": "2023-05-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.logpoint.com/wp-content/uploads/2022/10/hunting-lockbit-variations-using-logpoint-.pdf" ], "source": "Tidal Cyber", "title": "Hunting LockBit Variations using Logpoint" }, "related": [], "uuid": "22aa7792-6296-4f16-826f-d0f1c55ddb2a", "value": "LogPoint Hunting LockBit" }, { "description": "FBI et al. (2023, May 9). Hunting Russian Intelligence “Snake” Malware. Retrieved June 8, 2023.", "meta": { "date_accessed": "2023-06-08T00:00:00Z", "date_published": "2023-05-09T00:00:00Z", "refs": [ "https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_2.pdf" ], "source": "MITRE", "title": "Hunting Russian Intelligence “Snake” Malware" }, "related": [], "uuid": "1931b80a-effb-59ec-acae-c0f17efb8cad", "value": "Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023" }, { "description": "Hybrid Analysis. (2018, July 11). HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "date_published": "2018-07-11T00:00:00Z", "refs": [ "https://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId=300" ], "source": "MITRE", "title": "HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7" }, "related": [], "uuid": "f27ab4cb-1666-501a-aa96-537d2b2d1f08", "value": "Falcon Sandbox smp: 28553b3a9d" }, { "description": "Wikipedia. (2016, May 23). Hypervisor. Retrieved June 11, 2016.", "meta": { "date_accessed": "2016-06-11T00:00:00Z", "date_published": "2016-05-23T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Hypervisor" ], "source": "MITRE", "title": "Hypervisor" }, "related": [], "uuid": "1a6ae877-ef30-4d40-abd0-fde308f1a1f0", "value": "Wikipedia Hypervisor" }, { "description": "Bierstock, D., Baker, A. (2019, March 21). I am AD FS and So Can You. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2019-03-21T00:00:00Z", "refs": [ "https://www.troopers.de/troopers19/agenda/fpxwmn/" ], "source": "MITRE", "title": "I am AD FS and So Can You" }, "related": [], "uuid": "6891eaf4-6857-4106-860c-1708d2a3bd33", "value": "FireEye ADFS" }, { "description": "Amazon Web Services. (n.d.). IAM roles for service accounts. Retrieved July 14, 2023.", "meta": { "date_accessed": "2023-07-14T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html" ], "source": "MITRE", "title": "IAM roles for service accounts" }, "related": [], "uuid": "b2452f0e-93b0-55b7-add8-8338d171f0bf", "value": "AWS EKS IAM Roles for Service Accounts" }, { "description": "Ivan Kwiatkowski, Pierre Delcher, Felix Aime. (2020, October 15). IAmTheKing and the SlothfulMedia malware family. Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "date_published": "2020-10-15T00:00:00Z", "refs": [ "https://securelist.com/iamtheking-and-the-slothfulmedia-malware-family/99000/" ], "source": "MITRE", "title": "IAmTheKing and the SlothfulMedia malware family" }, "related": [], "uuid": "fe4050f3-1a73-4e98-9bf1-e8fb73a23b7a", "value": "Kaspersky IAmTheKing October 2020" }, { "description": "Amazon. (n.d.). IAM user groups. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html" ], "source": "MITRE", "title": "IAM user groups" }, "related": [], "uuid": "16f6b02a-912b-42c6-8d32-4e4f11fa70ec", "value": "Amazon IAM Groups" }, { "description": "CrowdStrike. (2022, May). ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK. Retrieved June 27, 2022.", "meta": { "date_accessed": "2022-06-27T00:00:00Z", "date_published": "2022-05-01T00:00:00Z", "refs": [ "https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf" ], "source": "MITRE", "title": "ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK" }, "related": [], "uuid": "325988b8-1c7d-4296-83d6-bfcbe533b75e", "value": "CrowdStrike IceApple May 2022" }, { "description": "Scott, J. and Spaniel, D. (2016, July 28). ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts. Retrieved June 7, 2018.", "meta": { "date_accessed": "2018-06-07T00:00:00Z", "date_published": "2016-07-28T00:00:00Z", "refs": [ "https://web.archive.org/web/20171017072306/https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/" ], "source": "MITRE", "title": "ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts" }, "related": [], "uuid": "1a824860-6978-454d-963a-a56414a4312b", "value": "ICIT China's Espionage Jul 2016" }, { "description": "CISA. (2010, September 10). ICS Advisory (ICSA-10-272-01). Retrieved December 7, 2020.", "meta": { "date_accessed": "2020-12-07T00:00:00Z", "date_published": "2010-09-10T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ics/advisories/ICSA-10-272-01" ], "source": "MITRE", "title": "ICS Advisory (ICSA-10-272-01)" }, "related": [], "uuid": "25b3c18c-e017-4773-91dd-b489220d4fcb", "value": "CISA ICS Advisory ICSA-10-272-01" }, { "description": "US-CERT. (2016, February 25). ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure. Retrieved June 10, 2020.", "meta": { "date_accessed": "2020-06-10T00:00:00Z", "date_published": "2016-02-25T00:00:00Z", "refs": [ "https://www.us-cert.gov/ics/alerts/IR-ALERT-H-16-056-01" ], "source": "MITRE", "title": "ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure" }, "related": [], "uuid": "403ea040-8c08-423f-99cb-d7e7852c16e4", "value": "US-CERT Ukraine Feb 2016" }, { "description": "Dragos. (n.d.). ICS Cybersecurity Year in Review 2020. Retrieved February 25, 2021.", "meta": { "date_accessed": "2021-02-25T00:00:00Z", "refs": [ "https://hub.dragos.com/hubfs/Year-in-Review/Dragos_2020_ICS_Cybersecurity_Year_In_Review.pdf?hsCtaTracking=159c0fc3-92d8-425d-aeb8-12824f2297e8%7Cf163726d-579b-4996-9a04-44e5a124d770" ], "source": "MITRE", "title": "ICS Cybersecurity Year in Review 2020" }, "related": [], "uuid": "8bb3147c-3178-4449-9978-f1248b1bcb0a", "value": "Dragos Threat Report 2020" }, { "description": "Cisco. (2008, June 10). Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2008-06-10T00:00:00Z", "refs": [ "https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080610-SNMPv3" ], "source": "MITRE", "title": "Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities" }, "related": [], "uuid": "ed7897e5-21f0-49fa-9b26-c397eaebc88a", "value": "Cisco Advisory SNMP v3 Authentication Vulnerabilities" }, { "description": "Flylib. (n.d.). Identifying Resource and Data Forks. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "refs": [ "https://flylib.com/books/en/4.395.1.192/1/" ], "source": "MITRE", "title": "Identifying Resource and Data Forks" }, "related": [], "uuid": "b8eaf053-40e0-414e-a89e-409dbf218554", "value": "Resource and Data Forks" }, { "description": "Amazon. (n.d.). Identity Federation in AWS. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "refs": [ "https://aws.amazon.com/identity/federation/" ], "source": "MITRE", "title": "Identity Federation in AWS" }, "related": [], "uuid": "b55ac071-483b-4802-895f-ea4eaac1de92", "value": "AWS Identity Federation" }, { "description": "Microsoft. (n.d.). IDL_DRSGetNCChanges (Opnum 3). Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/dd207691.aspx" ], "source": "MITRE", "title": "IDL_DRSGetNCChanges (Opnum 3)" }, "related": [], "uuid": "410570e4-b578-4838-a25d-f03d92fcf3cb", "value": "Microsoft GetNCCChanges" }, { "description": "LOLBAS. (2018, May 25). Ie4uinit.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Ie4uinit/" ], "source": "Tidal Cyber", "title": "Ie4uinit.exe" }, "related": [], "uuid": "01f9a368-5933-47a1-85a9-e5883a5ca266", "value": "Ie4uinit.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Ieadvpack.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Ieadvpack/" ], "source": "Tidal Cyber", "title": "Ieadvpack.dll" }, "related": [], "uuid": "79943a49-23d6-499b-a022-7c2f8bd68aee", "value": "Ieadvpack.dll - LOLBAS Project" }, { "description": "LOLBAS. (2022, March 29). iediagcmd.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-03-29T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Iediagcmd/" ], "source": "Tidal Cyber", "title": "iediagcmd.exe" }, "related": [], "uuid": "de238a18-2275-497e-adcf-453a016a24c4", "value": "iediagcmd.exe - LOLBAS Project" }, { "description": "Wikipedia. (2018, March 30). IEEE 802.1X. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2018-03-30T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/IEEE_802.1X" ], "source": "MITRE", "title": "IEEE 802.1X" }, "related": [], "uuid": "5d382527-ffbd-486e-adbe-d60508567281", "value": "Wikipedia 802.1x" }, { "description": "LOLBAS. (2018, May 25). Ieexec.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Ieexec/" ], "source": "Tidal Cyber", "title": "Ieexec.exe" }, "related": [], "uuid": "91f31525-585d-4b71-83d7-9b7c2feacd34", "value": "Ieexec.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Ieframe.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Ieframe/" ], "source": "Tidal Cyber", "title": "Ieframe.dll" }, "related": [], "uuid": "aab9c80d-1f1e-47ba-954d-65e7400054df", "value": "Ieframe.dll - LOLBAS Project" }, { "description": "Wikipedia. (2016, January 26). ifconfig. Retrieved April 17, 2016.", "meta": { "date_accessed": "2016-04-17T00:00:00Z", "date_published": "2016-01-26T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Ifconfig" ], "source": "MITRE", "title": "ifconfig" }, "related": [], "uuid": "7bb238d4-4571-4cd0-aab2-76797570724a", "value": "Wikipedia Ifconfig" }, { "description": "Galperin, E., Et al.. (2016, August). I Got a Letter From the Government the Other Day.... Retrieved April 25, 2018.", "meta": { "date_accessed": "2018-04-25T00:00:00Z", "date_published": "2016-08-01T00:00:00Z", "refs": [ "https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf" ], "source": "MITRE", "title": "I Got a Letter From the Government the Other Day..." }, "related": [], "uuid": "311a3863-3897-4ddf-a251-d0467a56675f", "value": "EFF Manul Aug 2016" }, { "description": "Julien. (2011, February 2). IIS Backdoor. Retrieved June 3, 2021.", "meta": { "date_accessed": "2021-06-03T00:00:00Z", "date_published": "2011-02-02T00:00:00Z", "refs": [ "https://web.archive.org/web/20170106175935/http:/esec-lab.sogeti.com/posts/2011/02/02/iis-backdoor.html" ], "source": "MITRE", "title": "IIS Backdoor" }, "related": [], "uuid": "fd450382-cca0-40c4-8144-cc90a3b0011b", "value": "IIS Backdoor 2011" }, { "description": "Microsoft. (2007, November 24). IIS Modules Overview. Retrieved June 17, 2021.", "meta": { "date_accessed": "2021-06-17T00:00:00Z", "date_published": "2007-11-24T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-modules-overview" ], "source": "MITRE", "title": "IIS Modules Overview" }, "related": [], "uuid": "c8db6bfd-3a08-43b3-b33b-91a32e9bd694", "value": "Microsoft IIS Modules Overview 2007" }, { "description": "LOLBAS. (2020, March 17). Ilasm.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-03-17T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Ilasm/" ], "source": "Tidal Cyber", "title": "Ilasm.exe" }, "related": [], "uuid": "347a1f01-02ce-488e-9100-862971c1833f", "value": "Ilasm.exe - LOLBAS Project" }, { "description": "Anomali Threat Research. (2019, October 15). Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2019-10-15T00:00:00Z", "refs": [ "https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect" ], "source": "MITRE", "title": "Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect" }, "related": [], "uuid": "2308c5ca-04a4-43c5-b92b-ffa6a60ae3a9", "value": "anomali-rocke-tactics" }, { "description": "Shanbhag, M. (2010, March 24). Image File Execution Options (IFEO). Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2010-03-24T00:00:00Z", "refs": [ "https://blogs.msdn.microsoft.com/mithuns/2010/03/24/image-file-execution-options-ifeo/" ], "source": "MITRE", "title": "Image File Execution Options (IFEO)" }, "related": [], "uuid": "4c62c2cb-bee2-4fc0-aa81-65d66e71a5c2", "value": "Microsoft Dev Blog IFEO Mar 2010" }, { "description": "LOLBAS. (2020, March 5). IMEWDBLD.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-03-05T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/IMEWDBLD/" ], "source": "Tidal Cyber", "title": "IMEWDBLD.exe" }, "related": [], "uuid": "9d1d6bc1-61cf-4465-b3cb-b6af36769027", "value": "IMEWDBLD.exe - LOLBAS Project" }, { "description": "Unit 42. (2019, December 2). Imminent Monitor – a RAT Down Under. Retrieved May 5, 2020.", "meta": { "date_accessed": "2020-05-05T00:00:00Z", "date_published": "2019-12-02T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/imminent-monitor-a-rat-down-under/" ], "source": "MITRE", "title": "Imminent Monitor – a RAT Down Under" }, "related": [], "uuid": "28f858c6-4c00-4c0c-bb27-9e000ba22690", "value": "Imminent Unit42 Dec2019" }, { "description": "Core Security. (n.d.). Impacket. Retrieved November 2, 2017.", "meta": { "date_accessed": "2017-11-02T00:00:00Z", "refs": [ "https://www.coresecurity.com/core-labs/open-source-tools/impacket" ], "source": "MITRE", "title": "Impacket" }, "related": [], "uuid": "9b88d7d6-5cf3-40d5-b624-ddf01508cb95", "value": "Core Security Impacket" }, { "description": "SecureAuth. (n.d.). Retrieved January 15, 2019.", "meta": { "date_accessed": "2019-01-15T00:00:00Z", "refs": [ "https://www.secureauth.com/labs/open-source-tools/impacket" ], "source": "MITRE", "title": "Impacket Tools" }, "related": [], "uuid": "cdaf72ce-e8f7-42ae-b815-14a7fd47e292", "value": "Impacket Tools" }, { "description": "Song, C., et al. (2012, August 7). Impeding Automated Malware Analysis with Environment-sensitive Malware. Retrieved January 18, 2019.", "meta": { "date_accessed": "2019-01-18T00:00:00Z", "date_published": "2012-08-07T00:00:00Z", "refs": [ "https://pdfs.semanticscholar.org/2721/3d206bc3c1e8c229fb4820b6af09e7f975da.pdf" ], "source": "MITRE", "title": "Impeding Automated Malware Analysis with Environment-sensitive Malware" }, "related": [], "uuid": "c3e6c8da-1399-419c-96f5-7dade6fccd29", "value": "EK Impeding Malware Analysis" }, { "description": "Microsoft. (2022, September 13). Impersonation and EWS in Exchange. Retrieved July 10, 2023.", "meta": { "date_accessed": "2023-07-10T00:00:00Z", "date_published": "2022-09-13T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/impersonation-and-ews-in-exchange" ], "source": "MITRE", "title": "Impersonation and EWS in Exchange" }, "related": [], "uuid": "d7755dbd-0b38-5776-b63a-d792a4d027a4", "value": "Microsoft Impersonation and EWS in Exchange" }, { "description": "M. (n.d.). Implementing Control Panel Items. Retrieved January 18, 2018.", "meta": { "date_accessed": "2018-01-18T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/cc144185.aspx" ], "source": "MITRE", "title": "Implementing Control Panel Items" }, "related": [], "uuid": "63c5c654-e885-4427-a644-068f4057f35f", "value": "Microsoft Implementing CPL" }, { "description": "Microsoft. (2016, April 16). Implementing Least-Privilege Administrative Models. Retrieved June 3, 2016.", "meta": { "date_accessed": "2016-06-03T00:00:00Z", "date_published": "2016-04-16T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/dn487450.aspx" ], "source": "MITRE", "title": "Implementing Least-Privilege Administrative Models" }, "related": [], "uuid": "21e595be-d028-4013-b3d0-811c08581709", "value": "TechNet Least Privilege" }, { "description": "Slowik, J.. (2019, April 10). Implications of IT Ransomware for ICS Environments. Retrieved January 28, 2021.", "meta": { "date_accessed": "2021-01-28T00:00:00Z", "date_published": "2019-04-10T00:00:00Z", "refs": [ "https://www.dragos.com/blog/industry-news/implications-of-it-ransomware-for-ics-environments/" ], "source": "MITRE", "title": "Implications of IT Ransomware for ICS Environments" }, "related": [], "uuid": "60187301-8d70-4023-8e6d-59cbb1468f0d", "value": "Dragos IT ICS Ransomware" }, { "description": "Lambert, J. (2020, December 13). Important steps for customers to protect themselves from recent nation-state cyberattacks. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2020-12-13T00:00:00Z", "refs": [ "https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/" ], "source": "MITRE", "title": "Important steps for customers to protect themselves from recent nation-state cyberattacks" }, "related": [], "uuid": "33e84eb1-4835-404b-8c1a-40695c04cdb4", "value": "Microsoft SolarWinds Steps" }, { "description": "White House. (2021, April 15). Imposing Costs for Harmful Foreign Activities by the Russian Government. Retrieved April 16, 2021.", "meta": { "date_accessed": "2021-04-16T00:00:00Z", "date_published": "2021-04-15T00:00:00Z", "refs": [ "https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/" ], "source": "MITRE", "title": "Imposing Costs for Harmful Foreign Activities by the Russian Government" }, "related": [], "uuid": "c2bf9e2f-cd0a-411d-84bc-61454a369c6b", "value": "White House Imposing Costs RU Gov April 2021" }, { "description": "Azure Edge and Platform Security Team & Microsoft 365 Defender Research Team. (2021, December 8). Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center. Retrieved April 6, 2022.", "meta": { "date_accessed": "2022-04-06T00:00:00Z", "date_published": "2021-12-08T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/" ], "source": "MITRE", "title": "Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center" }, "related": [], "uuid": "fde77ea9-2b4d-40d7-99c5-433bfdbcb994", "value": "Malicious Driver Reporting Center" }, { "description": "Lancaster, T. (2018, November 5). Inception Attackers Target Europe with Year-old Office Vulnerability. Retrieved May 8, 2020.", "meta": { "date_accessed": "2020-05-08T00:00:00Z", "date_published": "2018-11-05T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/" ], "source": "MITRE, Tidal Cyber", "title": "Inception Attackers Target Europe with Year-old Office Vulnerability" }, "related": [], "uuid": "5cb98fce-f386-4878-b69c-5c6440ad689c", "value": "Unit 42 Inception November 2018" }, { "description": "Symantec. (2018, March 14). Inception Framework: Alive and Well, and Hiding Behind Proxies. Retrieved May 8, 2020.", "meta": { "date_accessed": "2020-05-08T00:00:00Z", "date_published": "2018-03-14T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies" ], "source": "MITRE, Tidal Cyber", "title": "Inception Framework: Alive and Well, and Hiding Behind Proxies" }, "related": [], "uuid": "166f5c44-7d8c-45d5-8d9f-3b8bd21a2af3", "value": "Symantec Inception Framework March 2018" }, { "description": "Brian Bahtiarian, David Blanton, Britton Manahan and Kyle Pellett. (2022, April 5). Incident report: From CLI to console, chasing an attacker in AWS. Retrieved April 7, 2022.", "meta": { "date_accessed": "2022-04-07T00:00:00Z", "date_published": "2022-04-05T00:00:00Z", "refs": [ "https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/" ], "source": "MITRE", "title": "Incident report: From CLI to console, chasing an attacker in AWS" }, "related": [], "uuid": "089f6f4e-370c-49cb-a35c-c80be0fd39de", "value": "Expel AWS Attacker" }, { "description": "Kelly Sheridan. (2021, August 5). Incident Responders Explore Microsoft 365 Attacks in the Wild. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "date_published": "2021-08-05T00:00:00Z", "refs": [ "https://www.darkreading.com/threat-intelligence/incident-responders-explore-microsoft-365-attacks-in-the-wild/d/d-id/1341591" ], "source": "MITRE", "title": "Incident Responders Explore Microsoft 365 Attacks in the Wild" }, "related": [], "uuid": "f26d3aa4-6966-53c4-b9d1-848420377eae", "value": "Dark Reading Microsoft 365 Attacks 2021" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, July 6). Increased Truebot Activity Infects U.S. and Canada Based Networks. Retrieved July 6, 2023.", "meta": { "date_accessed": "2023-07-06T00:00:00Z", "date_published": "2023-07-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a" ], "source": "Tidal Cyber", "title": "Increased Truebot Activity Infects U.S. and Canada Based Networks" }, "related": [], "uuid": "6f9b8f72-c55f-4268-903e-1f8a82efa5bb", "value": "U.S. CISA Increased Truebot Activity July 6 2023" }, { "description": "Boelen, M. (2015, October 7). Increase kernel integrity with disabled Linux kernel modules loading. Retrieved June 4, 2020.", "meta": { "date_accessed": "2020-06-04T00:00:00Z", "date_published": "2015-10-07T00:00:00Z", "refs": [ "https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/" ], "source": "MITRE", "title": "Increase kernel integrity with disabled Linux kernel modules loading" }, "related": [], "uuid": "23b12551-0bec-4f7d-8468-f372a8ba521b", "value": "Increasing Linux kernel integrity" }, { "description": "Microsoft. (2013, May 8). Increase scheduling priority. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2013-05-08T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/dn221960.aspx" ], "source": "MITRE", "title": "Increase scheduling priority" }, "related": [], "uuid": "b785ceda-fea9-4e96-87d8-38cfd1f8b5bd", "value": "TechNet Scheduling Priority" }, { "description": "Loman, M. et al. (2021, July 4). Independence Day: REvil uses supply chain exploit to attack hundreds of businesses. Retrieved September 30, 2021.", "meta": { "date_accessed": "2021-09-30T00:00:00Z", "date_published": "2021-07-04T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/" ], "source": "MITRE", "title": "Independence Day: REvil uses supply chain exploit to attack hundreds of businesses" }, "related": [], "uuid": "d7c4f03e-7dc0-4196-866b-c1a8eb943f77", "value": "Revil Independence Day" }, { "description": "Zhang, X. (2017, June 28). In-Depth Analysis of A New Variant of .NET Malware AgentTesla. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2017-06-28T00:00:00Z", "refs": [ "https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net-malware-javaupdtr.html" ], "source": "MITRE", "title": "In-Depth Analysis of A New Variant of .NET Malware AgentTesla" }, "related": [], "uuid": "24e5c321-c418-4010-b158-0ada2dbb4f7f", "value": "Fortinet Agent Tesla June 2017" }, { "description": "Pantazopoulos, N. (2020, June 2). In-depth analysis of the new Team9 malware family. Retrieved December 1, 2020.", "meta": { "date_accessed": "2020-12-01T00:00:00Z", "date_published": "2020-06-02T00:00:00Z", "refs": [ "https://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/" ], "source": "MITRE", "title": "In-depth analysis of the new Team9 malware family" }, "related": [], "uuid": "0ea8f87d-e19d-438d-b05b-30f2ccd0ea3b", "value": "NCC Group Team9 June 2020" }, { "description": "Wilhoit, K. (2013, March 4). In-Depth Look: APT Attack Tools of the Trade. Retrieved December 2, 2015.", "meta": { "date_accessed": "2015-12-02T00:00:00Z", "date_published": "2013-03-04T00:00:00Z", "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/" ], "source": "MITRE", "title": "In-Depth Look: APT Attack Tools of the Trade" }, "related": [], "uuid": "dac5cda3-97bc-4e38-b54f-554a75a18c5b", "value": "Trend Micro APT Attack Tools" }, { "description": "DiMaggio, J. (2016, May 17). Indian organizations targeted in Suckfly attacks. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2016-05-17T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks" ], "source": "MITRE", "title": "Indian organizations targeted in Suckfly attacks" }, "related": [], "uuid": "59fd16cd-426f-472d-a5df-e7c1484a6481", "value": "Symantec Suckfly May 2016" }, { "description": "FBI, FinCEN, Treasury. (2022, March 17). Indicators of Compromise Associated with AvosLocker Ransomware. Retrieved January 11, 2023.", "meta": { "date_accessed": "2023-01-11T00:00:00Z", "date_published": "2022-03-17T00:00:00Z", "refs": [ "https://www.ic3.gov/Media/News/2022/220318.pdf" ], "source": "MITRE", "title": "Indicators of Compromise Associated with AvosLocker Ransomware" }, "related": [], "uuid": "8ad57a0d-d74f-5802-ab83-4ddac1beb083", "value": "Joint CSA AvosLocker Mar 2022" }, { "description": "FBI. (2022, January 19). Indicators of Compromise Associated with Diavol. Retrieved March 9, 2022.", "meta": { "date_accessed": "2022-03-09T00:00:00Z", "date_published": "2022-01-19T00:00:00Z", "refs": [ "https://www.ic3.gov/Media/News/2022/220120.pdf" ], "source": "MITRE", "title": "Indicators of Compromise Associated with Diavol" }, "related": [], "uuid": "a1691741-9ecd-4b20-8cc9-b9bdfc1592b5", "value": "FBI Flash Diavol January 2022" }, { "description": "FBI. (2020, November 19). Indicators of Compromise Associated with Ragnar Locker Ransomware. Retrieved April 1, 2021.", "meta": { "date_accessed": "2021-04-01T00:00:00Z", "date_published": "2020-11-19T00:00:00Z", "refs": [ "https://assets.documentcloud.org/documents/20413525/fbi-flash-indicators-of-compromise-ragnar-locker-ransomware-11192020-bc.pdf" ], "source": "MITRE", "title": "Indicators of Compromise Associated with Ragnar Locker Ransomware" }, "related": [], "uuid": "38b9b8a3-6fd3-4650-9192-14ee3f302705", "value": "FBI Ragnar Locker 2020" }, { "description": "FBI. (2020, September 17). Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07. Retrieved December 10, 2020.", "meta": { "date_accessed": "2020-12-10T00:00:00Z", "date_published": "2020-09-17T00:00:00Z", "refs": [ "https://www.iranwatch.org/sites/default/files/public-intelligence-alert.pdf" ], "source": "MITRE", "title": "Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07" }, "related": [], "uuid": "76869199-e9fa-41b4-b045-41015e6daaec", "value": "FBI FLASH APT39 September 2020" }, { "description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.", "meta": { "date_accessed": "2020-10-01T00:00:00Z", "date_published": "2018-10-03T00:00:00Z", "refs": [ "https://www.justice.gov/opa/page/file/1098481/download" ], "source": "MITRE", "title": "Indictment - United States vs Aleksei Sergeyevich Morenets, et al." }, "related": [], "uuid": "56aeab4e-b046-4426-81a8-c3b2323492f0", "value": "US District Court Indictment GRU Oct 2018" }, { "description": "CheckPoint Research. (2021, July 1). IndigoZebra APT continues to attack Central Asia with evolving tools. Retrieved September 24, 2021.", "meta": { "date_accessed": "2021-09-24T00:00:00Z", "date_published": "2021-07-01T00:00:00Z", "refs": [ "https://research.checkpoint.com/2021/indigozebra-apt-continues-to-attack-central-asia-with-evolving-tools/" ], "source": "MITRE, Tidal Cyber", "title": "IndigoZebra APT continues to attack Central Asia with evolving tools" }, "related": [], "uuid": "cf4a8c8c-eab1-421f-b313-344aed03b42d", "value": "Checkpoint IndigoZebra July 2021" }, { "description": "Lakshmanan, R.. (2021, July 1). IndigoZebra APT Hacking Campaign Targets the Afghan Government. Retrieved September 24, 2021.", "meta": { "date_accessed": "2021-09-24T00:00:00Z", "date_published": "2021-07-01T00:00:00Z", "refs": [ "https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html" ], "source": "MITRE", "title": "IndigoZebra APT Hacking Campaign Targets the Afghan Government" }, "related": [], "uuid": "fcf8265a-3084-4162-87d0-9e77c0a5cff0", "value": "HackerNews IndigoZebra July 2021" }, { "description": "Check Point Research Team. (2021, August 14). Indra - Hackers Behind Recent Attacks on Iran. Retrieved February 17, 2022.", "meta": { "date_accessed": "2022-02-17T00:00:00Z", "date_published": "2021-08-14T00:00:00Z", "refs": [ "https://research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/" ], "source": "MITRE", "title": "Indra - Hackers Behind Recent Attacks on Iran" }, "related": [], "uuid": "bb79207f-3ab4-4b86-8b1c-d587724efb7c", "value": "Check Point Meteor Aug 2021" }, { "description": "Podlosky, A., Feeley, B. (2021, March 17). INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions. Retrieved September 15, 2021.", "meta": { "date_accessed": "2021-09-15T00:00:00Z", "date_published": "2021-03-17T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/" ], "source": "MITRE, Tidal Cyber", "title": "INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions" }, "related": [], "uuid": "4b77d313-ef3c-4d2f-bfde-609fa59a8f55", "value": "Crowdstrike EvilCorp March 2021" }, { "description": "ESET. (2022, April 12). Industroyer2: Industroyer reloaded. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2022-04-12T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/" ], "source": "MITRE", "title": "Industroyer2: Industroyer reloaded" }, "related": [], "uuid": "3ec01405-3240-5679-924f-f1194bca9a72", "value": "Industroyer2 ESET April 2022" }, { "description": "Anton Cherepanov, Robert Lipovsky. (2022, August). Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid. Retrieved April 6, 2023.", "meta": { "date_accessed": "2023-04-06T00:00:00Z", "date_published": "2022-08-01T00:00:00Z", "refs": [ "https://www.youtube.com/watch?v=xC9iM5wVedQ" ], "source": "MITRE", "title": "Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid" }, "related": [], "uuid": "d9e8ca96-8646-5dd9-bede-56305385b2e4", "value": "Industroyer2 Blackhat ESET" }, { "description": "Daniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker. (2022, April 25). INDUSTROYER.V2: Old Malware Learns New Tricks. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2022-04-25T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/industroyer-v2-old-malware-new-tricks" ], "source": "MITRE", "title": "INDUSTROYER.V2: Old Malware Learns New Tricks" }, "related": [], "uuid": "48edeadc-f1e7-5fda-be96-1c41f78fc65a", "value": "Industroyer2 Mandiant April 2022" }, { "description": "Warner, J.. (2015, January 6). Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies. Retrieved December 8, 2018.", "meta": { "date_accessed": "2018-12-08T00:00:00Z", "date_published": "2015-01-06T00:00:00Z", "refs": [ "https://web.archive.org/web/20160327101330/http://www.sixdub.net/?p=367" ], "source": "MITRE", "title": "Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies" }, "related": [], "uuid": "52190592-5809-4e7b-a19c-fc87b245025c", "value": "Sixdub PowerPick Jan 2016" }, { "description": "LOLBAS. (2018, May 25). Infdefaultinstall.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Infdefaultinstall/" ], "source": "Tidal Cyber", "title": "Infdefaultinstall.exe" }, "related": [], "uuid": "5e83d17c-dbdd-4a6c-a395-4f921b68ebec", "value": "Infdefaultinstall.exe - LOLBAS Project" }, { "description": "Oliveira, A. (2019, May 30). Infected Containers Target Docker via Exposed APIs. Retrieved April 6, 2021.", "meta": { "date_accessed": "2021-04-06T00:00:00Z", "date_published": "2019-05-30T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/19/e/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims.html" ], "source": "MITRE", "title": "Infected Containers Target Docker via Exposed APIs" }, "related": [], "uuid": "24ae5092-42ea-4c83-bdf7-c0e5026d9559", "value": "Trend Micro Exposed Docker APIs" }, { "description": "Stokes, P. (2021, November 15). Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma. Retrieved June 30, 2022.", "meta": { "date_accessed": "2022-06-30T00:00:00Z", "date_published": "2021-11-15T00:00:00Z", "refs": [ "https://www.sentinelone.com/labs/infect-if-needed-a-deeper-dive-into-targeted-backdoor-macos-macma/" ], "source": "MITRE", "title": "Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma" }, "related": [], "uuid": "5033e741-834c-49d6-bc89-f64b9508f8b5", "value": "SentinelOne MacMa Nov 2021" }, { "description": "Michael Stump. (2003). Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3). Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2003-01-01T00:00:00Z", "refs": [ "https://www.sans.org/reading-room/whitepapers/networkdevs/securing-snmp-net-snmp-snmpv3-1051" ], "source": "MITRE", "title": "Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3)" }, "related": [], "uuid": "616c9177-ca57-45f3-a613-d6450a94697d", "value": "SANS Information Security Reading Room Securing SNMP Securing SNMP" }, { "description": "Balanza, M. (2018, April 02). Infostealer.Catchamas. Retrieved July 10, 2018.", "meta": { "date_accessed": "2018-07-10T00:00:00Z", "date_published": "2018-04-02T00:00:00Z", "refs": [ "https://www-west.symantec.com/content/symantec/english/en/security-center/writeup.html/2018-040209-1742-99" ], "source": "MITRE", "title": "Infostealer.Catchamas" }, "related": [], "uuid": "155cc2df-adf4-4b5f-a377-272947e5757e", "value": "Symantec Catchamas April 2018" }, { "description": "Caragay, R. (2014, December 11). Info-Stealing File Infector Hits US, UK. Retrieved June 5, 2019.", "meta": { "date_accessed": "2019-06-05T00:00:00Z", "date_published": "2014-12-11T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/info-stealing-file-infector-hits-us-uk/" ], "source": "MITRE", "title": "Info-Stealing File Infector Hits US, UK" }, "related": [], "uuid": "889a21f2-e00b-44c2-aa8c-a33f5615678a", "value": "TrendMicro Ursnif File Dec 2014" }, { "description": "ThreatConnect. (2020, December 15). Infrastructure Research and Hunting: Boiling the Domain Ocean. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2020-12-15T00:00:00Z", "refs": [ "https://threatconnect.com/blog/infrastructure-research-hunting/" ], "source": "MITRE", "title": "Infrastructure Research and Hunting: Boiling the Domain Ocean" }, "related": [], "uuid": "96d479df-d312-4af7-a47d-2597a66291f1", "value": "ThreatConnect Infrastructure Dec 2020" }, { "description": "Kerrisk, M. (2021, March 22). INIT_MODULE(2). Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2021-03-22T00:00:00Z", "refs": [ "https://man7.org/linux/man-pages/man2/init_module.2.html" ], "source": "MITRE", "title": "INIT_MODULE(2)" }, "related": [], "uuid": "ab9c01ad-905e-4f73-b64f-1c6a5fb9a375", "value": "Init Man Page" }, { "description": "Raggi, M. (2021, December 1). Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors . Retrieved December 9, 2021.", "meta": { "date_accessed": "2021-12-09T00:00:00Z", "date_published": "2021-12-01T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread" ], "source": "MITRE", "title": "Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors" }, "related": [], "uuid": "8deb6edb-293f-4b9d-882a-541675864eb5", "value": "Proofpoint RTF Injection" }, { "description": "Mariani, B. (2011, September 6). Inline Hooking in Windows. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2011-09-06T00:00:00Z", "refs": [ "https://www.exploit-db.com/docs/17802.pdf" ], "source": "MITRE", "title": "Inline Hooking in Windows" }, "related": [], "uuid": "39ad1769-3dfb-4572-ab82-1e0c4f869ec8", "value": "HighTech Bridge Inline Hooking Sept 2011" }, { "description": "Stuart. (2018, March 31). In-Memory-Only ELF Execution (Without tmpfs). Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2018-03-31T00:00:00Z", "refs": [ "https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html" ], "source": "MITRE", "title": "In-Memory-Only ELF Execution (Without tmpfs)" }, "related": [], "uuid": "402745e1-a65a-4fa1-a86d-99b37221095c", "value": "Stuart ELF Memory" }, { "description": "ASERT Team. (2018, April 04). Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files. Retrieved July 9, 2018.", "meta": { "date_accessed": "2018-07-09T00:00:00Z", "date_published": "2018-04-04T00:00:00Z", "refs": [ "https://asert.arbornetworks.com/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-targeting-victim-files/" ], "source": "MITRE", "title": "Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files" }, "related": [], "uuid": "29c6575f-9e47-48cb-8162-15280002a6d5", "value": "ASERT InnaputRAT April 2018" }, { "description": "Microsoft Threat Protection Intelligence Team. (2020, June 18). Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint. Retrieved June 22, 2020.", "meta": { "date_accessed": "2020-06-22T00:00:00Z", "date_published": "2020-06-18T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/" ], "source": "MITRE", "title": "Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint" }, "related": [], "uuid": "c249bfcf-25c4-4502-b5a4-17783d581163", "value": "Microsoft Holmium June 2020" }, { "description": "Klijnsma, Y. (2018, September 11). Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims. Retrieved September 9, 2020.", "meta": { "date_accessed": "2020-09-09T00:00:00Z", "date_published": "2018-09-11T00:00:00Z", "refs": [ "https://web.archive.org/web/20181231220607/https://riskiq.com/blog/labs/magecart-british-airways-breach/" ], "source": "MITRE", "title": "Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims" }, "related": [], "uuid": "f6c0f295-c034-4957-8cd9-e2f4b89b5671", "value": "RiskIQ British Airways September 2018" }, { "description": "Philippe Alcoy, Steinthor Bjarnason, Paul Bowen, C.F. Chui, Kirill Kasavchnko, and Gary Sockrider of Netscout Arbor. (2018, January). Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2018-01-01T00:00:00Z", "refs": [ "https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf" ], "source": "MITRE", "title": "Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report" }, "related": [], "uuid": "cede4c72-718b-48c2-8a59-1f91555f6cf6", "value": "Arbor AnnualDoSreport Jan 2018" }, { "description": "O'Leary, J., et al. (2017, September 20). Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2017-09-20T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html" ], "source": "MITRE, Tidal Cyber", "title": "Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware" }, "related": [], "uuid": "70610469-db0d-45ab-a790-6e56309a39ec", "value": "FireEye APT33 Sept 2017" }, { "description": "Rich Trouton. (2019, August 9). Installer Package Scripting: Making your deployments easier, one ! at a time. Retrieved September 27, 2022.", "meta": { "date_accessed": "2022-09-27T00:00:00Z", "date_published": "2019-08-09T00:00:00Z", "refs": [ "https://cpb-us-e1.wpmucdn.com/sites.psu.edu/dist/4/24696/files/2019/07/psumac2019-345-Installer-Package-Scripting-Making-your-deployments-easier-one-at-a-time.pdf" ], "source": "MITRE", "title": "Installer Package Scripting: Making your deployments easier, one ! at a time" }, "related": [], "uuid": "7a877b67-ac4b-4d82-860a-75b5f0b8daae", "value": "Installer Package Scripting Rich Trouton" }, { "description": "Microsoft. (n.d.). Installing and Registering a Password Filter DLL. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms721766.aspx" ], "source": "MITRE", "title": "Installing and Registering a Password Filter DLL" }, "related": [], "uuid": "6e440b5d-e09a-4d65-b874-2c5babaa609d", "value": "Microsoft Install Password Filter n.d" }, { "description": "Microsoft. (2017, April 20). Installing an Unsigned Driver during Development and Test. Retrieved April 22, 2021.", "meta": { "date_accessed": "2021-04-22T00:00:00Z", "date_published": "2017-04-20T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-hardware/drivers/install/installing-an-unsigned-driver-during-development-and-test" ], "source": "MITRE", "title": "Installing an Unsigned Driver during Development and Test" }, "related": [], "uuid": "5964ff2e-0860-4e00-8103-89ba6466314c", "value": "Microsoft Unsigned Driver Apr 2017" }, { "description": "LOLBAS. (n.d.). Installutil.exe. Retrieved July 31, 2019.", "meta": { "date_accessed": "2019-07-31T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Installutil/" ], "source": "MITRE", "title": "Installutil.exe" }, "related": [], "uuid": "7dfb2c45-862a-4c25-a65a-55abea4b0e44", "value": "LOLBAS Installutil" }, { "description": "Microsoft. (n.d.). Installutil.exe (Installer Tool). Retrieved July 1, 2016.", "meta": { "date_accessed": "2016-07-01T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/50614e95.aspx" ], "source": "MITRE", "title": "Installutil.exe (Installer Tool)" }, "related": [], "uuid": "54d962fc-4ca6-4f5f-b383-ec87d711a764", "value": "MSDN InstallUtil" }, { "description": "Amazon. (n.d.). Instance identity documents. Retrieved April 2, 2021.", "meta": { "date_accessed": "2021-04-02T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html" ], "source": "MITRE", "title": "Instance identity documents" }, "related": [], "uuid": "efff0080-59fc-4ba7-ac91-771358f68405", "value": "AWS Instance Identity Documents" }, { "description": "AWS. (n.d.). Instance Metadata and User Data. Retrieved July 18, 2019.", "meta": { "date_accessed": "2019-07-18T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html" ], "source": "MITRE", "title": "Instance Metadata and User Data" }, "related": [], "uuid": "54a17f92-d73d-469f-87b3-34fb633bd9ed", "value": "AWS Instance Metadata API" }, { "description": "Higashi, Michael. (2018, May 15). Instance Metadata API: A Modern Day Trojan Horse. Retrieved July 16, 2019.", "meta": { "date_accessed": "2019-07-16T00:00:00Z", "date_published": "2018-05-15T00:00:00Z", "refs": [ "https://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse" ], "source": "MITRE", "title": "Instance Metadata API: A Modern Day Trojan Horse" }, "related": [], "uuid": "f85fa206-d5bf-41fc-a521-01ad6281bee7", "value": "RedLock Instance Metadata API 2018" }, { "description": "Tyrer, N. (n.d.). Instructions. Retrieved August 10, 2020.", "meta": { "date_accessed": "2020-08-10T00:00:00Z", "refs": [ "https://gist.github.com/NickTyrer/0598b60112eaafe6d07789f7964290d5" ], "source": "MITRE", "title": "Instructions" }, "related": [], "uuid": "f4f89926-71eb-4130-a644-8240d2bab721", "value": "Nick Tyrer GitHub" }, { "description": "Intel. (2013). Intel Hardware-based Security Technologies for Intelligent Retail Devices. Retrieved May 19, 2020.", "meta": { "date_accessed": "2020-05-19T00:00:00Z", "date_published": "2013-01-01T00:00:00Z", "refs": [ "https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/security-technologies-4th-gen-core-retail-paper.pdf" ], "source": "MITRE", "title": "Intel Hardware-based Security Technologies for Intelligent Retail Devices" }, "related": [], "uuid": "bffb9e71-ba97-4010-9ad7-29eb330a350c", "value": "Intel Hardware-based Security Technologies" }, { "description": "Microsoft. (2017, June 16). Intercepting All Incoming IIS Requests. Retrieved June 3, 2021.", "meta": { "date_accessed": "2021-06-03T00:00:00Z", "date_published": "2017-06-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525696(v=vs.90)" ], "source": "MITRE", "title": "Intercepting All Incoming IIS Requests" }, "related": [], "uuid": "7d182eee-eaa8-4b6f-803d-8eb64e338663", "value": "Microsoft ISAPI Extension All Incoming 2017" }, { "description": "Bialek, J. (2013, September 15). Intercepting Password Changes With Function Hooking. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2013-09-15T00:00:00Z", "refs": [ "https://clymb3r.wordpress.com/2013/09/15/intercepting-password-changes-with-function-hooking/" ], "source": "MITRE", "title": "Intercepting Password Changes With Function Hooking" }, "related": [], "uuid": "4889912b-4512-45c7-83d3-70ae47c5a4a0", "value": "Clymb3r Function Hook Passwords Sept 2013" }, { "description": "Microsoft. (n.d.). Internet Control Message Protocol (ICMP) Basics. Retrieved December 1, 2014.", "meta": { "date_accessed": "2014-12-01T00:00:00Z", "refs": [ "http://support.microsoft.com/KB/170292" ], "source": "MITRE", "title": "Internet Control Message Protocol (ICMP) Basics" }, "related": [], "uuid": "47612548-dad1-4bf3-aa6f-a53aefa06f6a", "value": "Microsoft ICMP" }, { "description": "N/A. (2021, April 1). Inter Process Communication (IPC). Retrieved March 11, 2022.", "meta": { "date_accessed": "2022-03-11T00:00:00Z", "date_published": "2021-04-01T00:00:00Z", "refs": [ "https://www.geeksforgeeks.org/inter-process-communication-ipc/#:~:text=Inter%2Dprocess%20communication%20(IPC),of%20co%2Doperation%20between%20them." ], "source": "MITRE", "title": "Inter Process Communication (IPC)" }, "related": [], "uuid": "05293061-ce09-49b5-916a-bb7353acfdfa", "value": "Linux IPC" }, { "description": "Hananel Livneh. (2022, April 7). Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022. Retrieved May 31, 2022.", "meta": { "date_accessed": "2022-05-31T00:00:00Z", "date_published": "2022-04-07T00:00:00Z", "refs": [ "https://thehackernews.com/2022/04/into-breach-breaking-down-3-saas-app.html" ], "source": "MITRE", "title": "Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022" }, "related": [], "uuid": "e4ff75cd-b8fd-4fba-a2da-379a073003ab", "value": "HackerNews - 3 SaaS App Cyber Attacks - April 2022" }, { "description": "Lambert, T. (2020, May 7). Introducing Blue Mockingbird. Retrieved May 26, 2020.", "meta": { "date_accessed": "2020-05-26T00:00:00Z", "date_published": "2020-05-07T00:00:00Z", "refs": [ "https://redcanary.com/blog/blue-mockingbird-cryptominer/" ], "source": "MITRE, Tidal Cyber", "title": "Introducing Blue Mockingbird" }, "related": [], "uuid": "596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0", "value": "RedCanary Mockingbird May 2020" }, { "description": "Fidelis Threat Research Team. (2016, January 27). Introducing Hi-Zor RAT. Retrieved March 24, 2016.", "meta": { "date_accessed": "2016-03-24T00:00:00Z", "date_published": "2016-01-27T00:00:00Z", "refs": [ "https://www.fidelissecurity.com/threatgeek/archive/introducing-hi-zor-rat/" ], "source": "MITRE", "title": "Introducing Hi-Zor RAT" }, "related": [], "uuid": "0c9ff201-283a-4527-8cb8-6f0d05a4f724", "value": "Fidelis Hi-Zor" }, { "description": "Dirk-jan Mollema. (2020, April 16). Introducing ROADtools - The Azure AD exploration framework. Retrieved January 31, 2022.", "meta": { "date_accessed": "2022-01-31T00:00:00Z", "date_published": "2020-04-16T00:00:00Z", "refs": [ "https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/" ], "source": "MITRE", "title": "Introducing ROADtools - The Azure AD exploration framework" }, "related": [], "uuid": "803f3512-1831-4535-8b16-b89fae20f944", "value": "Roadtools" }, { "description": "Mercer, W., Rascagneres, P. (2017, April 03). Introducing ROKRAT. Retrieved May 21, 2018.", "meta": { "date_accessed": "2018-05-21T00:00:00Z", "date_published": "2017-04-03T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2017/04/introducing-rokrat.html" ], "source": "MITRE", "title": "Introducing ROKRAT" }, "related": [], "uuid": "1bd78a2f-2bc6-426f-ac9f-16bf3fdf4cdf", "value": "Talos ROKRAT" }, { "description": "Microsoft. (2014, July 9). Introducing the Office (2007) Open XML File Formats. Retrieved July 20, 2018.", "meta": { "date_accessed": "2018-07-20T00:00:00Z", "date_published": "2014-07-09T00:00:00Z", "refs": [ "https://docs.microsoft.com/previous-versions/office/developer/office-2007/aa338205(v=office.12)" ], "source": "MITRE", "title": "Introducing the Office (2007) Open XML File Formats" }, "related": [], "uuid": "8145f894-6477-4629-81de-1dd26070ee0a", "value": "Microsoft Open XML July 2017" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2017, August 30). Introducing WhiteBear. Retrieved September 21, 2017.", "meta": { "date_accessed": "2017-09-21T00:00:00Z", "date_published": "2017-08-30T00:00:00Z", "refs": [ "https://securelist.com/introducing-whitebear/81638/" ], "source": "MITRE", "title": "Introducing WhiteBear" }, "related": [], "uuid": "44626060-3d9b-480e-b4ea-7dac27878e5e", "value": "Securelist WhiteBear Aug 2017" }, { "description": "Arntz, P. (2015, July 22). Introduction to Alternate Data Streams. Retrieved March 21, 2018.", "meta": { "date_accessed": "2018-03-21T00:00:00Z", "date_published": "2015-07-22T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/" ], "source": "MITRE", "title": "Introduction to Alternate Data Streams" }, "related": [], "uuid": "b552cf89-1880-48de-9088-c755c38821c1", "value": "MalwareBytes ADS July 2015" }, { "description": "Apple. (2016, January 25). Introduction to AppleScript Language Guide. Retrieved March 28, 2020.", "meta": { "date_accessed": "2020-03-28T00:00:00Z", "date_published": "2016-01-25T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/AppleScript/Conceptual/AppleScriptLangGuide/introduction/ASLR_intro.html" ], "source": "MITRE", "title": "Introduction to AppleScript Language Guide" }, "related": [], "uuid": "b23abcb8-3004-4a42-8ada-58cdbd65e171", "value": "Apple AppleScript" }, { "description": "Microsoft. (n.d.). Introduction to Outlook Data Files (.pst and .ost). Retrieved February 19, 2020.", "meta": { "date_accessed": "2020-02-19T00:00:00Z", "refs": [ "https://support.office.com/en-us/article/introduction-to-outlook-data-files-pst-and-ost-222eaf92-a995-45d9-bde2-f331f60e2790" ], "source": "MITRE", "title": "Introduction to Outlook Data Files (.pst and .ost)" }, "related": [], "uuid": "29f4cc6b-1fa5-434d-ab4f-6bb169e2287a", "value": "Microsoft Outlook Files" }, { "description": "Microsoft. (2023, June 26). Introduction to print processors. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "date_published": "2023-06-26T00:00:00Z", "refs": [ "https://learn.microsoft.com/windows-hardware/drivers/print/introduction-to-print-processors" ], "source": "MITRE", "title": "Introduction to print processors" }, "related": [], "uuid": "ba04b0d0-1c39-5f48-824c-110ee7affbf3", "value": "Microsoft Intro Print Processors" }, { "description": "Microsoft. (2017, March 30). Introduction to Windows Service Applications. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2017-03-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/dotnet/framework/windows-services/introduction-to-windows-service-applications" ], "source": "MITRE", "title": "Introduction to Windows Service Applications" }, "related": [], "uuid": "444c8983-47ef-45b4-a3a6-5566f4fa2732", "value": "Microsoft Services" }, { "description": "Lambert, T. (2020, January 29). Intro to Netwire. Retrieved January 7, 2021.", "meta": { "date_accessed": "2021-01-07T00:00:00Z", "date_published": "2020-01-29T00:00:00Z", "refs": [ "https://redcanary.com/blog/netwire-remote-access-trojan-on-linux/" ], "source": "MITRE", "title": "Intro to Netwire" }, "related": [], "uuid": "563249e1-edda-48fc-ac90-f198dd71619e", "value": "Red Canary NETWIRE January 2020" }, { "description": "D. (n.d.). Intro to Webhooks. Retrieved July 20, 2023.", "meta": { "date_accessed": "2023-07-20T00:00:00Z", "refs": [ "https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks" ], "source": "MITRE", "title": "Intro to Webhooks" }, "related": [], "uuid": "bf5b3773-29cc-539a-a0f0-a6d1d63dee2d", "value": "Discord Intro to Webhooks" }, { "description": "Robertson, K. (2015, April 2). Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. Retrieved March 11, 2019.", "meta": { "date_accessed": "2019-03-11T00:00:00Z", "date_published": "2015-04-02T00:00:00Z", "refs": [ "https://github.com/Kevin-Robertson/Inveigh" ], "source": "MITRE", "title": "Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool" }, "related": [], "uuid": "cca306e5-f9da-4782-a06f-ba3ad70e34ca", "value": "GitHub Inveigh" }, { "description": "Piper, S.. (2018, September 24). Investigating Malicious AMIs. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "date_published": "2018-09-24T00:00:00Z", "refs": [ "https://summitroute.com/blog/2018/09/24/investigating_malicious_amis/" ], "source": "MITRE", "title": "Investigating Malicious AMIs" }, "related": [], "uuid": "e93e16fc-4ae4-4f1f-9d80-dc48c1c30e25", "value": "Summit Route Malicious AMIs" }, { "description": "Hastings, M. (2014, July 16). Investigating PowerShell Attacks. Retrieved December 1, 2021.", "meta": { "date_accessed": "2021-12-01T00:00:00Z", "date_published": "2014-07-16T00:00:00Z", "refs": [ "https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/" ], "source": "MITRE", "title": "Investigating PowerShell Attacks" }, "related": [], "uuid": "07d9d2c6-dd79-42a5-9024-ba0e66b1913b", "value": "inv_ps_attacks" }, { "description": "Kazanciyan, R. & Hastings, M. (2014). Defcon 22 Presentation. Investigating PowerShell Attacks [slides]. Retrieved November 3, 2014.", "meta": { "date_accessed": "2014-11-03T00:00:00Z", "refs": [ "https://www.defcon.org/images/defcon-22/dc-22-presentations/Kazanciyan-Hastings/DEFCON-22-Ryan-Kazanciyan-Matt-Hastings-Investigating-Powershell-Attacks.pdf" ], "source": "MITRE", "title": "Investigating PowerShell Attacks [slides]" }, "related": [], "uuid": "bd3f04cd-04ef-41f0-9a15-d9f0a3ed1db9", "value": "Kazanciyan 2014" }, { "description": "Beek, C. (2020, December 3). Investigating the Use of VHD Files By Cybercriminals. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2020-12-03T00:00:00Z", "refs": [ "https://medium.com/swlh/investigating-the-use-of-vhd-files-by-cybercriminals-3f1f08304316" ], "source": "MITRE", "title": "Investigating the Use of VHD Files By Cybercriminals" }, "related": [], "uuid": "7a1131ab-e4b1-4569-8e28-3650312cc804", "value": "Beek Use of VHD Dec 2020" }, { "description": "Hromcová, Z. (2018, June 07). InvisiMole: Surprisingly equipped spyware, undercover since 2013. Retrieved July 10, 2018.", "meta": { "date_accessed": "2018-07-10T00:00:00Z", "date_published": "2018-06-07T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" ], "source": "MITRE", "title": "InvisiMole: Surprisingly equipped spyware, undercover since 2013" }, "related": [], "uuid": "629fa1d8-06cb-405c-a2f7-c511b54cd727", "value": "ESET InvisiMole June 2018" }, { "description": "Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE HIDDEN PART OF THE STORY. Retrieved July 16, 2020.", "meta": { "date_accessed": "2020-07-16T00:00:00Z", "date_published": "2020-06-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" ], "source": "MITRE", "title": "INVISIMOLE: THE HIDDEN PART OF THE STORY" }, "related": [], "uuid": "d10cfda8-8fd8-4ada-8c61-dba6065b0bac", "value": "ESET InvisiMole June 2020" }, { "description": "Yair, O. (2019, August 19). Invisi-Shell. Retrieved June 24, 2020.", "meta": { "date_accessed": "2020-06-24T00:00:00Z", "date_published": "2019-08-19T00:00:00Z", "refs": [ "https://github.com/OmerYa/Invisi-Shell" ], "source": "MITRE", "title": "Invisi-Shell" }, "related": [], "uuid": "26c1b8f4-ff59-409e-b616-04eee38a8a9f", "value": "GitHub OmerYa Invisi-Shell" }, { "description": "Bohannon, D. (2018, March 19). Invoke-DOSfuscation. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "date_published": "2018-03-19T00:00:00Z", "refs": [ "https://github.com/danielbohannon/Invoke-DOSfuscation" ], "source": "MITRE", "title": "Invoke-DOSfuscation" }, "related": [], "uuid": "d2f7fe4a-1a3a-5b26-8247-4f05c96974bf", "value": "Invoke-DOSfuscation" }, { "description": "Schroeder, W. & Hart M. (2016, October 31). Invoke-Kerberoast. Retrieved March 23, 2018.", "meta": { "date_accessed": "2018-03-23T00:00:00Z", "date_published": "2016-10-31T00:00:00Z", "refs": [ "https://powersploit.readthedocs.io/en/latest/Recon/Invoke-Kerberoast/" ], "source": "MITRE", "title": "Invoke-Kerberoast" }, "related": [], "uuid": "8db88e6f-3d45-4896-87e9-75b24c8628f3", "value": "PowerSploit Invoke Kerberoast" }, { "description": "EmpireProject. (2016, October 31). Invoke-Kerberoast.ps1. Retrieved March 22, 2018.", "meta": { "date_accessed": "2018-03-22T00:00:00Z", "date_published": "2016-10-31T00:00:00Z", "refs": [ "https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1" ], "source": "MITRE", "title": "Invoke-Kerberoast.ps1" }, "related": [], "uuid": "a358bf8f-166e-4726-adfd-415e953d4ffe", "value": "Empire InvokeKerberoast Oct 2016" }, { "description": "Bialek, J. (2015, December 16). Invoke-NinjaCopy.ps1. Retrieved June 2, 2016.", "meta": { "date_accessed": "2016-06-02T00:00:00Z", "date_published": "2015-12-16T00:00:00Z", "refs": [ "https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-NinjaCopy.ps1" ], "source": "MITRE", "title": "Invoke-NinjaCopy.ps1" }, "related": [], "uuid": "e92aed6b-348b-4dab-8292-fee0698e4a85", "value": "Github PowerSploit Ninjacopy" }, { "description": "Bohannon, D. (2016, September 24). Invoke-Obfuscation. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "date_published": "2016-09-24T00:00:00Z", "refs": [ "https://github.com/danielbohannon/Invoke-Obfuscation" ], "source": "MITRE", "title": "Invoke-Obfuscation" }, "related": [], "uuid": "4cc6a80f-d758-524b-9519-5b839d4918bd", "value": "Invoke-Obfuscation" }, { "description": "Bohannon, D.. (2017, March 13). Invoke-Obfuscation - PowerShell Obfuscator. Retrieved June 18, 2017.", "meta": { "date_accessed": "2017-06-18T00:00:00Z", "date_published": "2017-03-13T00:00:00Z", "refs": [ "https://github.com/danielbohannon/Invoke-Obfuscation" ], "source": "MITRE", "title": "Invoke-Obfuscation - PowerShell Obfuscator" }, "related": [], "uuid": "956b3d80-4e19-4cab-a65f-ad86f233aa12", "value": "GitHub Invoke-Obfuscation" }, { "description": "Barrett Adams . (n.d.). Invoke-PSImage . Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "refs": [ "https://github.com/peewpw/Invoke-PSImage" ], "source": "MITRE", "title": "Invoke-PSImage" }, "related": [], "uuid": "449c873c-c5af-45b8-8bd7-505d2181a05c", "value": "GitHub PSImage" }, { "description": "Adams, B. (2017, December 17). Invoke-PSImage. Retrieved April 10, 2018.", "meta": { "date_accessed": "2018-04-10T00:00:00Z", "date_published": "2017-12-17T00:00:00Z", "refs": [ "https://github.com/peewpw/Invoke-PSImage" ], "source": "MITRE", "title": "Invoke-PSImage" }, "related": [], "uuid": "dd210b79-bd5f-4282-9542-4d1ae2f16438", "value": "GitHub Invoke-PSImage" }, { "description": "Xen. (n.d.). In Wikipedia. Retrieved November 13, 2014.", "meta": { "date_accessed": "2014-11-13T00:00:00Z", "refs": [ "http://en.wikipedia.org/wiki/Xen" ], "source": "MITRE", "title": "In Wikipedia" }, "related": [], "uuid": "4ce05edd-da25-4559-8489-b78cdd2c0f3d", "value": "Wikipedia Xen" }, { "description": "Microsoft. (n.d.). Ipconfig. Retrieved April 17, 2016.", "meta": { "date_accessed": "2016-04-17T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490921.aspx" ], "source": "MITRE", "title": "Ipconfig" }, "related": [], "uuid": "8a6e6f59-70fb-48bf-96d2-318dd92df995", "value": "TechNet Ipconfig" }, { "description": "Cisco. (2021, August 23). ip ssh pubkey-chain. Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2021-08-23T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-i3.html#wp1254331478" ], "source": "MITRE", "title": "ip ssh pubkey-chain" }, "related": [], "uuid": "c6ffe974-f304-598c-bc4d-5da607c73802", "value": "cisco_ip_ssh_pubkey_ch_cmd" }, { "description": "Symantec Security Response. (2015, December 7). Iran-based attackers use back door threats to spy on Middle Eastern targets. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2015-12-07T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets" ], "source": "MITRE", "title": "Iran-based attackers use back door threats to spy on Middle Eastern targets" }, "related": [], "uuid": "0a6166a3-5649-4117-97f4-7b8b5b559929", "value": "Symantec Chafer Dec 2015" }, { "description": "CISA. (2020, September 15). Iran-Based Threat Actor Exploits VPN Vulnerabilities. Retrieved December 21, 2020.", "meta": { "date_accessed": "2020-12-21T00:00:00Z", "date_published": "2020-09-15T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/aa20-259a" ], "source": "MITRE", "title": "Iran-Based Threat Actor Exploits VPN Vulnerabilities" }, "related": [], "uuid": "1bbc9446-9214-4fcd-bc7c-bf528370b4f8", "value": "CISA AA20-259A Iran-Based Actor September 2020" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2020, November 3). Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data. Retrieved October 25, 2023.", "meta": { "date_accessed": "2023-10-25T00:00:00Z", "date_published": "2020-11-03T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-304a" ], "source": "Tidal Cyber", "title": "Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data" }, "related": [], "uuid": "be89be75-c33f-4c58-8bf0-979c1debaad7", "value": "U.S. CISA Iran Voter Data November 3 2020" }, { "description": "ClearSky. (2019, June). Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal. Retrieved May 14, 2020.", "meta": { "date_accessed": "2020-05-14T00:00:00Z", "date_published": "2019-06-01T00:00:00Z", "refs": [ "https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf" ], "source": "MITRE", "title": "Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal" }, "related": [], "uuid": "9789d60b-a417-42dc-b690-24ccb77b8658", "value": "ClearSky MuddyWater June 2019" }, { "description": "Malhortra, A and Ventura, V. (2022, January 31). Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables. Retrieved June 22, 2022.", "meta": { "date_accessed": "2022-06-22T00:00:00Z", "date_published": "2022-01-31T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html" ], "source": "MITRE", "title": "Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables" }, "related": [], "uuid": "a2d79c6a-16d6-4dbd-b8a5-845dcc36212d", "value": "Talos MuddyWater Jan 2022" }, { "description": "Rusu, B. (2020, May 21). Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia. Retrieved May 22, 2020.", "meta": { "date_accessed": "2020-05-22T00:00:00Z", "date_published": "2020-05-21T00:00:00Z", "refs": [ "https://www.bitdefender.com/blog/labs/iranian-chafer-apt-targeted-air-transportation-and-government-in-kuwait-and-saudi-arabia/" ], "source": "MITRE", "title": "Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia" }, "related": [], "uuid": "24ea6a5d-2593-4639-8616-72988bf2fa07", "value": "BitDefender Chafer May 2020" }, { "description": "FBI, CISA, CNMF, NCSC-UK. (2022, February 24). Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks. Retrieved September 27, 2022.", "meta": { "date_accessed": "2022-09-27T00:00:00Z", "date_published": "2022-02-24T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-055a" ], "source": "MITRE", "title": "Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks" }, "related": [], "uuid": "e76570e1-43ab-4819-80bc-895ede67a205", "value": "DHS CISA AA22-055A MuddyWater February 2022" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2022, November 25). Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. Retrieved October 25, 2023.", "meta": { "date_accessed": "2023-10-25T00:00:00Z", "date_published": "2022-11-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-320a" ], "source": "Tidal Cyber", "title": "Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester" }, "related": [], "uuid": "daae1f54-8471-4620-82d5-023d04144acd", "value": "U.S. CISA Advisory November 25 2022" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2021, November 19). Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities. Retrieved October 25, 2023.", "meta": { "date_accessed": "2023-10-25T00:00:00Z", "date_published": "2021-11-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-321a" ], "source": "Tidal Cyber", "title": "Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities" }, "related": [], "uuid": "d7014279-bc6a-43d4-953a-a6bc1d97a13b", "value": "U.S. CISA Iranian Government Actors November 19 2021" }, { "description": "Lennon, M. (2014, May 29). Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2014-05-29T00:00:00Z", "refs": [ "https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation" ], "source": "MITRE", "title": "Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation" }, "related": [], "uuid": "9abb4bbb-bad3-4d22-b235-c8a35465f2ce", "value": "NEWSCASTER2014" }, { "description": "Cyber National Mission Force. (2022, January 12). Iranian intel cyber suite of malware uses open source tools. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2022-01-12T00:00:00Z", "refs": [ "https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/" ], "source": "MITRE", "title": "Iranian intel cyber suite of malware uses open source tools" }, "related": [], "uuid": "671e1559-c7dc-4cb4-a9a1-21776f2ae56a", "value": "CYBERCOM Iranian Intel Cyber January 2022" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2022, September 14). Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. Retrieved October 25, 2023.", "meta": { "date_accessed": "2023-10-25T00:00:00Z", "date_published": "2022-09-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-257a" ], "source": "Tidal Cyber", "title": "Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations" }, "related": [], "uuid": "728b20b0-f702-4dbe-afea-50270648a3a2", "value": "U.S. CISA IRGC Actors September 14 2022" }, { "description": "Counter Threat Unit Research Team. (2017, February 15). Iranian PupyRAT Bites Middle Eastern Organizations. Retrieved December 27, 2017.", "meta": { "date_accessed": "2017-12-27T00:00:00Z", "date_published": "2017-02-15T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations" ], "source": "MITRE", "title": "Iranian PupyRAT Bites Middle Eastern Organizations" }, "related": [], "uuid": "f9de25b4-5539-4a33-84b5-f26a84544859", "value": "Secureworks Cobalt Gypsy Feb 2017" }, { "description": "ClearSky Cybersecurity. (2017, January 5). Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford. Retrieved May 3, 2017.", "meta": { "date_accessed": "2017-05-03T00:00:00Z", "date_published": "2017-01-05T00:00:00Z", "refs": [ "http://www.clearskysec.com/oilrig/" ], "source": "MITRE", "title": "Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford" }, "related": [], "uuid": "f19f9ad4-bb31-443b-9c26-87946469a0c3", "value": "ClearSky OilRig Jan 2017" }, { "description": "Singh, S. et al.. (2018, March 13). Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2018-03-13T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html" ], "source": "MITRE", "title": "Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign" }, "related": [], "uuid": "82cddfa6-9463-49bb-8bdc-0c7d6b0e1472", "value": "FireEye MuddyWater Mar 2018" }, { "description": "Check Point. (2021, April 8). Iran’s APT34 Returns with an Updated Arsenal. Retrieved May 5, 2021.", "meta": { "date_accessed": "2021-05-05T00:00:00Z", "date_published": "2021-04-08T00:00:00Z", "refs": [ "https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/" ], "source": "MITRE", "title": "Iran’s APT34 Returns with an Updated Arsenal" }, "related": [], "uuid": "593e8f9f-88ec-4bdc-90c3-1a320fa8a041", "value": "Check Point APT34 April 2021" }, { "description": "Higgins, K. (2019, January 30). Iran Ups its Traditional Cyber Espionage Tradecraft. Retrieved May 22, 2020.", "meta": { "date_accessed": "2020-05-22T00:00:00Z", "date_published": "2019-01-30T00:00:00Z", "refs": [ "https://www.darkreading.com/attacks-breaches/iran-ups-its-traditional-cyber-espionage-tradecraft/d/d-id/1333764" ], "source": "MITRE", "title": "Iran Ups its Traditional Cyber Espionage Tradecraft" }, "related": [], "uuid": "b310dfa4-f4ee-4a0c-82af-b0fdef1a1f58", "value": "Dark Reading APT39 JAN 2019" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, December 1). IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities. Retrieved December 5, 2023.", "meta": { "date_accessed": "2023-12-05T00:00:00Z", "date_published": "2023-12-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a" ], "source": "Tidal Cyber", "title": "IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities" }, "related": [], "uuid": "51a18523-5276-4a67-8644-2bc6997d043c", "value": "U.S. CISA IRGC-Affiliated PLC Activity December 2023" }, { "description": "Secureworks CTU. (n.d.). IRON HEMLOCK. Retrieved February 22, 2022.", "meta": { "date_accessed": "2022-02-22T00:00:00Z", "refs": [ "http://www.secureworks.com/research/threat-profiles/iron-hemlock" ], "source": "MITRE", "title": "IRON HEMLOCK" }, "related": [], "uuid": "36191a48-4661-42ea-b194-2915c9b184f3", "value": "Secureworks IRON HEMLOCK Profile" }, { "description": "Secureworks CTU. (n.d.). IRON HUNTER. Retrieved February 22, 2022.", "meta": { "date_accessed": "2022-02-22T00:00:00Z", "refs": [ "http://www.secureworks.com/research/threat-profiles/iron-hunter" ], "source": "MITRE", "title": "IRON HUNTER" }, "related": [], "uuid": "af5cb7da-61e0-49dc-8132-c019ce5ea6d3", "value": "Secureworks IRON HUNTER Profile" }, { "description": "Secureworks. (n.d.). IRON LIBERTY. Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/iron-liberty" ], "source": "MITRE", "title": "IRON LIBERTY" }, "related": [], "uuid": "b82ba824-4543-41ec-a686-6479d5f67b4d", "value": "Secureworks IRON LIBERTY" }, { "description": "Reichel, D. (2021, February 19). IronNetInjector: Turla’s New Malware Loading Tool. Retrieved February 24, 2021.", "meta": { "date_accessed": "2021-02-24T00:00:00Z", "date_published": "2021-02-19T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/ironnetinjector/" ], "source": "MITRE", "title": "IronNetInjector: Turla’s New Malware Loading Tool" }, "related": [], "uuid": "f04c89f7-d951-4ebc-a5e4-2cc69476c43f", "value": "Unit 42 IronNetInjector February 2021" }, { "description": "Secureworks CTU. (n.d.). IRON RITUAL. Retrieved February 24, 2022.", "meta": { "date_accessed": "2022-02-24T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/iron-ritual" ], "source": "MITRE", "title": "IRON RITUAL" }, "related": [], "uuid": "c1ff66d6-3ea3-4347-8a8b-447cd8b48dab", "value": "Secureworks IRON RITUAL Profile" }, { "description": "Lunghi, D. and Lu, K. (2021, April 9). Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware. Retrieved November 12, 2021.", "meta": { "date_accessed": "2021-11-12T00:00:00Z", "date_published": "2021-04-09T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html" ], "source": "MITRE", "title": "Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware" }, "related": [], "uuid": "d0890d4f-e7ca-4280-a54e-d147f6dd72aa", "value": "Trend Micro Iron Tiger April 2021" }, { "description": "Daniel Lunghi. (2023, March 1). Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting. Retrieved March 20, 2023.", "meta": { "date_accessed": "2023-03-20T00:00:00Z", "date_published": "2023-03-01T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html" ], "source": "MITRE", "title": "Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting" }, "related": [], "uuid": "1acc2a21-4456-5fbc-9732-87550cea8b53", "value": "Lunghi Iron Tiger Linux" }, { "description": "Secureworks CTU. (n.d.). IRON TILDEN. Retrieved February 24, 2022.", "meta": { "date_accessed": "2022-02-24T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/iron-tilden" ], "source": "MITRE", "title": "IRON TILDEN" }, "related": [], "uuid": "45969d87-02c1-4074-b708-59f4c3e39426", "value": "Secureworks IRON TILDEN Profile" }, { "description": "Secureworks CTU. (n.d.). IRON TWILIGHT. Retrieved February 28, 2022.", "meta": { "date_accessed": "2022-02-28T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/iron-twilight" ], "source": "MITRE", "title": "IRON TWILIGHT" }, "related": [], "uuid": "2fc5b9dc-3745-4760-b116-5cc5abb9101d", "value": "Secureworks IRON TWILIGHT Profile" }, { "description": "Secureworks CTU. (2017, March 30). IRON TWILIGHT Supports Active Measures. Retrieved February 28, 2022.", "meta": { "date_accessed": "2022-02-28T00:00:00Z", "date_published": "2017-03-30T00:00:00Z", "refs": [ "https://www.secureworks.com/research/iron-twilight-supports-active-measures" ], "source": "MITRE, Tidal Cyber", "title": "IRON TWILIGHT Supports Active Measures" }, "related": [], "uuid": "0d28c882-5175-4bcf-9c82-e6c4394326b6", "value": "Secureworks IRON TWILIGHT Active Measures March 2017" }, { "description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.", "meta": { "date_accessed": "2020-06-10T00:00:00Z", "date_published": "2020-05-01T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/iron-viking" ], "source": "MITRE", "title": "IRON VIKING Threat Profile" }, "related": [], "uuid": "900753b3-c5a2-4fb5-ab7b-d38df867077b", "value": "Secureworks IRON VIKING" }, { "description": "ESET. (2022, March 1). IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine. Retrieved April 10, 2022.", "meta": { "date_accessed": "2022-04-10T00:00:00Z", "date_published": "2022-03-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine" ], "source": "MITRE", "title": "IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine" }, "related": [], "uuid": "e0337ce9-2ca9-4877-b116-8c4d9d864df0", "value": "ESET Hermetic Wizard March 2022" }, { "description": "Microsoft. (2016, September 26). ISAPI/CGI Restrictions . Retrieved June 3, 2021.", "meta": { "date_accessed": "2021-06-03T00:00:00Z", "date_published": "2016-09-26T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/isapicgirestriction/" ], "source": "MITRE", "title": "ISAPI/CGI Restrictions " }, "related": [], "uuid": "7d42501b-5a6e-4916-aa58-64ce6c00501e", "value": "Microsoft ISAPICGIRestriction 2016" }, { "description": "Microsoft. (2017, June 16). ISAPI Extension Overview. Retrieved June 3, 2021.", "meta": { "date_accessed": "2021-06-03T00:00:00Z", "date_published": "2017-06-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525172(v=vs.90)" ], "source": "MITRE", "title": "ISAPI Extension Overview" }, "related": [], "uuid": "d00a692f-b990-4757-8acd-56818462ac0c", "value": "Microsoft ISAPI Extension Overview 2017" }, { "description": "Microsoft. (2017, June 16). ISAPI Filter Overview. Retrieved June 3, 2021.", "meta": { "date_accessed": "2021-06-03T00:00:00Z", "date_published": "2017-06-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524610(v=vs.90)" ], "source": "MITRE", "title": "ISAPI Filter Overview" }, "related": [], "uuid": "2fdbf1ba-0480-4d70-9981-3b5967656472", "value": "Microsoft ISAPI Filter Overview 2017" }, { "description": "Ward, S.. (2014, October 14). iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign. Retrieved June 10, 2020.", "meta": { "date_accessed": "2020-06-10T00:00:00Z", "date_published": "2014-10-14T00:00:00Z", "refs": [ "https://web.archive.org/web/20160503234007/https://www.isightpartners.com/2014/10/cve-2014-4114/" ], "source": "MITRE", "title": "iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign" }, "related": [], "uuid": "31262b8d-27fb-4976-9d53-4fb39b5b835a", "value": "iSight Sandworm Oct 2014" }, { "description": "CrySyS Lab. (2013, March 20). TeamSpy – Obshie manevri. Ispolzovat’ tolko s razreshenija S-a. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "refs": [ "https://blog.crysys.hu/2013/03/teamspy/" ], "source": "MITRE", "title": "Ispolzovat’ tolko s razreshenija S-a" }, "related": [], "uuid": "f21ea3e2-7983-44d2-b78f-80d84bbc4f52", "value": "CrySyS Blog TeamSpy" }, { "description": "William J. Broad, John Markoff, and David E. Sanger. (2011, January 15). Israeli Test on Worm Called Crucial in Iran Nuclear Delay. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2011-01-15T00:00:00Z", "refs": [ "https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html" ], "source": "MITRE", "title": "Israeli Test on Worm Called Crucial in Iran Nuclear Delay" }, "related": [], "uuid": "38b0cf78-88d0-487f-b2b0-81264f457dd0", "value": "NYTStuxnet" }, { "description": "Microsoft. (2011, July 19). Issues with BITS. Retrieved January 12, 2018.", "meta": { "date_accessed": "2018-01-12T00:00:00Z", "date_published": "2011-07-19T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/dd939934.aspx" ], "source": "MITRE", "title": "Issues with BITS" }, "related": [], "uuid": "c67ddc5e-9e6c-40c0-9876-ee191cda7658", "value": "Microsoft Issues with BITS July 2011" }, { "description": "Ready.gov. (n.d.). IT Disaster Recovery Plan. Retrieved March 15, 2019.", "meta": { "date_accessed": "2019-03-15T00:00:00Z", "refs": [ "https://www.ready.gov/business/implementation/IT" ], "source": "MITRE", "title": "IT Disaster Recovery Plan" }, "related": [], "uuid": "66da7fcb-421b-4e2f-b575-222f465d5901", "value": "Ready.gov IT DRP" }, { "description": "Villadsen, O. (2020, April 7). ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework. Retrieved October 8, 2020.", "meta": { "date_accessed": "2020-10-08T00:00:00Z", "date_published": "2020-04-07T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/" ], "source": "MITRE", "title": "ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework" }, "related": [], "uuid": "32569f59-14fb-4581-8a42-3bf49fb189e9", "value": "Security Intelligence ITG08 April 2020" }, { "description": "Adamitis, D. et al. (2019, June 4). It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign. Retrieved May 11, 2020.", "meta": { "date_accessed": "2020-05-11T00:00:00Z", "date_published": "2019-06-04T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html" ], "source": "MITRE", "title": "It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign" }, "related": [], "uuid": "a6faa495-db01-43e8-9db3-d446570802bc", "value": "Talos Frankenstein June 2019" }, { "description": "Metcalf, S. (2015, July 15). It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts. Retrieved February 14, 2019.", "meta": { "date_accessed": "2019-02-14T00:00:00Z", "date_published": "2015-07-15T00:00:00Z", "refs": [ "https://adsecurity.org/?p=1588" ], "source": "MITRE", "title": "It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts" }, "related": [], "uuid": "09d3ccc1-cd8a-4675-88c0-84110f5b8e8b", "value": "AdSecurity Forging Trust Tickets" }, { "description": "Micah Babinski. (2020, October 16). It’s Always DarkGate Before the Dawn. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "date_published": "2020-10-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://micahbabinski.medium.com/its-always-darkgate-before-the-dawn-d6cf1ec56f7e" ], "source": "Tidal Cyber", "title": "It’s Always DarkGate Before the Dawn" }, "related": [], "uuid": "0c7c6dfa-2ba9-4f74-aeca-d97dd3a3a1cc", "value": "It’s Always DarkGate Before the Dawn" }, { "description": "Hulcoop, A., et al. (2016, November 17). It’s Parliamentary KeyBoy and the targeting of the Tibetan Community. Retrieved June 13, 2019.", "meta": { "date_accessed": "2019-06-13T00:00:00Z", "date_published": "2016-11-17T00:00:00Z", "refs": [ "https://citizenlab.ca/2016/11/parliament-keyboy/" ], "source": "MITRE", "title": "It’s Parliamentary KeyBoy and the targeting of the Tibetan Community" }, "related": [], "uuid": "a9394372-3981-4f41-ad66-9db343e773b1", "value": "CitizenLab KeyBoy Nov 2016" }, { "description": "Carr, N. (2017, December 22). ItsReallyNick Status Update. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2017-12-22T00:00:00Z", "refs": [ "https://twitter.com/ItsReallyNick/status/944321013084573697" ], "source": "MITRE", "title": "ItsReallyNick Status Update" }, "related": [], "uuid": "2ca502a2-664c-4b85-9d6c-1bc96dfb8332", "value": "Twitter ItsReallyNick Status Update APT32 PubPrn" }, { "description": "Sancho, D., et al. (2012, May 22). IXESHE An APT Campaign. Retrieved June 7, 2019.", "meta": { "date_accessed": "2019-06-07T00:00:00Z", "date_published": "2012-05-22T00:00:00Z", "refs": [ "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf" ], "source": "MITRE", "title": "IXESHE An APT Campaign" }, "related": [], "uuid": "fcea0121-cd45-4b05-8c3f-f8dad8c790b3", "value": "Trend Micro IXESHE 2012" }, { "description": "James. (2019, July 14). @James_inthe_box. Retrieved March 28, 2022.", "meta": { "date_accessed": "2022-03-28T00:00:00Z", "date_published": "2019-07-14T00:00:00Z", "refs": [ "https://twitter.com/james_inthe_box/status/1150495335812177920" ], "source": "MITRE", "title": "@James_inthe_box" }, "related": [], "uuid": "5a9e4f0f-83d6-4f18-a358-a9ad450c2734", "value": "James TermServ DLL" }, { "description": "Symantec. (2020, November 17). Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2020-11-17T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage" ], "source": "MITRE", "title": "Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign" }, "related": [], "uuid": "28a7bbd8-d664-4234-9311-2befe0238b5b", "value": "Symantec Cicada November 2020" }, { "description": "Lee, S.. (2019, May 14). JCry Ransomware. Retrieved June 18, 2019.", "meta": { "date_accessed": "2019-06-18T00:00:00Z", "date_published": "2019-05-14T00:00:00Z", "refs": [ "https://www.carbonblack.com/2019/05/14/cb-tau-threat-intelligence-notification-jcry-ransomware-pretends-to-be-adobe-flash-player-update-installer/" ], "source": "MITRE", "title": "JCry Ransomware" }, "related": [], "uuid": "deb97163-323a-493a-9c73-b41c8c5e5cd1", "value": "Carbon Black JCry May 2019" }, { "description": "ClearSky Cyber Security. (2017, March 30). Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten. Retrieved August 21, 2017.", "meta": { "date_accessed": "2017-08-21T00:00:00Z", "date_published": "2017-03-30T00:00:00Z", "refs": [ "http://www.clearskysec.com/copykitten-jpost/" ], "source": "MITRE, Tidal Cyber", "title": "Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten" }, "related": [], "uuid": "f5a42615-0e4e-4d43-937d-05d2efe636cf", "value": "ClearSky CopyKittens March 2017" }, { "description": "Joe Sandbox. (n.d.). Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.joesandbox.com/analysis/1280109/0/html" ], "source": "Tidal Cyber", "title": "Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb" }, "related": [], "uuid": "c2a10cde-2c20-4090-9e8d-ca60edf07a2e", "value": "Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb" }, { "description": "Joe Slowik. (2019, August 15) CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack. Retrieved October 22, 2019", "meta": { "date_accessed": "2019-10-22T00:00:00Z", "refs": [ "https://dragos.com/wp-content/uploads/CRASHOVERRIDE.pdf" ], "source": "MITRE", "title": "Joe Slowik August 2019" }, "related": [], "uuid": "7297ee41-b26e-5762-8b0f-7dcdf780f86a", "value": "Joe Slowik August 2019" }, { "description": "US District Court of DC. (2019, March 14). MICROSOFT CORPORATION v. JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS. Retrieved March 8, 2021.", "meta": { "date_accessed": "2021-03-08T00:00:00Z", "refs": [ "https://noticeofpleadings.com/phosphorus/files/Complaint.pdf" ], "source": "MITRE", "title": "JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS" }, "related": [], "uuid": "8f73a709-fb7e-4d9e-9743-4ba39ea26ea8", "value": "US District Court of DC Phosphorus Complaint 2019" }, { "description": "The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.", "meta": { "date_accessed": "2019-03-11T00:00:00Z", "date_published": "2018-10-11T00:00:00Z", "refs": [ "https://www.ncsc.gov.uk/report/joint-report-on-publicly-available-hacking-tools" ], "source": "MITRE", "title": "Joint report on publicly available hacking tools" }, "related": [], "uuid": "601d88c5-4789-4fa8-a9ab-abc8137f061c", "value": "NCSC Joint Report Public Tools" }, { "description": "FBI, CISA, ODNI, NSA. (2022, January 5). Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA). Retrieved March 26, 2023.", "meta": { "date_accessed": "2023-03-26T00:00:00Z", "date_published": "2022-01-05T00:00:00Z", "refs": [ "https://www.cisa.gov/news-events/news/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure" ], "source": "MITRE", "title": "Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)" }, "related": [], "uuid": "336a6549-a95d-5763-bbaf-5ef0d3141800", "value": "USG Joint Statement SolarWinds January 2021" }, { "description": "LOLBAS. (2019, May 31). Jsc.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-05-31T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Jsc/" ], "source": "Tidal Cyber", "title": "Jsc.exe" }, "related": [], "uuid": "ae25ff74-05eb-46d7-9c60-4c149b7c7f1f", "value": "Jsc.exe - LOLBAS Project" }, { "description": "Graeme Neilson . (2009, August). Juniper Netscreen of the Dead. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2009-08-01T00:00:00Z", "refs": [ "https://www.blackhat.com/presentations/bh-usa-09/NEILSON/BHUSA09-Neilson-NetscreenDead-SLIDES.pdf" ], "source": "MITRE", "title": "Juniper Netscreen of the Dead" }, "related": [], "uuid": "3b87bd85-c6dd-4bd9-9427-33b5bd84db4a", "value": "Juniper Netscreen of the Dead" }, { "description": "Microsoft. (2022, November 17). Just Enough Administration. Retrieved March 27, 2023.", "meta": { "date_accessed": "2023-03-27T00:00:00Z", "date_published": "2022-11-17T00:00:00Z", "refs": [ "https://learn.microsoft.com/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.3" ], "source": "MITRE", "title": "Just Enough Administration" }, "related": [], "uuid": "09c99ca2-5f10-5f78-9ba3-5e0e79ce8d96", "value": "Microsoft PS JEA" }, { "description": "Office of Public Affairs. (2024, February 15). Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). Retrieved February 29, 2024.", "meta": { "date_accessed": "2024-02-29T00:00:00Z", "date_published": "2024-02-15T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian" ], "source": "Tidal Cyber", "title": "Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)" }, "related": [], "uuid": "26a554dc-39c0-4638-902d-7e84fe01b961", "value": "U.S. Justice Department GRU Botnet February 2024" }, { "description": "Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2020-06-13T00:00:00Z", "refs": [ "https://o365blog.com/post/just-looking/" ], "source": "MITRE", "title": "Just looking: Azure Active Directory reconnaissance as an outsider" }, "related": [], "uuid": "42dad2a3-5b33-4be4-a19b-58a27fb3ee5d", "value": "Azure Active Directory Reconnaisance" }, { "description": "Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved February 1, 2022.", "meta": { "date_accessed": "2022-02-01T00:00:00Z", "date_published": "2020-06-13T00:00:00Z", "refs": [ "https://o365blog.com/post/just-looking" ], "source": "MITRE", "title": "Just looking: Azure Active Directory reconnaissance as an outsider" }, "related": [], "uuid": "16565eaf-44fb-44f4-b490-40dc1160ff2b", "value": "Azure AD Recon" }, { "description": "Paul Litvak. (2020, May 4). Kaiji: New Chinese Linux malware turning to Golang. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2020-05-04T00:00:00Z", "refs": [ "https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/" ], "source": "MITRE", "title": "Kaiji: New Chinese Linux malware turning to Golang" }, "related": [], "uuid": "ef1fbb40-da6f-41d0-a44a-9ff444e2ad89", "value": "intezer-kaiji-malware" }, { "description": "NCC Group PLC. (2016, November 1). Kali Redsnarf. Retrieved December 11, 2017.", "meta": { "date_accessed": "2017-12-11T00:00:00Z", "date_published": "2016-11-01T00:00:00Z", "refs": [ "https://github.com/nccgroup/redsnarf" ], "source": "MITRE", "title": "Kali Redsnarf" }, "related": [], "uuid": "459fcde2-7ac3-4640-a5bc-cd8750e54962", "value": "Kali Redsnarf" }, { "description": "Hull, D. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.", "meta": { "date_accessed": "2019-10-10T00:00:00Z", "date_published": "2014-05-03T00:00:00Z", "refs": [ "https://trustedsignal.blogspot.com/2014/05/kansa-service-related-collectors-and.html" ], "source": "MITRE", "title": "Kansa: Service related collectors and analysis" }, "related": [], "uuid": "58d5bc0b-8548-4c3a-8302-e07df3b961ff", "value": "TrustedSignal Service Failure" }, { "description": "Hull, D.. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.", "meta": { "date_accessed": "2019-10-10T00:00:00Z", "date_published": "2014-05-03T00:00:00Z", "refs": [ "https://trustedsignal.blogspot.com/2014/05/kansa-service-related-collectors-and.html" ], "source": "MITRE", "title": "Kansa: Service related collectors and analysis" }, "related": [], "uuid": "d854f84a-4d70-4ef4-9197-d8f5396feabb", "value": "Kansa Service related collectors" }, { "description": "Cybersecurity Infrastructure and Defense Agency. (2022, June 2). Karakurt Data Extortion Group. Retrieved March 10, 2023.", "meta": { "date_accessed": "2023-03-10T00:00:00Z", "date_published": "2022-06-02T00:00:00Z", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a" ], "source": "MITRE", "title": "Karakurt Data Extortion Group" }, "related": [], "uuid": "5a9a79fa-532b-582b-9741-cb732803cd22", "value": "CISA Karakurt 2022" }, { "description": "Bettencourt, J. (2018, May 7). Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique. Retrieved May 24, 2018.", "meta": { "date_accessed": "2018-05-24T00:00:00Z", "date_published": "2018-05-07T00:00:00Z", "refs": [ "https://usa.kaspersky.com/about/press-releases/2018_synack-doppelganging" ], "source": "MITRE", "title": "Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique" }, "related": [], "uuid": "bbb9bcb5-cd44-4dcb-a7e5-f6c4cf93f74f", "value": "Kaspersky Lab SynAck May 2018" }, { "description": "Levene, B, et al. (2017, May 03). Kazuar: Multiplatform Espionage Backdoor with API Access. Retrieved July 17, 2018.", "meta": { "date_accessed": "2018-07-17T00:00:00Z", "date_published": "2017-05-03T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/" ], "source": "MITRE", "title": "Kazuar: Multiplatform Espionage Backdoor with API Access" }, "related": [], "uuid": "07e64ee6-3d3e-49e4-bb06-ff5897e26ea9", "value": "Unit 42 Kazuar May 2017" }, { "description": "Marczak, B. and Scott-Railton, J.. (2016, May 29). Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents. Retrieved June 8, 2016.", "meta": { "date_accessed": "2016-06-08T00:00:00Z", "date_published": "2016-05-29T00:00:00Z", "refs": [ "https://citizenlab.org/2016/05/stealth-falcon/" ], "source": "MITRE, Tidal Cyber", "title": "Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents" }, "related": [], "uuid": "11f46b1e-a141-4d25-bff0-e955251be7f5", "value": "Citizen Lab Stealth Falcon May 2016" }, { "description": "Lee, C., Schoreder, W. (n.d.). KeeThief. Retrieved February 8, 2021.", "meta": { "date_accessed": "2021-02-08T00:00:00Z", "refs": [ "https://github.com/GhostPack/KeeThief" ], "source": "MITRE", "title": "KeeThief" }, "related": [], "uuid": "3b6231fb-5b52-4a3a-a21f-0881901d0037", "value": "Github KeeThief" }, { "description": "Benjamin Delpy. (n.d.). Kekeo. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "refs": [ "https://github.com/gentilkiwi/kekeo" ], "source": "MITRE", "title": "Kekeo" }, "related": [], "uuid": "0b69f0f5-dd4a-4926-9369-8253a0c3ddea", "value": "Kekeo" }, { "description": "Schroeder, W. (2016, November 1). Kerberoasting Without Mimikatz. Retrieved March 23, 2018.", "meta": { "date_accessed": "2018-03-23T00:00:00Z", "date_published": "2016-11-01T00:00:00Z", "refs": [ "https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/" ], "source": "MITRE", "title": "Kerberoasting Without Mimikatz" }, "related": [], "uuid": "6f1f8bc3-421e-46ff-88e3-48fcc6f7b76a", "value": "Harmj0y Kerberoast Nov 2016" }, { "description": "Sean Metcalf. (2014, September 12). Kerberos, Active Directory’s Secret Decoder Ring. Retrieved February 27, 2020.", "meta": { "date_accessed": "2020-02-27T00:00:00Z", "date_published": "2014-09-12T00:00:00Z", "refs": [ "https://adsecurity.org/?p=227" ], "source": "MITRE", "title": "Kerberos, Active Directory’s Secret Decoder Ring" }, "related": [], "uuid": "5f78a554-2d5c-49af-8c6c-6e10f9aec997", "value": "ADSecurity Kerberos Ring Decoder" }, { "description": "Massachusetts Institute of Technology. (2007, October 27). Kerberos for Macintosh Preferences Documentation. Retrieved October 6, 2021.", "meta": { "date_accessed": "2021-10-06T00:00:00Z", "date_published": "2007-10-27T00:00:00Z", "refs": [ "http://web.mit.edu/macdev/KfM/Common/Documentation/preferences.html" ], "source": "MITRE", "title": "Kerberos for Macintosh Preferences Documentation" }, "related": [], "uuid": "8e09346b-03ce-4627-a365-f2f63089d1e0", "value": "macOS kerberos framework MIT" }, { "description": "Microsoft. (2015, March 24). Kerberos Golden Ticket Check (Updated). Retrieved February 27, 2020.", "meta": { "date_accessed": "2020-02-27T00:00:00Z", "date_published": "2015-03-24T00:00:00Z", "refs": [ "https://gallery.technet.microsoft.com/scriptcenter/Kerberos-Golden-Ticket-b4814285" ], "source": "MITRE", "title": "Kerberos Golden Ticket Check (Updated)" }, "related": [], "uuid": "2d8790db-b088-40d0-be99-acd3e695c7a6", "value": "Microsoft Kerberos Golden Ticket" }, { "description": "Abolins, D., Boldea, C., Socha, K., Soria-Machado, M. (2016, April 26). Kerberos Golden Ticket Protection. Retrieved July 13, 2017.", "meta": { "date_accessed": "2017-07-13T00:00:00Z", "date_published": "2016-04-26T00:00:00Z", "refs": [ "https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf" ], "source": "MITRE", "title": "Kerberos Golden Ticket Protection" }, "related": [], "uuid": "268f9cfa-71f4-4cb1-96f3-c61e71892d30", "value": "CERT-EU Golden Ticket Protection" }, { "description": "Metcalf, S. (2015, August 7). Kerberos Golden Tickets are Now More Golden. Retrieved December 1, 2017.", "meta": { "date_accessed": "2017-12-01T00:00:00Z", "date_published": "2015-08-07T00:00:00Z", "refs": [ "https://adsecurity.org/?p=1640" ], "source": "MITRE", "title": "Kerberos Golden Tickets are Now More Golden" }, "related": [], "uuid": "aac51d49-9a72-4456-8539-8a5f5d0ef7d7", "value": "AdSecurity Kerberos GT Aug 2015" }, { "description": "Sean Metcalf. (2014, November 10). Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account. Retrieved January 30, 2020.", "meta": { "date_accessed": "2020-01-30T00:00:00Z", "date_published": "2014-11-10T00:00:00Z", "refs": [ "https://adsecurity.org/?p=483" ], "source": "MITRE", "title": "Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account" }, "related": [], "uuid": "6e61f3e1-35e6-44f4-9bc4-60b2bcb71b15", "value": "ADSecurity Kerberos and KRBTGT" }, { "description": "Sanyal, M.. (2014, March 18). Kerberos Pre-Authentication: Why It Should Not Be Disabled. Retrieved August 25, 2020.", "meta": { "date_accessed": "2020-08-25T00:00:00Z", "date_published": "2014-03-18T00:00:00Z", "refs": [ "https://social.technet.microsoft.com/wiki/contents/articles/23559.kerberos-pre-authentication-why-it-should-not-be-disabled.aspx" ], "source": "MITRE", "title": "Kerberos Pre-Authentication: Why It Should Not Be Disabled" }, "related": [], "uuid": "328953ed-93c7-46c0-9a05-53dc44d294fe", "value": "Microsoft Kerberos Preauth 2014" }, { "description": "Trevor Haskell. (2020, April 1). Kerberos Tickets on Linux Red Teams. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2020-04-01T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-linux-red-teams.html" ], "source": "MITRE", "title": "Kerberos Tickets on Linux Red Teams" }, "related": [], "uuid": "5aea042f-4eb1-4092-89be-3db695053470", "value": "Linux Kerberos Tickets" }, { "description": "Kernel.org. (2020, February 6). Kernel Self-Protection. Retrieved June 4, 2020.", "meta": { "date_accessed": "2020-06-04T00:00:00Z", "date_published": "2020-02-06T00:00:00Z", "refs": [ "https://www.kernel.org/doc/html/latest/security/self-protection.html" ], "source": "MITRE", "title": "Kernel Self-Protection" }, "related": [], "uuid": "b75466f2-c20e-4c4a-b71b-e91fb39cfcd3", "value": "Kernel Self Protection Project" }, { "description": "Guarnieri, C., Schloesser M. (2013, June 7). KeyBoy, Targeted Attacks against Vietnam and India. Retrieved June 14, 2019.", "meta": { "date_accessed": "2019-06-14T00:00:00Z", "date_published": "2013-06-07T00:00:00Z", "refs": [ "https://blog.rapid7.com/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india/" ], "source": "MITRE", "title": "KeyBoy, Targeted Attacks against Vietnam and India" }, "related": [], "uuid": "e549add8-1dfd-40d6-8974-35e1a38a707b", "value": "Rapid7 KeyBoy Jun 2013" }, { "description": "Apple. (n.d.). Keychain Items. Retrieved April 12, 2022.", "meta": { "date_accessed": "2022-04-12T00:00:00Z", "refs": [ "https://developer.apple.com/documentation/security/keychain_services/keychain_items" ], "source": "MITRE", "title": "Keychain Items" }, "related": [], "uuid": "4e499819-b910-4c07-a8b4-a7d40f2c0ac4", "value": "Keychain Items Apple Dev API" }, { "description": "Apple. (n.d.). Keychain Services. Retrieved April 11, 2022.", "meta": { "date_accessed": "2022-04-11T00:00:00Z", "refs": [ "https://developer.apple.com/documentation/security/keychain_services" ], "source": "MITRE", "title": "Keychain Services" }, "related": [], "uuid": "0754f48d-dad8-480c-953c-256be4dfcfc3", "value": "Keychain Services Apple" }, { "description": "Wikipedia. (n.d.). Keychain (software). Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Keychain_(software)" ], "source": "MITRE", "title": "Keychain (software)" }, "related": [], "uuid": "8aac5356-31cb-4e0b-a766-9aa07d977acd", "value": "Wikipedia keychain" }, { "description": "Mark Manning. (2020, July 23). Keyctl-unmask: \"Going Florida\" on The State Of Containerizing Linux Keyrings. Retrieved July 6, 2022.", "meta": { "date_accessed": "2022-07-06T00:00:00Z", "date_published": "2020-07-23T00:00:00Z", "refs": [ "https://www.antitree.com/2020/07/keyctl-unmask-going-florida-on-the-state-of-containerizing-linux-keyrings/" ], "source": "MITRE", "title": "Keyctl-unmask: \"Going Florida\" on The State Of Containerizing Linux Keyrings" }, "related": [], "uuid": "75db8c88-e547-4d1b-8f22-6ace2b3d7ad4", "value": "Keyctl-unmask" }, { "description": "Google. (n.d.). Key rotation. Retrieved October 18, 2019.", "meta": { "date_accessed": "2019-10-18T00:00:00Z", "refs": [ "https://cloud.google.com/kms/docs/key-rotation" ], "source": "MITRE", "title": "Key rotation" }, "related": [], "uuid": "4ba76434-f5ca-4a1d-b111-9292f6debfdb", "value": "Google Cloud Encryption Key Rotation" }, { "description": "Catalin Cimpanu. (2016, December 29). KillDisk Disk-Wiping Malware Adds Ransomware Component. Retrieved January 12, 2021.", "meta": { "date_accessed": "2021-01-12T00:00:00Z", "date_published": "2016-12-29T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/" ], "source": "MITRE", "title": "KillDisk Disk-Wiping Malware Adds Ransomware Component" }, "related": [], "uuid": "9d22f13d-af6d-47b5-93ed-5e4b85b94978", "value": "KillDisk Ransomware" }, { "description": "Fernando Merces, Byron Gelera, Martin Co. (2018, June 7). KillDisk Variant Hits Latin American Finance Industry. Retrieved January 12, 2021.", "meta": { "date_accessed": "2021-01-12T00:00:00Z", "date_published": "2018-06-07T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/18/f/new-killdisk-variant-hits-latin-american-financial-organizations-again.html" ], "source": "MITRE", "title": "KillDisk Variant Hits Latin American Finance Industry" }, "related": [], "uuid": "8ae31db0-2744-4366-9747-55fc4679dbf5", "value": "Trend Micro KillDisk 1" }, { "description": "Gilbert Sison, Rheniel Ramos, Jay Yaneza, Alfredo Oliveira. (2018, January 15). KillDisk Variant Hits Latin American Financial Groups. Retrieved January 12, 2021.", "meta": { "date_accessed": "2021-01-12T00:00:00Z", "date_published": "2018-01-15T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/18/a/new-killdisk-variant-hits-financial-organizations-in-latin-america.html" ], "source": "MITRE", "title": "KillDisk Variant Hits Latin American Financial Groups" }, "related": [], "uuid": "62d9a4c9-e669-4dd4-a584-4f3e3e54f97f", "value": "Trend Micro KillDisk 2" }, { "description": "Ang Cui, Jatin Kataria, Salvatore J. Stolfo. (2011, August). Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2011-08-01T00:00:00Z", "refs": [ "https://www.usenix.org/legacy/event/woot/tech/final_files/Cui.pdf" ], "source": "MITRE", "title": "Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design" }, "related": [], "uuid": "19d7ccc6-76ed-4b12-af50-f810fbc22037", "value": "Killing IOS diversity myth" }, { "description": "Sebastian 'topo' Muñiz. (2008, May). Killing the myth of Cisco IOS rootkits. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2008-05-01T00:00:00Z", "refs": [ "https://drwho.virtadpt.net/images/killing_the_myth_of_cisco_ios_rootkits.pdf" ], "source": "MITRE", "title": "Killing the myth of Cisco IOS rootkits" }, "related": [], "uuid": "538070d6-fbdb-4cc9-8ddf-c331e4375cfb", "value": "Killing the myth of Cisco IOS rootkits" }, { "description": "Vedere Labs. (2022, June 2). Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group. Retrieved October 9, 2023.", "meta": { "date_accessed": "2023-10-09T00:00:00Z", "date_published": "2022-06-02T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.forescout.com/resources/analysis-of-killnet-report/" ], "source": "Tidal Cyber", "title": "Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group" }, "related": [], "uuid": "628a9288-ae87-4deb-92ce-081ba88c15be", "value": "Vedere Labs Killnet 2022" }, { "description": "Flashpoint. (n.d.). Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://flashpoint.io/intelligence-101/killnet/" ], "source": "Tidal Cyber", "title": "Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective" }, "related": [], "uuid": "502cc03b-350b-4e2d-9436-364c43a0a203", "value": "Flashpoint Glossary Killnet" }, { "description": "Jazi, H. (2021, June 1). Kimsuky APT continues to target South Korean government using AppleSeed backdoor. Retrieved June 10, 2021.", "meta": { "date_accessed": "2021-06-10T00:00:00Z", "date_published": "2021-06-01T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/" ], "source": "MITRE, Tidal Cyber", "title": "Kimsuky APT continues to target South Korean government using AppleSeed backdoor" }, "related": [], "uuid": "9a497c56-f1d3-4889-8c1a-14b013f14668", "value": "Malwarebytes Kimsuky June 2021" }, { "description": "Kim, J. et al. (2019, October). KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING. Retrieved November 2, 2020.", "meta": { "date_accessed": "2020-11-02T00:00:00Z", "date_published": "2019-10-01T00:00:00Z", "refs": [ "https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-kimsuky-group-tracking-king-spearphishing/" ], "source": "MITRE", "title": "KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING" }, "related": [], "uuid": "e9a8db17-8b10-44c2-a0e1-88e6bcfb67f1", "value": "VirusBulletin Kimsuky October 2019" }, { "description": "Alyac. (2019, April 3). Kimsuky Organization Steals Operation Stealth Power. Retrieved August 13, 2019.", "meta": { "date_accessed": "2019-08-13T00:00:00Z", "date_published": "2019-04-03T00:00:00Z", "refs": [ "https://blog.alyac.co.kr/2234" ], "source": "MITRE", "title": "Kimsuky Organization Steals Operation Stealth Power" }, "related": [], "uuid": "8e52db6b-5ac3-448a-93f6-96a21787a346", "value": "EST Kimsuky April 2019" }, { "description": "ThreatConnect. (2020, September 28). Kimsuky Phishing Operations Putting In Work. Retrieved October 30, 2020.", "meta": { "date_accessed": "2020-10-30T00:00:00Z", "date_published": "2020-09-28T00:00:00Z", "refs": [ "https://threatconnect.com/blog/kimsuky-phishing-operations-putting-in-work/" ], "source": "MITRE", "title": "Kimsuky Phishing Operations Putting In Work" }, "related": [], "uuid": "45d64462-2bed-46e8-ac52-9d4914608a93", "value": "ThreatConnect Kimsuky September 2020" }, { "description": "BRI. (2019, April). Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America. Retrieved October 7, 2019.", "meta": { "date_accessed": "2019-10-07T00:00:00Z", "date_published": "2019-04-01T00:00:00Z", "refs": [ "https://brica.de/alerts/alert/public/1255063/kimsuky-unveils-apt-campaign-smoke-screen-aimed-at-korea-and-america/" ], "source": "MITRE", "title": "Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America" }, "related": [], "uuid": "b72dd3a1-62ca-4a05-96a8-c4bddb17db50", "value": "BRI Kimsuky April 2019" }, { "description": "Microsoft. (2021, March 3). klist. Retrieved October 14, 2021.", "meta": { "date_accessed": "2021-10-14T00:00:00Z", "date_published": "2021-03-03T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-server/administration/windows-commands/klist" ], "source": "MITRE", "title": "klist" }, "related": [], "uuid": "f500340f-23fc-406a-97ef-0de787ef8cec", "value": "Microsoft Klist" }, { "description": "Elovitz, S. & Ahl, I. (2016, August 18). Know Your Enemy: New Financially-Motivated & Spear-Phishing Group. Retrieved February 26, 2018.", "meta": { "date_accessed": "2018-02-26T00:00:00Z", "date_published": "2016-08-18T00:00:00Z", "refs": [ "https://www2.fireeye.com/WBNR-Know-Your-Enemy-UNC622-Spear-Phishing.html" ], "source": "MITRE", "title": "Know Your Enemy: New Financially-Motivated & Spear-Phishing Group" }, "related": [], "uuid": "0119687c-b46b-4b5f-a6d8-affa14258392", "value": "FireEye Know Your Enemy FIN8 Aug 2016" }, { "description": "Magius, J., et al. (2017, July 19). Koadic. Retrieved June 18, 2018.", "meta": { "date_accessed": "2018-06-18T00:00:00Z", "date_published": "2017-07-19T00:00:00Z", "refs": [ "https://github.com/zerosum0x0/koadic" ], "source": "MITRE", "title": "Koadic" }, "related": [], "uuid": "54cbf1bd-9aed-4f82-8c15-6e88dd5d8d64", "value": "Github Koadic" }, { "description": "M.Leveille, M., Sanmillan, I. (2021, February 2). Kobalos – A complex Linux threat to high performance computing infrastructure. Retrieved August 24, 2021.", "meta": { "date_accessed": "2021-08-24T00:00:00Z", "date_published": "2021-02-02T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/" ], "source": "MITRE", "title": "Kobalos – A complex Linux threat to high performance computing infrastructure" }, "related": [], "uuid": "883a9417-f7f6-4aa6-8708-8c320d4e0a7a", "value": "ESET Kobalos Feb 2021" }, { "description": "Rascagneres, P. (2017, May 03). KONNI: A Malware Under The Radar For Years. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2017-05-03T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html" ], "source": "MITRE", "title": "KONNI: A Malware Under The Radar For Years" }, "related": [], "uuid": "4cb69c58-4e47-4fb9-9eef-8a0b5447a553", "value": "Talos Konni May 2017" }, { "description": "Santos, R. (2022, January 26). KONNI evolves into stealthier RAT. Retrieved April 13, 2022.", "meta": { "date_accessed": "2022-04-13T00:00:00Z", "date_published": "2022-01-26T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-intelligence/2022/01/konni-evolves-into-stealthier-rat/" ], "source": "MITRE", "title": "KONNI evolves into stealthier RAT" }, "related": [], "uuid": "5dbb84dc-a991-4fa7-8528-639b1430ca02", "value": "Malwarebytes KONNI Evolves Jan 2022" }, { "description": "Mercer, W., Rascagneres, P. (2018, January 16). Korea In The Crosshairs. Retrieved May 21, 2018.", "meta": { "date_accessed": "2018-05-21T00:00:00Z", "date_published": "2018-01-16T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html" ], "source": "MITRE", "title": "Korea In The Crosshairs" }, "related": [], "uuid": "bf8b2bf0-cca3-437b-a640-715f9cc945f7", "value": "Talos Group123" }, { "description": "kubernetes. (n.d.). kubectl. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://kubernetes.io/docs/reference/kubectl/kubectl/" ], "source": "MITRE", "title": "kubectl" }, "related": [], "uuid": "5aae1cd7-4e24-40a5-90d8-1f6431851a8f", "value": "Kube Kubectl" }, { "description": "The Kubernetes Authors. (n.d.). Kubelet. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/" ], "source": "MITRE", "title": "Kubelet" }, "related": [], "uuid": "57527fb9-d076-4ce1-afb5-e7bdb9c9d74c", "value": "Kubernetes Kubelet" }, { "description": "The Kubernetes Authors. (n.d.). Kubernetes CronJob. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/" ], "source": "MITRE", "title": "Kubernetes CronJob" }, "related": [], "uuid": "354d242c-227e-4827-b559-dc1650d37acd", "value": "Kubernetes CronJob" }, { "description": "National Security Agency, Cybersecurity and Infrastructure Security Agency. (2022, March). Kubernetes Hardening Guide. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2022-03-01T00:00:00Z", "refs": [ "https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF" ], "source": "MITRE", "title": "Kubernetes Hardening Guide" }, "related": [], "uuid": "e423b14c-dd39-4b36-9b95-96efbcaf0a12", "value": "Kubernetes Hardening Guide" }, { "description": "The Kubernetes Authors. (n.d.). Kubernetes Jobs. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "refs": [ "https://kubernetes.io/docs/concepts/workloads/controllers/job/" ], "source": "MITRE", "title": "Kubernetes Jobs" }, "related": [], "uuid": "21a4388d-dbf8-487b-a2a2-67927b099e4a", "value": "Kubernetes Jobs" }, { "description": "The Kubernetes Authors. (n.d.). Kubernetes Web UI (Dashboard). Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/" ], "source": "MITRE", "title": "Kubernetes Web UI (Dashboard)" }, "related": [], "uuid": "02f23351-df83-4aae-a0bd-614ed91bc683", "value": "Kubernetes Dashboard" }, { "description": "Paul Litvak. (2020, October 8). Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure. Retrieved August 18, 2022.", "meta": { "date_accessed": "2022-08-18T00:00:00Z", "date_published": "2020-10-08T00:00:00Z", "refs": [ "https://www.intezer.com/blog/malware-analysis/kud-i-enter-your-server-new-vulnerabilities-in-microsoft-azure/" ], "source": "MITRE", "title": "Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure" }, "related": [], "uuid": "e86abbd9-f349-4d90-8ec9-899fe1637f94", "value": "Intezer App Service Phishing" }, { "description": "Alintanahin, K. (2014, March 13). Kunming Attack Leads to Gh0st RAT Variant. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-03-13T00:00:00Z", "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/kunming-attack-leads-to-gh0st-rat-variant/" ], "source": "MITRE", "title": "Kunming Attack Leads to Gh0st RAT Variant" }, "related": [], "uuid": "1c5ee0d2-4d6c-4a5f-9790-79bfb7abc53f", "value": "Alintanahin 2014" }, { "description": "DeRyke, A.. (2019, June 7). Lab Notes: Persistence and Privilege Elevation using the Powershell Profile. Retrieved July 8, 2019.", "meta": { "date_accessed": "2019-07-08T00:00:00Z", "date_published": "2019-06-07T00:00:00Z", "refs": [ "https://witsendandshady.blogspot.com/2019/06/lab-notes-persistence-and-privilege.html" ], "source": "MITRE", "title": "Lab Notes: Persistence and Privilege Elevation using the Powershell Profile" }, "related": [], "uuid": "8fcbd99a-1fb8-4ca3-9efd-a98734d4397d", "value": "Wits End and Shady PowerShell Profiles" }, { "description": "Brown, D., et al. (2022, April 28). LAPSUS$: Recent techniques, tactics and procedures. Retrieved December 22, 2022.", "meta": { "date_accessed": "2022-12-22T00:00:00Z", "date_published": "2022-04-28T00:00:00Z", "refs": [ "https://research.nccgroup.com/2022/04/28/lapsus-recent-techniques-tactics-and-procedures/" ], "source": "MITRE", "title": "LAPSUS$: Recent techniques, tactics and procedures" }, "related": [], "uuid": "d2e7c69d-8a10-51ca-af7b-22d08f4dfe45", "value": "NCC Group LAPSUS Apr 2022" }, { "description": "BBC. (2022, April 1). LAPSUS: Two UK Teenagers Charged with Hacking for Gang. Retrieved June 9, 2022.", "meta": { "date_accessed": "2022-06-09T00:00:00Z", "date_published": "2022-04-01T00:00:00Z", "refs": [ "https://www.bbc.com/news/technology-60953527" ], "source": "MITRE", "title": "LAPSUS: Two UK Teenagers Charged with Hacking for Gang" }, "related": [], "uuid": "6c9f4312-6c9d-401c-b20f-12ce50c94a96", "value": "BBC LAPSUS Apr 2022" }, { "description": "Nelson, M. (2017, September 11). Lateral Movement using Excel.Application and DCOM. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-09-11T00:00:00Z", "refs": [ "https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/" ], "source": "MITRE", "title": "Lateral Movement using Excel.Application and DCOM" }, "related": [], "uuid": "953dc856-d906-4d87-a421-4e708f30208c", "value": "Enigma Excel DCOM Sept 2017" }, { "description": "Nelson, M. (2017, November 16). Lateral Movement using Outlook's CreateObject Method and DotNetToJScript. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-11-16T00:00:00Z", "refs": [ "https://enigma0x3.net/2017/11/16/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript/" ], "source": "MITRE", "title": "Lateral Movement using Outlook's CreateObject Method and DotNetToJScript" }, "related": [], "uuid": "48c8b8c4-1ce2-4fbc-a95d-dc8b39304200", "value": "Enigma Outlook DCOM Lateral Movement Nov 2017" }, { "description": "Nelson, M. (2017, January 5). Lateral Movement using the MMC20 Application COM Object. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-01-05T00:00:00Z", "refs": [ "https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/" ], "source": "MITRE", "title": "Lateral Movement using the MMC20 Application COM Object" }, "related": [], "uuid": "ecc1023d-ef37-46e3-8dce-8fd5bb6a10dc", "value": "Enigma MMC20 COM Jan 2017" }, { "description": "Nelson, M. (2017, January 23). Lateral Movement via DCOM: Round 2. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-01-23T00:00:00Z", "refs": [ "https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/" ], "source": "MITRE", "title": "Lateral Movement via DCOM: Round 2" }, "related": [], "uuid": "62a14d3b-c61b-4c96-ad28-0519745121e3", "value": "Enigma DCOM Lateral Movement Jan 2017" }, { "description": "Jacobsen, K. (2014, May 16). Lateral Movement with PowerShell[slides]. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-05-16T00:00:00Z", "refs": [ "https://www.slideshare.net/kieranjacobsen/lateral-movement-with-power-shell-2" ], "source": "MITRE", "title": "Lateral Movement with PowerShell[slides]" }, "related": [], "uuid": "f9ca049c-5cab-4d80-a84b-1695365871e3", "value": "Jacobsen 2014" }, { "description": "SS64. (n.d.). launchctl. Retrieved March 28, 2020.", "meta": { "date_accessed": "2020-03-28T00:00:00Z", "refs": [ "https://ss64.com/osx/launchctl.html" ], "source": "MITRE", "title": "launchctl" }, "related": [], "uuid": "26bd50ba-c359-4804-b574-7ec731b37fa6", "value": "Launchctl Man" }, { "description": "Bradley Kemp. (2021, May 10). LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions. Retrieved July 26, 2021.", "meta": { "date_accessed": "2021-07-26T00:00:00Z", "date_published": "2021-05-10T00:00:00Z", "refs": [ "https://bradleyjkemp.dev/post/launchdaemon-hijacking/" ], "source": "MITRE", "title": "LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions" }, "related": [], "uuid": "51d1e4d9-265a-48ca-834b-4daa1f386bb4", "value": "LaunchDaemon Hijacking" }, { "description": "Dennis German. (2020, November 20). launchd Keywords for plists. Retrieved October 7, 2021.", "meta": { "date_accessed": "2021-10-07T00:00:00Z", "date_published": "2020-11-20T00:00:00Z", "refs": [ "https://www.real-world-systems.com/docs/launchdPlist.1.html" ], "source": "MITRE", "title": "launchd Keywords for plists" }, "related": [], "uuid": "1bcd2a93-93e7-48d8-ad25-6f09e94123aa", "value": "launchd Keywords for plists" }, { "description": "Apple. (n.d.). Launch Services. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "refs": [ "https://developer.apple.com/documentation/coreservices/launch_services" ], "source": "MITRE", "title": "Launch Services" }, "related": [], "uuid": "9973ceb1-2fee-451b-a512-c544671ee9fd", "value": "Launch Services Apple Developer" }, { "description": "Apple. (2018, June 4). Launch Services Keys. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "date_published": "2018-06-04T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/LaunchServicesKeys.html#//apple_ref/doc/uid/TP40009250-SW1" ], "source": "MITRE", "title": "Launch Services Keys" }, "related": [], "uuid": "d75fd3e6-c1cd-4555-b131-80e34f51f09d", "value": "Launch Service Keys Developer Apple" }, { "description": "LOLBAS. (2022, June 13). Launch-VsDevShell.ps1. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-06-13T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/Launch-VsDevShell/" ], "source": "Tidal Cyber", "title": "Launch-VsDevShell.ps1" }, "related": [], "uuid": "6e81ff6a-a386-495e-bd4b-cf698b02bce8", "value": "Launch-VsDevShell.ps1 - LOLBAS Project" }, { "description": "Jazi, H. (2021, April 19). Lazarus APT conceals malicious code within BMP image to drop its RAT . Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2021-04-19T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-intelligence/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/" ], "source": "MITRE", "title": "Lazarus APT conceals malicious code within BMP image to drop its RAT" }, "related": [], "uuid": "c531a8dc-ea08-46db-a6d4-754bd1b9d545", "value": "MalwareBytes Lazarus-Andariel Conceals Code April 2021" }, { "description": "Lei, C., et al. (2018, January 24). Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More. Retrieved May 22, 2018.", "meta": { "date_accessed": "2018-05-22T00:00:00Z", "date_published": "2018-01-24T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/" ], "source": "MITRE", "title": "Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More" }, "related": [], "uuid": "e3f9853f-29b0-4219-a488-a6ecfa16b09f", "value": "Lazarus RATANKBA" }, { "description": "Fernando Martinez. (2021, July 6). Lazarus campaign TTPs and evolution. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2021-07-06T00:00:00Z", "refs": [ "https://cybersecurity.att.com/blogs/labs-research/lazarus-campaign-ttps-and-evolution" ], "source": "MITRE", "title": "Lazarus campaign TTPs and evolution" }, "related": [], "uuid": "594c59ff-c4cb-4164-a62d-120e282b2538", "value": "ATT Lazarus TTP Evolution" }, { "description": "Trend Micro. (2018, November 20). Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America. Retrieved December 3, 2018.", "meta": { "date_accessed": "2018-12-03T00:00:00Z", "date_published": "2018-11-20T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-continues-heists-mounts-attacks-on-financial-organizations-in-latin-america/" ], "source": "MITRE", "title": "Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America" }, "related": [], "uuid": "4c697316-c13a-4243-be18-c0e059e4168c", "value": "TrendMicro Lazarus Nov 2018" }, { "description": "F-Secure Labs. (2020, August 18). Lazarus Group Campaign Targeting the Cryptocurrency Vertical. Retrieved September 1, 2020.", "meta": { "date_accessed": "2020-09-01T00:00:00Z", "date_published": "2020-08-18T00:00:00Z", "refs": [ "https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf" ], "source": "MITRE", "title": "Lazarus Group Campaign Targeting the Cryptocurrency Vertical" }, "related": [], "uuid": "f7facaae-e768-42eb-8e0e-2bfd0a636076", "value": "F-Secure Lazarus Cryptocurrency Aug 2020" }, { "description": "Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.", "meta": { "date_accessed": "2018-05-17T00:00:00Z", "date_published": "2018-04-03T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/" ], "source": "MITRE", "title": "Lazarus KillDisks Central American casino" }, "related": [], "uuid": "454704b7-9ede-4d30-acfd-2cf16a89bcb3", "value": "ESET Lazarus KillDisk April 2018" }, { "description": "Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.", "meta": { "date_accessed": "2018-05-17T00:00:00Z", "date_published": "2018-04-03T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/" ], "source": "MITRE", "title": "Lazarus KillDisks Central American casino" }, "related": [], "uuid": "6f931476-29e6-4bba-ba1b-37ab742f4b49", "value": "Lazarus KillDisk" }, { "description": "Sherstobitoff, R. (2018, February 12). Lazarus Resurfaces, Targets Global Banks and Bitcoin Users. Retrieved February 19, 2018.", "meta": { "date_accessed": "2018-02-19T00:00:00Z", "date_published": "2018-02-12T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/" ], "source": "MITRE", "title": "Lazarus Resurfaces, Targets Global Banks and Bitcoin Users" }, "related": [], "uuid": "4e4cb57d-764a-4233-8fc6-d049a1caabe9", "value": "McAfee Lazarus Resurfaces Feb 2018" }, { "description": "Vyacheslav Kopeytsev and Seongsu Park. (2021, February 25). Lazarus targets defense industry with ThreatNeedle. Retrieved October 27, 2021.", "meta": { "date_accessed": "2021-10-27T00:00:00Z", "date_published": "2021-02-25T00:00:00Z", "refs": [ "https://securelist.com/lazarus-threatneedle/100803/" ], "source": "MITRE", "title": "Lazarus targets defense industry with ThreatNeedle" }, "related": [], "uuid": "ba6a5fcc-9391-42c0-8b90-57b729525f41", "value": "Kaspersky ThreatNeedle Feb 2021" }, { "description": "GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2017-04-03T00:00:00Z", "refs": [ "https://securelist.com/lazarus-under-the-hood/77908/" ], "source": "MITRE, Tidal Cyber", "title": "Lazarus Under the Hood" }, "related": [], "uuid": "a1e1ab6a-8db0-4593-95ec-78784607dfa0", "value": "Kaspersky Lazarus Under The Hood Blog 2017" }, { "description": "GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved October 3, 2018.", "meta": { "date_accessed": "2018-10-03T00:00:00Z", "date_published": "2017-04-03T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf" ], "source": "MITRE", "title": "Lazarus Under the Hood" }, "related": [], "uuid": "312b30b1-3bd6-46ea-8f77-504f442499bc", "value": "Kaspersky Lazarus Under The Hood APR 2017" }, { "description": "Mclellan, M.. (2018, November 19). Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2018-11-19T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader" ], "source": "MITRE", "title": "Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader" }, "related": [], "uuid": "1ef76c14-f796-409a-9542-762f1e72f9b7", "value": "Secureworks Emotet Nov 2018" }, { "description": "Jazi, H. (2021, February). LazyScripter: From Empire to double RAT. Retrieved November 24, 2021.", "meta": { "date_accessed": "2021-11-24T00:00:00Z", "date_published": "2021-02-01T00:00:00Z", "refs": [ "https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf" ], "source": "MITRE, Tidal Cyber", "title": "LazyScripter: From Empire to double RAT" }, "related": [], "uuid": "078837a7-82cd-4e26-9135-43b612e911fe", "value": "MalwareBytes LazyScripter Feb 2021" }, { "description": "LOLBAS. (2022, August 31). Ldifde.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-08-31T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Ldifde/" ], "source": "Tidal Cyber", "title": "Ldifde.exe" }, "related": [], "uuid": "45d41df9-328c-4ea3-b0fb-fc9f43bdabe5", "value": "Ldifde.exe - LOLBAS Project" }, { "description": "Microsoft. (2016, August 31). Ldifde Microsoft. Retrieved July 11, 2023.", "meta": { "date_accessed": "2023-07-11T00:00:00Z", "date_published": "2016-08-31T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731033(v=ws.11)" ], "source": "Tidal Cyber", "title": "Ldifde Microsoft" }, "related": [], "uuid": "c47ed0e0-f3e3-41de-9ea7-64fe4e343d9d", "value": "Ldifde Microsoft" }, { "description": "Symantec Security Response. (2018, July 25). Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions. Retrieved August 28, 2018.", "meta": { "date_accessed": "2018-08-28T00:00:00Z", "date_published": "2018-07-25T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east" ], "source": "MITRE, Tidal Cyber", "title": "Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions" }, "related": [], "uuid": "01130af7-a2d4-435e-8790-49933e041451", "value": "Symantec Leafminer July 2018" }, { "description": "Proofpoint Staff. (2018, March 7). Leaked Ammyy Admin Source Code Turned into Malware. Retrieved May 28, 2019.", "meta": { "date_accessed": "2019-05-28T00:00:00Z", "date_published": "2018-03-07T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/leaked-ammyy-admin-source-code-turned-malware" ], "source": "MITRE", "title": "Leaked Ammyy Admin Source Code Turned into Malware" }, "related": [], "uuid": "44e48c77-59dd-4851-8455-893513b7cf45", "value": "Proofpoint TA505 Mar 2018" }, { "description": "Galobardes, R. (2018, October 30). Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it). Retrieved March 15, 2020.", "meta": { "date_accessed": "2020-03-15T00:00:00Z", "date_published": "2018-10-30T00:00:00Z", "refs": [ "https://medium.com/@galolbardes/learn-how-easy-is-to-bypass-firewalls-using-dns-tunneling-and-also-how-to-block-it-3ed652f4a000" ], "source": "MITRE", "title": "Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it)" }, "related": [], "uuid": "f31de733-406c-4348-b3fe-bdc30d707277", "value": "Medium DnsTunneling" }, { "description": "Wojciech Reguła. (2020, June 29). Learn XPC exploitation. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2020-06-29T00:00:00Z", "refs": [ "https://wojciechregula.blog/post/learn-xpc-exploitation-part-3-code-injections/" ], "source": "MITRE", "title": "Learn XPC exploitation" }, "related": [], "uuid": "da995792-b78b-4db5-85d8-99fda96c6826", "value": "Learn XPC Exploitation" }, { "description": "ClearSky Cyber Security. (2021, January). “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers. Retrieved February 10, 2021.", "meta": { "date_accessed": "2021-02-10T00:00:00Z", "date_published": "2021-01-01T00:00:00Z", "refs": [ "https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf" ], "source": "MITRE", "title": "“Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers" }, "related": [], "uuid": "53944d48-caa9-4912-b42d-94a3789ed15b", "value": "ClearSky Lebanese Cedar Jan 2021" }, { "description": "Tomcik, R. et al. (2022, February 24). Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity. Retrieved August 18, 2022.", "meta": { "date_accessed": "2022-08-18T00:00:00Z", "date_published": "2022-02-24T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/telegram-malware-iranian-espionage" ], "source": "MITRE", "title": "Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity" }, "related": [], "uuid": "ac1a1262-1254-4ab2-a940-2d08b6558e9e", "value": "Mandiant UNC3313 Feb 2022" }, { "description": "Manoj Ahuje. (2022, April 21). LemonDuck Targets Docker for Cryptomining Operations. Retrieved June 30, 2022.", "meta": { "date_accessed": "2022-06-30T00:00:00Z", "date_published": "2022-04-21T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/" ], "source": "MITRE", "title": "LemonDuck Targets Docker for Cryptomining Operations" }, "related": [], "uuid": "3a7ea56a-3b19-4b69-a206-6eb7c4ae609d", "value": "LemonDuck" }, { "description": "Loobeek, L. (2017, December 8). leoloobeek Status. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2017-12-08T00:00:00Z", "refs": [ "https://twitter.com/leoloobeek/status/939248813465853953" ], "source": "MITRE", "title": "leoloobeek Status" }, "related": [], "uuid": "efdbaba5-1713-4ae1-bb82-4b4706f03b87", "value": "Twitter Leoloobeek Scheduled Task" }, { "description": "Let's Encrypt. (2020, April 23). Let's Encrypt FAQ. Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "date_published": "2020-04-23T00:00:00Z", "refs": [ "https://letsencrypt.org/docs/faq/" ], "source": "MITRE", "title": "Let's Encrypt FAQ" }, "related": [], "uuid": "96e1ccb9-bd5c-4716-8848-4c30e6eac4ad", "value": "Let's Encrypt FAQ" }, { "description": "Patrick Wardle. (2016, February 29). Let's Play Doctor: Practical OS X Malware Detection & Analysis. Retrieved July 10, 2017.", "meta": { "date_accessed": "2017-07-10T00:00:00Z", "date_published": "2016-02-29T00:00:00Z", "refs": [ "https://www.synack.com/wp-content/uploads/2016/03/RSA_OSX_Malware.pdf" ], "source": "MITRE", "title": "Let's Play Doctor: Practical OS X Malware Detection & Analysis" }, "related": [], "uuid": "0df0e28a-3c0b-4418-9f5a-77fffe37ac8a", "value": "OSX Malware Detection" }, { "description": "Ross, Chris. (2018, January 17). Leveraging Emond on macOS For Persistence. Retrieved September 10, 2019.", "meta": { "date_accessed": "2019-09-10T00:00:00Z", "date_published": "2018-01-17T00:00:00Z", "refs": [ "https://www.xorrior.com/emond-persistence/" ], "source": "MITRE", "title": "Leveraging Emond on macOS For Persistence" }, "related": [], "uuid": "b49649ec-28f0-4d30-ab6c-13b12fca36e8", "value": "xorrior emond Jan 2018" }, { "description": "Tsukerman, P. (2017, November 8). Leveraging Excel DDE for lateral movement via DCOM. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-11-08T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/leveraging-excel-dde-for-lateral-movement-via-dcom" ], "source": "MITRE", "title": "Leveraging Excel DDE for lateral movement via DCOM" }, "related": [], "uuid": "6edb3d7d-6b74-4dc4-a866-b81b19810f97", "value": "Cyberreason DCOM DDE Lateral Movement Nov 2017" }, { "description": "Axel F, Pierre T. (2017, October 16). Leviathan: Espionage actor spearphishes maritime and defense targets. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets" ], "source": "MITRE", "title": "Leviathan: Espionage actor spearphishes maritime and defense targets" }, "related": [], "uuid": "f8c2b67b-c097-4b48-8d95-266a45b7dd4d", "value": "Proofpoint Leviathan Oct 2017" }, { "description": "Kerrisk, M. (2016, December 12). libc(7) — Linux manual page. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "date_published": "2016-12-12T00:00:00Z", "refs": [ "https://man7.org/linux/man-pages//man7/libc.7.html" ], "source": "MITRE", "title": "libc(7) — Linux manual page" }, "related": [], "uuid": "a3fe6ea5-c443-473a-bb13-b4fd8f4923fd", "value": "LIBC" }, { "description": "D. Baron, T. Klausner. (2020). libzip. Retrieved February 20, 2020.", "meta": { "date_accessed": "2020-02-20T00:00:00Z", "date_published": "2020-01-01T00:00:00Z", "refs": [ "https://libzip.org/" ], "source": "MITRE", "title": "libzip" }, "related": [], "uuid": "e7008738-101c-4903-a9fc-b0bd28d66069", "value": "libzip" }, { "description": "Payet, L. (2014, September 19). Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign. Retrieved September 13, 2018.", "meta": { "date_accessed": "2018-09-13T00:00:00Z", "date_published": "2014-09-19T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/life-mars-how-attackers-took-advantage-hope-alien-existance-new-darkmoon-campaign" ], "source": "MITRE", "title": "Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign" }, "related": [], "uuid": "3362a507-03c3-4236-b484-8144248b5cac", "value": "Symantec Darkmoon Sept 2014" }, { "description": "Wikipedia. (2016, July 7). Link-Local Multicast Name Resolution. Retrieved November 17, 2017.", "meta": { "date_accessed": "2017-11-17T00:00:00Z", "date_published": "2016-07-07T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution" ], "source": "MITRE", "title": "Link-Local Multicast Name Resolution" }, "related": [], "uuid": "e06d8b82-f61d-49fc-8120-b6d9e5864cc8", "value": "Wikipedia LLMNR" }, { "description": "IzySec. (2022, January 26). Linux auditd for Threat Detection. Retrieved September 29, 2023.", "meta": { "date_accessed": "2023-09-29T00:00:00Z", "date_published": "2022-01-26T00:00:00Z", "refs": [ "https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505" ], "source": "MITRE", "title": "Linux auditd for Threat Detection" }, "related": [], "uuid": "8a2f5c37-df28-587e-81b8-4bf7bb796854", "value": "IzyKnows auditd threat detection 2022" }, { "description": "Doctor Web. (2014, November 21). Linux.BackDoor.Fysbis.1. Retrieved December 7, 2017.", "meta": { "date_accessed": "2017-12-07T00:00:00Z", "date_published": "2014-11-21T00:00:00Z", "refs": [ "https://vms.drweb.com/virus/?i=4276269" ], "source": "MITRE", "title": "Linux.BackDoor.Fysbis.1" }, "related": [], "uuid": "f1eb4818-fda6-46f2-9d5a-5469a5ed44fc", "value": "Fysbis Dr Web Analysis" }, { "description": "McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-09-05T00:00:00Z", "refs": [ "https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html" ], "source": "MITRE", "title": "Linux Based Inter-Process Code Injection Without Ptrace(2)" }, "related": [], "uuid": "834966eb-d07a-42ea-83db-d6e71b39214c", "value": "GDSecurity Linux injection" }, { "description": "McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2017-09-05T00:00:00Z", "refs": [ "https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html" ], "source": "MITRE", "title": "Linux Based Inter-Process Code Injection Without Ptrace(2)" }, "related": [], "uuid": "3e7f5991-25b4-43e9-9f0b-a5c668fb0657", "value": "GDS Linux Injection" }, { "description": "Pierre-Marc Bureau. (2013, April 26). Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole. Retrieved September 10, 2017.", "meta": { "date_accessed": "2017-09-10T00:00:00Z", "date_published": "2013-04-26T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/" ], "source": "MITRE", "title": "Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole" }, "related": [], "uuid": "f76fce2e-2884-4b50-a7d7-55f08b84099c", "value": "Linux/Cdorked.A We Live Security Analysis" }, { "description": "Threat Intelligence Team. (2015, January 6). Linux DDoS Trojan hiding itself with an embedded rootkit. Retrieved January 8, 2018.", "meta": { "date_accessed": "2018-01-08T00:00:00Z", "date_published": "2015-01-06T00:00:00Z", "refs": [ "https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/" ], "source": "MITRE", "title": "Linux DDoS Trojan hiding itself with an embedded rootkit" }, "related": [], "uuid": "148fe0e1-8487-4d49-8966-f14e144372f5", "value": "Avast Linux Trojan Cron Persistence" }, { "description": "Colgan, T. (2015, August 15). Linux-Inject. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2015-08-15T00:00:00Z", "refs": [ "https://github.com/gaffe23/linux-inject/blob/master/slides_BHArsenal2015.pdf" ], "source": "MITRE", "title": "Linux-Inject" }, "related": [], "uuid": "bdbb2a83-fc3b-439f-896a-75bffada4d51", "value": "BH Linux Inject" }, { "description": "zephrax. (2018, August 3). linux-pam-backdoor. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "date_published": "2018-08-03T00:00:00Z", "refs": [ "https://github.com/zephrax/linux-pam-backdoor" ], "source": "MITRE", "title": "linux-pam-backdoor" }, "related": [], "uuid": "da1ffaf1-39f9-4516-8c04-4a4301e13585", "value": "PAM Backdoor" }, { "description": "The Linux Documentation Project. (n.d.). Linux Password and Shadow File Formats. Retrieved February 19, 2020.", "meta": { "date_accessed": "2020-02-19T00:00:00Z", "refs": [ "https://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html" ], "source": "MITRE", "title": "Linux Password and Shadow File Formats" }, "related": [], "uuid": "7c574609-4b0d-44e7-adc3-8a3d67e10e9f", "value": "Linux Password and Shadow File Formats" }, { "description": "Vivek Gite. (2014, September 17). Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool). Retrieved February 19, 2020.", "meta": { "date_accessed": "2020-02-19T00:00:00Z", "date_published": "2014-09-17T00:00:00Z", "refs": [ "https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/" ], "source": "MITRE", "title": "Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool)" }, "related": [], "uuid": "5e093b21-8bbd-4ad4-9fe2-cbb04207f1d3", "value": "nixCraft - John the Ripper" }, { "description": "Carlos Polop. (2023, March 5). Linux Privilege Escalation. Retrieved March 31, 2023.", "meta": { "date_accessed": "2023-03-31T00:00:00Z", "date_published": "2023-03-05T00:00:00Z", "refs": [ "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#proc-usdpid-maps-and-proc-usdpid-mem" ], "source": "MITRE", "title": "Linux Privilege Escalation" }, "related": [], "uuid": "a73a2819-61bd-5bd2-862d-5eeed344909f", "value": "Polop Linux PrivEsc Gitbook" }, { "description": "Michael Kerrisk. (2017, September 15). Linux Programmer's Manual. Retrieved September 21, 2018.", "meta": { "date_accessed": "2018-09-21T00:00:00Z", "date_published": "2017-09-15T00:00:00Z", "refs": [ "http://man7.org/linux/man-pages/man2/setuid.2.html" ], "source": "MITRE", "title": "Linux Programmer's Manual" }, "related": [], "uuid": "c07e9d6c-18f2-4246-a265-9bec7d833bba", "value": "setuid man page" }, { "description": "Kerrisk, M. (2020, June 13). Linux Programmer's Manual. Retrieved June 15, 2020.", "meta": { "date_accessed": "2020-06-15T00:00:00Z", "date_published": "2020-06-13T00:00:00Z", "refs": [ "https://www.man7.org/linux/man-pages/man8/ld.so.8.html" ], "source": "MITRE", "title": "Linux Programmer's Manual" }, "related": [], "uuid": "a8a16cf6-0482-4e98-a39a-496491f985df", "value": "Man LD.SO" }, { "description": "skape. (2003, January 19). Linux x86 run-time process manipulation. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2003-01-19T00:00:00Z", "refs": [ "http://hick.org/code/skape/papers/needle.txt" ], "source": "MITRE", "title": "Linux x86 run-time process manipulation" }, "related": [], "uuid": "5ac2d917-756f-48d0-ab32-648b45a29083", "value": "Uninformed Needle" }, { "description": "Microsoft - List Blobs. (n.d.). Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/rest/api/storageservices/list-blobs" ], "source": "MITRE", "title": "List Blobs" }, "related": [], "uuid": "f9aa697a-83dd-4bae-bc11-006be51ce477", "value": "List Blobs" }, { "description": "Amazon - ListObjectsV2. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html" ], "source": "MITRE", "title": "ListObjectsV2" }, "related": [], "uuid": "727c2077-f922-4314-908a-356c42564181", "value": "ListObjectsV2" }, { "description": "Wikipedia. (2016, March 31). List of file signatures. Retrieved April 22, 2016.", "meta": { "date_accessed": "2016-04-22T00:00:00Z", "date_published": "2016-03-31T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/List_of_file_signatures" ], "source": "MITRE", "title": "List of file signatures" }, "related": [], "uuid": "00de69c8-78b1-4de3-a4dc-f5be3dbca212", "value": "Wikipedia File Header Signatures" }, { "description": "Wikipedia. (n.d.). List of network protocols (OSI model). Retrieved December 4, 2014.", "meta": { "date_accessed": "2014-12-04T00:00:00Z", "refs": [ "http://en.wikipedia.org/wiki/List_of_network_protocols_%28OSI_model%29" ], "source": "MITRE", "title": "List of network protocols (OSI model)" }, "related": [], "uuid": "d1080030-12c7-4223-92ab-fb764acf111d", "value": "Wikipedia OSI" }, { "description": "Amazon. (n.d.). List Roles. Retrieved August 11, 2020.", "meta": { "date_accessed": "2020-08-11T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/cli/latest/reference/iam/list-roles.html" ], "source": "MITRE", "title": "List Roles" }, "related": [], "uuid": "42ff02f9-45d0-466b-a5fa-e19c8187b529", "value": "AWS List Roles" }, { "description": "Google Cloud. (n.d.). List secrets and view secret details. Retrieved September 25, 2023.", "meta": { "date_accessed": "2023-09-25T00:00:00Z", "refs": [ "https://cloud.google.com/secret-manager/docs/view-secret-details" ], "source": "MITRE", "title": "List secrets and view secret details" }, "related": [], "uuid": "4a9e631d-3588-5585-b00a-316a934e6009", "value": "Google Cloud Secrets" }, { "description": "Shahriar Shovon. (2018, March). List USB Devices Linux. Retrieved March 11, 2022.", "meta": { "date_accessed": "2022-03-11T00:00:00Z", "date_published": "2018-03-01T00:00:00Z", "refs": [ "https://linuxhint.com/list-usb-devices-linux/" ], "source": "MITRE", "title": "List USB Devices Linux" }, "related": [], "uuid": "427b3a1b-88ea-4027-bae6-7fb45490b81d", "value": "Peripheral Discovery Linux" }, { "description": "Amazon. (n.d.). List Users. Retrieved August 11, 2020.", "meta": { "date_accessed": "2020-08-11T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/cli/latest/reference/iam/list-users.html" ], "source": "MITRE", "title": "List Users" }, "related": [], "uuid": "517e3d27-36da-4810-b256-3f47147b36e3", "value": "AWS List Users" }, { "description": "jak. (2020, June 27). Live Discover - PowerShell command audit. Retrieved August 21, 2020.", "meta": { "date_accessed": "2020-08-21T00:00:00Z", "date_published": "2020-06-27T00:00:00Z", "refs": [ "https://community.sophos.com/products/intercept/early-access-program/f/live-discover-response-queries/121529/live-discover---powershell-command-audit" ], "source": "MITRE", "title": "Live Discover - PowerShell command audit" }, "related": [], "uuid": "441f289c-7fdc-4cf1-9379-960be75c7202", "value": "Sophos PowerShell command audit" }, { "description": "Dell SecureWorks Counter Threat Unit Special Operations Team. (2015, May 28). Living off the Land. Retrieved January 26, 2016.", "meta": { "date_accessed": "2016-01-26T00:00:00Z", "date_published": "2015-05-28T00:00:00Z", "refs": [ "http://www.secureworks.com/resources/blog/living-off-the-land/" ], "source": "MITRE, Tidal Cyber", "title": "Living off the Land" }, "related": [], "uuid": "79fc7568-b6ff-460b-9200-56d7909ed157", "value": "Dell TG-1314" }, { "description": "Wueest, C., Anand, H. (2017, July). Living off the land and fileless attack techniques. Retrieved April 10, 2018.", "meta": { "date_accessed": "2018-04-10T00:00:00Z", "date_published": "2017-07-01T00:00:00Z", "refs": [ "https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf" ], "source": "MITRE", "title": "Living off the land and fileless attack techniques" }, "related": [], "uuid": "4bad4659-f501-4eb6-b3ca-0359e3ba824e", "value": "Symantec Living off the Land" }, { "description": "LOLBAS. (n.d.). Living Off The Land Binaries and Scripts (and also Libraries). Retrieved February 10, 2020.", "meta": { "date_accessed": "2020-02-10T00:00:00Z", "refs": [ "https://lolbas-project.github.io/" ], "source": "MITRE", "title": "Living Off The Land Binaries and Scripts (and also Libraries)" }, "related": [], "uuid": "615f6fa5-3059-49fc-9fa4-5ca0aeff4331", "value": "LOLBAS Main Site" }, { "description": "Oddvar Moe et al. (2022, February). Living Off The Land Binaries, Scripts and Libraries. Retrieved March 7, 2022.", "meta": { "date_accessed": "2022-03-07T00:00:00Z", "date_published": "2022-02-01T00:00:00Z", "refs": [ "https://github.com/LOLBAS-Project/LOLBAS#criteria" ], "source": "MITRE", "title": "Living Off The Land Binaries, Scripts and Libraries" }, "related": [], "uuid": "14b1d3ab-8508-4946-9913-17e667956064", "value": "LOLBAS Project" }, { "description": "Jake Nicastro, Willi Ballenthin. (2019, October 9). Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil. Retrieved August 16, 2021.", "meta": { "date_accessed": "2021-08-16T00:00:00Z", "date_published": "2019-10-09T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/10/leveraging-apple-remote-desktop-for-good-and-evil.html" ], "source": "MITRE", "title": "Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil" }, "related": [], "uuid": "bbc72952-988e-4c3c-ab5e-75b64e9e33f5", "value": "FireEye 2019 Apple Remote Desktop" }, { "description": "Pingios, A.. (2018, February 7). LKM loading kernel restrictions. Retrieved June 4, 2020.", "meta": { "date_accessed": "2020-06-04T00:00:00Z", "date_published": "2018-02-07T00:00:00Z", "refs": [ "https://xorl.wordpress.com/2018/02/17/lkm-loading-kernel-restrictions/" ], "source": "MITRE", "title": "LKM loading kernel restrictions" }, "related": [], "uuid": "10ccae99-c6f5-4b83-89c9-06a9e35280fc", "value": "LKM loading kernel restrictions" }, { "description": "Francois, R. (n.d.). LLMNR Spoofer. Retrieved November 17, 2017.", "meta": { "date_accessed": "2017-11-17T00:00:00Z", "refs": [ "https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response" ], "source": "MITRE", "title": "LLMNR Spoofer" }, "related": [], "uuid": "229b04b6-98ca-4e6f-9917-a26cfe0a7f0d", "value": "Rapid7 LLMNR Spoofer" }, { "description": "Wikipedia. (2018, March 17). Loadable kernel module. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2018-03-17T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Loadable_kernel_module#Linux" ], "source": "MITRE", "title": "Loadable kernel module" }, "related": [], "uuid": "e6d9f967-4f45-44d2-8a19-69741745f917", "value": "Wikipedia Loadable Kernel Module" }, { "description": "Microsoft. (2018, December 5). LoadLibraryA function (libloaderapi.h). Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2018-12-05T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya" ], "source": "MITRE", "title": "LoadLibraryA function (libloaderapi.h)" }, "related": [], "uuid": "dfaf5bfa-61a7-45f8-a50e-0d8bc6cb2189", "value": "Microsoft LoadLibrary" }, { "description": "Microsoft. (2018, December 9). Local Accounts. Retrieved February 11, 2019.", "meta": { "date_accessed": "2019-02-11T00:00:00Z", "date_published": "2018-12-09T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts" ], "source": "MITRE", "title": "Local Accounts" }, "related": [], "uuid": "6ae7487c-cb61-4f10-825f-4ef9ef050b7c", "value": "Microsoft Local Accounts Feb 2019" }, { "description": "Sternstein, J. (2013, November). Local Network Attacks: LLMNR and NBT-NS Poisoning. Retrieved November 17, 2017.", "meta": { "date_accessed": "2017-11-17T00:00:00Z", "date_published": "2013-11-01T00:00:00Z", "refs": [ "https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning" ], "source": "MITRE", "title": "Local Network Attacks: LLMNR and NBT-NS Poisoning" }, "related": [], "uuid": "422a6043-78c2-43ef-8e87-7d7a8878f94a", "value": "Sternsecurity LLMNR-NBTNS" }, { "description": "Wisniewski, C. (2016, May 3). Location-based threats: How cybercriminals target you based on where you live. Retrieved April 1, 2021.", "meta": { "date_accessed": "2021-04-01T00:00:00Z", "date_published": "2016-05-03T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2016/05/03/location-based-ransomware-threat-research/" ], "source": "MITRE", "title": "Location-based threats: How cybercriminals target you based on where you live" }, "related": [], "uuid": "a3b7540d-20cc-4d94-8321-9fd730486f8c", "value": "Sophos Geolocation 2016" }, { "description": "Dana Behling. (2022, October 15). LockBit 3.0 Ransomware Unlocked. Retrieved May 19, 2023.", "meta": { "date_accessed": "2023-05-19T00:00:00Z", "date_published": "2022-10-15T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://blogs.vmware.com/security/2022/10/lockbit-3-0-also-known-as-lockbit-black.html" ], "source": "Tidal Cyber", "title": "LockBit 3.0 Ransomware Unlocked" }, "related": [], "uuid": "b625f291-0152-468c-a130-ec8fb0c6ad21", "value": "VMWare LockBit 3.0 October 2022" }, { "description": "Jim Walter, Aleksandar Milenkoski. (2022, July 21). LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques. Retrieved May 19, 2023.", "meta": { "date_accessed": "2023-05-19T00:00:00Z", "date_published": "2022-07-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.sentinelone.com/labs/lockbit-3-0-update-unpicking-the-ransomwares-latest-anti-analysis-and-evasion-techniques/" ], "source": "Tidal Cyber", "title": "LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques" }, "related": [], "uuid": "9a73b140-b483-4274-a134-ed1bb15ac31c", "value": "Sentinel Labs LockBit 3.0 July 2022" }, { "description": "Cary, M. (2018, December 6). Locked File Access Using ESENTUTL.exe. Retrieved September 5, 2019.", "meta": { "date_accessed": "2019-09-05T00:00:00Z", "date_published": "2018-12-06T00:00:00Z", "refs": [ "https://dfironthemountain.wordpress.com/2018/12/06/locked-file-access-using-esentutl-exe/" ], "source": "MITRE", "title": "Locked File Access Using ESENTUTL.exe" }, "related": [], "uuid": "aa1211c6-e490-444a-8aab-7626e0700dd0", "value": "Cary Esentutl" }, { "description": "Group IB. (2020, September). LOCK LIKE A PRO. Retrieved September 27, 2021.", "meta": { "date_accessed": "2021-09-27T00:00:00Z", "date_published": "2020-09-01T00:00:00Z", "refs": [ "https://groupib.pathfactory.com/ransomware-reports/prolock_wp" ], "source": "MITRE", "title": "LOCK LIKE A PRO" }, "related": [], "uuid": "52d0e16f-9a20-442f-9a17-686e51d7e32b", "value": "Group IB Ransomware September 2020" }, { "description": "Amazon. (2020). Logging AWS Backup API Calls with AWS CloudTrail. Retrieved April 27, 2020.", "meta": { "date_accessed": "2020-04-27T00:00:00Z", "date_published": "2020-01-01T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/aws-backup/latest/devguide/logging-using-cloudtrail.html" ], "source": "MITRE", "title": "Logging AWS Backup API Calls with AWS CloudTrail" }, "related": [], "uuid": "17222170-5454-4a7d-804b-23753ec841eb", "value": "AWS Cloud Trail Backup API" }, { "description": "AWS. (n.d.). Logging IAM and AWS STS API calls with AWS CloudTrail. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html" ], "source": "MITRE", "title": "Logging IAM and AWS STS API calls with AWS CloudTrail" }, "related": [], "uuid": "2aa0682b-f553-4c2b-ae9e-112310bcb8d0", "value": "AWS Logging IAM Calls" }, { "description": "Apple. (n.d.). Login Items AE. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/samplecode/LoginItemsAE/Introduction/Intro.html#//apple_ref/doc/uid/DTS10003788" ], "source": "MITRE", "title": "Login Items AE" }, "related": [], "uuid": "d15943dd-d11c-4af2-a3ac-9ebe168a7526", "value": "Login Items AE" }, { "description": "Apple. (n.d.). LoginWindowScripts. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "refs": [ "https://developer.apple.com/documentation/devicemanagement/loginwindowscripts" ], "source": "MITRE", "title": "LoginWindowScripts" }, "related": [], "uuid": "340eb8df-cc22-4b59-8dca-32ec52fd6818", "value": "LoginWindowScripts Apple Dev" }, { "description": "LogMeIn. (n.d.). LogMeIn Homepage. Retrieved November 16, 2023.", "meta": { "date_accessed": "2023-11-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.logmein.com/" ], "source": "Tidal Cyber", "title": "LogMeIn Homepage" }, "related": [], "uuid": "e113b544-82ad-4099-ab4e-7fc8b78f54bd", "value": "LogMeIn Homepage" }, { "description": "ESET. (2018, September). LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group. Retrieved July 2, 2019.", "meta": { "date_accessed": "2019-07-02T00:00:00Z", "date_published": "2018-09-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf" ], "source": "MITRE", "title": "LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group" }, "related": [], "uuid": "bb938fea-2b2e-41d3-a55c-40ea34c00d21", "value": "ESET LoJax Sept 2018" }, { "description": "Cheruku, H. (2020, April 15). LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE. Retrieved May 14, 2020.", "meta": { "date_accessed": "2020-05-14T00:00:00Z", "date_published": "2020-04-15T00:00:00Z", "refs": [ "https://blog.morphisec.com/lokibot-with-autoit-obfuscator-frenchy-shellcode" ], "source": "MITRE", "title": "LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE" }, "related": [], "uuid": "e938bab1-7dc1-4a78-b1e2-ab2aa0a83eb0", "value": "Morphisec Lokibot April 2020" }, { "description": "LOLBAS. (n.d.). LOLBAS Mapped to T1105. Retrieved March 11, 2022.", "meta": { "date_accessed": "2022-03-11T00:00:00Z", "refs": [ "https://lolbas-project.github.io/#t1105" ], "source": "MITRE", "title": "LOLBAS Mapped to T1105" }, "related": [], "uuid": "80e649f5-6c74-4d66-a452-4f4cd51501da", "value": "t1105_lolbas" }, { "description": "Pradhan, A. (2022, February 8). LolZarus: Lazarus Group Incorporating Lolbins into Campaigns. Retrieved March 22, 2022.", "meta": { "date_accessed": "2022-03-22T00:00:00Z", "date_published": "2022-02-08T00:00:00Z", "refs": [ "https://blog.qualys.com/vulnerabilities-threat-research/2022/02/08/lolzarus-lazarus-group-incorporating-lolbins-into-campaigns" ], "source": "MITRE", "title": "LolZarus: Lazarus Group Incorporating Lolbins into Campaigns" }, "related": [], "uuid": "784f1f5a-f7f2-45e8-84bd-b600f2b74b33", "value": "Qualys LolZarus" }, { "description": "Liviu Arsene, Radu Tudorica. (2020, November 23). TrickBot is Dead. Long Live TrickBot!. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "refs": [ "https://www.bitdefender.com/blog/labs/trickbot-is-dead-long-live-trickbot/" ], "source": "MITRE", "title": "Long Live TrickBot!" }, "related": [], "uuid": "1a281862-efc8-4566-8d06-ba463e22225d", "value": "Bitdefender Trickbot C2 infra Nov 2020" }, { "description": "Raggi, M. Schwarz, D.. (2019, August 1). LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards. Retrieved February 25, 2021.", "meta": { "date_accessed": "2021-02-25T00:00:00Z", "date_published": "2019-08-01T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks" ], "source": "MITRE", "title": "LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards" }, "related": [], "uuid": "77887f82-7815-4a91-8c8a-f77dc8a9ba53", "value": "Proofpoint LookBack Malware Aug 2019" }, { "description": "Fidelis Cybersecurity. (2015, August 4). Looking at the Sky for a DarkComet. Retrieved April 5, 2016.", "meta": { "date_accessed": "2016-04-05T00:00:00Z", "date_published": "2015-08-04T00:00:00Z", "refs": [ "https://www.fidelissecurity.com/sites/default/files/FTA_1018_looking_at_the_sky_for_a_dark_comet.pdf" ], "source": "MITRE", "title": "Looking at the Sky for a DarkComet" }, "related": [], "uuid": "6043b34d-dec3-415b-8329-05f698f320e3", "value": "Fidelis DarkComet" }, { "description": "Liberman, T. & Kogan, E. (2017, December 7). Lost in Transaction: Process Doppelgänging. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-12-07T00:00:00Z", "refs": [ "https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf" ], "source": "MITRE", "title": "Lost in Transaction: Process Doppelgänging" }, "related": [], "uuid": "b0752c3a-1777-4209-938d-5382de6a49f5", "value": "BlackHat Process Doppelgänging Dec 2017" }, { "description": "Malik, M. (2019, June 20). LoudMiner: Cross-platform mining in cracked VST software. Retrieved May 18, 2020.", "meta": { "date_accessed": "2020-05-18T00:00:00Z", "date_published": "2019-06-20T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/" ], "source": "MITRE", "title": "LoudMiner: Cross-platform mining in cracked VST software" }, "related": [], "uuid": "f1e4ff9e-cb6c-46cc-898e-5f170bb5f634", "value": "ESET LoudMiner June 2019" }, { "description": "Warren, J. (2017, June 22). lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "date_published": "2017-06-22T00:00:00Z", "refs": [ "https://github.com/gentilkiwi/mimikatz/issues/92" ], "source": "MITRE", "title": "lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92" }, "related": [], "uuid": "099c3492-1813-4874-9901-e24b081f7e12", "value": "GitHub Mimikatz Issue 92 June 2017" }, { "description": "Kerrisk, M. (2022, December 18). lsmod(8) — Linux manual page. Retrieved March 28, 2023.", "meta": { "date_accessed": "2023-03-28T00:00:00Z", "date_published": "2022-12-18T00:00:00Z", "refs": [ "https://man7.org/linux/man-pages/man8/lsmod.8.html" ], "source": "MITRE", "title": "lsmod(8) — Linux manual page" }, "related": [], "uuid": "c2f88274-9da4-5d24-b68d-302ee5990dd5", "value": "lsmod man" }, { "description": "Hsu, K. et al. (2020, June 24). Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices. Retrieved November 16, 2020.", "meta": { "date_accessed": "2020-11-16T00:00:00Z", "date_published": "2020-06-24T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/" ], "source": "MITRE", "title": "Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices" }, "related": [], "uuid": "3977a87a-2eab-4a67-82b2-10c9dc7e4554", "value": "Unit 42 Lucifer June 2020" }, { "description": "Legezo, D. (2018, June 13). LuckyMouse hits national data center to organize country-level waterholing campaign. Retrieved August 18, 2018.", "meta": { "date_accessed": "2018-08-18T00:00:00Z", "date_published": "2018-06-13T00:00:00Z", "refs": [ "https://securelist.com/luckymouse-hits-national-data-center/86083/" ], "source": "MITRE", "title": "LuckyMouse hits national data center to organize country-level waterholing campaign" }, "related": [], "uuid": "f974708b-598c-46a9-aac9-c5fbdd116c2a", "value": "Securelist LuckyMouse June 2018" }, { "description": "Ian Ahl. (2023, September 20). LUCR-3: Scattered Spider Getting SaaS-y In The Cloud. Retrieved September 20, 2023.", "meta": { "date_accessed": "2023-09-20T00:00:00Z", "date_published": "2023-09-20T00:00:00Z", "refs": [ "https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud" ], "source": "MITRE", "title": "LUCR-3: Scattered Spider Getting SaaS-y In The Cloud" }, "related": [], "uuid": "033e7c95-cded-5e51-9a9f-1c6038b0509f", "value": "lucr-3: Getting SaaS-y in the cloud" }, { "description": "Ian Ahl. (2023, September 20). LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD. Retrieved September 25, 2023.", "meta": { "date_accessed": "2023-09-25T00:00:00Z", "date_published": "2023-09-20T00:00:00Z", "refs": [ "https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud" ], "source": "MITRE", "title": "LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD" }, "related": [], "uuid": "020b97ab-466d-52e6-b1f1-6f9f8ffdabf0", "value": "Permiso Scattered Spider 2023" }, { "description": "Lechtik, M, and etl. (2021, July 14). LuminousMoth APT: Sweeping attacks for the chosen few. Retrieved October 20, 2022.", "meta": { "date_accessed": "2022-10-20T00:00:00Z", "date_published": "2021-07-14T00:00:00Z", "refs": [ "https://securelist.com/apt-luminousmoth/103332/" ], "source": "MITRE", "title": "LuminousMoth APT: Sweeping attacks for the chosen few" }, "related": [], "uuid": "e21c6931-fba8-52b0-b6f0-1c8222881fbd", "value": "Kaspersky LuminousMoth July 2021" }, { "description": "Botezatu, B and etl. (2021, July 21). LuminousMoth - PlugX, File Exfiltration and Persistence Revisited. Retrieved October 20, 2022.", "meta": { "date_accessed": "2022-10-20T00:00:00Z", "date_published": "2021-07-21T00:00:00Z", "refs": [ "https://www.bitdefender.com/blog/labs/luminousmoth-plugx-file-exfiltration-and-persistence-revisited" ], "source": "MITRE", "title": "LuminousMoth - PlugX, File Exfiltration and Persistence Revisited" }, "related": [], "uuid": "6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3", "value": "Bitdefender LuminousMoth July 2021" }, { "description": "Kristopher Russo. (n.d.). Luna Moth Callback Phishing Campaign. Retrieved February 2, 2023.", "meta": { "date_accessed": "2023-02-02T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/" ], "source": "MITRE", "title": "Luna Moth Callback Phishing Campaign" }, "related": [], "uuid": "ec52bcc9-6a56-5b94-8534-23c8e7ce740f", "value": "Unit42 Luna Moth" }, { "description": "Oren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag. (n.d.). LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS. Retrieved February 2, 2023.", "meta": { "date_accessed": "2023-02-02T00:00:00Z", "refs": [ "https://blog.sygnia.co/luna-moth-false-subscription-scams" ], "source": "MITRE", "title": "LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS" }, "related": [], "uuid": "3e1c2a64-8446-538d-a148-2de87991955a", "value": "sygnia Luna Month" }, { "description": "Shivtarkar, N. and Kumar, A. (2022, June 9). Lyceum .NET DNS Backdoor. Retrieved June 23, 2022.", "meta": { "date_accessed": "2022-06-23T00:00:00Z", "date_published": "2022-06-09T00:00:00Z", "refs": [ "https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor" ], "source": "MITRE", "title": "Lyceum .NET DNS Backdoor" }, "related": [], "uuid": "eb78de14-8044-4466-8954-9ca44a17e895", "value": "Zscaler Lyceum DnsSystem June 2022" }, { "description": "Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022.", "meta": { "date_accessed": "2022-06-14T00:00:00Z", "date_published": "2021-10-01T00:00:00Z", "refs": [ "https://vblocalhost.com/uploads/VB2021-Kayal-etal.pdf" ], "source": "MITRE", "title": "LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST" }, "related": [], "uuid": "b3d13a82-c24e-4b47-b47a-7221ad449859", "value": "Kaspersky Lyceum October 2021" }, { "description": "Thomas Reed. (2018, October 29). Mac cryptocurrency ticker app installs backdoors. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2018-10-29T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/" ], "source": "MITRE", "title": "Mac cryptocurrency ticker app installs backdoors" }, "related": [], "uuid": "99c53143-6f93-44c9-a874-c1b9e4506fb4", "value": "CoinTicker 2019" }, { "description": "ESET. (2019, July). MACHETE JUST GOT SHARPER Venezuelan government institutions under attack. Retrieved September 13, 2019.", "meta": { "date_accessed": "2019-09-13T00:00:00Z", "date_published": "2019-07-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf" ], "source": "MITRE, Tidal Cyber", "title": "MACHETE JUST GOT SHARPER Venezuelan government institutions under attack" }, "related": [], "uuid": "408d5e33-fcb6-4d21-8be9-7aa5a8bd3385", "value": "ESET Machete July 2019" }, { "description": "Patrick Wardle. (2017, January 1). Mac Malware of 2016. Retrieved September 21, 2018.", "meta": { "date_accessed": "2018-09-21T00:00:00Z", "date_published": "2017-01-01T00:00:00Z", "refs": [ "https://www.synack.com/2017/01/01/mac-malware-2016/" ], "source": "MITRE", "title": "Mac Malware of 2016" }, "related": [], "uuid": "9845ef95-bcc5-4430-8008-1e4a28e13c33", "value": "synack 2016 review" }, { "description": "Patrick Wardle. (n.d.). Mac Malware of 2017. Retrieved September 21, 2018.", "meta": { "date_accessed": "2018-09-21T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x25.html" ], "source": "MITRE", "title": "Mac Malware of 2017" }, "related": [], "uuid": "08227ae5-4086-4c31-83d9-459c3a097754", "value": "objsee mac malware 2017" }, { "description": "Chen, y., et al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved July 22, 2020.", "meta": { "date_accessed": "2020-07-22T00:00:00Z", "date_published": "2019-01-31T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/" ], "source": "MITRE", "title": "Mac Malware Steals Cryptocurrency Exchanges’ Cookies" }, "related": [], "uuid": "4605c51d-b36e-4c29-abda-2a97829f6019", "value": "Unit42 CookieMiner Jan 2019" }, { "description": "Chen, Y., Hu, W., Xu, Z., et. al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved October 14, 2019.", "meta": { "date_accessed": "2019-10-14T00:00:00Z", "date_published": "2019-01-31T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/" ], "source": "MITRE", "title": "Mac Malware Steals Cryptocurrency Exchanges’ Cookies" }, "related": [], "uuid": "0a88e730-8ed2-4983-8f11-2cb2e4abfe3e", "value": "Unit 42 Mac Crypto Cookies January 2019" }, { "description": "Sushko, O. (2019, April 17). macOS Bundlore: Mac Virus Bypassing macOS Security Features. Retrieved June 30, 2020.", "meta": { "date_accessed": "2020-06-30T00:00:00Z", "date_published": "2019-04-17T00:00:00Z", "refs": [ "https://mackeeper.com/blog/post/610-macos-bundlore-adware-analysis/" ], "source": "MITRE", "title": "macOS Bundlore: Mac Virus Bypassing macOS Security Features" }, "related": [], "uuid": "4d631c9a-4fd5-43a4-8b78-4219bd371e87", "value": "MacKeeper Bundlore Apr 2019" }, { "description": "Amanda Rousseau. (2020, April 4). MacOS Dylib Injection Workshop. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "date_published": "2020-04-04T00:00:00Z", "refs": [ "https://malwareunicorn.org/workshops/macos_dylib_injection.html#5" ], "source": "MITRE", "title": "MacOS Dylib Injection Workshop" }, "related": [], "uuid": "61aae3a4-317e-4117-a02a-27885709fb07", "value": "MalwareUnicorn macOS Dylib Injection MachO" }, { "description": "Tenon. (n.d.). Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "refs": [ "http://tenon.com/products/codebuilder/User_Guide/6_File_Systems.html#anchor520553" ], "source": "MITRE", "title": "macOS Hierarchical File System Overview" }, "related": [], "uuid": "4b8b110a-fc40-4094-a70d-15530bc05fec", "value": "macOS Hierarchical File System Overview" }, { "description": "kaloprominat. (2013, July 30). macos: manage add list remove login items apple script. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "date_published": "2013-07-30T00:00:00Z", "refs": [ "https://gist.github.com/kaloprominat/6111584" ], "source": "MITRE", "title": "macos: manage add list remove login items apple script" }, "related": [], "uuid": "13773d75-6fc1-4289-bf45-6ee147279052", "value": "Add List Remove Login Items Apple Script" }, { "description": "Cedric Owens. (2021, May 22). macOS MS Office Sandbox Brain Dump. Retrieved August 20, 2021.", "meta": { "date_accessed": "2021-08-20T00:00:00Z", "date_published": "2021-05-22T00:00:00Z", "refs": [ "https://cedowens.medium.com/macos-ms-office-sandbox-brain-dump-4509b5fed49a" ], "source": "MITRE", "title": "macOS MS Office Sandbox Brain Dump" }, "related": [], "uuid": "759e81c1-a250-440e-8b52-178bcf5451b9", "value": "macOS MS office sandbox escape" }, { "description": "Dominic Chell. (2021, January 1). macOS Post-Exploitation Shenanigans with VSCode Extensions. Retrieved April 20, 2021.", "meta": { "date_accessed": "2021-04-20T00:00:00Z", "date_published": "2021-01-01T00:00:00Z", "refs": [ "https://www.mdsec.co.uk/2021/01/macos-post-exploitation-shenanigans-with-vscode-extensions/" ], "source": "MITRE", "title": "macOS Post-Exploitation Shenanigans with VSCode Extensions" }, "related": [], "uuid": "979cac34-d447-4e42-b17e-8ab2630bcfec", "value": "MDSec macOS JXA and VSCode" }, { "description": "Phil Stokes. (2019, December 5). macOS Red Team: Calling Apple APIs Without Building Binaries. Retrieved July 17, 2020.", "meta": { "date_accessed": "2020-07-17T00:00:00Z", "date_published": "2019-12-05T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/macos-red-team-calling-apple-apis-without-building-binaries/" ], "source": "MITRE", "title": "macOS Red Team: Calling Apple APIs Without Building Binaries" }, "related": [], "uuid": "4b05bd7c-22a3-4168-850c-8168700b17ba", "value": "SentinelOne macOS Red Team" }, { "description": "Dan Borges. (2019, July 21). MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol). Retrieved September 10, 2021.", "meta": { "date_accessed": "2021-09-10T00:00:00Z", "date_published": "2019-07-21T00:00:00Z", "refs": [ "http://lockboxx.blogspot.com/2019/07/macos-red-teaming-206-ard-apple-remote.html" ], "source": "MITRE", "title": "MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol)" }, "related": [], "uuid": "159f8495-5354-4b93-84cb-a25e56fcff3e", "value": "Lockboxx ARD 2019" }, { "description": "Vivek Gite. (2023, August 22). MacOS – Set / Change $PATH Variable Command. Retrieved September 28, 2023.", "meta": { "date_accessed": "2023-09-28T00:00:00Z", "date_published": "2023-08-22T00:00:00Z", "refs": [ "https://www.cyberciti.biz/faq/appleosx-bash-unix-change-set-path-environment-variable/" ], "source": "MITRE", "title": "MacOS – Set / Change $PATH Variable Command" }, "related": [], "uuid": "83daecf1-8708-56da-aaad-1e7e95c4ea43", "value": "nixCraft macOS PATH variables" }, { "description": "Stalmans, E., El-Sherei, S. (2017, October 9). Macro-less Code Exec in MSWord. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-10-09T00:00:00Z", "refs": [ "https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/" ], "source": "MITRE", "title": "Macro-less Code Exec in MSWord" }, "related": [], "uuid": "1036fbbb-f731-458a-b38c-42431612c0ad", "value": "SensePost MacroLess DDE Oct 2017" }, { "description": "Yerko Grbic. (2017, February 14). Macro Malware Targets Macs. Retrieved July 8, 2017.", "meta": { "date_accessed": "2017-07-08T00:00:00Z", "date_published": "2017-02-14T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/macro-malware-targets-macs/" ], "source": "MITRE", "title": "Macro Malware Targets Macs" }, "related": [], "uuid": "d63f3f6a-4486-48a4-b2f8-c2a8d571731a", "value": "Macro Malware Targets Macs" }, { "description": "PETER EWANE. (2017, June 9). MacSpy: OS X RAT as a Service. Retrieved September 21, 2018.", "meta": { "date_accessed": "2018-09-21T00:00:00Z", "date_published": "2017-06-09T00:00:00Z", "refs": [ "https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service" ], "source": "MITRE", "title": "MacSpy: OS X RAT as a Service" }, "related": [], "uuid": "80bb8646-1eb0-442a-aa51-ee3efaf75915", "value": "alientvault macspy" }, { "description": "Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 22, 2021.", "meta": { "date_accessed": "2021-03-22T00:00:00Z", "date_published": "2020-07-07T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/mac/2020/07/mac-thiefquest-malware-may-not-be-ransomware-after-all/" ], "source": "MITRE", "title": "Mac ThiefQuest malware may not be ransomware after all" }, "related": [], "uuid": "47b49df4-34f1-4a89-9983-e8bc19aadf8c", "value": "reed thiefquest ransomware analysis" }, { "description": "Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 18, 2021.", "meta": { "date_accessed": "2021-03-18T00:00:00Z", "date_published": "2020-07-07T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/detections/osx-thiefquest/" ], "source": "MITRE", "title": "Mac ThiefQuest malware may not be ransomware after all" }, "related": [], "uuid": "b265ef93-c1fb-440d-a9e0-89cf25a3de05", "value": "Reed thiefquest fake ransom" }, { "description": "Sandvik, Runa. (2021, October 1). Made In America: Green Lambert for OS X. Retrieved March 21, 2022.", "meta": { "date_accessed": "2022-03-21T00:00:00Z", "date_published": "2021-10-01T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x68.html" ], "source": "MITRE", "title": "Made In America: Green Lambert for OS X" }, "related": [], "uuid": "fad94973-eafa-4fdb-b7aa-22c21d894f81", "value": "Objective See Green Lambert for OSX Oct 2021" }, { "description": "Chen, J. (2019, October 10). Magecart Card Skimmers Injected Into Online Shops. Retrieved September 9, 2020.", "meta": { "date_accessed": "2020-09-09T00:00:00Z", "date_published": "2019-10-10T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/19/j/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops.html" ], "source": "MITRE", "title": "Magecart Card Skimmers Injected Into Online Shops" }, "related": [], "uuid": "edb9395d-c8a2-46a5-8bf4-91b1d8fe6e3b", "value": "Trend Micro FIN6 October 2019" }, { "description": "Lee, B. and Falcone, R. (2017, February 15). Magic Hound Campaign Attacks Saudi Targets. Retrieved December 27, 2017.", "meta": { "date_accessed": "2017-12-27T00:00:00Z", "date_published": "2017-02-15T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/" ], "source": "MITRE", "title": "Magic Hound Campaign Attacks Saudi Targets" }, "related": [], "uuid": "f1ef9868-3ddb-4289-aa92-481c35517920", "value": "Unit 42 Magic Hound Feb 2017" }, { "description": "AMD. (1995, November 1). Magic Packet Technical White Paper. Retrieved February 17, 2021.", "meta": { "date_accessed": "2021-02-17T00:00:00Z", "date_published": "1995-11-01T00:00:00Z", "refs": [ "https://www.amd.com/system/files/TechDocs/20213.pdf" ], "source": "MITRE", "title": "Magic Packet Technical White Paper" }, "related": [], "uuid": "06d36dea-e13d-48c4-b6d6-0c175c379f5b", "value": "AMD Magic Packet" }, { "description": "Microsoft Threat Intelligence Center, Microsoft Detection and Response Team, Microsoft 365 Defender Research Team . (2022, August 24). MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone. Retrieved September 28, 2022.", "meta": { "date_accessed": "2022-09-28T00:00:00Z", "date_published": "2022-08-24T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/" ], "source": "MITRE", "title": "MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone" }, "related": [], "uuid": "5b728693-37e8-4100-ac82-b70945113e07", "value": "MagicWeb" }, { "description": "Carr, N, et all. (2019, October 10). Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques. Retrieved October 11, 2019.", "meta": { "date_accessed": "2019-10-11T00:00:00Z", "date_published": "2019-10-10T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html" ], "source": "MITRE", "title": "Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques" }, "related": [], "uuid": "df8886d1-fbd7-4c24-8ab1-6261923dee96", "value": "FireEye FIN7 Oct 2019" }, { "description": "Microsoft. (2023, February 22). Mail flow rules (transport rules) in Exchange Online. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "date_published": "2023-02-22T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules" ], "source": "MITRE", "title": "Mail flow rules (transport rules) in Exchange Online" }, "related": [], "uuid": "421093d7-6ac8-5ebc-9a04-1c65bdce0980", "value": "Microsoft Mail Flow Rules 2023" }, { "description": "Bullock, B., . (2018, November 20). MailSniper. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2018-11-20T00:00:00Z", "refs": [ "https://github.com/dafthack/MailSniper" ], "source": "MITRE", "title": "MailSniper" }, "related": [], "uuid": "50595548-b0c6-49d1-adab-43c8969ae716", "value": "GitHub MailSniper" }, { "description": "Michael Kerrisk. (2021, August 27). mailx(1p) — Linux manual page. Retrieved June 10, 2022.", "meta": { "date_accessed": "2022-06-10T00:00:00Z", "date_published": "2021-08-27T00:00:00Z", "refs": [ "https://man7.org/linux/man-pages/man1/mailx.1p.html" ], "source": "MITRE", "title": "mailx(1p) — Linux manual page" }, "related": [], "uuid": "6813a1a2-fbe0-4809-aad7-734997e59bea", "value": "mailx man page" }, { "description": "Nelson, M. (2014, January 23). Maintaining Access with normal.dotm. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2014-01-23T00:00:00Z", "refs": [ "https://enigma0x3.net/2014/01/23/maintaining-access-with-normal-dotm/comment-page-1/" ], "source": "MITRE", "title": "Maintaining Access with normal.dotm" }, "related": [], "uuid": "b8339d48-699d-4043-8197-1f0435a8dca5", "value": "enigma0x3 normal.dotm" }, { "description": "Sutherland, S. (2016, March 7). Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures. Retrieved July 8, 2019.", "meta": { "date_accessed": "2019-07-08T00:00:00Z", "date_published": "2016-03-07T00:00:00Z", "refs": [ "https://blog.netspi.com/sql-server-persistence-part-1-startup-stored-procedures/" ], "source": "MITRE", "title": "Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures" }, "related": [], "uuid": "afe89472-ac42-4a0d-b398-5ed6a5dee74f", "value": "NetSPI Startup Stored Procedures" }, { "description": "LOLBAS. (2018, May 25). Makecab.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Makecab/" ], "source": "Tidal Cyber", "title": "Makecab.exe" }, "related": [], "uuid": "6473e36b-b5ad-4254-b46d-38c53ccbe446", "value": "Makecab.exe - LOLBAS Project" }, { "description": "Hoang, M. (2019, January 31). Malicious Activity Report: Elements of Lokibot Infostealer. Retrieved May 15, 2020.", "meta": { "date_accessed": "2020-05-15T00:00:00Z", "date_published": "2019-01-31T00:00:00Z", "refs": [ "https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence--22" ], "source": "MITRE", "title": "Malicious Activity Report: Elements of Lokibot Infostealer" }, "related": [], "uuid": "17ab0f84-a062-4c4f-acf9-e0b8f81c3cda", "value": "Infoblox Lokibot January 2019" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, May 11). Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. Retrieved May 17, 2023.", "meta": { "date_accessed": "2023-05-17T00:00:00Z", "date_published": "2023-05-11T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a" ], "source": "Tidal Cyber", "title": "Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG" }, "related": [], "uuid": "b5ef2b97-7cc7-470b-ae97-a45dc4af32a6", "value": "U.S. CISA PaperCut May 2023" }, { "description": "Zuzana Hromcová. (2019, July 8). Malicious campaign targets South Korean users with backdoor‑laced torrents. Retrieved March 31, 2022.", "meta": { "date_accessed": "2022-03-31T00:00:00Z", "date_published": "2019-07-08T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/" ], "source": "MITRE", "title": "Malicious campaign targets South Korean users with backdoor‑laced torrents" }, "related": [], "uuid": "7d70675c-5520-4c81-8880-912ce918c4b5", "value": "GoBotKR" }, { "description": "De Tore, M., Warner, J. (2018, January 15). MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES. Retrieved January 17, 2018.", "meta": { "date_accessed": "2018-01-17T00:00:00Z", "date_published": "2018-01-15T00:00:00Z", "refs": [ "https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses" ], "source": "MITRE", "title": "MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES" }, "related": [], "uuid": "459bfd4a-7a9b-4d65-b574-acb221428dad", "value": "ICEBRG Chrome Extensions" }, { "description": "Saavedra-Morales, J., Sherstobitoff, R. (2018, January 6). Malicious Document Targets Pyeongchang Olympics. Retrieved April 10, 2018.", "meta": { "date_accessed": "2018-04-10T00:00:00Z", "date_published": "2018-01-06T00:00:00Z", "refs": [ "https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympics/" ], "source": "MITRE", "title": "Malicious Document Targets Pyeongchang Olympics" }, "related": [], "uuid": "e6b5c261-86c1-4b6b-8a5e-c6a454554588", "value": "McAfee Malicious Doc Targets Pyeongchang Olympics" }, { "description": "Salvio, J., Joven, R. (2016, December 16). Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware. Retrieved December 27, 2016.", "meta": { "date_accessed": "2016-12-27T00:00:00Z", "date_published": "2016-12-16T00:00:00Z", "refs": [ "https://blog.fortinet.com/2016/12/16/malicious-macro-bypasses-uac-to-elevate-privilege-for-fareit-malware" ], "source": "MITRE", "title": "Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware" }, "related": [], "uuid": "d06223d7-2d86-41c6-af23-50865a1810c0", "value": "Fortinet Fareit" }, { "description": "Microsoft. (2023, September 22). Malicious OAuth applications abuse cloud email services to spread spam. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "date_published": "2023-09-22T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/" ], "source": "MITRE", "title": "Malicious OAuth applications abuse cloud email services to spread spam" }, "related": [], "uuid": "086c06a0-3960-5fa8-b034-cef37a3aee90", "value": "Microsoft OAuth Spam 2022" }, { "description": "Yadav, A., et al. (2016, January 29). Malicious Office files dropping Kasidet and Dridex. Retrieved March 24, 2016.", "meta": { "date_accessed": "2016-03-24T00:00:00Z", "date_published": "2016-01-29T00:00:00Z", "refs": [ "http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html" ], "source": "MITRE", "title": "Malicious Office files dropping Kasidet and Dridex" }, "related": [], "uuid": "63077223-4711-4c1e-9fb2-3995c7e03cf2", "value": "Zscaler Kasidet" }, { "description": "Landers, N. (2015, December 4). Malicious Outlook Rules. Retrieved February 4, 2019.", "meta": { "date_accessed": "2019-02-04T00:00:00Z", "date_published": "2015-12-04T00:00:00Z", "refs": [ "https://silentbreaksecurity.com/malicious-outlook-rules/" ], "source": "MITRE", "title": "Malicious Outlook Rules" }, "related": [], "uuid": "a2ad0658-7c12-4f58-b7bf-6300eacb4a8f", "value": "SilentBreak Outlook Rules" }, { "description": "Brandt, Andrew. (2011, February 22). Malicious PHP Scripts on the Rise. Retrieved October 3, 2018.", "meta": { "date_accessed": "2018-10-03T00:00:00Z", "date_published": "2011-02-22T00:00:00Z", "refs": [ "https://www.webroot.com/blog/2011/02/22/malicious-php-scripts-on-the-rise/" ], "source": "MITRE", "title": "Malicious PHP Scripts on the Rise" }, "related": [], "uuid": "6d0da707-2328-4b43-a112-570c1fd5dec1", "value": "Webroot PHP 2011" }, { "description": "CISA. (2020, October 29). Malware Analysis Report (AR20-303A). Retrieved December 9, 2020.", "meta": { "date_accessed": "2020-12-09T00:00:00Z", "date_published": "2020-10-29T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303a" ], "source": "MITRE", "title": "Malware Analysis Report (AR20-303A)" }, "related": [], "uuid": "6ba168aa-ca07-4856-911f-fa48da54e471", "value": "CISA ComRAT Oct 2020" }, { "description": "CISA. (2020, October 29). Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2020-10-29T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/analysis-reports/ar20-303a" ], "source": "MITRE", "title": "Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT" }, "related": [], "uuid": "9d81e2c8-09d5-4542-9c60-13a22a5a0073", "value": "Malware Analysis Report ComRAT" }, { "description": "CISA. (2020, October 29). Malware Analysis Report (AR20-303B). Retrieved December 9, 2020.", "meta": { "date_accessed": "2020-12-09T00:00:00Z", "date_published": "2020-10-29T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303b" ], "source": "MITRE", "title": "Malware Analysis Report (AR20-303B)" }, "related": [], "uuid": "b7518c4d-6c10-43d2-8e57-d354fb8d4a99", "value": "CISA Zebrocy Oct 2020" }, { "description": "CISA. (2021, January 27). Malware Analysis Report (AR21-027A). Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2021-01-27T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a" ], "source": "MITRE", "title": "Malware Analysis Report (AR21-027A)" }, "related": [], "uuid": "ce300d75-8351-4d7c-b280-7d5fbe17f9bb", "value": "CISA Supernova Jan 2021" }, { "description": "National Cyber Security Centre. (2023, April 18). Malware Analysis Report: Jaguar Tooth. Retrieved August 23, 2023.", "meta": { "date_accessed": "2023-08-23T00:00:00Z", "date_published": "2023-04-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jaguar-tooth/NCSC-MAR-Jaguar-Tooth.pdf" ], "source": "Tidal Cyber", "title": "Malware Analysis Report: Jaguar Tooth" }, "related": [], "uuid": "954e0cb9-9a93-4cac-af84-c6989b973fac", "value": "UK NCSC Jaguar Tooth April 18 2023" }, { "description": "US-CERT. (2018, March 09). Malware Analysis Report (MAR) - 10135536.11.WHITE. Retrieved June 13, 2018.", "meta": { "date_accessed": "2018-06-13T00:00:00Z", "date_published": "2018-03-09T00:00:00Z", "refs": [ "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf" ], "source": "MITRE", "title": "Malware Analysis Report (MAR) - 10135536.11.WHITE" }, "related": [], "uuid": "b6bb568f-de15-4ace-8075-c08e7835fea2", "value": "US-CERT SHARPKNOT June 2018" }, { "description": "US-CERT. (2017, December 13). Malware Analysis Report (MAR) - 10135536-B. Retrieved July 17, 2018.", "meta": { "date_accessed": "2018-07-17T00:00:00Z", "date_published": "2017-12-13T00:00:00Z", "refs": [ "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDF" ], "source": "MITRE", "title": "Malware Analysis Report (MAR) - 10135536-B" }, "related": [], "uuid": "af2a708d-f96f-49e7-9351-1ea703e614a0", "value": "US-CERT Bankshot Dec 2017" }, { "description": "US-CERT. (2017, November 01). Malware Analysis Report (MAR) - 10135536-D. Retrieved July 16, 2018.", "meta": { "date_accessed": "2018-07-16T00:00:00Z", "date_published": "2017-11-01T00:00:00Z", "refs": [ "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-D_WHITE_S508C.PDF" ], "source": "MITRE", "title": "Malware Analysis Report (MAR) - 10135536-D" }, "related": [], "uuid": "a3a5c26c-0d57-4ffc-ae28-3fe828e08fcb", "value": "US-CERT Volgmer 2 Nov 2017" }, { "description": "US-CERT. (2018, February 05). Malware Analysis Report (MAR) - 10135536-F. Retrieved June 11, 2018.", "meta": { "date_accessed": "2018-06-11T00:00:00Z", "date_published": "2018-02-05T00:00:00Z", "refs": [ "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-F.pdf" ], "source": "MITRE", "title": "Malware Analysis Report (MAR) - 10135536-F" }, "related": [], "uuid": "ffc17fa5-e7d3-4592-b47b-e12ced0e62a4", "value": "US-CERT HARDRAIN March 2018" }, { "description": "US-CERT. (2018, February 06). Malware Analysis Report (MAR) - 10135536-G. Retrieved June 7, 2018.", "meta": { "date_accessed": "2018-06-07T00:00:00Z", "date_published": "2018-02-06T00:00:00Z", "refs": [ "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-G.PDF" ], "source": "MITRE", "title": "Malware Analysis Report (MAR) - 10135536-G" }, "related": [], "uuid": "aeb4ff70-fa98-474c-8337-9e50d07ee378", "value": "US-CERT BADCALL" }, { "description": "DHS/CISA, Cyber National Mission Force. (2020, October 1). Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA. Retrieved October 2, 2020.", "meta": { "date_accessed": "2020-10-02T00:00:00Z", "date_published": "2020-10-01T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-275a" ], "source": "MITRE", "title": "Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA" }, "related": [], "uuid": "57c3256c-0d24-4647-9037-fefe1c88ad61", "value": "CISA MAR SLOTHFULMEDIA October 2020" }, { "description": "Nesbit, B. and Ackerman, D. (2017, January). Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit. Retrieved October 4, 2017.", "meta": { "date_accessed": "2017-10-04T00:00:00Z", "date_published": "2017-01-01T00:00:00Z", "refs": [ "https://www.kroll.com/en/insights/publications/malware-analysis-report-rawpos-malware" ], "source": "MITRE", "title": "Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit" }, "related": [], "uuid": "cbbfffb9-c378-4e57-a2af-e76e6014ed57", "value": "Kroll RawPOS Jan 2017" }, { "description": "VMRAY. (2021, January 14). Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection. Retrieved October 4, 2022.", "meta": { "date_accessed": "2022-10-04T00:00:00Z", "date_published": "2021-01-14T00:00:00Z", "refs": [ "https://www.vmray.com/cyber-security-blog/osaminer-uses-applescripts-evade-detection-malware-analysis-spotlight/" ], "source": "MITRE", "title": "Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection" }, "related": [], "uuid": "47a5d32d-e6a5-46c2-898a-e45dc42371be", "value": "VMRay OSAMiner dynamic analysis 2021" }, { "description": "Catalin Cimpanu. (2018, July 10). Malware Found in Arch Linux AUR Package Repository. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2018-07-10T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/" ], "source": "MITRE", "title": "Malware Found in Arch Linux AUR Package Repository" }, "related": [], "uuid": "0654dabf-e885-45bf-8a8e-2b512ff4bf46", "value": "Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018" }, { "description": "Alperovitch, D. (2014, October 31). Malware-Free Intrusions. Retrieved November 4, 2014.", "meta": { "date_accessed": "2014-11-04T00:00:00Z", "date_published": "2014-10-31T00:00:00Z", "refs": [ "http://blog.crowdstrike.com/adversary-tricks-crowdstrike-treats/" ], "source": "MITRE", "title": "Malware-Free Intrusions" }, "related": [], "uuid": "b6635fd7-40ec-4481-bb0a-c1d3391854a7", "value": "Alperovitch Malware" }, { "description": "Kjaer, M. (2016, July 18). Malware in the browser: how you might get hacked by a Chrome extension. Retrieved November 22, 2017.", "meta": { "date_accessed": "2017-11-22T00:00:00Z", "date_published": "2016-07-18T00:00:00Z", "refs": [ "https://kjaer.io/extension-malware/" ], "source": "MITRE", "title": "Malware in the browser: how you might get hacked by a Chrome extension" }, "related": [], "uuid": "b0fdf9c7-614b-4269-ba3e-7d8b02aa8502", "value": "Chrome Extension C2 Malware" }, { "description": "Shoorbajee, Z. (2018, June 1). Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries'. Retrieved January 17, 2019.", "meta": { "date_accessed": "2019-01-17T00:00:00Z", "refs": [ "https://www.cyberscoop.com/kevin-mandia-fireeye-u-s-malware-nice/" ], "source": "MITRE", "title": "malware is more restrained than adversaries'" }, "related": [], "uuid": "0c518eec-a94e-42a7-8eb7-527ae3e279b6", "value": "FireEye Kevin Mandia Guardrails" }, { "description": "Karl Greenberg. (2023, April 20). Malware is proliferating, but detection measures bear fruit: Mandiant. Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "date_published": "2023-04-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.techrepublic.com/article/mandiant-malware-proliferating/" ], "source": "Tidal Cyber", "title": "Malware is proliferating, but detection measures bear fruit: Mandiant" }, "related": [], "uuid": "1347e21e-e77d-464d-bbbe-dc4d3f2b07a1", "value": "TechRepublic M-Trends 2023" }, { "description": "Counter Threat Unit Research Team. (2016, June 6). Malware Lingers with BITS. Retrieved January 12, 2018.", "meta": { "date_accessed": "2018-01-12T00:00:00Z", "date_published": "2016-06-06T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/malware-lingers-with-bits" ], "source": "MITRE", "title": "Malware Lingers with BITS" }, "related": [], "uuid": "db98b15c-399d-4a4c-8fa6-5a4ff38c3853", "value": "CTU BITS Malware June 2016" }, { "description": "Gavriel, H. (2018, November 27). Malware Mitigation when Direct System Calls are Used. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2018-11-27T00:00:00Z", "refs": [ "https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/" ], "source": "MITRE", "title": "Malware Mitigation when Direct System Calls are Used" }, "related": [], "uuid": "c13cf528-2a7d-4a32-aee2-db5db2f30298", "value": "CyberBit System Calls" }, { "description": "Bromiley, M. (2016, December 27). Malware Monday: VBScript and VBE Files. Retrieved March 17, 2023.", "meta": { "date_accessed": "2023-03-17T00:00:00Z", "date_published": "2016-12-27T00:00:00Z", "refs": [ "https://bromiley.medium.com/malware-monday-vbscript-and-vbe-files-292252c1a16" ], "source": "MITRE", "title": "Malware Monday: VBScript and VBE Files" }, "related": [], "uuid": "9b52a72b-938a-5eb6-a3b7-5a925657f0a3", "value": "Malware Monday VBE" }, { "description": "Wardle, P. (2015, April). Malware Persistence on OS X Yosemite. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2015-04-01T00:00:00Z", "refs": [ "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ], "source": "MITRE", "title": "Malware Persistence on OS X Yosemite" }, "related": [], "uuid": "7e3f3dda-c407-4b06-a6b0-8b72c4dad6e6", "value": "RSAC 2015 San Francisco Patrick Wardle" }, { "description": "Patrick Wardle. (2015). Malware Persistence on OS X Yosemite. Retrieved July 10, 2017.", "meta": { "date_accessed": "2017-07-10T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ], "source": "MITRE", "title": "Malware Persistence on OS X Yosemite" }, "related": [], "uuid": "d4e3b066-c439-4284-ba28-3b8bd8ec270e", "value": "Malware Persistence on OS X" }, { "description": "Harbour, N. (2010, July 15). Malware Persistence without the Windows Registry. Retrieved November 17, 2020.", "meta": { "date_accessed": "2020-11-17T00:00:00Z", "date_published": "2010-07-15T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2010/07/malware-persistence-windows-registry.html" ], "source": "MITRE", "title": "Malware Persistence without the Windows Registry" }, "related": [], "uuid": "536f9987-f3b6-4d5f-8a6b-32a0c651500d", "value": "FireEye Hijacking July 2010" }, { "description": "Mondok, M. (2007, May 11). Malware piggybacks on Windows’ Background Intelligent Transfer Service. Retrieved January 12, 2018.", "meta": { "date_accessed": "2018-01-12T00:00:00Z", "date_published": "2007-05-11T00:00:00Z", "refs": [ "https://arstechnica.com/information-technology/2007/05/malware-piggybacks-on-windows-background-intelligent-transfer-service/" ], "source": "MITRE", "title": "Malware piggybacks on Windows’ Background Intelligent Transfer Service" }, "related": [], "uuid": "7dd03a92-11b8-4b8a-9d34-082ecf09a6e4", "value": "Mondok Windows PiggyBack BITS May 2007" }, { "description": "Cimpanu, C. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved February 18, 2021.", "meta": { "date_accessed": "2021-02-18T00:00:00Z", "date_published": "2016-04-26T00:00:00Z", "refs": [ "https://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml" ], "source": "MITRE", "title": "Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary" }, "related": [], "uuid": "83b8c3c4-d67a-48bd-8614-1c703a8d969b", "value": "Conficker Nuclear Power Plant" }, { "description": "MMPC. (2012, October 3). Malware signed with the Adobe code signing certificate. Retrieved June 3, 2021.", "meta": { "date_accessed": "2021-06-03T00:00:00Z", "date_published": "2012-10-03T00:00:00Z", "refs": [ "https://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx" ], "source": "MITRE", "title": "Malware signed with the Adobe code signing certificate" }, "related": [], "uuid": "ef412bcd-54be-4972-888c-f5a2cdfb8d02", "value": "MMPC ISAPI Filter 2012" }, { "description": "Leonardo. (2020, May 29). MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64”. Retrieved March 11, 2021.", "meta": { "date_accessed": "2021-03-11T00:00:00Z", "date_published": "2020-05-29T00:00:00Z", "refs": [ "https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf" ], "source": "MITRE", "title": "MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64”" }, "related": [], "uuid": "09d8bb54-6fa5-4842-98aa-6e9656a19092", "value": "Leonardo Turla Penquin May 2020" }, { "description": "Pierre-Marc Bureau. (2009, January 15). Malware Trying to Avoid Some Countries. Retrieved August 18, 2021.", "meta": { "date_accessed": "2021-08-18T00:00:00Z", "date_published": "2009-01-15T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2009/01/15/malware-trying-to-avoid-some-countries/" ], "source": "MITRE", "title": "Malware Trying to Avoid Some Countries" }, "related": [], "uuid": "3d4c5366-038a-453e-b803-a172b95da5f7", "value": "Malware System Language Check" }, { "description": "Tomonaga, S. (2018, March 6). Malware “TSCookie”. Retrieved May 6, 2020.", "meta": { "date_accessed": "2020-05-06T00:00:00Z", "date_published": "2018-03-06T00:00:00Z", "refs": [ "https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html" ], "source": "MITRE", "title": "Malware “TSCookie”" }, "related": [], "uuid": "ff1717f7-0d2e-4947-87d7-44576affe9f8", "value": "JPCert TSCookie March 2018" }, { "description": "Florio, E. (2007, May 9). Malware Update with Windows Update. Retrieved January 12, 2018.", "meta": { "date_accessed": "2018-01-12T00:00:00Z", "date_published": "2007-05-09T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/malware-update-windows-update" ], "source": "MITRE", "title": "Malware Update with Windows Update" }, "related": [], "uuid": "e5962c87-0d42-46c2-8757-91f264fc570f", "value": "Symantec BITS May 2007" }, { "description": "Tomonaga, S.. (2019, September 18). Malware Used by BlackTech after Network Intrusion. Retrieved May 6, 2020.", "meta": { "date_accessed": "2020-05-06T00:00:00Z", "date_published": "2019-09-18T00:00:00Z", "refs": [ "https://blogs.jpcert.or.jp/en/2019/09/tscookie-loader.html" ], "source": "MITRE", "title": "Malware Used by BlackTech after Network Intrusion" }, "related": [], "uuid": "26f44bde-f723-4854-8acc-3d95e5fa764a", "value": "JPCert BlackTech Malware September 2019" }, { "description": "Xingyu, J.. (2019, January 17). Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products. Retrieved May 26, 2020.", "meta": { "date_accessed": "2020-05-26T00:00:00Z", "date_published": "2019-01-17T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/" ], "source": "MITRE", "title": "Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products" }, "related": [], "uuid": "facf686b-a5a9-4c85-bb46-f56a434d3d78", "value": "Unit 42 Rocke January 2019" }, { "description": "LOLBAS. (2018, May 25). Manage-bde.wsf. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/Manage-bde/" ], "source": "Tidal Cyber", "title": "Manage-bde.wsf" }, "related": [], "uuid": "74d5483e-2268-464c-a048-bb1f25bbfc4f", "value": "Manage-bde.wsf - LOLBAS Project" }, { "description": "Microsoft. (2022, February 18). Manage device identities by using the Azure portal. Retrieved April 13, 2022.", "meta": { "date_accessed": "2022-04-13T00:00:00Z", "date_published": "2022-02-18T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal" ], "source": "MITRE", "title": "Manage device identities by using the Azure portal" }, "related": [], "uuid": "91aa3a4a-a852-40db-b6ec-68504670cfa6", "value": "Microsoft Manage Device Identities" }, { "description": "Satran, M. (2018, May 30). Managed Object Format (MOF). Retrieved January 24, 2020.", "meta": { "date_accessed": "2020-01-24T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/wmisdk/managed-object-format--mof-" ], "source": "MITRE", "title": "Managed Object Format (MOF)" }, "related": [], "uuid": "1d1da9ad-c995-4040-8103-b51af9d8bac3", "value": "Microsoft MOF May 2018" }, { "description": "Microsoft. (n.d.). Manage email messages by using rules. Retrieved June 11, 2021.", "meta": { "date_accessed": "2021-06-11T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/office/manage-email-messages-by-using-rules-c24f5dea-9465-4df4-ad17-a50704d66c59" ], "source": "MITRE", "title": "Manage email messages by using rules" }, "related": [], "uuid": "91ce21f7-4cd5-4a75-a533-45d052a11c5d", "value": "Microsoft Inbox Rules" }, { "description": "Google Cloud. (n.d.). Manage just-in-time privileged access to projects. Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "refs": [ "https://cloud.google.com/architecture/manage-just-in-time-privileged-access-to-project" ], "source": "MITRE", "title": "Manage just-in-time privileged access to projects" }, "related": [], "uuid": "797c6051-9dff-531b-8438-d306bdf46720", "value": "Google Cloud Just in Time Access 2023" }, { "description": "Microsoft. (2023, February 22). Manage mail flow rules in Exchange Online. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "date_published": "2023-02-22T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/manage-mail-flow-rules" ], "source": "MITRE", "title": "Manage mail flow rules in Exchange Online" }, "related": [], "uuid": "1d5d7353-7d9d-522a-a0aa-6f4aa0886ca1", "value": "Microsoft Manage Mail Flow Rules 2023" }, { "description": "Microsoft. (2022, March 4). Manage partner relationships. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2022-03-04T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/microsoft-365/commerce/manage-partners?view=o365-worldwide" ], "source": "MITRE", "title": "Manage partner relationships" }, "related": [], "uuid": "3d794f31-c3b4-4e0b-8558-b944d6616676", "value": "Office 365 Partner Relationships" }, { "description": "Microsoft. (n.d.). Manage Trusted Publishers. Retrieved March 31, 2016.", "meta": { "date_accessed": "2016-03-31T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc733026.aspx" ], "source": "MITRE", "title": "Manage Trusted Publishers" }, "related": [], "uuid": "e355ae20-4ada-49f3-a097-744838d6ff7d", "value": "TechNet Trusted Publishers" }, { "description": "Lich, B., Tobin, J., Hall, J. (2017, April 5). Manage Windows Defender Credential Guard. Retrieved November 27, 2017.", "meta": { "date_accessed": "2017-11-27T00:00:00Z", "date_published": "2017-04-05T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-manage" ], "source": "MITRE", "title": "Manage Windows Defender Credential Guard" }, "related": [], "uuid": "dc95771b-db84-43ae-b9ee-6f0ef3f1c93d", "value": "Microsoft Enable Cred Guard April 2017" }, { "description": "N. O'Bryan. (2018, May 30). Managing Outlook Cached Mode and OST File Sizes. Retrieved February 19, 2020.", "meta": { "date_accessed": "2020-02-19T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://practical365.com/clients/office-365-proplus/outlook-cached-mode-ost-file-sizes/" ], "source": "MITRE", "title": "Managing Outlook Cached Mode and OST File Sizes" }, "related": [], "uuid": "6fbbb53f-cd4b-4ce1-942d-5cadb907cf86", "value": "Outlook File Sizes" }, { "description": "Microsoft. (n.d.). Managing WebDAV Security (IIS 6.0). Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "refs": [ "https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4beddb35-0cba-424c-8b9b-a5832ad8e208.mspx" ], "source": "MITRE", "title": "Managing WebDAV Security (IIS 6.0)" }, "related": [], "uuid": "eeb7cd82-b116-4989-b3fa-968a23f839f3", "value": "Microsoft Managing WebDAV Security" }, { "description": "Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016.", "meta": { "date_accessed": "2016-01-10T00:00:00Z", "date_published": "2011-01-27T00:00:00Z", "refs": [ "https://dl.mandiant.com/EE/assets/PDF_MTrends_2011.pdf" ], "source": "MITRE", "title": "Mandiant M-Trends 2011" }, "related": [], "uuid": "563be052-29ac-4625-927d-84e475ef848e", "value": "Mandiant M Trends 2011" }, { "description": "Mandiant. (2016, February 25). Mandiant M-Trends 2016. Retrieved March 5, 2019.", "meta": { "date_accessed": "2019-03-05T00:00:00Z", "date_published": "2016-02-25T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf" ], "source": "MITRE", "title": "Mandiant M-Trends 2016" }, "related": [], "uuid": "f769a3ac-4330-46b7-bed8-61697e22cd24", "value": "Mandiant M Trends 2016" }, { "description": "Mandiant. (2018). Mandiant M-Trends 2018. Retrieved July 9, 2018.", "meta": { "date_accessed": "2018-07-09T00:00:00Z", "date_published": "2018-01-01T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Mandiant M-Trends 2018" }, "related": [], "uuid": "71d3db50-4a20-4d8e-a640-4670d642205c", "value": "FireEye APT35 2018" }, { "description": "Microsoft. (n.d.). Manifests. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-US/library/aa375365" ], "source": "MITRE", "title": "Manifests" }, "related": [], "uuid": "e336dc02-c7bb-4046-93d9-17b9512fb731", "value": "Microsoft Manifests" }, { "description": "Microsoft. (n.d.). Manifests. Retrieved June 3, 2016.", "meta": { "date_accessed": "2016-06-03T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/aa375365" ], "source": "MITRE", "title": "Manifests" }, "related": [], "uuid": "a29301fe-0e3c-4c6e-85c5-a30a6bcb9114", "value": "MSDN Manifests" }, { "description": "Wikipedia. (2017, October 28). Man-in-the-browser. Retrieved January 10, 2018.", "meta": { "date_accessed": "2018-01-10T00:00:00Z", "date_published": "2017-10-28T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Man-in-the-browser" ], "source": "MITRE", "title": "Man-in-the-browser" }, "related": [], "uuid": "f8975da7-4c50-4b3b-8ecb-c99c9b3bc20c", "value": "Wikipedia Man in the Browser" }, { "description": "Kaspersky IT Encyclopedia. (n.d.). Man-in-the-middle attack. Retrieved September 1, 2023.", "meta": { "date_accessed": "2023-09-01T00:00:00Z", "refs": [ "https://encyclopedia.kaspersky.com/glossary/man-in-the-middle-attack/" ], "source": "MITRE", "title": "Man-in-the-middle attack" }, "related": [], "uuid": "353a6eb9-54c5-5211-ad87-abf5d941e503", "value": "Kaspersky Encyclopedia MiTM" }, { "description": "Rapid7. (n.d.). Man-in-the-Middle (MITM) Attacks. Retrieved March 2, 2020.", "meta": { "date_accessed": "2020-03-02T00:00:00Z", "refs": [ "https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/" ], "source": "MITRE", "title": "Man-in-the-Middle (MITM) Attacks" }, "related": [], "uuid": "33b25966-0ab9-4cc6-9702-62263a23af9c", "value": "Rapid7 MiTM Basics" }, { "description": "Praetorian. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved October 8, 2021.", "meta": { "date_accessed": "2021-10-08T00:00:00Z", "date_published": "2014-08-19T00:00:00Z", "refs": [ "https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/" ], "source": "MITRE", "title": "Man-in-the-Middle TLS Protocol Downgrade Attack" }, "related": [], "uuid": "4375602d-4b5f-476d-82f8-3cef84d3378e", "value": "Praetorian TLS Downgrade Attack 2014" }, { "description": "praetorian Editorial Team. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved December 8, 2021.", "meta": { "date_accessed": "2021-12-08T00:00:00Z", "date_published": "2014-08-19T00:00:00Z", "refs": [ "https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/" ], "source": "MITRE", "title": "Man-in-the-Middle TLS Protocol Downgrade Attack" }, "related": [], "uuid": "af907fe1-1e37-4f44-8ad4-fcc3826ee6fb", "value": "mitm_tls_downgrade_att" }, { "description": "Warren, J. (2017, July 11). Manipulating User Passwords with Mimikatz. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "date_published": "2017-07-11T00:00:00Z", "refs": [ "https://blog.stealthbits.com/manipulating-user-passwords-with-mimikatz-SetNTLM-ChangeNTLM" ], "source": "MITRE", "title": "Manipulating User Passwords with Mimikatz" }, "related": [], "uuid": "3bf24c68-fc98-4143-9dff-f54030c902fe", "value": "InsiderThreat ChangeNTLM July 2017" }, { "description": "Starikova, A. (2023, February 14). Man-on-the-side – peculiar attack. Retrieved September 1, 2023.", "meta": { "date_accessed": "2023-09-01T00:00:00Z", "date_published": "2023-02-14T00:00:00Z", "refs": [ "https://usa.kaspersky.com/blog/man-on-the-side/27854/" ], "source": "MITRE", "title": "Man-on-the-side – peculiar attack" }, "related": [], "uuid": "8ea545ac-cca6-5da5-8a93-6b07518fc9d4", "value": "Kaspersky ManOnTheSide" }, { "description": "Falcon OverWatch Team. (2020, July 14). Manufacturing Industry in the Adversaries’ Crosshairs. Retrieved October 17, 2021.", "meta": { "date_accessed": "2021-10-17T00:00:00Z", "date_published": "2020-07-14T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/" ], "source": "MITRE", "title": "Manufacturing Industry in the Adversaries’ Crosshairs" }, "related": [], "uuid": "5ed6a702-dcc5-4021-95cc-5b720dbd8774", "value": "CrowdStrike Manufacturing Threat July 2020" }, { "description": "US-CERT. (2018, June 14). MAR-10135536-12 – North Korean Trojan: TYPEFRAME. Retrieved July 13, 2018.", "meta": { "date_accessed": "2018-07-13T00:00:00Z", "date_published": "2018-06-14T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A" ], "source": "MITRE", "title": "MAR-10135536-12 – North Korean Trojan: TYPEFRAME" }, "related": [], "uuid": "b89f20ad-39c4-480f-b02e-20f4e71f6b95", "value": "US-CERT TYPEFRAME June 2018" }, { "description": "US-CERT. (2018, August 09). MAR-10135536-17 – North Korean Trojan: KEYMARBLE. Retrieved August 16, 2018.", "meta": { "date_accessed": "2018-08-16T00:00:00Z", "date_published": "2018-08-09T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/analysis-reports/AR18-221A" ], "source": "MITRE", "title": "MAR-10135536-17 – North Korean Trojan: KEYMARBLE" }, "related": [], "uuid": "b30dd720-a85d-4bf5-84e1-394a27917ee7", "value": "US-CERT KEYMARBLE Aug 2018" }, { "description": "US-CERT. (2019, April 10). MAR-10135536-8 – North Korean Trojan: HOPLIGHT. Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "date_published": "2019-04-10T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A" ], "source": "MITRE", "title": "MAR-10135536-8 – North Korean Trojan: HOPLIGHT" }, "related": [], "uuid": "e722b71b-9042-4143-a156-489783d86e0a", "value": "US-CERT HOPLIGHT Apr 2019" }, { "description": "US-CERT. (2020, February 20). MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT. Retrieved May 1, 2020.", "meta": { "date_accessed": "2020-05-01T00:00:00Z", "date_published": "2020-02-20T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/analysis-reports/ar20-045d" ], "source": "MITRE", "title": "MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT" }, "related": [], "uuid": "db5c816a-2a23-4966-8f0b-4ec86cae45c9", "value": "US-CERT HOTCROISSANT February 2020" }, { "description": "USG. (2020, May 12). MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE. Retrieved March 5, 2021.", "meta": { "date_accessed": "2021-03-05T00:00:00Z", "date_published": "2020-05-12T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-133b" ], "source": "MITRE", "title": "MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE" }, "related": [], "uuid": "b9946fcc-592a-4c54-b504-4fe5050704df", "value": "CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020" }, { "description": "CISA, FBI, DOD. (2021, August). MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR. Retrieved August 24, 2021.", "meta": { "date_accessed": "2021-08-24T00:00:00Z", "date_published": "2021-08-01T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a" ], "source": "MITRE", "title": "MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR" }, "related": [], "uuid": "0ae18fda-cc88-49f4-8e85-7b63044579ea", "value": "CISA MAR-10292089-1.v2 TAIDOOR August 2021" }, { "description": "US-CERT. (2020, August 19). MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN. Retrieved August 19, 2020.", "meta": { "date_accessed": "2020-08-19T00:00:00Z", "date_published": "2020-08-19T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a" ], "source": "MITRE", "title": "MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN" }, "related": [], "uuid": "0421788c-b807-4e19-897c-bfb4323feb16", "value": "US-CERT BLINDINGCAN Aug 2020" }, { "description": "CISA. (2020, July 16). MAR-10296782-1.v1 – SOREFANG. Retrieved September 29, 2020.", "meta": { "date_accessed": "2020-09-29T00:00:00Z", "date_published": "2020-07-16T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198a" ], "source": "MITRE", "title": "MAR-10296782-1.v1 – SOREFANG" }, "related": [], "uuid": "a87db09c-cadc-48fd-9634-8dd44bbd9009", "value": "CISA SoreFang July 2016" }, { "description": "CISA. (2020, July 16). MAR-10296782-2.v1 – WELLMESS. Retrieved September 24, 2020.", "meta": { "date_accessed": "2020-09-24T00:00:00Z", "date_published": "2020-07-16T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198b" ], "source": "MITRE", "title": "MAR-10296782-2.v1 – WELLMESS" }, "related": [], "uuid": "40e9eda2-51a2-4fd8-b0b1-7d2c6deca820", "value": "CISA WellMess July 2020" }, { "description": "CISA. (2020, July 16). MAR-10296782-3.v1 – WELLMAIL. Retrieved September 29, 2020.", "meta": { "date_accessed": "2020-09-29T00:00:00Z", "date_published": "2020-07-16T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198c" ], "source": "MITRE", "title": "MAR-10296782-3.v1 – WELLMAIL" }, "related": [], "uuid": "2f33b88a-a8dd-445b-a34f-e356b94bed35", "value": "CISA WellMail July 2020" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2020, August 26). MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON. Retrieved March 18, 2021.", "meta": { "date_accessed": "2021-03-18T00:00:00Z", "date_published": "2020-08-26T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239a" ], "source": "MITRE", "title": "MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON" }, "related": [], "uuid": "a1b143f9-ca85-4c11-8909-49423c9ffeab", "value": "CISA EB Aug 2020" }, { "description": "CISA. (2019, February 27). MAR-17-352-01 HatMan-Safety System Targeted Malware. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2019-02-27T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/sites/default/files/documents/MAR-17-352-01%20HatMan%20-%20Safety%20System%20Targeted%20Malware%20%28Update%20B%29.pdf" ], "source": "MITRE", "title": "MAR-17-352-01 HatMan-Safety System Targeted Malware" }, "related": [], "uuid": "0690fa53-fee4-43fa-afd5-61137fd7529e", "value": "CISA HatMan" }, { "description": "Hegt, S. (2020, March 30). Mark-of-the-Web from a red team’s perspective. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2020-03-30T00:00:00Z", "refs": [ "https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective/" ], "source": "MITRE", "title": "Mark-of-the-Web from a red team’s perspective" }, "related": [], "uuid": "54d9c59f-800a-426f-90c8-0d1cb2bea1ea", "value": "Outflank MotW 2020" }, { "description": "Tal, Nati. (2022, December 28). “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-12-28T00:00:00Z", "refs": [ "https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e" ], "source": "MITRE", "title": "“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets" }, "related": [], "uuid": "e11492f4-f9a3-5489-b2bb-a28b19ef88b5", "value": "Masquerads-Guardio" }, { "description": "Ng, A. (2019, January 17). Massive breach leaks 773 million email addresses, 21 million passwords. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2019-01-17T00:00:00Z", "refs": [ "https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/" ], "source": "MITRE", "title": "Massive breach leaks 773 million email addresses, 21 million passwords" }, "related": [], "uuid": "46df3a49-e7c4-4169-b35c-0aecc78c31ea", "value": "CNET Leaks" }, { "description": "Goodin, D.. (2015, March 31). Massive denial-of-service attack on GitHub tied to Chinese government. Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "date_published": "2015-03-31T00:00:00Z", "refs": [ "https://arstechnica.com/information-technology/2015/03/massive-denial-of-service-attack-on-github-tied-to-chinese-government/" ], "source": "MITRE", "title": "Massive denial-of-service attack on GitHub tied to Chinese government" }, "related": [], "uuid": "1a08d58f-bf91-4345-aa4e-2906d3ef365a", "value": "ArsTechnica Great Firewall of China" }, { "description": "Europol. (2018, March 26). Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain. Retrieved October 10, 2018.", "meta": { "date_accessed": "2018-10-10T00:00:00Z", "date_published": "2018-03-26T00:00:00Z", "refs": [ "https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain" ], "source": "MITRE", "title": "Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain" }, "related": [], "uuid": "f9d1f2ab-9e75-48ce-bcdf-b7119687feef", "value": "Europol Cobalt Mar 2018" }, { "description": "LOLBAS. (n.d.). Mavinject.exe. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Mavinject/" ], "source": "MITRE", "title": "Mavinject.exe" }, "related": [], "uuid": "4ba7fa89-006b-4fbf-aa6c-6775842c97a4", "value": "LOLBAS Mavinject" }, { "description": "Matt Graeber. (2018, May 29). mavinject.exe Functionality Deconstructed. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2018-05-29T00:00:00Z", "refs": [ "https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e" ], "source": "MITRE", "title": "mavinject.exe Functionality Deconstructed" }, "related": [], "uuid": "17b055ba-5e59-4508-ba77-2519c03c6d65", "value": "Mavinject Functionality Deconstructed" }, { "description": "Brandt, A., Mackenzie, P.. (2020, September 17). Maze Attackers Adopt Ragnar Locker Virtual Machine Technique. Retrieved October 9, 2020.", "meta": { "date_accessed": "2020-10-09T00:00:00Z", "date_published": "2020-09-17T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/" ], "source": "MITRE", "title": "Maze Attackers Adopt Ragnar Locker Virtual Machine Technique" }, "related": [], "uuid": "9c4bbcbb-2c18-453c-8b02-0a0cd512c3f3", "value": "Sophos Maze VM September 2020" }, { "description": "ARMmbed. (2018, June 21). Mbed Crypto. Retrieved February 15, 2021.", "meta": { "date_accessed": "2021-02-15T00:00:00Z", "date_published": "2018-06-21T00:00:00Z", "refs": [ "https://github.com/ARMmbed/mbed-crypto" ], "source": "MITRE", "title": "Mbed Crypto" }, "related": [], "uuid": "324ba1b8-cc97-4d20-b25d-053b2462f3b2", "value": "mbed-crypto" }, { "description": "Saavedra-Morales, J, et al. (2019, October 20). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo. Retrieved August 5, 2020.", "meta": { "date_accessed": "2020-08-05T00:00:00Z", "date_published": "2019-10-20T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/" ], "source": "MITRE", "title": "McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo" }, "related": [], "uuid": "288e94b3-a023-4b59-8b2a-25c469fb56a1", "value": "McAfee REvil October 2019" }, { "description": "McAfee. (2019, October 2). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "date_published": "2019-10-02T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/" ], "source": "MITRE", "title": "McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us" }, "related": [], "uuid": "1bf961f2-dfa9-4ca3-9bf5-90c21755d783", "value": "McAfee Sodinokibi October 2019" }, { "description": "Li, H. (2013, November 5). McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office. Retrieved June 18, 2020.", "meta": { "date_accessed": "2020-06-18T00:00:00Z", "date_published": "2013-11-05T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2" ], "source": "MITRE", "title": "McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office" }, "related": [], "uuid": "c90ecd26-ce29-4c1d-b739-357b6d42f399", "value": "McAfee Sandworm November 2013" }, { "description": "Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.", "meta": { "date_accessed": "2018-05-16T00:00:00Z", "date_published": "2018-03-02T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/" ], "source": "MITRE", "title": "McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups" }, "related": [], "uuid": "e6f0f7b5-01fe-437f-a9c9-2ea054e7d69d", "value": "McAfee Honeybee" }, { "description": "Secureworks. (2019, July 24). MCMD Malware Analysis. Retrieved August 13, 2020.", "meta": { "date_accessed": "2020-08-13T00:00:00Z", "date_published": "2019-07-24T00:00:00Z", "refs": [ "https://www.secureworks.com/research/mcmd-malware-analysis" ], "source": "MITRE", "title": "MCMD Malware Analysis" }, "related": [], "uuid": "f7364cfc-5a3b-4538-80d0-cae65f3c6592", "value": "Secureworks MCMD July 2019" }, { "description": "Richard Purves. (2017, November 9). MDM and the Kextpocalypse . Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "date_published": "2017-11-09T00:00:00Z", "refs": [ "https://richard-purves.com/2017/11/09/mdm-and-the-kextpocalypse-2/" ], "source": "MITRE", "title": "MDM and the Kextpocalypse" }, "related": [], "uuid": "57aeedda-2c32-404f-bead-fe6d213d7241", "value": "Purves Kextpocalypse 2" }, { "description": "Chell, D. PART 3: How I Met Your Beacon – Brute Ratel. Retrieved February 6, 2023.", "meta": { "date_accessed": "2023-02-06T00:00:00Z", "refs": [ "https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/" ], "source": "MITRE", "title": "MDSec Brute Ratel August 2022" }, "related": [], "uuid": "dfd12595-0056-5b4a-b753-624fac1bb3a6", "value": "MDSec Brute Ratel August 2022" }, { "description": "Secureworks. (2017, December 15). Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies. Retrieved December 27, 2017.", "meta": { "date_accessed": "2017-12-27T00:00:00Z", "date_published": "2017-12-15T00:00:00Z", "refs": [ "https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing" ], "source": "MITRE", "title": "Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies" }, "related": [], "uuid": "aa7393ad-0760-4f27-a068-17beba17bbe3", "value": "Secureworks NICKEL ACADEMY Dec 2017" }, { "description": "Health Sector Cybersecurity Coordination Center (HC3). (2023, February 24). MedusaLocker Ransomware. Retrieved August 11, 2023.", "meta": { "date_accessed": "2023-08-11T00:00:00Z", "date_published": "2023-02-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.hhs.gov/sites/default/files/medusalocker-ransomware-analyst-note.pdf" ], "source": "Tidal Cyber", "title": "MedusaLocker Ransomware" }, "related": [], "uuid": "49e314d6-5324-41e0-8bee-2b3e08d5e12f", "value": "HC3 Analyst Note MedusaLocker Ransomware February 2023" }, { "description": "Cybereason Nocturnus. (2020, November 19). Cybereason vs. MedusaLocker Ransomware. Retrieved June 23, 2021.", "meta": { "date_accessed": "2021-06-23T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/medusalocker-ransomware" ], "source": "MITRE", "title": "MedusaLocker Ransomware" }, "related": [], "uuid": "f7b41120-8455-409f-ad9c-815c2c43edfd", "value": "Cybereason Nocturnus MedusaLocker 2020" }, { "description": "Lawrence Abrams. (2023, March 12). Medusa ransomware gang picks up steam as it targets companies worldwide. Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "date_published": "2023-03-12T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.bleepingcomputer.com/news/security/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide/" ], "source": "Tidal Cyber", "title": "Medusa ransomware gang picks up steam as it targets companies worldwide" }, "related": [], "uuid": "21fe1d9e-17f1-49e2-b05f-78e9160f5414", "value": "Bleeping Computer Medusa Ransomware March 12 2023" }, { "description": "Lyngaas, S. (2021, February 4). Meet Babuk, a ransomware attacker blamed for the Serco breach. Retrieved August 11, 2021.", "meta": { "date_accessed": "2021-08-11T00:00:00Z", "date_published": "2021-02-04T00:00:00Z", "refs": [ "https://www.cyberscoop.com/babuk-ransomware-serco-attack/" ], "source": "MITRE", "title": "Meet Babuk, a ransomware attacker blamed for the Serco breach" }, "related": [], "uuid": "0a0aeacd-0976-4c84-b40d-5704afca9f0e", "value": "CyberScoop Babuk February 2021" }, { "description": "Meyers, Adam. (2018, April 6). Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2018-04-06T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-april-stardust-chollima/" ], "source": "MITRE", "title": "Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA" }, "related": [], "uuid": "a0119ad4-ceea-4dba-bc08-a682085a9b27", "value": "CrowdStrike Stardust Chollima Profile April 2018" }, { "description": "Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.", "meta": { "date_accessed": "2018-05-22T00:00:00Z", "date_published": "2018-01-19T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/" ], "source": "MITRE", "title": "Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR" }, "related": [], "uuid": "ce07d409-292d-4e8e-b1af-bd5ba46c1b95", "value": "CrowdStrike VOODOO BEAR" }, { "description": "Meyers, A. (2018, June 15). Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA. Retrieved April 12, 2021.", "meta": { "date_accessed": "2021-04-12T00:00:00Z", "date_published": "2018-06-15T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/" ], "source": "MITRE, Tidal Cyber", "title": "Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA" }, "related": [], "uuid": "35e72170-b1ec-49c9-aefe-a24fc4302fa6", "value": "Crowdstrike MUSTANG PANDA June 2018" }, { "description": "Meyers, A. (2018, March 12). Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR. Retrieved May 16, 2018.", "meta": { "date_accessed": "2018-05-16T00:00:00Z", "date_published": "2018-03-12T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-march-venomous-bear/" ], "source": "MITRE", "title": "Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR" }, "related": [], "uuid": "ee400057-2b26-4464-96b4-484c9eb9d5c2", "value": "CrowdStrike VENOMOUS BEAR" }, { "description": "Meyers, A. (2018, November 27). Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN. Retrieved December 18, 2018.", "meta": { "date_accessed": "2018-12-18T00:00:00Z", "date_published": "2018-11-27T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november-helix-kitten/" ], "source": "MITRE", "title": "Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN" }, "related": [], "uuid": "3fc0d7ad-6283-4cfd-b72f-5ce47594531e", "value": "Crowdstrike Helix Kitten Nov 2018" }, { "description": "Marek Majkowski of Cloudflare. (2018, February 27). Memcrashed - Major amplification attacks from UDP port 11211. Retrieved April 18, 2019.", "meta": { "date_accessed": "2019-04-18T00:00:00Z", "date_published": "2018-02-27T00:00:00Z", "refs": [ "https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/" ], "source": "MITRE", "title": "Memcrashed - Major amplification attacks from UDP port 11211" }, "related": [], "uuid": "a2a0c1eb-20ad-4c40-a8cd-1732fdde7e19", "value": "Cloudflare Memcrashed Feb 2018" }, { "description": "DiabloHorn. (2015, March 22). mempdump. Retrieved October 6, 2017.", "meta": { "date_accessed": "2017-10-06T00:00:00Z", "date_published": "2015-03-22T00:00:00Z", "refs": [ "https://github.com/DiabloHorn/mempdump" ], "source": "MITRE", "title": "mempdump" }, "related": [], "uuid": "f830ed8b-33fa-4d1e-a66c-41f8c6aba69c", "value": "Github Mempdump" }, { "description": "Miller-Osborn, J. and Grunzweig, J.. (2017, February 16). menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2017-02-16T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/" ], "source": "MITRE, Tidal Cyber", "title": "menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations" }, "related": [], "uuid": "ba4f7d65-73ec-4726-b1f6-f2443ffda5e7", "value": "Palo Alto menuPass Feb 2017" }, { "description": "Leong, R., Perez, D., Dean, T. (2019, October 31). MESSAGETAP: Who’s Reading Your Text Messages?. Retrieved May 11, 2020.", "meta": { "date_accessed": "2020-05-11T00:00:00Z", "date_published": "2019-10-31T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html" ], "source": "MITRE", "title": "MESSAGETAP: Who’s Reading Your Text Messages?" }, "related": [], "uuid": "f56380e8-3cfa-407c-a493-7f9e50ba3867", "value": "FireEye MESSAGETAP October 2019" }, { "description": "SentinelLabs. (2022, September 22). Metador Technical Appendix. Retrieved April 4, 2023.", "meta": { "date_accessed": "2023-04-04T00:00:00Z", "date_published": "2022-09-22T00:00:00Z", "refs": [ "https://docs.google.com/document/d/1e9ZTW9b71YwFWS_18ZwDAxa-cYbV8q1wUefmKZLYVsA/edit#heading=h.lmnbtht1ikzm" ], "source": "MITRE", "title": "Metador Technical Appendix" }, "related": [], "uuid": "aa021076-e9c5-5428-a938-c10cfb6b7c97", "value": "SentinelLabs Metador Technical Appendix Sept 2022" }, { "description": "Sierra, E., Iglesias, G.. (2018, April 24). Metamorfo Campaigns Targeting Brazilian Users. Retrieved July 30, 2020.", "meta": { "date_accessed": "2020-07-30T00:00:00Z", "date_published": "2018-04-24T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users.html" ], "source": "MITRE", "title": "Metamorfo Campaigns Targeting Brazilian Users" }, "related": [], "uuid": "fd220165-43c8-4aaf-9295-0a2b7a52929c", "value": "FireEye Metamorfo Apr 2018" }, { "description": "Metasploit. (n.d.). Retrieved December 4, 2014.", "meta": { "date_accessed": "2014-12-04T00:00:00Z", "refs": [ "http://www.metasploit.com" ], "source": "MITRE", "title": "Metasploit_Ref" }, "related": [], "uuid": "ab6ea6b3-3c71-4e69-9713-dae3e4446083", "value": "Metasploit_Ref" }, { "description": "undefined. (n.d.). Retrieved April 12, 2019.", "meta": { "date_accessed": "2019-04-12T00:00:00Z", "refs": [ "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/ssh" ], "source": "MITRE", "title": "Metasploit SSH Module" }, "related": [], "uuid": "e4ae69e5-67ba-4a3e-8101-5e7f073bd312", "value": "Metasploit SSH Module" }, { "description": "Rapid7. (2013, November 26). meterpreter/source/extensions/priv/server/elevate/. Retrieved July 8, 2018.", "meta": { "date_accessed": "2018-07-08T00:00:00Z", "date_published": "2013-11-26T00:00:00Z", "refs": [ "https://github.com/rapid7/meterpreter/tree/master/source/extensions/priv/server/elevate" ], "source": "MITRE", "title": "meterpreter/source/extensions/priv/server/elevate/" }, "related": [], "uuid": "113dafad-8ede-424b-b727-66f71ea7806a", "value": "Github Rapid7 Meterpreter Elevate" }, { "description": "Patrick Wardle. (2014, September). Methods of Malware Persistence on Mac OS X. Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "date_published": "2014-09-01T00:00:00Z", "refs": [ "https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf" ], "source": "MITRE", "title": "Methods of Malware Persistence on Mac OS X" }, "related": [], "uuid": "44154472-2894-4161-b23f-46d1b1fd6772", "value": "Methods of Mac Malware Persistence" }, { "description": "Jessica Haworth. (2022, February 16). MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications. Retrieved March 31, 2022.", "meta": { "date_accessed": "2022-03-31T00:00:00Z", "date_published": "2022-02-16T00:00:00Z", "refs": [ "https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications" ], "source": "MITRE", "title": "MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications" }, "related": [], "uuid": "1b7b0f00-71ba-4762-ae81-bce24591cff4", "value": "MFA Fatigue Attacks - PortSwigger" }, { "description": "LOLBAS. (2018, May 25). Mftrace.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Mftrace/" ], "source": "Tidal Cyber", "title": "Mftrace.exe" }, "related": [], "uuid": "b6d42cc9-1bf0-4389-8654-90b8d4e7ff49", "value": "Mftrace.exe - LOLBAS Project" }, { "description": "Tsarfaty, Y. (2018, July 25). Micropsia Malware. Retrieved November 13, 2018.", "meta": { "date_accessed": "2018-11-13T00:00:00Z", "date_published": "2018-07-25T00:00:00Z", "refs": [ "https://blog.radware.com/security/2018/07/micropsia-malware/" ], "source": "MITRE", "title": "Micropsia Malware" }, "related": [], "uuid": "8771ed60-eecb-4e0c-b22c-0c26d30d4dec", "value": "Radware Micropsia July 2018" }, { "description": "MSRC. (2024, January 19). Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard. Retrieved January 24, 2024.", "meta": { "date_accessed": "2024-01-24T00:00:00Z", "date_published": "2024-01-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/" ], "source": "Tidal Cyber", "title": "Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard" }, "related": [], "uuid": "91b48ddd-9e3f-4d36-a262-3b52145b3db2", "value": "Microsoft Midnight Blizzard January 19 2024" }, { "description": "Smith, B. (2017, December 19). Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-12-19T00:00:00Z", "refs": [ "https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/" ], "source": "MITRE", "title": "Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats" }, "related": [], "uuid": "99831838-fc8f-43fa-9c87-6ccdf5677c34", "value": "Microsoft ZINC disruption Dec 2017" }, { "description": "Ravie Lakshmanan. (2023, June 19). Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2023-06-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://thehackernews.com/2023/06/microsoft-blames-massive-ddos-attack.html" ], "source": "Tidal Cyber", "title": "Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions" }, "related": [], "uuid": "2ee27b55-b7a7-40a8-8c0b-5e28943cd273", "value": "The Hacker News Microsoft DDoS June 19 2023" }, { "description": "Microsoft 365 Defender Threat Intelligence Team. (2021, June 14). Microsoft delivers comprehensive solution to battle rise in consent phishing emails. Retrieved December 13, 2021.", "meta": { "date_accessed": "2021-12-13T00:00:00Z", "date_published": "2021-06-14T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/07/14/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails/" ], "source": "MITRE", "title": "Microsoft delivers comprehensive solution to battle rise in consent phishing emails" }, "related": [], "uuid": "393e44fe-cf52-4c39-a79f-f7cdd9d8e16a", "value": "Microsoft OAuth 2.0 Consent Phishing 2021" }, { "description": "Microsoft . (2020, September 29). Microsoft Digital Defense Report FY20. Retrieved April 21, 2021.", "meta": { "date_accessed": "2021-04-21T00:00:00Z", "date_published": "2020-09-29T00:00:00Z", "refs": [ "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWxPuf" ], "source": "MITRE, Tidal Cyber", "title": "Microsoft Digital Defense Report FY20" }, "related": [], "uuid": "cdf74af5-ed71-4dfd-bc49-0ccfa40b65ea", "value": "Microsoft Digital Defense FY20 Sept 2020" }, { "description": "Cimpanu, C. (2017, December 15). Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks. Retrieved December 19, 2017.", "meta": { "date_accessed": "2017-12-19T00:00:00Z", "date_published": "2017-12-15T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/" ], "source": "MITRE", "title": "Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks" }, "related": [], "uuid": "d6f93310-77b6-491e-ba9d-ec1faf8de7e4", "value": "BleepingComputer DDE Disabled in Word Dec 2017" }, { "description": "Microsoft TechNet. (n.d.). Retrieved April 25, 2017.", "meta": { "date_accessed": "2017-04-25T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/windows/desktop/aa446617(v=vs.85).aspx" ], "source": "MITRE", "title": "Microsoft DuplicateTokenEx" }, "related": [], "uuid": "8a389e76-d43a-477c-aab4-301c7c55b439", "value": "Microsoft DuplicateTokenEx" }, { "description": "McCammon, K. (2015, August 14). Microsoft HTML Application (HTA) Abuse, Part Deux. Retrieved October 27, 2017.", "meta": { "date_accessed": "2017-10-27T00:00:00Z", "date_published": "2015-08-14T00:00:00Z", "refs": [ "https://www.redcanary.com/blog/microsoft-html-application-hta-abuse-part-deux/" ], "source": "MITRE", "title": "Microsoft HTML Application (HTA) Abuse, Part Deux" }, "related": [], "uuid": "39b1cb2f-a07b-49f2-bf2c-15f0c9b95772", "value": "Red Canary HTA Abuse Part Deux" }, { "description": "Microsoft. (2018, May 30). Microsoft HTML Help 1.4. Retrieved October 3, 2018.", "meta": { "date_accessed": "2018-10-03T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/previous-versions/windows/desktop/htmlhelp/microsoft-html-help-1-4-sdk" ], "source": "MITRE", "title": "Microsoft HTML Help 1.4" }, "related": [], "uuid": "f9daf15d-61ea-4cfa-a4e8-9d33d1acd28f", "value": "Microsoft HTML Help May 2018" }, { "description": "Cai, S., Flores, J., de Guzman, C., et. al.. (2019, August 27). Microsoft identity platform access tokens. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2019-08-27T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens" ], "source": "MITRE", "title": "Microsoft identity platform access tokens" }, "related": [], "uuid": "a39d976e-9b52-48f3-b5db-0ffd84ecd338", "value": "Microsoft Identity Platform Access 2019" }, { "description": "Microsoft. (2019, August 29). Microsoft identity platform access tokens. Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "date_published": "2019-08-29T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens" ], "source": "MITRE", "title": "Microsoft identity platform access tokens" }, "related": [], "uuid": "44767d53-8cd7-44dd-a69d-8a7bebc1d87d", "value": "Microsoft - Azure AD Identity Tokens - Aug 2019" }, { "description": "Microsoft. (n.d.). Microsoft identity platform and OAuth 2.0 authorization code flow. Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow" ], "source": "MITRE", "title": "Microsoft identity platform and OAuth 2.0 authorization code flow" }, "related": [], "uuid": "a41c2123-8b8d-4f98-a535-e58e3e746b69", "value": "Microsoft - OAuth Code Authorization flow - June 2019" }, { "description": "Microsoft. (n.d.). Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols" ], "source": "MITRE", "title": "Microsoft Identity Platform Protocols May 2019" }, "related": [], "uuid": "a99d2292-be39-4e55-a952-30c9d6a3d0a3", "value": "Microsoft Identity Platform Protocols May 2019" }, { "description": "Microsoft TechNet. (n.d.). Retrieved April 25, 2017.", "meta": { "date_accessed": "2017-04-25T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx" ], "source": "MITRE", "title": "Microsoft ImpersonateLoggedOnUser" }, "related": [], "uuid": "01f5176a-cce6-46e2-acce-a77b6bea7172", "value": "Microsoft ImpersonateLoggedOnUser" }, { "description": "MSRC Team. (2021, February 18). Microsoft Internal Solorigate Investigation – Final Update. Retrieved May 14, 2021.", "meta": { "date_accessed": "2021-05-14T00:00:00Z", "date_published": "2021-02-18T00:00:00Z", "refs": [ "https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/" ], "source": "MITRE", "title": "Microsoft Internal Solorigate Investigation – Final Update" }, "related": [], "uuid": "66cade99-0040-464c-98a6-bba57719f0a4", "value": "Microsoft Internal Solorigate Investigation Blog" }, { "description": "Microsoft TechNet. (n.d.). Retrieved April 25, 2017.", "meta": { "date_accessed": "2017-04-25T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx" ], "source": "MITRE", "title": "Microsoft LogonUser" }, "related": [], "uuid": "08088ec0-5b48-4c32-b213-5e029e5f83ee", "value": "Microsoft LogonUser" }, { "description": "Boxiner, A., Vaknin, E. (2019, June 11). Microsoft Management Console (MMC) Vulnerabilities. Retrieved September 24, 2021.", "meta": { "date_accessed": "2021-09-24T00:00:00Z", "date_published": "2019-06-11T00:00:00Z", "refs": [ "https://research.checkpoint.com/2019/microsoft-management-console-mmc-vulnerabilities/" ], "source": "MITRE", "title": "Microsoft Management Console (MMC) Vulnerabilities" }, "related": [], "uuid": "7bcf1c90-6299-448b-92c3-a6702882936a", "value": "mmc_vulns" }, { "description": "LOLBAS. (2022, January 20). Microsoft.NodejsTools.PressAnyKey.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-01-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Microsoft.NodejsTools.PressAnyKey/" ], "source": "Tidal Cyber", "title": "Microsoft.NodejsTools.PressAnyKey.exe" }, "related": [], "uuid": "25c46948-a648-4c3c-b442-e700df68fa20", "value": "Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project" }, { "description": "Patil, S. (2018, June 26). Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign. Retrieved July 31, 2018.", "meta": { "date_accessed": "2018-07-31T00:00:00Z", "date_published": "2018-06-26T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html" ], "source": "MITRE", "title": "Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign" }, "related": [], "uuid": "501057e2-9a31-46fe-aaa0-427218682153", "value": "FireEye FELIXROOT July 2018" }, { "description": "Stephen Sims. (2017, April 30). Microsoft Patch Analysis for Exploitation. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "date_published": "2017-04-30T00:00:00Z", "refs": [ "https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims" ], "source": "MITRE", "title": "Microsoft Patch Analysis for Exploitation" }, "related": [], "uuid": "ce11568a-36a8-4da2-972f-9cd67cc337d8", "value": "Irongeek Sims BSides 2017" }, { "description": "Microsoft. (2021, August 23). Retrieved August 16, 2021.", "meta": { "date_accessed": "2021-08-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules" ], "source": "MITRE", "title": "Microsoft_rec_block_rules" }, "related": [], "uuid": "8fbc12b4-dec6-4913-9103-b28b5c3395ee", "value": "Microsoft_rec_block_rules" }, { "description": "Coulter, D. et al.. (2019, April 9). Microsoft recommended block rules. Retrieved August 12, 2021.", "meta": { "date_accessed": "2021-08-12T00:00:00Z", "date_published": "2019-04-09T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules" ], "source": "MITRE", "title": "Microsoft recommended block rules" }, "related": [], "uuid": "86955cd2-5980-44ba-aa7b-4b9f8e347730", "value": "Microsoft WDAC" }, { "description": "Jordan Geurten et al. . (2022, March 29). Microsoft recommended driver block rules. Retrieved April 7, 2022.", "meta": { "date_accessed": "2022-04-07T00:00:00Z", "date_published": "2022-03-29T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules" ], "source": "MITRE", "title": "Microsoft recommended driver block rules" }, "related": [], "uuid": "9bb5c330-56bd-47e7-8414-729d8e6cb3b3", "value": "Microsoft driver block rules" }, { "description": "Microsoft. (2020, October 15). Microsoft recommended driver block rules. Retrieved March 16, 2021.", "meta": { "date_accessed": "2021-03-16T00:00:00Z", "date_published": "2020-10-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules" ], "source": "MITRE", "title": "Microsoft recommended driver block rules" }, "related": [], "uuid": "2ad8414a-4490-4896-8266-556b8bdbb77f", "value": "Microsoft Driver Block Rules" }, { "description": "Microsoft. (n.d.). Retrieved January 24, 2020.", "meta": { "date_accessed": "2020-01-24T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/register-wmievent?view=powershell-5.1" ], "source": "MITRE", "title": "Microsoft Register-WmiEvent" }, "related": [], "uuid": "6d75029f-f63c-4ca6-b5f9-cb41b698b32a", "value": "Microsoft Register-WmiEvent" }, { "description": "MSRC Team. (2023, June 16). Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2023-06-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://msrc.microsoft.com/blog/2023/06/microsoft-response-to-layer-7-distributed-denial-of-service-ddos-attacks/" ], "source": "Tidal Cyber", "title": "Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks" }, "related": [], "uuid": "d64e941e-785b-4b23-a7d0-04f12024b033", "value": "Microsoft DDoS Attacks Response June 2023" }, { "description": "Microsoft. (, May 23). Microsoft Security Advisory 2269637. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "date_published": "1978-05-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/security-updates/securityadvisories/2010/2269637" ], "source": "MITRE", "title": "Microsoft Security Advisory 2269637" }, "related": [], "uuid": "fa3d303e-bb1a-426d-9387-e92fc1ea75bc", "value": "Microsoft Security Advisory 2269637" }, { "description": "Microsoft. (2010, August 22). Microsoft Security Advisory 2269637 Released. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "date_published": "2010-08-22T00:00:00Z", "refs": [ "https://msrc-blog.microsoft.com/2010/08/21/microsoft-security-advisory-2269637-released/" ], "source": "MITRE", "title": "Microsoft Security Advisory 2269637 Released" }, "related": [], "uuid": "ebb94db8-b1a3-4d61-97e6-9b787a742669", "value": "Microsoft 2269637" }, { "description": "Microsoft. (2017, November 8). Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-11-08T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/security/4053440" ], "source": "MITRE", "title": "Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields" }, "related": [], "uuid": "955b0074-a1d6-40b5-9437-bd2548daf54c", "value": "Microsoft DDE Advisory Nov 2017" }, { "description": "Microsoft. (2014, May 13). Microsoft Security Advisory: Update to improve credentials protection and management. Retrieved June 8, 2020.", "meta": { "date_accessed": "2020-06-08T00:00:00Z", "date_published": "2014-05-13T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a" ], "source": "MITRE", "title": "Microsoft Security Advisory: Update to improve credentials protection and management" }, "related": [], "uuid": "2a9149d7-ba39-47f2-8f23-7f3b175931f0", "value": "Microsoft WDigest Mit" }, { "description": "Microsoft. (2017, March 14). Microsoft Security Bulletin MS17-010 - Critical. Retrieved August 17, 2017.", "meta": { "date_accessed": "2017-08-17T00:00:00Z", "date_published": "2017-03-14T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010" ], "source": "MITRE", "title": "Microsoft Security Bulletin MS17-010 - Critical" }, "related": [], "uuid": "8088a624-d8c8-4d8e-99c2-a9da4a2f0117", "value": "MS17-010 March 2017" }, { "description": "Ben Koehl, Joe Hannon. (2020, September 24). Microsoft Security - Detecting Empires in the Cloud. Retrieved August 24, 2021.", "meta": { "date_accessed": "2021-08-24T00:00:00Z", "date_published": "2020-09-24T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/" ], "source": "MITRE", "title": "Microsoft Security - Detecting Empires in the Cloud" }, "related": [], "uuid": "ee352214-421f-4778-ac28-949142a8ef2a", "value": "MSTIC GADOLINIUM September 2020" }, { "description": "Anthe, C. et al. (2015, October 19). Microsoft Security Intelligence Report Volume 19. Retrieved December 23, 2015.", "meta": { "date_accessed": "2015-12-23T00:00:00Z", "date_published": "2015-10-19T00:00:00Z", "refs": [ "http://download.microsoft.com/download/4/4/C/44CDEF0E-7924-4787-A56A-16261691ACE3/Microsoft_Security_Intelligence_Report_Volume_19_English.pdf" ], "source": "MITRE", "title": "Microsoft Security Intelligence Report Volume 19" }, "related": [], "uuid": "050e0a70-19e6-4637-a3f7-b7cd788cca43", "value": "Microsoft SIR Vol 19" }, { "description": "Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.", "meta": { "date_accessed": "2017-11-27T00:00:00Z", "date_published": "2016-12-14T00:00:00Z", "refs": [ "http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf" ], "source": "MITRE", "title": "Microsoft Security Intelligence Report Volume 21" }, "related": [], "uuid": "619b9cf8-7201-45de-9c36-834ccee356a9", "value": "Microsoft SIR Vol 21" }, { "description": "MsftSecIntel. (2023, May 26). Microsoft Threat Intelligence Tweet April 26 2023. Retrieved June 16, 2023.", "meta": { "date_accessed": "2023-06-16T00:00:00Z", "date_published": "2023-05-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://twitter.com/MsftSecIntel/status/1651346653901725696" ], "source": "Tidal Cyber", "title": "Microsoft Threat Intelligence Tweet April 26 2023" }, "related": [], "uuid": "3b5a2349-e10c-422b-91e3-20e9033fdb60", "value": "Microsoft Threat Intelligence Tweet April 26 2023" }, { "description": "MsftSecIntel. (2023, August 17). Microsoft Threat Intelligence Tweet August 17 2023. Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "date_published": "2023-08-17T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://twitter.com/MsftSecIntel/status/1692212191536066800" ], "source": "Tidal Cyber", "title": "Microsoft Threat Intelligence Tweet August 17 2023" }, "related": [], "uuid": "8b0ebcb5-d531-4f49-aa2d-bceb5e491b3f", "value": "Microsoft Threat Intelligence Tweet August 17 2023" }, { "description": "Wikipedia. (2017, January 31). Microsoft Windows library files. Retrieved February 13, 2017.", "meta": { "date_accessed": "2017-02-13T00:00:00Z", "date_published": "2017-01-31T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Microsoft_Windows_library_files" ], "source": "MITRE", "title": "Microsoft Windows library files" }, "related": [], "uuid": "9b6e2f38-6e5a-4e4f-ad84-97155be2c641", "value": "Wikipedia Windows Library Files" }, { "description": "Mesa, M, et al. (2017, June 1). Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions. Retrieved October 10, 2018.", "meta": { "date_accessed": "2018-10-10T00:00:00Z", "date_published": "2017-06-01T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target" ], "source": "MITRE", "title": "Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions" }, "related": [], "uuid": "c4922659-88b2-4311-9c9b-dc9b383d746a", "value": "Proofpoint Cobalt June 2017" }, { "description": "LOLBAS. (2018, October 22). Microsoft.Workflow.Compiler.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-10-22T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Microsoft.Workflow.Compiler/" ], "source": "Tidal Cyber", "title": "Microsoft.Workflow.Compiler.exe" }, "related": [], "uuid": "1e659b32-a06f-45dc-a1eb-03f1a42c55ef", "value": "Microsoft.Workflow.Compiler.exe - LOLBAS Project" }, { "description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.", "meta": { "date_accessed": "2017-10-06T00:00:00Z", "date_published": "2014-10-14T00:00:00Z", "refs": [ "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/" ], "source": "MITRE", "title": "Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers" }, "related": [], "uuid": "05b3840d-162d-455f-a87b-229e83e5a031", "value": "InfoSecurity Sandworm Oct 2014" }, { "description": "Wardle, Patrick. (2018, December 20). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1). Retrieved October 3, 2019.", "meta": { "date_accessed": "2019-10-03T00:00:00Z", "date_published": "2018-12-20T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x3B.html" ], "source": "MITRE, Tidal Cyber", "title": "Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1)" }, "related": [], "uuid": "7a32c962-8050-45de-8b90-8644be5109d9", "value": "objective-see windtail1 dec 2018" }, { "description": "Wardle, Patrick. (2019, January 15). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2). Retrieved October 3, 2019.", "meta": { "date_accessed": "2019-10-03T00:00:00Z", "date_published": "2019-01-15T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x3D.html" ], "source": "MITRE", "title": "Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2)" }, "related": [], "uuid": "e6bdc679-ee0c-4f34-b5bc-0d6a26485b36", "value": "objective-see windtail2 jan 2019" }, { "description": "Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://www.cyberscoop.com/middle-eastern-hacking-group-using-finfisher-malware-conduct-international-espionage/" ], "source": "MITRE", "title": "Middle Eastern hacking group is using FinFisher malware to conduct international espionage" }, "related": [], "uuid": "a8224ad5-4688-4382-a3e7-1dd3ed74ebce", "value": "CyberScoop BlackOasis Oct 2017" }, { "description": "Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.", "meta": { "date_accessed": "2015-09-29T00:00:00Z", "refs": [ "https://github.com/gentilkiwi/mimikatz" ], "source": "MITRE", "title": "Mimikatz" }, "related": [], "uuid": "c92d890c-2839-433a-b458-f663e66e1c63", "value": "Deply Mimikatz" }, { "description": "CG. (2014, May 20). Mimikatz Against Virtual Machine Memory Part 1. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-05-20T00:00:00Z", "refs": [ "http://carnal0wnage.attackresearch.com/2014/05/mimikatz-against-virtual-machine-memory.html" ], "source": "MITRE", "title": "Mimikatz Against Virtual Machine Memory Part 1" }, "related": [], "uuid": "46836549-f7e9-45e1-8d89-4d25ba26dbd7", "value": "CG 2014" }, { "description": "Metcalf, S. (2014, November 22). Mimikatz and Active Directory Kerberos Attacks. Retrieved June 2, 2016.", "meta": { "date_accessed": "2016-06-02T00:00:00Z", "date_published": "2014-11-22T00:00:00Z", "refs": [ "https://adsecurity.org/?p=556" ], "source": "MITRE", "title": "Mimikatz and Active Directory Kerberos Attacks" }, "related": [], "uuid": "07ff57eb-1e23-433b-8da7-80f1caf7543e", "value": "ADSecurity AD Kerberos Attacks" }, { "description": "Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved August 7, 2017.", "meta": { "date_accessed": "2017-08-07T00:00:00Z", "date_published": "2015-09-22T00:00:00Z", "refs": [ "http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/" ], "source": "MITRE", "title": "Mimikatz and DCSync and ExtraSids, Oh My" }, "related": [], "uuid": "2afa76c1-caa1-4f16-9289-7abc7eb3a102", "value": "Harmj0y Mimikatz and DCSync" }, { "description": "Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "date_published": "2015-09-22T00:00:00Z", "refs": [ "http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/" ], "source": "MITRE", "title": "Mimikatz and DCSync and ExtraSids, Oh My" }, "related": [], "uuid": "2a01a70c-28a8-444e-95a7-00a568d51ce6", "value": "Harmj0y DCSync Sept 2015" }, { "description": "Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "date_published": "2015-09-25T00:00:00Z", "refs": [ "https://adsecurity.org/?p=1729" ], "source": "MITRE", "title": "Mimikatz DCSync Usage, Exploitation, and Detection" }, "related": [], "uuid": "856ed70b-29b0-4f56-b5ae-a98981a22eaf", "value": "AdSecurity DCSync Sept 2015" }, { "description": "Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved August 7, 2017.", "meta": { "date_accessed": "2017-08-07T00:00:00Z", "date_published": "2015-09-25T00:00:00Z", "refs": [ "https://adsecurity.org/?p=1729" ], "source": "MITRE", "title": "Mimikatz DCSync Usage, Exploitation, and Detection" }, "related": [], "uuid": "61b0bb42-2ed6-413d-b331-0a84df12a87d", "value": "ADSecurity Mimikatz DCSync" }, { "description": "Jamieson O'Reilly (putterpanda). (2016, July 4). mimikittenz. Retrieved June 20, 2019.", "meta": { "date_accessed": "2019-06-20T00:00:00Z", "date_published": "2016-07-04T00:00:00Z", "refs": [ "https://github.com/putterpanda/mimikittenz" ], "source": "MITRE", "title": "mimikittenz" }, "related": [], "uuid": "2e0a95b2-3f9a-4638-9bc5-ff1f3ac2af4b", "value": "GitHub Mimikittenz July 2016" }, { "description": "Gregal, H. (2017, May 12). MimiPenguin. Retrieved December 5, 2017.", "meta": { "date_accessed": "2017-12-05T00:00:00Z", "date_published": "2017-05-12T00:00:00Z", "refs": [ "https://github.com/huntergregal/mimipenguin" ], "source": "MITRE", "title": "MimiPenguin" }, "related": [], "uuid": "b10cd6cc-35ed-4eac-b213-110de28f33ef", "value": "MimiPenguin GitHub May 2017" }, { "description": "Lozhkin, S.. (2015, July 16). Minidionis – one more APT with a usage of cloud drives. Retrieved April 5, 2017.", "meta": { "date_accessed": "2017-04-05T00:00:00Z", "date_published": "2015-07-16T00:00:00Z", "refs": [ "https://securelist.com/minidionis-one-more-apt-with-a-usage-of-cloud-drives/71443/" ], "source": "MITRE", "title": "Minidionis – one more APT with a usage of cloud drives" }, "related": [], "uuid": "af40a05e-02fb-4943-b3ff-9a292679e93d", "value": "Securelist Minidionis July 2015" }, { "description": "Maljic, T. (2020, April 16). Mining for malicious Ruby gems. Retrieved October 15, 2022.", "meta": { "date_accessed": "2022-10-15T00:00:00Z", "date_published": "2020-04-16T00:00:00Z", "refs": [ "https://blog.reversinglabs.com/blog/mining-for-malicious-ruby-gems" ], "source": "MITRE", "title": "Mining for malicious Ruby gems" }, "related": [], "uuid": "ca2074d8-330b-544e-806f-ddee7b702631", "value": "mining_ruby_reversinglabs" }, { "description": "RISKIQ. (2017, December 20). Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry. Retrieved July 29, 2022.", "meta": { "date_accessed": "2022-07-29T00:00:00Z", "date_published": "2017-12-20T00:00:00Z", "refs": [ "https://web.archive.org/web/20171223000420/https://www.riskiq.com/blog/labs/lazarus-group-cryptocurrency/" ], "source": "MITRE", "title": "Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry" }, "related": [], "uuid": "83de363d-b575-4851-9c2d-a78f504cf754", "value": "lazgroup_idn_phishing" }, { "description": "Rosenberg, J. (2018, June 14). MirageFox: APT15 Resurfaces With New Tools Based On Old Ones. Retrieved September 21, 2018.", "meta": { "date_accessed": "2018-09-21T00:00:00Z", "date_published": "2018-06-14T00:00:00Z", "refs": [ "https://web.archive.org/web/20180615122133/https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/" ], "source": "MITRE, Tidal Cyber", "title": "MirageFox: APT15 Resurfaces With New Tools Based On Old Ones" }, "related": [], "uuid": "0110500c-bf67-43a5-97cb-16eb6c01040b", "value": "APT15 Intezer June 2018" }, { "description": "Duarte, H., Morrison, B. (2012). (Mis)trusting and (ab)using ssh. Retrieved January 8, 2018.", "meta": { "date_accessed": "2018-01-08T00:00:00Z", "date_published": "2012-01-01T00:00:00Z", "refs": [ "https://www.slideshare.net/morisson/mistrusting-and-abusing-ssh-13526219" ], "source": "MITRE", "title": "(Mis)trusting and (ab)using ssh" }, "related": [], "uuid": "4f63720a-50b6-4eef-826c-71ce8d6e4bb8", "value": "Slideshare Abusing SSH" }, { "description": "Australian Cyber Security Centre. (2012, December). Mitigating Spoofed Emails Using Sender Policy Framework. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2012-12-01T00:00:00Z", "refs": [ "https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf" ], "source": "MITRE", "title": "Mitigating Spoofed Emails Using Sender Policy Framework" }, "related": [], "uuid": "4e82a053-c881-4569-8efe-3ef40f6e25a0", "value": "ACSC Email Spoofing" }, { "description": "NSA Cybersecurity Directorate. (n.d.). Mitigating Web Shells. Retrieved July 22, 2021.", "meta": { "date_accessed": "2021-07-22T00:00:00Z", "refs": [ "https://github.com/nsacyber/Mitigating-Web-Shells" ], "source": "MITRE", "title": "Mitigating Web Shells" }, "related": [], "uuid": "cc40e8e8-5450-4340-a091-ae7e609778dc", "value": "NSA Cyber Mitigating Web Shells" }, { "description": "Massachusetts Institute of Technology. (n.d.). MIT Kerberos Documentation: Credential Cache. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "refs": [ "https://web.mit.edu/kerberos/krb5-1.12/doc/basic/ccache_def.html" ], "source": "MITRE", "title": "MIT Kerberos Documentation: Credential Cache" }, "related": [], "uuid": "6a1b4373-2304-420c-8733-e1eae71ff7b2", "value": "MIT ccache" }, { "description": "The MITRE Corporation. (2014). MITRE Systems Engineering Guide. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://www.mitre.org/sites/default/files/publications/se-guide-book-interactive.pdf" ], "source": "MITRE", "title": "MITRE Systems Engineering Guide" }, "related": [], "uuid": "576f95bc-5cb9-473e-b026-19b864d1c26c", "value": "MITRE SE Guide 2014" }, { "description": "Microsoft. (2017, October 16). mmc. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/mmc" ], "source": "MITRE", "title": "mmc" }, "related": [], "uuid": "508373ef-2634-404f-99de-7a73cce68699", "value": "win_mmc" }, { "description": "LOLBAS. (2018, December 4). Mmc.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-12-04T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Mmc/" ], "source": "Tidal Cyber", "title": "Mmc.exe" }, "related": [], "uuid": "490b6769-e386-4a3d-972e-5a919cb2f6f5", "value": "Mmc.exe - LOLBAS Project" }, { "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", "meta": { "date_accessed": "2020-01-27T00:00:00Z", "date_published": "2019-06-28T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/" ], "source": "MITRE", "title": "Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East" }, "related": [], "uuid": "b830fe30-0b53-4fc6-a172-7da930618725", "value": "Trend Micro Bouncing Golf 2019" }, { "description": "O'Neill, R. (2009, May). Modern Day ELF Runtime infection via GOT poisoning. Retrieved March 15, 2020.", "meta": { "date_accessed": "2020-03-15T00:00:00Z", "date_published": "2009-05-01T00:00:00Z", "refs": [ "https://web.archive.org/web/20150711051625/http://vxer.org/lib/vrn00.html" ], "source": "MITRE", "title": "Modern Day ELF Runtime infection via GOT poisoning" }, "related": [], "uuid": "3ca314d4-3fcf-4545-8ae9-4d8781d51295", "value": "ELF Injection May 2009" }, { "description": "Elastic Security 7.17. (2022, February 1). Modification of Environment Variable via Launchctl. Retrieved September 28, 2023.", "meta": { "date_accessed": "2023-09-28T00:00:00Z", "date_published": "2022-02-01T00:00:00Z", "refs": [ "https://www.elastic.co/guide/en/security/7.17/prebuilt-rule-7-16-4-modification-of-environment-variable-via-launchctl.html" ], "source": "MITRE", "title": "Modification of Environment Variable via Launchctl" }, "related": [], "uuid": "04b0582e-357f-5f2a-8582-b3bf8f52c2a2", "value": "Elastic Rules macOS launchctl 2022" }, { "description": "Russell, R. (n.d.). modinfo(8) - Linux man page. Retrieved March 28, 2023.", "meta": { "date_accessed": "2023-03-28T00:00:00Z", "refs": [ "https://linux.die.net/man/8/modinfo" ], "source": "MITRE", "title": "modinfo(8) - Linux man page" }, "related": [], "uuid": "d4f2db5c-ef6d-556d-a5e2-f6738277fecd", "value": "modinfo man" }, { "description": "hasherezade. (2021, June 30). Module 3 - Understanding and countering malware's evasion and self-defence. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2021-06-30T00:00:00Z", "refs": [ "https://github.com/hasherezade/malware_training_vol1/blob/main/slides/module3/Module3_2_fingerprinting.pdf" ], "source": "MITRE", "title": "Module 3 - Understanding and countering malware's evasion and self-defence" }, "related": [], "uuid": "53b0c71d-c577-40e8-8a04-9de083e276a2", "value": "hasherezade debug" }, { "description": "Microsoft. (n.d.). Module Class. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/dotnet/api/system.reflection.module" ], "source": "MITRE", "title": "Module Class" }, "related": [], "uuid": "b051a38a-09c7-4280-a5b6-08067d81a2d8", "value": "Microsoft Module Class" }, { "description": "Deply, B., Le Toux, V.. (2016, June 5). module ~ kerberos. Retrieved March 17, 2020.", "meta": { "date_accessed": "2020-03-17T00:00:00Z", "date_published": "2016-06-05T00:00:00Z", "refs": [ "https://github.com/gentilkiwi/mimikatz/wiki/module-~-kerberos" ], "source": "MITRE", "title": "module ~ kerberos" }, "related": [], "uuid": "b5eca224-bea1-48e8-acdc-e910d52560f1", "value": "GitHub Mimikatz kerberos Module" }, { "description": "Deply, B., Le Toux, V. (2016, June 5). module ~ lsadump. Retrieved August 7, 2017.", "meta": { "date_accessed": "2017-08-07T00:00:00Z", "date_published": "2016-06-05T00:00:00Z", "refs": [ "https://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump" ], "source": "MITRE", "title": "module ~ lsadump" }, "related": [], "uuid": "e188ff4d-a983-4f5a-b9e1-3b0f9fd8df25", "value": "GitHub Mimikatz lsadump Module" }, { "description": "Red Teaming Experiments. (n.d.). Module Stomping for Shellcode Injection. Retrieved July 14, 2022.", "meta": { "date_accessed": "2022-07-14T00:00:00Z", "refs": [ "https://www.ired.team/offensive-security/code-injection-process-injection/modulestomping-dll-hollowing-shellcode-injection" ], "source": "MITRE", "title": "Module Stomping for Shellcode Injection" }, "related": [], "uuid": "0f9b58e2-2a81-4b79-aad6-b36a844cf1c6", "value": "Module Stomping for Shellcode Injection" }, { "description": "Pomerantz, O., Salzman, P. (2003, April 4). Modules vs Programs. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2003-04-04T00:00:00Z", "refs": [ "http://www.tldp.org/LDP/lkmpg/2.4/html/x437.html" ], "source": "MITRE", "title": "Modules vs Programs" }, "related": [], "uuid": "ceefe610-0b26-4307-806b-17313d570511", "value": "Linux Kernel Module Programming Guide" }, { "description": "Yonathan Klijnsma. (2016, May 17). Mofang: A politically motivated information stealing adversary. Retrieved May 12, 2020.", "meta": { "date_accessed": "2020-05-12T00:00:00Z", "date_published": "2016-05-17T00:00:00Z", "refs": [ "https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Mofang: A politically motivated information stealing adversary" }, "related": [], "uuid": "f1a08b1c-f7d5-4a91-b3b7-0f042b297842", "value": "FOX-IT May 2016 Mofang" }, { "description": "Falcone, R., et al. (2020, March 3). Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations. Retrieved December 14, 2020.", "meta": { "date_accessed": "2020-12-14T00:00:00Z", "date_published": "2020-03-03T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/" ], "source": "MITRE", "title": "Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations" }, "related": [], "uuid": "328f1c87-c9dc-42d8-bb33-a17ad4d7f57e", "value": "Unit42 Molerat Mar 2020" }, { "description": "Cybereason Nocturnus Team. (2020, December 9). MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign. Retrieved December 22, 2020.", "meta": { "date_accessed": "2020-12-22T00:00:00Z", "date_published": "2020-12-09T00:00:00Z", "refs": [ "https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf" ], "source": "MITRE", "title": "MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign" }, "related": [], "uuid": "81a10a4b-c66f-4526-882c-184436807e1d", "value": "Cybereason Molerats Dec 2020" }, { "description": "Microsoft. (2019, June 4). Monitor at scale by using Azure Monitor. Retrieved May 1, 2020.", "meta": { "date_accessed": "2020-05-01T00:00:00Z", "date_published": "2019-06-04T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/backup/backup-azure-monitoring-use-azuremonitor" ], "source": "MITRE", "title": "Monitor at scale by using Azure Monitor" }, "related": [], "uuid": "e16974cc-623e-4fa6-ac36-5f199d54bf55", "value": "Azure - Monitor Logs" }, { "description": "Netsurion. (2014, February 19). Monitoring File Permission Changes with the Windows Security Log. Retrieved August 19, 2018.", "meta": { "date_accessed": "2018-08-19T00:00:00Z", "date_published": "2014-02-19T00:00:00Z", "refs": [ "https://www.eventtracker.com/tech-articles/monitoring-file-permission-changes-windows-security-log/" ], "source": "MITRE", "title": "Monitoring File Permission Changes with the Windows Security Log" }, "related": [], "uuid": "91a4278e-ea52-4cd5-8c79-c73c690372a3", "value": "EventTracker File Permissions Feb 2014" }, { "description": "Marshall, D. & Griffin, S. (2017, November 28). Monitoring Silent Process Exit. Retrieved June 27, 2018.", "meta": { "date_accessed": "2018-06-27T00:00:00Z", "date_published": "2017-11-28T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-hardware/drivers/debugger/registry-entries-for-silent-process-exit" ], "source": "MITRE", "title": "Monitoring Silent Process Exit" }, "related": [], "uuid": "86896031-f654-4185-ba45-8c931903153b", "value": "Microsoft Silent Process Exit NOV 2017" }, { "description": "Payne, J. (2015, November 23). Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.). Retrieved February 1, 2016.", "meta": { "date_accessed": "2016-02-01T00:00:00Z", "date_published": "2015-11-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/archive/blogs/jepayne/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem" ], "source": "MITRE", "title": "Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.)" }, "related": [], "uuid": "72798df8-0e12-46f5-acb0-2fe99bd8dbff", "value": "Windows Event Forwarding Payne" }, { "description": "Google Cloud. (2022, March 31). Monitor usage patterns for service accounts and keys . Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2022-03-31T00:00:00Z", "refs": [ "https://cloud.google.com/iam/docs/service-account-monitoring" ], "source": "MITRE", "title": "Monitor usage patterns for service accounts and keys" }, "related": [], "uuid": "d33115c5-ae47-4089-a6cb-4ef97effa722", "value": "GCP Monitoring Service Account Usage" }, { "description": "Settle, A., et al. (2016, August 8). MONSOON - Analysis Of An APT Campaign. Retrieved September 22, 2016.", "meta": { "date_accessed": "2016-09-22T00:00:00Z", "date_published": "2016-08-08T00:00:00Z", "refs": [ "https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf" ], "source": "MITRE", "title": "MONSOON - Analysis Of An APT Campaign" }, "related": [], "uuid": "ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e", "value": "Forcepoint Monsoon" }, { "description": "Villadsen, O.. (2019, August 29). More_eggs, Anyone? Threat Actor ITG08 Strikes Again. Retrieved September 16, 2019.", "meta": { "date_accessed": "2019-09-16T00:00:00Z", "date_published": "2019-08-29T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/" ], "source": "MITRE, Tidal Cyber", "title": "More_eggs, Anyone? Threat Actor ITG08 Strikes Again" }, "related": [], "uuid": "f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3", "value": "Security Intelligence More Eggs Aug 2019" }, { "description": "Porolli, M. (2020, July 9). More evil: A deep look at Evilnum and its toolset. Retrieved January 22, 2021.", "meta": { "date_accessed": "2021-01-22T00:00:00Z", "date_published": "2020-07-09T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/" ], "source": "MITRE, Tidal Cyber", "title": "More evil: A deep look at Evilnum and its toolset" }, "related": [], "uuid": "6851b3f9-0239-40fc-ba44-34a775e9bd4e", "value": "ESET EvilNum July 2020" }, { "description": "Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "date_published": "2010-08-12T00:00:00Z", "refs": [ "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx" ], "source": "MITRE", "title": "More information about the DLL Preloading remote attack vector" }, "related": [], "uuid": "46aa7075-9f0a-461e-8519-5c4860208678", "value": "Microsoft DLL Preloading" }, { "description": "Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "date_published": "2010-08-12T00:00:00Z", "refs": [ "https://msrc-blog.microsoft.com/2010/08/23/more-information-about-the-dll-preloading-remote-attack-vector/" ], "source": "MITRE", "title": "More information about the DLL Preloading remote attack vector" }, "related": [], "uuid": "80289c7b-53c1-4aec-9436-04a43a82f769", "value": "Microsoft More information about DLL" }, { "description": "valsmith. (2012, September 21). More on APTSim. Retrieved September 28, 2017.", "meta": { "date_accessed": "2017-09-28T00:00:00Z", "date_published": "2012-09-21T00:00:00Z", "refs": [ "http://carnal0wnage.attackresearch.com/2012/09/more-on-aptsim.html" ], "source": "MITRE", "title": "More on APTSim" }, "related": [], "uuid": "c33ca45d-eeff-4a23-906c-99369047c7f5", "value": "aptsim" }, { "description": "Dwoskin, E. and Adam, K. (2017, May 14). More than 150 countries affected by massive cyberattack, Europol says. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2017-05-14T00:00:00Z", "refs": [ "https://www.washingtonpost.com/business/economy/more-than-150-countries-affected-by-massive-cyberattack-europol-says/2017/05/14/5091465e-3899-11e7-9e48-c4f199710b69_story.html?utm_term=.7fa16b41cad4" ], "source": "MITRE", "title": "More than 150 countries affected by massive cyberattack, Europol says" }, "related": [], "uuid": "bbf9b08a-072c-4fb9-8c3c-cb6f91e8940c", "value": "Washington Post WannaCry 2017" }, { "description": "Goodin, D. & Salter, J. (2020, August 6). More than 20GB of Intel source code and proprietary data dumped online. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2020-08-06T00:00:00Z", "refs": [ "https://arstechnica.com/information-technology/2020/08/intel-is-investigating-the-leak-of-20gb-of-its-source-code-and-private-data/" ], "source": "MITRE", "title": "More than 20GB of Intel source code and proprietary data dumped online" }, "related": [], "uuid": "99151b50-3dd8-47b5-a48f-2e3b450944e9", "value": "ArsTechnica Intel" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (2013, April 11). Winnti. More than just a game. Retrieved February 8, 2017.", "meta": { "date_accessed": "2017-02-08T00:00:00Z", "refs": [ "https://securelist.com/winnti-more-than-just-a-game/37029/" ], "source": "MITRE, Tidal Cyber", "title": "More than just a game" }, "related": [], "uuid": "2d4834b9-61c4-478e-919a-317d97cd2c36", "value": "Kaspersky Winnti April 2013" }, { "description": "Lim, M. (2022, September 27). More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID. Retrieved September 29, 2022.", "meta": { "date_accessed": "2022-09-29T00:00:00Z", "date_published": "2022-09-27T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload" ], "source": "MITRE", "title": "More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID" }, "related": [], "uuid": "dcd65d74-4e7b-5ddd-8c72-700456981347", "value": "polygot_icedID" }, { "description": "RYANJ. (2014, February 20). Mo’ Shells Mo’ Problems – Deep Panda Web Shells. Retrieved September 16, 2015.", "meta": { "date_accessed": "2015-09-16T00:00:00Z", "date_published": "2014-02-20T00:00:00Z", "refs": [ "http://www.crowdstrike.com/blog/mo-shells-mo-problems-deep-panda-web-shells/" ], "source": "MITRE, Tidal Cyber", "title": "Mo’ Shells Mo’ Problems – Deep Panda Web Shells" }, "related": [], "uuid": "e9c47d8e-f732-45c9-bceb-26c5d564e781", "value": "CrowdStrike Deep Panda Web Shells" }, { "description": "Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 25, 2023.", "meta": { "date_accessed": "2023-09-25T00:00:00Z", "date_published": "2023-08-10T00:00:00Z", "refs": [ "https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/" ], "source": "MITRE", "title": "MoustachedBouncer: Espionage against foreign diplomats in Belarus" }, "related": [], "uuid": "9070f14b-5d5e-5f6d-bcac-628478e01242", "value": "MoustachedBouncer ESET August 2023" }, { "description": "Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 1, 2023.", "meta": { "date_accessed": "2023-09-01T00:00:00Z", "date_published": "2023-08-10T00:00:00Z", "refs": [ "https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/" ], "source": "MITRE", "title": "MoustachedBouncer: Espionage against foreign diplomats in Belarus" }, "related": [], "uuid": "6c85e925-d42b-590c-a424-14ebb49812bb", "value": "ESET MoustachedBouncer" }, { "description": "Progress Software. (2023, June 16). MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362). Retrieved July 28, 2023.", "meta": { "date_accessed": "2023-07-28T00:00:00Z", "date_published": "2023-06-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023" ], "source": "Tidal Cyber", "title": "MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362)" }, "related": [], "uuid": "9f364e22-b73c-4f3a-902c-a3f0eb01a2b9", "value": "Progress Software MOVEit Transfer Critical Vulnerability" }, { "description": "Nunez, N. (2017, August 9). Moving Beyond EMET II – Windows Defender Exploit Guard. Retrieved March 12, 2018.", "meta": { "date_accessed": "2018-03-12T00:00:00Z", "date_published": "2017-08-09T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/" ], "source": "MITRE", "title": "Moving Beyond EMET II – Windows Defender Exploit Guard" }, "related": [], "uuid": "da4fbddf-9398-43a9-888c-2c58e9fc9aaf", "value": "TechNet Moving Beyond EMET" }, { "description": "Armin Briegel. (2019, June 5). Moving to zsh, part 2: Configuration Files. Retrieved February 25, 2021.", "meta": { "date_accessed": "2021-02-25T00:00:00Z", "date_published": "2019-06-05T00:00:00Z", "refs": [ "https://scriptingosx.com/2019/06/moving-to-zsh-part-2-configuration-files/" ], "source": "MITRE", "title": "Moving to zsh, part 2: Configuration Files" }, "related": [], "uuid": "08b390aa-863b-420e-9b00-e168e3c756d8", "value": "ScriptingOSX zsh" }, { "description": "Volatility Labs. (2012, September 24). MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2012-09-24T00:00:00Z", "refs": [ "https://volatility-labs.blogspot.com/2012/09/movp-31-detecting-malware-hooks-in.html" ], "source": "MITRE", "title": "MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem" }, "related": [], "uuid": "e208c277-e477-4123-8c3c-313d55cdc1ea", "value": "Volatility Detecting Hooks Sept 2012" }, { "description": "Kugler, R. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.", "meta": { "date_accessed": "2017-03-10T00:00:00Z", "date_published": "2012-11-20T00:00:00Z", "refs": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/" ], "source": "MITRE", "title": "Mozilla Foundation Security Advisory 2012-98" }, "related": [], "uuid": "920d1607-154e-4c74-b1eb-0d8299be536f", "value": "Mozilla Firefox Installer DLL Hijack" }, { "description": "Robert Kugler. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.", "meta": { "date_accessed": "2017-03-10T00:00:00Z", "date_published": "2012-11-20T00:00:00Z", "refs": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/" ], "source": "MITRE", "title": "Mozilla Foundation Security Advisory 2012-98" }, "related": [], "uuid": "cd720550-a0b5-4d1d-85dd-98da97f45b62", "value": "mozilla_sec_adv_2012" }, { "description": "LOLBAS. (2020, March 20). MpCmdRun.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-03-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/MpCmdRun/" ], "source": "Tidal Cyber", "title": "MpCmdRun.exe" }, "related": [], "uuid": "2082d5ca-474f-4130-b275-c1ac5e30064c", "value": "MpCmdRun.exe - LOLBAS Project" }, { "description": "Nagaraju, S. (2014, April 8). MS14-019 – Fixing a binary hijacking via .cmd or .bat file. Retrieved July 25, 2016.", "meta": { "date_accessed": "2016-07-25T00:00:00Z", "date_published": "2014-04-08T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/srd/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file/" ], "source": "MITRE", "title": "MS14-019 – Fixing a binary hijacking via .cmd or .bat file" }, "related": [], "uuid": "2474e2ee-bbcd-4b7c-8c52-22112d22135f", "value": "TechNet MS14-019" }, { "description": "Security Research and Defense. (2014, May 13). MS14-025: An Update for Group Policy Preferences. Retrieved January 28, 2015.", "meta": { "date_accessed": "2015-01-28T00:00:00Z", "date_published": "2014-05-13T00:00:00Z", "refs": [ "http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx" ], "source": "MITRE", "title": "MS14-025: An Update for Group Policy Preferences" }, "related": [], "uuid": "a15fff18-5d3f-4898-9e47-ec6ae7dda749", "value": "SRD GPP" }, { "description": "Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved February 17, 2020.", "meta": { "date_accessed": "2020-02-17T00:00:00Z", "date_published": "2014-05-13T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/help/2962486/ms14-025-vulnerability-in-group-policy-preferences-could-allow-elevati" ], "source": "MITRE", "title": "MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege" }, "related": [], "uuid": "7537c0bb-6f14-4a4a-94cc-98c6ed9e878f", "value": "MS14-025" }, { "description": "Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved January 28, 2015.", "meta": { "date_accessed": "2015-01-28T00:00:00Z", "date_published": "2014-05-13T00:00:00Z", "refs": [ "http://support.microsoft.com/kb/2962486" ], "source": "MITRE", "title": "MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege" }, "related": [], "uuid": "dbe32cbd-8c6e-483f-887c-ea2a5102cf65", "value": "Microsoft MS14-025" }, { "description": "Microsoft. (n.d.). MSBuild1. Retrieved November 30, 2016.", "meta": { "date_accessed": "2016-11-30T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/dd393574.aspx" ], "source": "MITRE", "title": "MSBuild1" }, "related": [], "uuid": "9ad54187-84b0-47f9-af6e-c3753452e470", "value": "MSDN MSBuild" }, { "description": "LOLBAS. (n.d.). Msbuild.exe. Retrieved July 31, 2019.", "meta": { "date_accessed": "2019-07-31T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Msbuild/" ], "source": "MITRE", "title": "Msbuild.exe" }, "related": [], "uuid": "de8e0741-255b-4c41-ba50-248ac5acc325", "value": "LOLBAS Msbuild" }, { "description": "Microsoft. (2017, September 21). MSBuild inline tasks. Retrieved March 5, 2021.", "meta": { "date_accessed": "2021-03-05T00:00:00Z", "date_published": "2017-09-21T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-inline-tasks?view=vs-2019#code-element" ], "source": "MITRE", "title": "MSBuild inline tasks" }, "related": [], "uuid": "2c638ca5-c7e2-4c4e-bb9c-e36d14899ca8", "value": "Microsoft MSBuild Inline Tasks 2017" }, { "description": "LOLBAS. (2018, May 25). Msconfig.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Msconfig/" ], "source": "Tidal Cyber", "title": "Msconfig.exe" }, "related": [], "uuid": "a073d2fc-d20d-4a52-944e-85ff89f04978", "value": "Msconfig.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Msdeploy.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Msdeploy/" ], "source": "Tidal Cyber", "title": "Msdeploy.exe" }, "related": [], "uuid": "e563af9a-5e49-4612-a52b-31f22f76193c", "value": "Msdeploy.exe - LOLBAS Project" }, { "description": "Microsoft. (n.d.). Retrieved July 26, 2016.", "meta": { "date_accessed": "2016-07-26T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/cc144156.aspx" ], "source": "MITRE", "title": "MSDN File Associations" }, "related": [], "uuid": "f62c8cc9-9c75-4b9a-a0b4-8fc55a94e207", "value": "MSDN File Associations" }, { "description": "Microsoft. (2017, December 1). MS-DRSR Directory Replication Service (DRS) Remote Protocol. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "date_published": "2017-12-01T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/cc228086.aspx" ], "source": "MITRE", "title": "MS-DRSR Directory Replication Service (DRS) Remote Protocol" }, "related": [], "uuid": "43b75a27-7875-4c24-b04d-54e1b60f3028", "value": "Microsoft DRSR Dec 2017" }, { "description": "LOLBAS. (2018, May 25). Msdt.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Msdt/" ], "source": "Tidal Cyber", "title": "Msdt.exe" }, "related": [], "uuid": "3eb1750c-a2f2-4d68-b060-ceb32f44f5fe", "value": "Msdt.exe - LOLBAS Project" }, { "description": "LOLBAS. (2022, January 20). Msedge.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-01-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Msedge/" ], "source": "Tidal Cyber", "title": "Msedge.exe" }, "related": [], "uuid": "6169c12e-9753-4e48-8213-aff95b0f6a95", "value": "Msedge.exe - LOLBAS Project" }, { "description": "LOLBAS. (2023, August 18). msedge_proxy.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-08-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/msedge_proxy/" ], "source": "Tidal Cyber", "title": "msedge_proxy.exe" }, "related": [], "uuid": "a6fd4727-e22f-4157-9a5f-1217cb876b32", "value": "msedge_proxy.exe - LOLBAS Project" }, { "description": "LOLBAS. (2023, June 15). msedgewebview2.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-06-15T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/msedgewebview2/" ], "source": "Tidal Cyber", "title": "msedgewebview2.exe" }, "related": [], "uuid": "8125ece7-10d1-4e79-8ea1-724fe46a3c97", "value": "msedgewebview2.exe - LOLBAS Project" }, { "description": "LOLBAS. (n.d.). Mshta.exe. Retrieved July 31, 2019.", "meta": { "date_accessed": "2019-07-31T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Mshta/" ], "source": "MITRE", "title": "Mshta.exe" }, "related": [], "uuid": "915a4aef-800e-4c68-ad39-df67c3dbaf75", "value": "LOLBAS Mshta" }, { "description": "LOLBAS. (2018, May 25). Mshtml.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Mshtml/" ], "source": "Tidal Cyber", "title": "Mshtml.dll" }, "related": [], "uuid": "1a135e0b-5a79-4a4c-bc70-fd8f3f84e1f0", "value": "Mshtml.dll - LOLBAS Project" }, { "description": "Microsoft. (2017, October 15). msiexec. Retrieved January 24, 2020.", "meta": { "date_accessed": "2020-01-24T00:00:00Z", "date_published": "2017-10-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msiexec" ], "source": "MITRE", "title": "msiexec" }, "related": [], "uuid": "028a8dc6-08f6-4660-8b82-9d5483d15f72", "value": "Microsoft msiexec" }, { "description": "LOLBAS. (n.d.). Msiexec.exe. Retrieved April 18, 2019.", "meta": { "date_accessed": "2019-04-18T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Msiexec/" ], "source": "MITRE", "title": "Msiexec.exe" }, "related": [], "uuid": "996cc7ea-0729-4c51-b9c3-b201ec32e984", "value": "LOLBAS Msiexec" }, { "description": "CIS. (2018, December 12). MS-ISAC Security Primer- Emotet. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2018-12-12T00:00:00Z", "refs": [ "https://www.cisecurity.org/white-papers/ms-isac-security-primer-emotet/" ], "source": "MITRE", "title": "MS-ISAC Security Primer- Emotet" }, "related": [], "uuid": "e88ba993-d5c0-440f-af52-1f70f1579215", "value": "CIS Emotet Dec 2018" }, { "description": "Microsoft. (2017, December 1). MS-NRPC - Netlogon Remote Protocol. Retrieved December 6, 2017.", "meta": { "date_accessed": "2017-12-06T00:00:00Z", "date_published": "2017-12-01T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/cc237008.aspx" ], "source": "MITRE", "title": "MS-NRPC - Netlogon Remote Protocol" }, "related": [], "uuid": "05cf36a3-ff04-4437-9209-376e9f27c009", "value": "Microsoft NRPC Dec 2017" }, { "description": "LOLBAS. (2022, July 24). MsoHtmEd.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-07-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/MsoHtmEd/" ], "source": "Tidal Cyber", "title": "MsoHtmEd.exe" }, "related": [], "uuid": "c39fdefa-4c54-48a9-8357-ffe4dca2a2f4", "value": "MsoHtmEd.exe - LOLBAS Project" }, { "description": "LOLBAS. (2022, August 2). Mspub.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-08-02T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Mspub/" ], "source": "Tidal Cyber", "title": "Mspub.exe" }, "related": [], "uuid": "41eff63a-fef0-4b4b-86f7-0908150fcfcf", "value": "Mspub.exe - LOLBAS Project" }, { "description": "Microsoft. (n.d.). MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/cc245496.aspx" ], "source": "MITRE", "title": "MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport" }, "related": [], "uuid": "add907d8-06c1-481d-a27a-d077ecb32d0e", "value": "Microsoft SAMR" }, { "description": "NSA IAD. (2017, January 24). MS Security Guide. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2017-01-24T00:00:00Z", "refs": [ "https://github.com/iadgov/Secure-Host-Baseline/blob/master/Windows/Group%20Policy%20Templates/en-US/SecGuide.adml" ], "source": "MITRE", "title": "MS Security Guide" }, "related": [], "uuid": "15ad7216-df50-467f-a00b-687336898537", "value": "GitHub IAD Secure Host Baseline UAC Filtering" }, { "description": "LOLBAS. (2018, May 25). msxsl.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Msxsl/" ], "source": "Tidal Cyber", "title": "msxsl.exe" }, "related": [], "uuid": "4e1ed0a8-60d0-45e2-9592-573b904811f8", "value": "msxsl.exe - LOLBAS Project" }, { "description": "Singh, A. (2019, March 14). MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution. Retrieved August 2, 2019.", "meta": { "date_accessed": "2019-08-02T00:00:00Z", "date_published": "2019-03-14T00:00:00Z", "refs": [ "https://medium.com/@threathuntingteam/msxsl-exe-and-wmic-exe-a-way-to-proxy-code-execution-8d524f642b75" ], "source": "MITRE", "title": "MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution" }, "related": [], "uuid": "e4e2cf48-47e0-45d8-afc2-a35635f7e880", "value": "XSL Bypass Mar 2019" }, { "description": "Mandiant. (2015, February 24). M-Trends 2015: A View from the Front Lines. Retrieved May 18, 2016.", "meta": { "date_accessed": "2016-05-18T00:00:00Z", "date_published": "2015-02-24T00:00:00Z", "refs": [ "https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf" ], "source": "MITRE", "title": "M-Trends 2015: A View from the Front Lines" }, "related": [], "uuid": "067497eb-17d9-465f-a070-495575f420d7", "value": "Mandiant M-Trends 2015" }, { "description": "Mandiant. (2016, February). M-Trends 2016. Retrieved January 4, 2017.", "meta": { "date_accessed": "2017-01-04T00:00:00Z", "date_published": "2016-02-01T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/regional/fr_FR/offers/pdfs/ig-mtrends-2016.pdf" ], "source": "MITRE", "title": "M-Trends 2016" }, "related": [], "uuid": "a4747b74-7266-439b-bb8a-bae7102b0d07", "value": "MTrends 2016" }, { "description": "Mandiant. (2020, February). M-Trends 2020. Retrieved April 24, 2020.", "meta": { "date_accessed": "2020-04-24T00:00:00Z", "date_published": "2020-02-01T00:00:00Z", "refs": [ "https://content.fireeye.com/m-trends/rpt-m-trends-2020" ], "source": "MITRE", "title": "M-Trends 2020" }, "related": [], "uuid": "83bc9b28-f8b3-4522-b9f1-f43bce3ae917", "value": "Mandiant M-Trends 2020" }, { "description": "Accenture iDefense Unit. (2019, March 5). Mudcarp's Focus on Submarine Technologies. Retrieved August 24, 2021.", "meta": { "date_accessed": "2021-08-24T00:00:00Z", "date_published": "2019-03-05T00:00:00Z", "refs": [ "https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies" ], "source": "MITRE", "title": "Mudcarp's Focus on Submarine Technologies" }, "related": [], "uuid": "811d433d-27a4-4411-8ec9-b3a173ba0033", "value": "Accenture MUDCARP March 2019" }, { "description": "Lancaster, T.. (2017, November 14). Muddying the Water: Targeted Attacks in the Middle East. Retrieved March 15, 2018.", "meta": { "date_accessed": "2018-03-15T00:00:00Z", "date_published": "2017-11-14T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/" ], "source": "MITRE, Tidal Cyber", "title": "Muddying the Water: Targeted Attacks in the Middle East" }, "related": [], "uuid": "dcdee265-2e46-4f40-95c7-6a2683edb23a", "value": "Unit 42 MuddyWater Nov 2017" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2018, October 10). MuddyWater expands operations. Retrieved November 2, 2018.", "meta": { "date_accessed": "2018-11-02T00:00:00Z", "date_published": "2018-10-10T00:00:00Z", "refs": [ "https://securelist.com/muddywater/88059/" ], "source": "MITRE", "title": "MuddyWater expands operations" }, "related": [], "uuid": "d968546b-5b00-4a7b-9bff-57dfedd0125f", "value": "Securelist MuddyWater Oct 2018" }, { "description": "ClearSky Cyber Security. (2018, November). MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign. Retrieved November 29, 2018.", "meta": { "date_accessed": "2018-11-29T00:00:00Z", "date_published": "2018-11-01T00:00:00Z", "refs": [ "https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf" ], "source": "MITRE, Tidal Cyber", "title": "MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign" }, "related": [], "uuid": "a5f60f45-5df5-407d-9f68-bc5f7c42ee85", "value": "ClearSky MuddyWater Nov 2018" }, { "description": "Lunghi, D. and Horejsi, J.. (2019, June 10). MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools. Retrieved May 14, 2020.", "meta": { "date_accessed": "2020-05-14T00:00:00Z", "date_published": "2019-06-10T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/" ], "source": "MITRE", "title": "MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools" }, "related": [], "uuid": "bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7", "value": "TrendMicro POWERSTATS V3 June 2019" }, { "description": "NIST. (n.d.). Multi-Factor Authentication (MFA). Retrieved January 30, 2020.", "meta": { "date_accessed": "2020-01-30T00:00:00Z", "refs": [ "https://csrc.nist.gov/glossary/term/Multi_Factor-Authentication" ], "source": "MITRE", "title": "Multi-Factor Authentication (MFA)" }, "related": [], "uuid": "2f069bb2-3f59-409e-a337-7c69411c8b01", "value": "NIST MFA" }, { "description": "Svajcer, V. (2018, July 31). Multiple Cobalt Personality Disorder. Retrieved September 5, 2018.", "meta": { "date_accessed": "2018-09-05T00:00:00Z", "date_published": "2018-07-31T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html" ], "source": "MITRE, Tidal Cyber", "title": "Multiple Cobalt Personality Disorder" }, "related": [], "uuid": "7cdfd0d1-f7e6-4625-91ff-f87f46f95864", "value": "Talos Cobalt Group July 2018" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, September 7). Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. Retrieved September 7, 2023.", "meta": { "date_accessed": "2023-09-07T00:00:00Z", "date_published": "2023-09-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a" ], "source": "Tidal Cyber", "title": "Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475" }, "related": [], "uuid": "6bb581e8-ed0e-41fe-bf95-49b5d11b4e6b", "value": "U.S. CISA Zoho Exploits September 7 2023" }, { "description": "CIS. (2017, May 15). Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution. Retrieved April 3, 2018.", "meta": { "date_accessed": "2018-04-03T00:00:00Z", "date_published": "2017-05-15T00:00:00Z", "refs": [ "https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/" ], "source": "MITRE", "title": "Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution" }, "related": [], "uuid": "76d9da2c-1503-4105-b017-cb2b69298296", "value": "CIS Multiple SMB Vulnerabilities" }, { "description": "Orrù, M., Trotta, G.. (2019, September 11). Muraena. Retrieved October 14, 2019.", "meta": { "date_accessed": "2019-10-14T00:00:00Z", "date_published": "2019-09-11T00:00:00Z", "refs": [ "https://github.com/muraenateam/muraena" ], "source": "MITRE", "title": "Muraena" }, "related": [], "uuid": "578ecf62-b546-4f52-9d50-92557edf2dd4", "value": "GitHub Mauraena" }, { "description": "Sabo, S. (2018, February 15). Musical Chairs Playing Tetris. Retrieved February 19, 2018.", "meta": { "date_accessed": "2018-02-19T00:00:00Z", "date_published": "2018-02-15T00:00:00Z", "refs": [ "https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/" ], "source": "MITRE", "title": "Musical Chairs Playing Tetris" }, "related": [], "uuid": "bddf44bb-7a0a-498b-9831-7b73cf9a582e", "value": "Arbor Musical Chairs Feb 2018" }, { "description": "Thomas, C. (n.d.). Mythc Documentation. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "refs": [ "https://docs.mythic-c2.net/" ], "source": "MITRE", "title": "Mythc Documentation" }, "related": [], "uuid": "de3091b4-663e-4d9e-9dde-51250749863d", "value": "Mythc Documentation" }, { "description": "Thomas, C. (2018, July 4). Mythic. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2018-07-04T00:00:00Z", "refs": [ "https://github.com/its-a-feature/Mythic" ], "source": "MITRE", "title": "Mythic" }, "related": [], "uuid": "20d0adf0-b832-4b03-995e-dfb56474ddcc", "value": "Mythic Github" }, { "description": "Crowdstrike. (n.d.). Mythic Leopard. Retrieved October 6, 2021.", "meta": { "date_accessed": "2021-10-06T00:00:00Z", "refs": [ "https://adversary.crowdstrike.com/en-US/adversary/mythic-leopard/" ], "source": "MITRE", "title": "Mythic Leopard" }, "related": [], "uuid": "efa5dc67-3364-4049-bb13-8b9e1b55f172", "value": "Crowdstrike Mythic Leopard Profile" }, { "description": "CheckPoint. (2020, May 7). Naikon APT: Cyber Espionage Reloaded. Retrieved May 26, 2020.", "meta": { "date_accessed": "2020-05-26T00:00:00Z", "date_published": "2020-05-07T00:00:00Z", "refs": [ "https://research.checkpoint.com/2020/naikon-apt-cyber-espionage-reloaded/" ], "source": "MITRE", "title": "Naikon APT: Cyber Espionage Reloaded" }, "related": [], "uuid": "f080acab-a6a0-42e1-98ff-45e415393648", "value": "CheckPoint Naikon May 2020" }, { "description": "Vrabie, V. (2021, April 23). NAIKON – Traces from a Military Cyber-Espionage Operation. Retrieved June 29, 2021.", "meta": { "date_accessed": "2021-06-29T00:00:00Z", "date_published": "2021-04-23T00:00:00Z", "refs": [ "https://www.bitdefender.com/files/News/CaseStudies/study/396/Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf" ], "source": "MITRE", "title": "NAIKON – Traces from a Military Cyber-Espionage Operation" }, "related": [], "uuid": "55660913-4c03-4360-bb8b-1cad94bd8d0e", "value": "Bitdefender Naikon April 2021" }, { "description": "Microsoft. (2018, May 31). Named Pipes. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/ipc/named-pipes" ], "source": "MITRE", "title": "Named Pipes" }, "related": [], "uuid": "09a3f7dd-5597-4a55-8408-a2f09f4efcd4", "value": "Microsoft Named Pipes" }, { "description": "F-Secure Labs. (2016, July). NANHAISHU RATing the South China Sea. Retrieved July 6, 2018.", "meta": { "date_accessed": "2018-07-06T00:00:00Z", "date_published": "2016-07-01T00:00:00Z", "refs": [ "https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf" ], "source": "MITRE", "title": "NANHAISHU RATing the South China Sea" }, "related": [], "uuid": "41984650-a0ac-4445-80b6-7ceaf93bd135", "value": "fsecure NanHaiShu July 2016" }, { "description": "The DigiTrust Group. (2017, January 01). NanoCore Is Not Your Average RAT. Retrieved November 9, 2018.", "meta": { "date_accessed": "2018-11-09T00:00:00Z", "date_published": "2017-01-01T00:00:00Z", "refs": [ "https://www.digitrustgroup.com/nanocore-not-your-average-rat/" ], "source": "MITRE", "title": "NanoCore Is Not Your Average RAT" }, "related": [], "uuid": "6abac972-bbd0-4cd2-b3a7-25e7825ac134", "value": "DigiTrust NanoCore Jan 2017" }, { "description": "Kasza, A., Halfpop, T. (2016, February 09). NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails. Retrieved November 9, 2018.", "meta": { "date_accessed": "2018-11-09T00:00:00Z", "date_published": "2016-02-09T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2016/02/nanocorerat-behind-an-increase-in-tax-themed-phishing-e-mails/" ], "source": "MITRE", "title": "NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails" }, "related": [], "uuid": "caa0a421-04b0-4ebc-b365-97082d69d33d", "value": "PaloAlto NanoCore Feb 2016" }, { "description": "Unit 42. (2019, February 22). New BabyShark Malware Targets U.S. National Security Think Tanks. Retrieved October 7, 2019.", "meta": { "date_accessed": "2019-10-07T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/" ], "source": "MITRE", "title": "National Security Think Tanks" }, "related": [], "uuid": "634404e3-e2c9-4872-a280-12d2be168cba", "value": "Unit42 BabyShark Feb 2019" }, { "description": "National Vulnerability Database. (n.d.). National Vulnerability Database. Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "refs": [ "https://nvd.nist.gov/" ], "source": "MITRE", "title": "National Vulnerability Database" }, "related": [], "uuid": "9b42dcc6-a39c-4d74-adc3-135f9ceac5ba", "value": "National Vulnerability Database" }, { "description": "Nicole Perlroth and David E. Sanger. (2013, July 12). Nations Buying as Hackers Sell Flaws in Computer Code. Retrieved March 9, 2017.", "meta": { "date_accessed": "2017-03-09T00:00:00Z", "date_published": "2013-07-12T00:00:00Z", "refs": [ "https://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html" ], "source": "MITRE", "title": "Nations Buying as Hackers Sell Flaws in Computer Code" }, "related": [], "uuid": "a3e224e7-fe22-48d6-9ff5-35900f06c060", "value": "NationsBuying" }, { "description": "Kennelly, J., Goody, K., Shilko, J. (2020, May 7). Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents. Retrieved May 18, 2020.", "meta": { "date_accessed": "2020-05-18T00:00:00Z", "date_published": "2020-05-07T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html" ], "source": "MITRE", "title": "Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents" }, "related": [], "uuid": "02338a66-6820-4505-8239-a1f1fcc60d32", "value": "FireEye Maze May 2020" }, { "description": "Mercer, W., Rascagneres, P. (2018, May 31). NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea. Retrieved June 11, 2018.", "meta": { "date_accessed": "2018-06-11T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/05/navrat.html" ], "source": "MITRE", "title": "NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea" }, "related": [], "uuid": "f644ac27-a923-489b-944e-1ba89c609307", "value": "Talos NavRAT May 2018" }, { "description": "Nomex. (2014, February 7). NBNSpoof. Retrieved November 17, 2017.", "meta": { "date_accessed": "2017-11-17T00:00:00Z", "date_published": "2014-02-07T00:00:00Z", "refs": [ "https://github.com/nomex/nbnspoof" ], "source": "MITRE", "title": "NBNSpoof" }, "related": [], "uuid": "4119091a-96f8-441c-b66f-ee0d9013d7ca", "value": "GitHub NBNSpoof" }, { "description": "SecTools. (2003, June 11). NBTscan. Retrieved March 17, 2021.", "meta": { "date_accessed": "2021-03-17T00:00:00Z", "date_published": "2003-06-11T00:00:00Z", "refs": [ "https://sectools.org/tool/nbtscan/" ], "source": "MITRE", "title": "NBTscan" }, "related": [], "uuid": "505c9e8b-66e0-435c-835f-b4405ba91966", "value": "SecTools nbtscan June 2003" }, { "description": "Bezroutchko, A. (2019, November 19). NBTscan man page. Retrieved March 17, 2021.", "meta": { "date_accessed": "2021-03-17T00:00:00Z", "date_published": "2019-11-19T00:00:00Z", "refs": [ "https://manpages.debian.org/testing/nbtscan/nbtscan.1.en.html" ], "source": "MITRE", "title": "NBTscan man page" }, "related": [], "uuid": "8d718be1-9695-4e61-a922-5162d88477c0", "value": "Debian nbtscan Nov 2019" }, { "description": "Microsoft. (n.d.). Nbtstat. Retrieved April 17, 2016.", "meta": { "date_accessed": "2016-04-17T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc940106.aspx" ], "source": "MITRE", "title": "Nbtstat" }, "related": [], "uuid": "1b1e6b08-fc2a-48f7-82bd-e3c1a7a0d97e", "value": "TechNet Nbtstat" }, { "description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.", "meta": { "date_accessed": "2020-06-10T00:00:00Z", "date_published": "2020-02-20T00:00:00Z", "refs": [ "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory" ], "source": "MITRE", "title": "NCSC supports US advisory regarding GRU intrusion set Sandworm" }, "related": [], "uuid": "d876d037-9d24-44af-b8f0-5c1555632b91", "value": "NCSC Sandworm Feb 2020" }, { "description": "Microsoft. (n.d.). NetBIOS Name Resolution. Retrieved November 17, 2017.", "meta": { "date_accessed": "2017-11-17T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/cc958811.aspx" ], "source": "MITRE", "title": "NetBIOS Name Resolution" }, "related": [], "uuid": "f756ee2e-2e79-41df-bf9f-6492a9708663", "value": "TechNet NetBIOS" }, { "description": "Microsoft. (2017, February 14). Net Commands On Windows Operating Systems. Retrieved March 19, 2020.", "meta": { "date_accessed": "2020-03-19T00:00:00Z", "date_published": "2017-02-14T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/help/556003" ], "source": "MITRE", "title": "Net Commands On Windows Operating Systems" }, "related": [], "uuid": "a04320b9-0c6a-49f9-8b84-50587278cdfb", "value": "Microsoft Net" }, { "description": "Savill, J. (1999, March 4). Net.exe reference. Retrieved September 22, 2015.", "meta": { "date_accessed": "2015-09-22T00:00:00Z", "date_published": "1999-03-04T00:00:00Z", "refs": [ "http://windowsitpro.com/windows/netexe-reference" ], "source": "MITRE", "title": "Net.exe reference" }, "related": [], "uuid": "e814d4a5-b846-4d68-ac00-7021238d287a", "value": "Savill 1999" }, { "description": "Microsoft. (2006, October 18). Net.exe Utility. Retrieved September 22, 2015.", "meta": { "date_accessed": "2015-09-22T00:00:00Z", "date_published": "2006-10-18T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/aa939914" ], "source": "MITRE", "title": "Net.exe Utility" }, "related": [], "uuid": "75998d1c-69c0-40d2-a64b-43ad8efa05da", "value": "Microsoft Net Utility" }, { "description": "Microsoft. (2009, June 3). Netsh Commands for Windows Firewall. Retrieved April 20, 2016.", "meta": { "date_accessed": "2016-04-20T00:00:00Z", "date_published": "2009-06-03T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx" ], "source": "MITRE", "title": "Netsh Commands for Windows Firewall" }, "related": [], "uuid": "00fb3fa3-6f72-47ad-a950-f258a70485f2", "value": "TechNet Netsh Firewall" }, { "description": "LOLBAS. (2019, December 24). Netsh.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-12-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Netsh/" ], "source": "Tidal Cyber", "title": "Netsh.exe" }, "related": [], "uuid": "6d76b28f-ab57-46bd-871d-1488212d3a8f", "value": "Netsh.exe - LOLBAS Project" }, { "description": "Smeets, M. (2016, September 26). NetshHelperBeacon. Retrieved February 13, 2017.", "meta": { "date_accessed": "2017-02-13T00:00:00Z", "date_published": "2016-09-26T00:00:00Z", "refs": [ "https://github.com/outflankbv/NetshHelperBeacon" ], "source": "MITRE", "title": "NetshHelperBeacon" }, "related": [], "uuid": "c3169722-9c32-4a38-a7fe-8d4b6e51ca36", "value": "Github Netsh Helper CS Beacon" }, { "description": "Microsoft. (n.d.). Netstat. Retrieved April 17, 2016.", "meta": { "date_accessed": "2016-04-17T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490947.aspx" ], "source": "MITRE", "title": "Netstat" }, "related": [], "uuid": "84ac26d8-9c7c-4c8c-bf64-a9fb4578388c", "value": "TechNet Netstat" }, { "description": "Microsoft. (n.d.). Net time. Retrieved November 25, 2016.", "meta": { "date_accessed": "2016-11-25T00:00:00Z", "refs": [ "https://technet.microsoft.com/bb490716.aspx" ], "source": "MITRE", "title": "Net time" }, "related": [], "uuid": "83094489-791f-4925-879f-e79f67e4bf1f", "value": "TechNet Net Time" }, { "description": "Microsoft. (n.d.). Net Use. Retrieved November 25, 2016.", "meta": { "date_accessed": "2016-11-25T00:00:00Z", "refs": [ "https://technet.microsoft.com/bb490717.aspx" ], "source": "MITRE", "title": "Net Use" }, "related": [], "uuid": "f761d4b6-8fc5-4037-aa34-7982c17f8bed", "value": "Technet Net Use" }, { "description": "Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020.", "meta": { "date_accessed": "2020-05-26T00:00:00Z", "date_published": "2020-05-18T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via-reflective-loading/" ], "source": "MITRE", "title": "Netwalker Fileless Ransomware Injected via Reflective Loading" }, "related": [], "uuid": "ceda9ef6-e609-4a34-9db1-d2a3ebffb679", "value": "TrendMicro Netwalker May 2020" }, { "description": "Szappanos, G., Brandt, A.. (2020, May 27). Netwalker ransomware tools give insight into threat actor. Retrieved May 27, 2020.", "meta": { "date_accessed": "2020-05-27T00:00:00Z", "date_published": "2020-05-27T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/" ], "source": "MITRE", "title": "Netwalker ransomware tools give insight into threat actor" }, "related": [], "uuid": "721db562-6046-4f47-95a1-36a16f26f3d1", "value": "Sophos Netwalker May 2020" }, { "description": "McAfee. (2015, March 2). Netwire RAT Behind Recent Targeted Attacks. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2015-03-02T00:00:00Z", "refs": [ "https://securingtomorrow.mcafee.com/mcafee-labs/netwire-rat-behind-recent-targeted-attacks/" ], "source": "MITRE", "title": "Netwire RAT Behind Recent Targeted Attacks" }, "related": [], "uuid": "b02fbf00-f571-4507-941d-ac1d4a8310b0", "value": "McAfee Netwire Mar 2015" }, { "description": "Microsoft. (2017, April 19). Network access: Do not allow anonymous enumeration of SAM accounts and shares. Retrieved May 20, 2020.", "meta": { "date_accessed": "2020-05-20T00:00:00Z", "date_published": "2017-04-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares" ], "source": "MITRE", "title": "Network access: Do not allow anonymous enumeration of SAM accounts and shares" }, "related": [], "uuid": "25e0244a-b829-4df9-a435-b6f9f1a2f0bc", "value": "Windows Anonymous Enumeration of SAM Accounts" }, { "description": "Microsoft. (2016, August 31). Network access: Do not allow storage of passwords and credentials for network authentication. Retrieved November 23, 2020.", "meta": { "date_accessed": "2020-11-23T00:00:00Z", "date_published": "2016-08-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852185(v=ws.11)?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Network access: Do not allow storage of passwords and credentials for network authentication" }, "related": [], "uuid": "e0d8c585-e898-43ba-8d46-201dbe52db56", "value": "Microsoft Network access Credential Manager" }, { "description": "Microsoft. (2018, July 9). Network File System overview. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2018-07-09T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/storage/nfs/nfs-overview" ], "source": "MITRE", "title": "Network File System overview" }, "related": [], "uuid": "1e49b346-d822-4f82-92db-2989313d07e9", "value": "Microsoft NFS Overview" }, { "description": "Microsoft. (2021, January 7). Network Provider API. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2021-01-07T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/windows/win32/secauthn/network-provider-api" ], "source": "MITRE", "title": "Network Provider API" }, "related": [], "uuid": "b218434e-4233-5963-824e-50ee32d468ed", "value": "Network Provider API" }, { "description": "Jazi, H. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved May 19, 2020.", "meta": { "date_accessed": "2020-05-19T00:00:00Z", "date_published": "2020-04-16T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/" ], "source": "MITRE", "title": "New AgentTesla variant steals WiFi credentials" }, "related": [], "uuid": "87f4fe4c-54cd-40a7-938b-6e6f6d2efbea", "value": "Malwarebytes Agent Tesla April 2020" }, { "description": "Hossein Jazi. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "date_published": "2020-04-16T00:00:00Z", "refs": [ "https://www.malwarebytes.com/blog/news/2020/04/new-agenttesla-variant-steals-wifi-credentials" ], "source": "MITRE", "title": "New AgentTesla variant steals WiFi credentials" }, "related": [], "uuid": "b61b7db6-ed0d-546d-b1e0-c2630530975b", "value": "Malware Bytes New AgentTesla variant steals WiFi credentials" }, { "description": "Chen, Joseph. (2018, July 16). New Andariel Reconnaissance Tactics Uncovered. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2018-07-16T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html" ], "source": "MITRE", "title": "New Andariel Reconnaissance Tactics Uncovered" }, "related": [], "uuid": "b667eb44-8c2f-4319-bc93-f03610214b8b", "value": "TrendMicro New Andariel Tactics July 2018" }, { "description": "Grunzweig, J., Lee, B. (2016, January 22). New Attacks Linked to C0d0so0 Group. Retrieved August 2, 2018.", "meta": { "date_accessed": "2018-08-02T00:00:00Z", "date_published": "2016-01-22T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/" ], "source": "MITRE", "title": "New Attacks Linked to C0d0so0 Group" }, "related": [], "uuid": "c740fc1c-093e-4389-890e-1fd88a824df4", "value": "Unit 42 C0d0so0 Jan 2016" }, { "description": "Salvio, J.. (2014, June 27). New Banking Malware Uses Network Sniffing for Data Theft. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2014-06-27T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffing-for-data-theft/" ], "source": "MITRE", "title": "New Banking Malware Uses Network Sniffing for Data Theft" }, "related": [], "uuid": "4fee21e3-1b8f-4e10-b077-b59e2df94633", "value": "Trend Micro Banking Malware Jan 2019" }, { "description": "Kessem, L., et al. (2017, November 13). New Banking Trojan IcedID Discovered by IBM X-Force Research. Retrieved July 14, 2020.", "meta": { "date_accessed": "2020-07-14T00:00:00Z", "date_published": "2017-11-13T00:00:00Z", "refs": [ "https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/" ], "source": "MITRE", "title": "New Banking Trojan IcedID Discovered by IBM X-Force Research" }, "related": [], "uuid": "fdc56361-24f4-4fa5-949e-02e61c4d3be8", "value": "IBM IcedID November 2017" }, { "description": "Zargarov, N. (2022, May 2). New Black Basta Ransomware Hijacks Windows Fax Service. Retrieved March 7, 2023.", "meta": { "date_accessed": "2023-03-07T00:00:00Z", "date_published": "2022-05-02T00:00:00Z", "refs": [ "https://minerva-labs.com/blog/new-black-basta-ransomware-hijacks-windows-fax-service/" ], "source": "MITRE", "title": "New Black Basta Ransomware Hijacks Windows Fax Service" }, "related": [], "uuid": "6358f7ed-41d6-56be-83bb-179e0a8b7873", "value": "Minerva Labs Black Basta May 2022" }, { "description": "Weidemann, A. (2021, January 25). New campaign targeting security researchers. Retrieved December 20, 2021.", "meta": { "date_accessed": "2021-12-20T00:00:00Z", "date_published": "2021-01-25T00:00:00Z", "refs": [ "https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/" ], "source": "MITRE", "title": "New campaign targeting security researchers" }, "related": [], "uuid": "fb4b3427-353d-44c7-8dcd-d257324a83b2", "value": "Google TAG Lazarus Jan 2021" }, { "description": "Perigaud, F. (2015, December 15). Newcomers in the Derusbi family. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2015-12-15T00:00:00Z", "refs": [ "http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family" ], "source": "MITRE", "title": "Newcomers in the Derusbi family" }, "related": [], "uuid": "9b419a40-c20b-40dd-8627-9c1c786bf165", "value": "Airbus Derusbi 2015" }, { "description": "Reed, Thomas. (2018, April 24). New Crossrider variant installs configuration profiles on Macs. Retrieved September 6, 2019.", "meta": { "date_accessed": "2019-09-06T00:00:00Z", "date_published": "2018-04-24T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/" ], "source": "MITRE", "title": "New Crossrider variant installs configuration profiles on Macs" }, "related": [], "uuid": "80530288-26a3-4c3e-ace1-47510df10fbd", "value": "Malwarebytes Crossrider Apr 2018" }, { "description": "Gavriel, H. & Erbesfeld, B. (2018, April 11). New ‘Early Bird’ Code Injection Technique Discovered. Retrieved May 24, 2018.", "meta": { "date_accessed": "2018-05-24T00:00:00Z", "date_published": "2018-04-11T00:00:00Z", "refs": [ "https://www.cyberbit.com/blog/endpoint-security/new-early-bird-code-injection-technique-discovered/" ], "source": "MITRE", "title": "New ‘Early Bird’ Code Injection Technique Discovered" }, "related": [], "uuid": "8ae4ec67-518e-46dd-872c-7e2a9ca4ef13", "value": "CyberBit Early Bird Apr 2018" }, { "description": "Sahil Antil, Sudeep Singh. (2022, January 20). New espionage attack by Molerats APT targeting users in the Middle East. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2022-01-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east" ], "source": "Tidal Cyber", "title": "New espionage attack by Molerats APT targeting users in the Middle East" }, "related": [], "uuid": "3b39e73e-229f-4ff4-bec3-d83e6364a66e", "value": "Zscaler Molerats Campaign" }, { "description": "Feeley, B. and Stone-Gross, B. (2019, March 20). New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration. Retrieved June 15, 2020.", "meta": { "date_accessed": "2020-06-15T00:00:00Z", "date_published": "2019-03-20T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/wizard-spider-lunar-spider-shared-proxy-module/" ], "source": "MITRE", "title": "New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration" }, "related": [], "uuid": "d7001d6f-97a1-4155-8f74-3d878d4cbb27", "value": "CrowdStrike Wizard Spider March 2019" }, { "description": "Abrams, L. (2021, June 6). New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions. Retrieved July 19, 2022.", "meta": { "date_accessed": "2022-07-19T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/" ], "source": "Tidal Cyber", "title": "New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions" }, "related": [], "uuid": "5695d3a2-6b6c-433a-9254-d4a2e001a8be", "value": "Bleeping Computer Evil Corp mimics PayloadBin gang 2022" }, { "description": "Windows Defender Research. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2016-03-22T00:00:00Z", "refs": [ "https://cloudblogs.microsoft.com/microsoftsecure/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/" ], "source": "MITRE", "title": "New feature in Office 2016 can block macros and help prevent infection" }, "related": [], "uuid": "4d0f4d0a-b812-42f8-a52c-a1f5c69e6337", "value": "Microsoft Block Office Macros" }, { "description": "Microsoft Malware Protection Center. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2016-03-22T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/" ], "source": "MITRE", "title": "New feature in Office 2016 can block macros and help prevent infection" }, "related": [], "uuid": "f14f08c5-de51-4827-ba3a-f0598dfbe505", "value": "TechNet Office Macro Security" }, { "description": "Sudhakar Ramakrishna . (2021, January 11). New Findings From Our Investigation of SUNBURST. Retrieved January 13, 2021.", "meta": { "date_accessed": "2021-01-13T00:00:00Z", "date_published": "2021-01-11T00:00:00Z", "refs": [ "https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/" ], "source": "MITRE", "title": "New Findings From Our Investigation of SUNBURST" }, "related": [], "uuid": "1be1b6e0-1b42-4d07-856b-b6321c17bb88", "value": "SolarWinds Sunburst Sunspot Update January 2021" }, { "description": "Gatlan, S. (2019, July 3). New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS. Retrieved March 15, 2020.", "meta": { "date_accessed": "2020-03-15T00:00:00Z", "date_published": "2019-07-03T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/new-godlua-malware-evades-traffic-monitoring-via-dns-over-https/" ], "source": "MITRE", "title": "New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS" }, "related": [], "uuid": "fd862d10-79bc-489d-a552-118014d01648", "value": "BleepingComp Godlua JUL19" }, { "description": "Subramanian, K. (2020, August 18). New HTML Smuggling Attack Alert: Duri. Retrieved May 20, 2021.", "meta": { "date_accessed": "2021-05-20T00:00:00Z", "date_published": "2020-08-18T00:00:00Z", "refs": [ "https://www.menlosecurity.com/blog/new-attack-alert-duri" ], "source": "MITRE", "title": "New HTML Smuggling Attack Alert: Duri" }, "related": [], "uuid": "a9fc3502-66c2-4504-9886-458f8a803b5d", "value": "HTML Smuggling Menlo Security 2020" }, { "description": "Microsoft. (n.d.). New-InboxRule. Retrieved June 7, 2021.", "meta": { "date_accessed": "2021-06-07T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/exchange/new-inboxrule?view=exchange-ps" ], "source": "MITRE", "title": "New-InboxRule" }, "related": [], "uuid": "54fcfc36-e0d5-422f-8a45-eeb7fa077a93", "value": "Microsoft New-InboxRule" }, { "description": "Moncur, Rob. (2020, July 5). New Information in the AWS IAM Console Helps You Follow IAM Best Practices. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "date_published": "2020-07-05T00:00:00Z", "refs": [ "https://aws.amazon.com/blogs/security/newly-updated-features-in-the-aws-iam-console-help-you-adhere-to-iam-best-practices/" ], "source": "MITRE", "title": "New Information in the AWS IAM Console Helps You Follow IAM Best Practices" }, "related": [], "uuid": "dadae802-91a7-46d4-aacd-48f49f22854e", "value": "AWS - IAM Console Best Practices" }, { "description": "Centero, R. et al. (2021, February 5). New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker. Retrieved August 11, 2021.", "meta": { "date_accessed": "2021-08-11T00:00:00Z", "date_published": "2021-02-05T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html" ], "source": "MITRE", "title": "New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker" }, "related": [], "uuid": "64a86a3f-0160-4766-9ac1-7d287eb2c323", "value": "Trend Micro Ransomware February 2021" }, { "description": "Avast Threat Intelligence Team. (2018, March 8). New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities. Retrieved March 15, 2018.", "meta": { "date_accessed": "2018-03-15T00:00:00Z", "date_published": "2018-03-08T00:00:00Z", "refs": [ "https://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had-keylogger-capacities" ], "source": "MITRE", "title": "New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities" }, "related": [], "uuid": "1641553f-96e7-4829-8c77-d96388dac5c7", "value": "Avast CCleaner3 2018" }, { "description": "Claud Xiao and Cong Zheng. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2017-04-06T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/" ], "source": "MITRE", "title": "New IoT/Linux Malware Targets DVRs, Forms Botnet" }, "related": [], "uuid": "95b5b03e-f160-47cf-920c-8f4f3d4114a3", "value": "Tsunami" }, { "description": "Claud Xiao, Cong Zheng, Yanhui Jia. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved February 19, 2018.", "meta": { "date_accessed": "2018-02-19T00:00:00Z", "date_published": "2017-04-06T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/" ], "source": "MITRE", "title": "New IoT/Linux Malware Targets DVRs, Forms Botnet" }, "related": [], "uuid": "489a6c57-f64c-423b-a7bd-169fa36c4cdf", "value": "amnesia malware" }, { "description": "ClearSky Cyber Security . (2021, August). New Iranian Espionage Campaign By “Siamesekitten” - Lyceum. Retrieved June 6, 2022.", "meta": { "date_accessed": "2022-06-06T00:00:00Z", "date_published": "2021-08-01T00:00:00Z", "refs": [ "https://www.clearskysec.com/siamesekitten/" ], "source": "MITRE", "title": "New Iranian Espionage Campaign By “Siamesekitten” - Lyceum" }, "related": [], "uuid": "9485efce-8d54-4461-b64e-0d15e31fbf8c", "value": "ClearSky Siamesekitten August 2021" }, { "description": "Grunzweig, J., Lee, B. (2018, September 27). New KONNI Malware attacking Eurasia and Southeast Asia. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2018-09-27T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/" ], "source": "MITRE", "title": "New KONNI Malware attacking Eurasia and Southeast Asia" }, "related": [], "uuid": "f3d3b9bc-4c59-4a1f-b602-e3e884661708", "value": "Unit 42 NOKKI Sept 2018" }, { "description": "Malwarebytes Threat Intelligence Team. (2020, June 4). New LNK attack tied to Higaisa APT discovered. Retrieved March 2, 2021.", "meta": { "date_accessed": "2021-03-02T00:00:00Z", "date_published": "2020-06-04T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/" ], "source": "MITRE", "title": "New LNK attack tied to Higaisa APT discovered" }, "related": [], "uuid": "6054e0ab-cf61-49ba-b7f5-58b304477451", "value": "Malwarebytes Higaisa 2020" }, { "description": "Gallagher, S.. (2015, August 5). Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”. Retrieved January 25, 2016.", "meta": { "date_accessed": "2016-01-25T00:00:00Z", "date_published": "2015-08-05T00:00:00Z", "refs": [ "http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/" ], "source": "MITRE", "title": "Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”" }, "related": [], "uuid": "b1540c5c-0bbc-4b9d-9185-fae224ba31be", "value": "Gallagher 2015" }, { "description": "Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2017-11-28T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html" ], "source": "MITRE", "title": "Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection" }, "related": [], "uuid": "9737055a-f583-448e-84d0-1d336c4da9a8", "value": "FireEye TLS Nov 2017" }, { "description": "Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved June 5, 2019.", "meta": { "date_accessed": "2019-06-05T00:00:00Z", "date_published": "2017-11-28T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html" ], "source": "MITRE", "title": "Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection" }, "related": [], "uuid": "32c0b9d2-9f31-4e49-8b3a-c63ff4fffa47", "value": "FireEye Ursnif Nov 2017" }, { "description": "Thomas Reed. (2017, January 18). New Mac backdoor using antiquated code. Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "date_published": "2017-01-18T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/" ], "source": "MITRE", "title": "New Mac backdoor using antiquated code" }, "related": [], "uuid": "165edb01-2681-45a3-b76b-4eb7dee5dab9", "value": "Antiquated Mac Malware" }, { "description": "Magisa, L. (2020, November 27). New MacOS Backdoor Connected to OceanLotus Surfaces. Retrieved December 2, 2020.", "meta": { "date_accessed": "2020-12-02T00:00:00Z", "date_published": "2020-11-27T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html" ], "source": "MITRE", "title": "New MacOS Backdoor Connected to OceanLotus Surfaces" }, "related": [], "uuid": "43726cb8-a169-4594-9323-fad65b9bae97", "value": "Trend Micro MacOS Backdoor November 2020" }, { "description": "Horejsi, J. (2018, April 04). New MacOS Backdoor Linked to OceanLotus Found. Retrieved November 13, 2018.", "meta": { "date_accessed": "2018-11-13T00:00:00Z", "date_published": "2018-04-04T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/" ], "source": "MITRE", "title": "New MacOS Backdoor Linked to OceanLotus Found" }, "related": [], "uuid": "e18ad1a7-1e7e-4aca-be9b-9ee12b41c147", "value": "TrendMicro MacOS April 2018" }, { "description": "Mabutas, G. (2020, May 11). New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability. Retrieved August 10, 2020.", "meta": { "date_accessed": "2020-08-10T00:00:00Z", "date_published": "2020-05-11T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability/" ], "source": "MITRE", "title": "New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability" }, "related": [], "uuid": "0ef8691d-48ae-4057-82ef-eb086c05e2b9", "value": "TrendMicro macOS Dacls May 2020" }, { "description": "Sergei Shevchenko. (2015, June 4). New Mac OS Malware Exploits Mackeeper. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2015-06-04T00:00:00Z", "refs": [ "https://baesystemsai.blogspot.com/2015/06/new-mac-os-malware-exploits-mackeeper.html" ], "source": "MITRE", "title": "New Mac OS Malware Exploits Mackeeper" }, "related": [], "uuid": "8c4bcbc7-ff52-4f7b-a22e-98bf9cfb1040", "value": "OSX Malware Exploits MacKeeper" }, { "description": "Carbon Black Threat Analysis Unit. (2019, February 12). New macOS Malware Variant of Shlayer (OSX) Discovered. Retrieved August 8, 2019.", "meta": { "date_accessed": "2019-08-08T00:00:00Z", "date_published": "2019-02-12T00:00:00Z", "refs": [ "https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/" ], "source": "MITRE", "title": "New macOS Malware Variant of Shlayer (OSX) Discovered" }, "related": [], "uuid": "d8212691-4a6e-49bf-bc33-740850a1189a", "value": "Carbon Black Shlayer Feb 2019" }, { "description": "Ray, V., Hayashi, K. (2016, February 29). New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.", "meta": { "date_accessed": "2016-02-29T00:00:00Z", "date_published": "2016-02-29T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/" ], "source": "MITRE", "title": "New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan" }, "related": [], "uuid": "bbdf3f49-9875-4d41-986d-b693e82c77e1", "value": "Palo Alto Rover" }, { "description": "Grunzweig, J. and Miller-Osborn, J. (2017, November 10). New Malware with Ties to SunOrcal Discovered. Retrieved November 16, 2017.", "meta": { "date_accessed": "2017-11-16T00:00:00Z", "date_published": "2017-11-10T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/" ], "source": "MITRE", "title": "New Malware with Ties to SunOrcal Discovered" }, "related": [], "uuid": "69fbe527-2ec4-457b-81b1-2eda65eb8442", "value": "Palo Alto Reaver Nov 2017" }, { "description": "Trend Micro. (2018, September 19). New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet. Retrieved June 4, 2019.", "meta": { "date_accessed": "2019-06-04T00:00:00Z", "date_published": "2018-09-19T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/new-multi-platform-xbash-packs-obfuscation-ransomware-coinminer-worm-and-botnet" ], "source": "MITRE", "title": "New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet" }, "related": [], "uuid": "a4b37a24-b2a0-4fcb-9ec3-0d6b67e4e13b", "value": "Trend Micro Xbash Sept 2018" }, { "description": "MSRC. (2021, June 25). New Nobelium activity. Retrieved August 4, 2021.", "meta": { "date_accessed": "2021-08-04T00:00:00Z", "date_published": "2021-06-25T00:00:00Z", "refs": [ "https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/" ], "source": "MITRE", "title": "New Nobelium activity" }, "related": [], "uuid": "1588799f-a5d2-46bc-978d-f10ed7ceb15c", "value": "MSRC Nobelium June 2021" }, { "description": "Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.", "meta": { "date_accessed": "2018-05-08T00:00:00Z", "date_published": "2018-04-23T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia" ], "source": "MITRE, Tidal Cyber", "title": "New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia" }, "related": [], "uuid": "eee5efa1-bbc6-44eb-8fae-23002f351605", "value": "Symantec Orangeworm April 2018" }, { "description": "Thomas Reed. (2017, July 7). New OSX.Dok malware intercepts web traffic. Retrieved July 10, 2017.", "meta": { "date_accessed": "2017-07-10T00:00:00Z", "date_published": "2017-07-07T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/" ], "source": "MITRE", "title": "New OSX.Dok malware intercepts web traffic" }, "related": [], "uuid": "71d65081-dada-4a69-94c5-f1d8e4e151c1", "value": "OSX.Dok Malware" }, { "description": "Marc-Etienne M.Leveille. (2016, July 6). New OSX/Keydnap malware is hungry for credentials. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2016-07-06T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/" ], "source": "MITRE", "title": "New OSX/Keydnap malware is hungry for credentials" }, "related": [], "uuid": "d43e0dd1-0946-4f49-bcc7-3ef38445eac3", "value": "OSX Keydnap malware" }, { "description": "Vrijenhoek, Jay. (2018, April 24). New OSX/Shlayer Malware Variant Found Using a Dirty New Trick. Retrieved September 6, 2019.", "meta": { "date_accessed": "2019-09-06T00:00:00Z", "date_published": "2018-04-24T00:00:00Z", "refs": [ "https://www.intego.com/mac-security-blog/new-osxshlayer-malware-variant-found-using-a-dirty-new-trick/" ], "source": "MITRE", "title": "New OSX/Shlayer Malware Variant Found Using a Dirty New Trick" }, "related": [], "uuid": "3ca1254c-db51-4a5d-8242-ffd9e4481c22", "value": "Intego Shlayer Apr 2018" }, { "description": "Cybereason Nocturnus. (2019, June 13). New Pervasive Worm Exploiting Linux Exim Server Vulnerability. Retrieved June 24, 2020.", "meta": { "date_accessed": "2020-06-24T00:00:00Z", "date_published": "2019-06-13T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability" ], "source": "MITRE", "title": "New Pervasive Worm Exploiting Linux Exim Server Vulnerability" }, "related": [], "uuid": "9523d8ae-d749-4c25-8c7b-df2d8c25c3c8", "value": "Cybereason Linux Exim Worm" }, { "description": "MSTIC. (2022, October 14). New “Prestige” ransomware impacts organizations in Ukraine and Poland. Retrieved January 19, 2023.", "meta": { "date_accessed": "2023-01-19T00:00:00Z", "date_published": "2022-10-14T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/" ], "source": "MITRE", "title": "New “Prestige” ransomware impacts organizations in Ukraine and Poland" }, "related": [], "uuid": "b57e1181-461b-5ada-a739-873ede1ec079", "value": "Microsoft Prestige ransomware October 2022" }, { "description": "Falcone, R. (2019, March 4). New Python-Based Payload MechaFlounder Used by Chafer. Retrieved May 27, 2020.", "meta": { "date_accessed": "2020-05-27T00:00:00Z", "date_published": "2019-03-04T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/" ], "source": "MITRE", "title": "New Python-Based Payload MechaFlounder Used by Chafer" }, "related": [], "uuid": "2263af27-9c30-4bf6-a204-2f148ebdd17c", "value": "Unit 42 MechaFlounder March 2019" }, { "description": "Chiu, A. (2016, June 27). New Ransomware Variant \"Nyetya\" Compromises Systems Worldwide. Retrieved March 26, 2019.", "meta": { "date_accessed": "2019-03-26T00:00:00Z", "date_published": "2016-06-27T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html" ], "source": "MITRE", "title": "New Ransomware Variant \"Nyetya\" Compromises Systems Worldwide" }, "related": [], "uuid": "c76e806c-b0e3-4ab9-ba6d-68a9f731f127", "value": "Talos Nyetya June 2017" }, { "description": "Cyble. (2022, May 6). New ransomware variant targeting high-value organizations. Retrieved March 7, 2023.", "meta": { "date_accessed": "2023-03-07T00:00:00Z", "date_published": "2022-05-06T00:00:00Z", "refs": [ "https://blog.cyble.com/2022/05/06/black-basta-ransomware/" ], "source": "MITRE", "title": "New ransomware variant targeting high-value organizations" }, "related": [], "uuid": "18035aba-0ae3-58b8-b426-86c2e38a37ae", "value": "Cyble Black Basta May 2022" }, { "description": "Abrams, L. (2020, October 23). New RAT malware gets commands via Discord, has ransomware feature. Retrieved April 1, 2021.", "meta": { "date_accessed": "2021-04-01T00:00:00Z", "date_published": "2020-10-23T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/" ], "source": "MITRE", "title": "New RAT malware gets commands via Discord, has ransomware feature" }, "related": [], "uuid": "a587ea99-a951-4aa8-a3cf-a4822ae97490", "value": "Bleepingcomputer RAT malware 2020" }, { "description": "Wikoff, A. Emerson, R. (2020, July 16). New Research Exposes Iranian Threat Group Operations. Retrieved March 8, 2021.", "meta": { "date_accessed": "2021-03-08T00:00:00Z", "date_published": "2020-07-16T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/" ], "source": "MITRE", "title": "New Research Exposes Iranian Threat Group Operations" }, "related": [], "uuid": "523b7a1e-88ef-4440-a7b3-3fd0b8d5e199", "value": "IBM ITG18 2020" }, { "description": "Irwin, Ullrich, J. (2009, March 16). new rogue-DHCP server malware. Retrieved January 14, 2022.", "meta": { "date_accessed": "2022-01-14T00:00:00Z", "date_published": "2009-03-16T00:00:00Z", "refs": [ "https://isc.sans.edu/forums/diary/new+rogueDHCP+server+malware/6025/" ], "source": "MITRE", "title": "new rogue-DHCP server malware" }, "related": [], "uuid": "8e0a8a9a-9b1f-4141-b595-80b98daf6b68", "value": "new_rogue_DHCP_serv_malware" }, { "description": "NCSC, CISA, FBI, NSA. (2022, February 23). New Sandworm malware Cyclops Blink replaces VPNFilter. Retrieved March 3, 2022.", "meta": { "date_accessed": "2022-03-03T00:00:00Z", "date_published": "2022-02-23T00:00:00Z", "refs": [ "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter" ], "source": "MITRE", "title": "New Sandworm malware Cyclops Blink replaces VPNFilter" }, "related": [], "uuid": "bee6cf85-5cb9-4000-b82e-9e15aebfbece", "value": "NCSC CISA Cyclops Blink Advisory February 2022" }, { "description": "Kerner, S. (2014, May 29). Newscaster Threat Uses Social Media for Intelligence Gathering. Retrieved April 14, 2021.", "meta": { "date_accessed": "2021-04-14T00:00:00Z", "date_published": "2014-05-29T00:00:00Z", "refs": [ "https://www.eweek.com/security/newscaster-threat-uses-social-media-for-intelligence-gathering" ], "source": "MITRE", "title": "Newscaster Threat Uses Social Media for Intelligence Gathering" }, "related": [], "uuid": "a3407cd2-d579-4d64-8f2e-162c31a99534", "value": "Eweek Newscaster and Charming Kitten May 2014" }, { "description": "Vilkomir-Preisman, S. (2019, April 2). New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload. Retrieved May 28, 2019.", "meta": { "date_accessed": "2019-05-28T00:00:00Z", "date_published": "2019-04-02T00:00:00Z", "refs": [ "https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/" ], "source": "MITRE", "title": "New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload" }, "related": [], "uuid": "529524c0-123b-459c-bc6f-62aa45c228d1", "value": "Deep Instinct TA505 Apr 2019" }, { "description": "Thomas. (2013, July 15). New signed malware called Janicab. Retrieved July 17, 2017.", "meta": { "date_accessed": "2017-07-17T00:00:00Z", "date_published": "2013-07-15T00:00:00Z", "refs": [ "http://www.thesafemac.com/new-signed-malware-called-janicab/" ], "source": "MITRE", "title": "New signed malware called Janicab" }, "related": [], "uuid": "1acc1a83-faac-41d3-a08b-cc3a539567fb", "value": "Janicab" }, { "description": "Microsoft Threat Intelligence Center (MSTIC). (2021, May 27). New sophisticated email-based attack from NOBELIUM. Retrieved May 28, 2021.", "meta": { "date_accessed": "2021-05-28T00:00:00Z", "date_published": "2021-05-27T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/" ], "source": "MITRE", "title": "New sophisticated email-based attack from NOBELIUM" }, "related": [], "uuid": "047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d", "value": "MSTIC NOBELIUM May 2021" }, { "description": "Burt, T. (2019, March 27). New steps to protect customers from hacking. Retrieved May 27, 2020.", "meta": { "date_accessed": "2020-05-27T00:00:00Z", "date_published": "2019-03-27T00:00:00Z", "refs": [ "https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/" ], "source": "MITRE", "title": "New steps to protect customers from hacking" }, "related": [], "uuid": "c55a112d-4b05-4c32-a5b3-480b12929115", "value": "Microsoft Phosphorus Mar 2019" }, { "description": "Smith, L., Leathery, J., Read, B. (2021, March 4). New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452. Retrieved March 12, 2021.", "meta": { "date_accessed": "2021-03-12T00:00:00Z", "date_published": "2021-03-04T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html" ], "source": "MITRE", "title": "New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452" }, "related": [], "uuid": "1cdb8a1e-fbed-4db3-b273-5f8f45356dc1", "value": "FireEye SUNSHUTTLE Mar 2021" }, { "description": "Blasco, J. (2013, March 21). New Sykipot developments [Blog]. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2013-03-21T00:00:00Z", "refs": [ "http://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments" ], "source": "MITRE", "title": "New Sykipot developments [Blog]" }, "related": [], "uuid": "46be6b77-ee2b-407e-bdd4-5a1183eda7f3", "value": "Blasco 2013" }, { "description": "Malwarebytes Labs. (2017, March 27). New targeted attack against Saudi Arabia Government. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2017-03-27T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/03/new-targeted-attack-saudi-arabia-government/" ], "source": "MITRE", "title": "New targeted attack against Saudi Arabia Government" }, "related": [], "uuid": "735647f9-9cd4-4a20-8812-4671a3358e46", "value": "Malwarebytes Targeted Attack against Saudi Arabia" }, { "description": "Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-12-07T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html" ], "source": "MITRE, Tidal Cyber", "title": "New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit" }, "related": [], "uuid": "88f41728-08ad-4cd8-a418-895738d68b04", "value": "FireEye APT34 Dec 2017" }, { "description": "Unit 42. (2018, October 25). New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed. Retrieved December 11, 2018.", "meta": { "date_accessed": "2018-12-11T00:00:00Z", "date_published": "2018-10-25T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/" ], "source": "MITRE", "title": "New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed" }, "related": [], "uuid": "8956f0e5-d07f-4063-bf60-f8b964d03e6d", "value": "Unit 42 Cobalt Gang Oct 2018" }, { "description": "Cherepanov, A., Lipovsky, R. (2018, October 11). New TeleBots backdoor: First evidence linking Industroyer to NotPetya. Retrieved November 27, 2018.", "meta": { "date_accessed": "2018-11-27T00:00:00Z", "date_published": "2018-10-11T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/" ], "source": "MITRE", "title": "New TeleBots backdoor: First evidence linking Industroyer to NotPetya" }, "related": [], "uuid": "56372448-03f5-49b5-a2a9-384fbd49fefc", "value": "ESET TeleBots Oct 2018" }, { "description": "Falcone, R., et al. (2018, July 27). New Threat Actor Group DarkHydrus Targets Middle East Government. Retrieved August 2, 2018.", "meta": { "date_accessed": "2018-08-02T00:00:00Z", "date_published": "2018-07-27T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/" ], "source": "MITRE, Tidal Cyber", "title": "New Threat Actor Group DarkHydrus Targets Middle East Government" }, "related": [], "uuid": "800279cf-e6f8-4721-818f-46e35ec7892a", "value": "Unit 42 DarkHydrus July 2018" }, { "description": "Tudorica, R., Maximciuc, A., Vatamanu, C. (2020, March 18). New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong. Retrieved March 15, 2021.", "meta": { "date_accessed": "2021-03-15T00:00:00Z", "date_published": "2020-03-18T00:00:00Z", "refs": [ "https://www.bitdefender.com/files/News/CaseStudies/study/316/Bitdefender-Whitepaper-TrickBot-en-EN-interactive.pdf" ], "source": "MITRE", "title": "New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong" }, "related": [], "uuid": "2ccdaded-97f6-47e2-b6c0-9a83e8a945d6", "value": "Bitdefender Trickbot March 2020" }, { "description": "Threat Intelligence Team. (2021, August 23). New variant of Konni malware used in campaign targetting Russia. Retrieved January 5, 2022.", "meta": { "date_accessed": "2022-01-05T00:00:00Z", "date_published": "2021-08-23T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/" ], "source": "MITRE", "title": "New variant of Konni malware used in campaign targetting Russia" }, "related": [], "uuid": "fb8c6402-ec18-414a-85f7-3d76eacbd890", "value": "Malwarebytes Konni Aug 2021" }, { "description": "Proofpoint. (2018, May 10). New Vega Stealer shines brightly in targeted campaign . Retrieved June 18, 2019.", "meta": { "date_accessed": "2019-06-18T00:00:00Z", "date_published": "2018-05-10T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaign" ], "source": "MITRE", "title": "New Vega Stealer shines brightly in targeted campaign" }, "related": [], "uuid": "c52fe62f-4df4-43b0-a126-2df07dc61fc0", "value": "Proofpoint Vega Credential Stealer May 2018" }, { "description": "Proofpoint. (2018, July 30). New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign. Retrieved November 29, 2018.", "meta": { "date_accessed": "2018-11-29T00:00:00Z", "date_published": "2018-07-30T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside" ], "source": "MITRE", "title": "New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign" }, "related": [], "uuid": "a85c869a-3ba3-42c2-9460-d3d1f0874044", "value": "Proofpoint Azorult July 2018" }, { "description": "Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021.", "meta": { "date_accessed": "2021-04-13T00:00:00Z", "date_published": "2020-01-31T00:00:00Z", "refs": [ "https://www.avira.com/en/blog/new-wave-of-plugx-targets-hong-kong" ], "source": "MITRE", "title": "New wave of PlugX targets Hong Kong | Avira Blog" }, "related": [], "uuid": "bc7755a0-5ee3-477b-b8d7-67174a59d0e2", "value": "Avira Mustang Panda January 2020" }, { "description": "Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved November 15, 2018.", "meta": { "date_accessed": "2018-11-15T00:00:00Z", "date_published": "2016-05-24T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/" ], "source": "MITRE", "title": "New Wekby Attacks Use DNS Requests As Command and Control Mechanism" }, "related": [], "uuid": "6f08aa4e-c89f-4d3e-8f46-e856e21d2d50", "value": "PaloAlto DNS Requests May 2016" }, { "description": "Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved August 17, 2016.", "meta": { "date_accessed": "2016-08-17T00:00:00Z", "date_published": "2016-05-24T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/" ], "source": "MITRE", "title": "New Wekby Attacks Use DNS Requests As Command and Control Mechanism" }, "related": [], "uuid": "4a946c3f-ee0a-4649-8104-2bd9d90ebd49", "value": "Palo Alto DNS Requests" }, { "description": "Yan, T., et al. (2018, November 21). New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit. Retrieved November 29, 2018.", "meta": { "date_accessed": "2018-11-29T00:00:00Z", "date_published": "2018-11-21T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/11/unit42-new-wine-old-bottle-new-azorult-variant-found-findmyname-campaign-using-fallout-exploit-kit/" ], "source": "MITRE", "title": "New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit" }, "related": [], "uuid": "44ceddf6-bcbf-4a60-bb92-f8cdc675d185", "value": "Unit42 Azorult Nov 2018" }, { "description": "Chen, X., Scott, M., Caselden, D.. (2014, April 26). New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks. Retrieved January 14, 2016.", "meta": { "date_accessed": "2016-01-14T00:00:00Z", "date_published": "2014-04-26T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html" ], "source": "MITRE", "title": "New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks" }, "related": [], "uuid": "fd536975-ff27-45fc-a07f-4b2128568df8", "value": "FireEye Clandestine Fox" }, { "description": "Carr, N.. (2018, October 25). Nick Carr Status Update. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2018-10-25T00:00:00Z", "refs": [ "https://twitter.com/ItsReallyNick/status/1055321868641689600" ], "source": "MITRE", "title": "Nick Carr Status Update" }, "related": [], "uuid": "12eea502-cf70-474f-8127-352cacc37418", "value": "Twitter ItsReallyNick Platinum Masquerade" }, { "description": "Carr, N.. (2017, December 26). Nick Carr Status Update APT32 pubprn. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2017-12-26T00:00:00Z", "refs": [ "https://twitter.com/ItsReallyNick/status/945681177108762624" ], "source": "MITRE", "title": "Nick Carr Status Update APT32 pubprn" }, "related": [], "uuid": "731865ea-2410-40ac-85cf-75f768edd08a", "value": "Twitter ItsReallyNick APT32 pubprn Masquerade" }, { "description": "Carr, N. (2019, October 30). Nick Carr Status Update APT41 Environmental Keying. Retrieved June 23, 2020.", "meta": { "date_accessed": "2020-06-23T00:00:00Z", "date_published": "2019-10-30T00:00:00Z", "refs": [ "https://twitter.com/ItsReallyNick/status/1189622925286084609" ], "source": "MITRE", "title": "Nick Carr Status Update APT41 Environmental Keying" }, "related": [], "uuid": "e226a034-b79b-42bd-8115-2537f98e5d46", "value": "Twitter ItsReallyNick APT41 EK" }, { "description": "Carr, N.. (2018, October 25). Nick Carr Status Update Masquerading. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2018-10-25T00:00:00Z", "refs": [ "https://twitter.com/ItsReallyNick/status/1055321652777619457" ], "source": "MITRE", "title": "Nick Carr Status Update Masquerading" }, "related": [], "uuid": "aca324b7-15f1-47b5-9c13-248d1b1a7fff", "value": "Twitter ItsReallyNick Masquerading Update" }, { "description": "SecureWorks. (2021, September 29). NICKEL GLADSTONE Threat Profile. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2021-09-29T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/nickel-gladstone" ], "source": "MITRE", "title": "NICKEL GLADSTONE Threat Profile" }, "related": [], "uuid": "c78a8379-04a4-4558-820d-831ad4f267fd", "value": "SecureWorks NICKEL GLADSTONE profile Sept 2021" }, { "description": "MSTIC. (2021, December 6). NICKEL targeting government organizations across Latin America and Europe. Retrieved March 18, 2022.", "meta": { "date_accessed": "2022-03-18T00:00:00Z", "date_published": "2021-12-06T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe" ], "source": "MITRE, Tidal Cyber", "title": "NICKEL targeting government organizations across Latin America and Europe" }, "related": [], "uuid": "29a46bb3-f514-4554-ad9c-35f9a5ad9870", "value": "Microsoft NICKEL December 2021" }, { "description": "Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February) W32.Stuxnet Dossier (Version 1.4). Retrieved September 22, 2017", "meta": { "date_accessed": "2017-09-22T00:00:00Z", "refs": [ "https://www.wired.com/images_blogs/threatlevel/2011/02/Symantec-Stuxnet-Update-Feb-2011.pdf" ], "source": "MITRE", "title": "Nicolas Falliere, Liam O Murchu, Eric Chien February 2011" }, "related": [], "uuid": "a1b371c2-b2b1-5780-95c8-11f8c616dcf3", "value": "Nicolas Falliere, Liam O Murchu, Eric Chien February 2011" }, { "description": "Proofpoint Staff. (2016, August 25). Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality. Retrieved June 5, 2019.", "meta": { "date_accessed": "2019-06-05T00:00:00Z", "date_published": "2016-08-25T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality" ], "source": "MITRE", "title": "Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality" }, "related": [], "uuid": "4cef8c44-d440-4746-b3e8-c8e4d307273d", "value": "ProofPoint Ursnif Aug 2016" }, { "description": "Scarfone, K. et al.. (2008, July). NIST Special Publication 800-123 - Guide to General Server Security. Retrieved July 26, 2018.", "meta": { "date_accessed": "2018-07-26T00:00:00Z", "date_published": "2008-07-01T00:00:00Z", "refs": [ "https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-123.pdf" ], "source": "MITRE", "title": "NIST Special Publication 800-123 - Guide to General Server Security" }, "related": [], "uuid": "351a444e-2829-4584-83ea-de909e43ee72", "value": "NIST Server Security July 2008" }, { "description": "Malik, A. (2016, October 14). Nitol Botnet makes a resurgence with evasive sandbox analysis technique. Retrieved September 30, 2021.", "meta": { "date_accessed": "2021-09-30T00:00:00Z", "date_published": "2016-10-14T00:00:00Z", "refs": [ "https://www.netskope.com/blog/nitol-botnet-makes-resurgence-evasive-sandbox-analysis-technique" ], "source": "MITRE", "title": "Nitol Botnet makes a resurgence with evasive sandbox analysis technique" }, "related": [], "uuid": "94b5ac75-1fd5-4cad-a604-2b09846eb975", "value": "Netskope Nitol" }, { "description": "Dawda, U. and Villeneuve, N. (2013, August 30). Njw0rm - Brother From the Same Mother. Retrieved June 4, 2019.", "meta": { "date_accessed": "2019-06-04T00:00:00Z", "date_published": "2013-08-30T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2013/08/njw0rm-brother-from-the-same-mother.html" ], "source": "MITRE", "title": "Njw0rm - Brother From the Same Mother" }, "related": [], "uuid": "062c31b1-7c1e-487f-8340-11f4b3faabc4", "value": "FireEye Njw0rm Aug 2013" }, { "description": "ss64. (n.d.). NLTEST.exe - Network Location Test. Retrieved February 14, 2019.", "meta": { "date_accessed": "2019-02-14T00:00:00Z", "refs": [ "https://ss64.com/nt/nltest.html" ], "source": "MITRE", "title": "NLTEST.exe - Network Location Test" }, "related": [], "uuid": "4bb113a8-7e2c-4656-86f4-c30b08705ffa", "value": "Nltest Manual" }, { "description": "Nmap. (n.d.). Nmap: the Network Mapper - Free Security Scanner. Retrieved September 7, 2023.", "meta": { "date_accessed": "2023-09-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://nmap.org/" ], "source": "Tidal Cyber", "title": "Nmap: the Network Mapper - Free Security Scanner" }, "related": [], "uuid": "65f1bbaa-8ad1-4ad5-b726-660558d27efc", "value": "Nmap: the Network Mapper" }, { "description": "Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2021-10-25T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/" ], "source": "MITRE", "title": "NOBELIUM targeting delegated administrative privileges to facilitate broader attacks" }, "related": [], "uuid": "7b6cc308-9871-47e5-9039-a9a7e66ce373", "value": "MSTIC Nobelium Oct 2021" }, { "description": "Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved January 31, 2022.", "meta": { "date_accessed": "2022-01-31T00:00:00Z", "date_published": "2021-10-25T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks" ], "source": "MITRE", "title": "NOBELIUM targeting delegated administrative privileges to facilitate broader attacks" }, "related": [], "uuid": "aa315293-77a5-4ad9-b024-9af844edff9a", "value": "Microsoft Nobelium Admin Privileges" }, { "description": "Symantec Threat Hunter Team. (2022, September 22). Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics. Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "date_published": "2022-09-22T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps" ], "source": "Tidal Cyber", "title": "Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics" }, "related": [], "uuid": "afd6808d-2c9f-4926-b7c6-ca9d3abdd923", "value": "Symantec Noberus September 22 2022" }, { "description": "Symantec Threat Hunter Team. (2021, December 16). Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware. Retrieved January 14, 2022.", "meta": { "date_accessed": "2022-01-14T00:00:00Z", "date_published": "2021-12-16T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-alphv-rust-ransomware" ], "source": "MITRE", "title": "Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware" }, "related": [], "uuid": "8206240f-c84e-442e-b025-f629e9cc8d91", "value": "new_rust_based_ransomware" }, { "description": "Guerrero-Saade, J. (2021, June 1). NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks. Retrieved August 4, 2021.", "meta": { "date_accessed": "2021-08-04T00:00:00Z", "date_published": "2021-06-01T00:00:00Z", "refs": [ "https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/" ], "source": "MITRE", "title": "NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks" }, "related": [], "uuid": "98cf2bb0-f36c-45af-8d47-bf26aca3bb09", "value": "SentinelOne NobleBaron June 2021" }, { "description": "OpenJS Foundation. (n.d.). Node.js. Retrieved June 23, 2020.", "meta": { "date_accessed": "2020-06-23T00:00:00Z", "refs": [ "https://nodejs.org/" ], "source": "MITRE", "title": "Node.js" }, "related": [], "uuid": "af710d49-48f4-47f6-98c6-8d4a4568b020", "value": "NodeJS" }, { "description": "Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved October 4, 2016.", "meta": { "date_accessed": "2016-10-04T00:00:00Z", "date_published": "2016-09-27T00:00:00Z", "refs": [ "http://www.slideshare.net/MatthewDunwoody1/no-easy-breach-derby-con-2016" ], "source": "MITRE", "title": "No Easy Breach DerbyCon 2016" }, "related": [], "uuid": "e7c49ce6-9c5d-483a-b476-8a48799df6fa", "value": "Mandiant No Easy Breach" }, { "description": "Tartare, M. et al. (2020, May 21). No “Game over” for the Winnti Group. Retrieved August 24, 2020.", "meta": { "date_accessed": "2020-08-24T00:00:00Z", "date_published": "2020-05-21T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/" ], "source": "MITRE", "title": "No “Game over” for the Winnti Group" }, "related": [], "uuid": "cbc09411-be18-4241-be69-b718a741ed8c", "value": "ESET PipeMon May 2020" }, { "description": "Meyering, J. (n.d.). nohup(1). Retrieved August 30, 2023.", "meta": { "date_accessed": "2023-08-30T00:00:00Z", "refs": [ "https://linux.die.net/man/1/nohup" ], "source": "MITRE", "title": "nohup(1)" }, "related": [], "uuid": "f61dde91-3518-5a74-8eb8-bb3bae43e8fb", "value": "nohup Linux Man" }, { "description": "Grunzweig, J. (2018, October 01). NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2018-10-01T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/" ], "source": "MITRE", "title": "NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT" }, "related": [], "uuid": "4eea6638-a71b-4d74-acc4-0fac82ef72f6", "value": "Unit 42 Nokki Oct 2018" }, { "description": "Cherepanov, A. (2018, October 4). Nomadic Octopus Cyber espionage in Central Asia. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "date_published": "2018-10-04T00:00:00Z", "refs": [ "https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Nomadic Octopus Cyber espionage in Central Asia" }, "related": [], "uuid": "50dcb3f0-1461-453a-aab9-38c2e259173f", "value": "ESET Nomadic Octopus 2018" }, { "description": "hasherezade. (2016, April 11). No money, but Pony! From a mail to a trojan horse. Retrieved May 21, 2020.", "meta": { "date_accessed": "2020-05-21T00:00:00Z", "date_published": "2016-04-11T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2015/11/no-money-but-pony-from-a-mail-to-a-trojan-horse/" ], "source": "MITRE", "title": "No money, but Pony! From a mail to a trojan horse" }, "related": [], "uuid": "f8700002-5da6-4cb8-be62-34e421d2a573", "value": "Malwarebytes Pony April 2016" }, { "description": "Ruohonen, S. & Robinson, S. (2023, February 2). No Pineapple! -DPRK Targeting of Medical Research and Technology Sector. Retrieved July 10, 2023.", "meta": { "date_accessed": "2023-07-10T00:00:00Z", "date_published": "2023-02-02T00:00:00Z", "refs": [ "https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf" ], "source": "MITRE", "title": "No Pineapple! -DPRK Targeting of Medical Research and Technology Sector" }, "related": [], "uuid": "195922fa-a843-5cd3-a153-32f0b960dcb9", "value": "WithSecure Lazarus-NoPineapple Threat Intel Report 2023" }, { "description": "Chris Ross. (2019, February 8). No Place Like Chrome. Retrieved April 27, 2021.", "meta": { "date_accessed": "2021-04-27T00:00:00Z", "date_published": "2019-02-08T00:00:00Z", "refs": [ "https://www.xorrior.com/No-Place-Like-Chrome/" ], "source": "MITRE", "title": "No Place Like Chrome" }, "related": [], "uuid": "84bfd3a1-bda2-4821-ac52-6af8515e5879", "value": "xorrior chrome extensions macOS" }, { "description": "Stefanie Schappert. (2023, November 28). North American auto supplier Yanfeng claimed by Qilin ransom group. Retrieved November 30, 2023.", "meta": { "date_accessed": "2023-11-30T00:00:00Z", "date_published": "2023-11-28T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://cybernews.com/news/yanfeng-ransomware-attack-claimed-qilin/" ], "source": "Tidal Cyber", "title": "North American auto supplier Yanfeng claimed by Qilin ransom group" }, "related": [], "uuid": "93c89ca5-1863-4ee2-9fff-258f94f655c4", "value": "Cybernews Yanfeng Qilin November 2023" }, { "description": "Lakshmanan, R. (2022, August 17). North Korea Hackers Spotted Targeting Job Seekers with macOS Malware. Retrieved April 10, 2023.", "meta": { "date_accessed": "2023-04-10T00:00:00Z", "date_published": "2022-08-17T00:00:00Z", "refs": [ "https://thehackernews.com/2022/08/north-korea-hackers-spotted-targeting.html" ], "source": "MITRE", "title": "North Korea Hackers Spotted Targeting Job Seekers with macOS Malware" }, "related": [], "uuid": "8ae38830-1547-5cc1-83a4-87c3a7c82aa6", "value": "The Hacker News Lazarus Aug 2022" }, { "description": "Cimpanu, C. (2020, September 30). North Korea has tried to hack 11 officials of the UN Security Council. Retrieved November 4, 2020.", "meta": { "date_accessed": "2020-11-04T00:00:00Z", "date_published": "2020-09-30T00:00:00Z", "refs": [ "https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council/" ], "source": "MITRE", "title": "North Korea has tried to hack 11 officials of the UN Security Council" }, "related": [], "uuid": "6253bbc5-4d7d-4b7e-bd6b-59bd6366dc50", "value": "Zdnet Kimsuky Group September 2020" }, { "description": "Cash, D., Grunzweig, J., Meltzer, M., Adair, S., Lancaster, T. (2021, August 17). North Korean APT InkySquid Infects Victims Using Browser Exploits. Retrieved September 30, 2021.", "meta": { "date_accessed": "2021-09-30T00:00:00Z", "date_published": "2021-08-17T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/" ], "source": "MITRE", "title": "North Korean APT InkySquid Infects Victims Using Browser Exploits" }, "related": [], "uuid": "7e394434-364f-4e50-9a96-3e75dacc9866", "value": "Volexity InkySquid BLUELIGHT August 2021" }, { "description": "An, J and Malhotra, A. (2021, November 10). North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets. Retrieved December 29, 2021.", "meta": { "date_accessed": "2021-12-29T00:00:00Z", "date_published": "2021-11-10T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html" ], "source": "MITRE", "title": "North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets" }, "related": [], "uuid": "17927f0e-297a-45ec-8e1c-8a33892205dc", "value": "Talos Kimsuky Nov 2021" }, { "description": "Cash, D., Grunzweig, J., Adair, S., Lancaster, T. (2021, August 25). North Korean BLUELIGHT Special: InkySquid Deploys RokRAT. Retrieved October 1, 2021.", "meta": { "date_accessed": "2021-10-01T00:00:00Z", "date_published": "2021-08-25T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/" ], "source": "MITRE", "title": "North Korean BLUELIGHT Special: InkySquid Deploys RokRAT" }, "related": [], "uuid": "bff1667b-3f87-4653-bd17-b675e997baf1", "value": "Volexity InkySquid RokRAT August 2021" }, { "description": "Saini, A. and Hossein, J. (2022, January 27). North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign. Retrieved January 27, 2022.", "meta": { "date_accessed": "2022-01-27T00:00:00Z", "date_published": "2022-01-27T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/" ], "source": "MITRE", "title": "North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign" }, "related": [], "uuid": "fbd96014-16c3-4ad6-bb3f-f92d15efce13", "value": "Lazarus APT January 2022" }, { "description": "gtworek. (2019, December 17). NoRunDll. Retrieved August 23, 2021.", "meta": { "date_accessed": "2021-08-23T00:00:00Z", "date_published": "2019-12-17T00:00:00Z", "refs": [ "https://github.com/gtworek/PSBits/tree/master/NoRunDll" ], "source": "MITRE", "title": "NoRunDll" }, "related": [], "uuid": "72d4b682-ed19-4e0f-aeff-faa52b3a0439", "value": "Github NoRunDll" }, { "description": "Tim Parisi. (2022, December 22). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "date_published": "2022-12-22T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/" ], "source": "Tidal Cyber", "title": "Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies" }, "related": [], "uuid": "e48760ba-2752-4d30-8f99-152c81f63017", "value": "CrowdStrike Scattered Spider SIM Swapping December 22 2022" }, { "description": "Parisi, T. (2022, December 2). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved June 30, 2023.", "meta": { "date_accessed": "2023-06-30T00:00:00Z", "date_published": "2022-12-02T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/" ], "source": "MITRE", "title": "Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies" }, "related": [], "uuid": "382785e1-4ef3-506e-b74f-cd07df9ae46e", "value": "Crowdstrike TELCO BPO Campaign December 2022" }, { "description": "Ducklin, P. (2015, April 20). Notes from SophosLabs: Dyreza, the malware that discriminates against old computers. Retrieved June 16, 2020.", "meta": { "date_accessed": "2020-06-16T00:00:00Z", "date_published": "2015-04-20T00:00:00Z", "refs": [ "https://nakedsecurity.sophos.com/2015/04/20/notes-from-sophoslabs-dyreza-the-malware-that-discriminates-against-old-computers/" ], "source": "MITRE", "title": "Notes from SophosLabs: Dyreza, the malware that discriminates against old computers" }, "related": [], "uuid": "50f9aa49-dde5-42c9-ba5c-f42281a71b7e", "value": "Sophos Dyreza April 2015" }, { "description": "Boyens, J,. Et al.. (2002, October). Notional Supply Chain Risk Management Practices for Federal Information Systems. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2002-10-01T00:00:00Z", "refs": [ "http://dx.doi.org/10.6028/NIST.IR.7622" ], "source": "MITRE", "title": "Notional Supply Chain Risk Management Practices for Federal Information Systems" }, "related": [], "uuid": "b3171abc-957c-4bd5-a18f-0d66bba396b9", "value": "NIST Supply Chain 2012" }, { "description": "eSentire. (2021, July 21). Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2021-07-21T00:00:00Z", "refs": [ "https://www.esentire.com/security-advisories/notorious-cybercrime-gang-fin7-lands-malware-in-law-firm-using-fake-legal-complaint-against-jack-daniels-owner-brown-forman-inc" ], "source": "MITRE", "title": "Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc." }, "related": [], "uuid": "3976dd0e-7dee-4ae7-8c38-484b12ca233e", "value": "eSentire FIN7 July 2021" }, { "description": "Counter Threat Research Team. (2017, June 28). NotPetya Campaign: What We Know About the Latest Global Ransomware Attack. Retrieved June 11, 2020.", "meta": { "date_accessed": "2020-06-11T00:00:00Z", "date_published": "2017-06-28T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/notpetya-campaign-what-we-know-about-the-latest-global-ransomware-attack" ], "source": "MITRE", "title": "NotPetya Campaign: What We Know About the Latest Global Ransomware Attack" }, "related": [], "uuid": "3109e59c-ace2-4e5a-bba2-24b840a7af0d", "value": "Secureworks NotPetya June 2017" }, { "description": "SensePost. (2017, September 21). NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange. Retrieved February 4, 2019.", "meta": { "date_accessed": "2019-02-04T00:00:00Z", "date_published": "2017-09-21T00:00:00Z", "refs": [ "https://github.com/sensepost/notruler" ], "source": "MITRE", "title": "NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange" }, "related": [], "uuid": "1bafe35e-f99c-4aa9-8b2f-5a35970ec83b", "value": "SensePost NotRuler" }, { "description": "Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018.", "meta": { "date_accessed": "2018-11-27T00:00:00Z", "date_published": "2018-11-19T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html" ], "source": "MITRE", "title": "Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign" }, "related": [], "uuid": "30e769e0-4552-429b-b16e-27830d42edea", "value": "FireEye APT29 Nov 2018" }, { "description": "The NTinterlnals.net team. (n.d.). Nowak, T. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "refs": [ "https://undocumented.ntinternals.net/" ], "source": "MITRE", "title": "Nowak, T" }, "related": [], "uuid": "306f7da7-caa2-40bf-a3db-e579c541eeb4", "value": "NT API Windows" }, { "description": "Npcap. (n.d.). Npcap: Windows Packet Capture Library & Driver. Retrieved September 7, 2023.", "meta": { "date_accessed": "2023-09-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://npcap.com/" ], "source": "Tidal Cyber", "title": "Npcap: Windows Packet Capture Library & Driver" }, "related": [], "uuid": "c8dc5650-eb37-4bb6-b5b7-e6269c79785c", "value": "Npcap: Windows Packet Capture Library & Driver" }, { "description": "Microsoft. (2021, October 21). NPLogonNotify function (npapi.h). Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2021-10-21T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/windows/win32/api/npapi/nf-npapi-nplogonnotify" ], "source": "MITRE", "title": "NPLogonNotify function (npapi.h)" }, "related": [], "uuid": "1fda833e-e543-5e68-a0f5-8a4170dd632a", "value": "NPLogonNotify" }, { "description": "Grzegorz Tworek. (2021, December 15). NPPSpy. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2021-12-15T00:00:00Z", "refs": [ "https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy" ], "source": "MITRE", "title": "NPPSpy" }, "related": [], "uuid": "c12bfaf6-4d83-552e-912b-cc55bce85961", "value": "NPPSPY" }, { "description": "LOLBAS. (2020, January 10). ntdsutil.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-01-10T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Ntdsutil/" ], "source": "Tidal Cyber", "title": "ntdsutil.exe" }, "related": [], "uuid": "9d15ab80-86b7-4a69-ae3f-de017ca89f37", "value": "ntdsutil.exe - LOLBAS Project" }, { "description": "Microsoft. (2016, August 31). Ntdsutil Microsoft. Retrieved July 11, 2023.", "meta": { "date_accessed": "2023-07-11T00:00:00Z", "date_published": "2016-08-31T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc753343(v=ws.11)" ], "source": "Tidal Cyber", "title": "Ntdsutil Microsoft" }, "related": [], "uuid": "34de2f08-0481-4894-80ef-86506d821cf0", "value": "Ntdsutil Microsoft" }, { "description": "Hughes, J. (2010, August 25). NTFS File Attributes. Retrieved March 21, 2018.", "meta": { "date_accessed": "2018-03-21T00:00:00Z", "date_published": "2010-08-25T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/askcore/2010/08/25/ntfs-file-attributes/" ], "source": "MITRE", "title": "NTFS File Attributes" }, "related": [], "uuid": "dc4689d2-54b4-4310-ac10-6b234eedbc16", "value": "Microsoft NTFS File Attributes Aug 2010" }, { "description": "Microsoft. (2021, November 23). NtQueryInformationProcess function (winternl.h). Retrieved February 4, 2022.", "meta": { "date_accessed": "2022-02-04T00:00:00Z", "date_published": "2021-11-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess" ], "source": "MITRE", "title": "NtQueryInformationProcess function (winternl.h)" }, "related": [], "uuid": "7b533ca9-9075-408d-b125-89bc7446ec8f", "value": "NtQueryInformationProcess" }, { "description": "Nyan-x-Cat. (n.d.). NYAN-x-CAT / AsyncRAT-C-Sharp. Retrieved October 3, 2023.", "meta": { "date_accessed": "2023-10-03T00:00:00Z", "refs": [ "https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/blob/master/README.md" ], "source": "MITRE", "title": "NYAN-x-CAT / AsyncRAT-C-Sharp" }, "related": [], "uuid": "b40fc5d8-02fd-5683-88c3-592c6b06df1a", "value": "AsyncRAT GitHub" }, { "description": "Joe Security. (2016, April 21). Nymaim - evading Sandboxes with API hammering. Retrieved September 30, 2021.", "meta": { "date_accessed": "2021-09-30T00:00:00Z", "date_published": "2016-04-21T00:00:00Z", "refs": [ "https://www.joesecurity.org/blog/3660886847485093803" ], "source": "MITRE", "title": "Nymaim - evading Sandboxes with API hammering" }, "related": [], "uuid": "fe6ac288-1c7c-4ec0-a709-c3ca56e5d088", "value": "Joe Sec Nymaim" }, { "description": "OWASP Wiki. (2018, February 16). OAT-004 Fingerprinting. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2018-02-16T00:00:00Z", "refs": [ "https://wiki.owasp.org/index.php/OAT-004_Fingerprinting" ], "source": "MITRE", "title": "OAT-004 Fingerprinting" }, "related": [], "uuid": "ec89a48b-3b00-4928-8450-d2fbd307817f", "value": "OWASP Fingerprinting" }, { "description": "OWASP. (n.d.). OAT-014 Vulnerability Scanning. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2018-02-16T00:00:00Z", "refs": [ "https://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-014_Vulnerability_Scanning" ], "source": "MITRE", "title": "OAT-014 Vulnerability Scanning" }, "related": [], "uuid": "039c0947-1976-4eb8-bb26-4c74dceea7f0", "value": "OWASP Vuln Scanning" }, { "description": "Choi, S. (2015, August 6). Obfuscated API Functions in Modern Packers. Retrieved August 22, 2022.", "meta": { "date_accessed": "2022-08-22T00:00:00Z", "date_published": "2015-08-06T00:00:00Z", "refs": [ "https://www.blackhat.com/docs/us-15/materials/us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf" ], "source": "MITRE", "title": "Obfuscated API Functions in Modern Packers" }, "related": [], "uuid": "fc4434c0-373b-42fe-a0f5-683c24fa329e", "value": "BlackHat API Packers" }, { "description": "Bohannon, D. & Carr N. (2017, June 30). Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques. Retrieved February 12, 2018.", "meta": { "date_accessed": "2018-02-12T00:00:00Z", "date_published": "2017-06-30T00:00:00Z", "refs": [ "https://web.archive.org/web/20170923102302/https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html" ], "source": "MITRE", "title": "Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques" }, "related": [], "uuid": "6d1089b7-0efe-4961-8abc-22a882895377", "value": "FireEye Obfuscation June 2017" }, { "description": "Patrick Wardle. (n.d.). Retrieved March 20, 2018.", "meta": { "date_accessed": "2018-03-20T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x25.html" ], "source": "MITRE", "title": "objective-see 2017 review" }, "related": [], "uuid": "26b757c8-25cd-42ef-bef2-eb7a28455d57", "value": "objective-see 2017 review" }, { "description": "Malhotra, A. (2021, March 2). ObliqueRAT returns with new campaign using hijacked websites. Retrieved September 2, 2021.", "meta": { "date_accessed": "2021-09-02T00:00:00Z", "date_published": "2021-03-02T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html" ], "source": "MITRE", "title": "ObliqueRAT returns with new campaign using hijacked websites" }, "related": [], "uuid": "20e13efb-4ca1-43b2-83a6-c852e03333d7", "value": "Talos Oblique RAT March 2021" }, { "description": "McMillen, D. Sperry, C. (2019, June 14). Observations of ITG07 Cyber Operations. Retrieved May 17, 2021.", "meta": { "date_accessed": "2021-05-17T00:00:00Z", "date_published": "2019-06-14T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/observations-of-itg07-cyber-operations/" ], "source": "MITRE", "title": "Observations of ITG07 Cyber Operations" }, "related": [], "uuid": "e2d453c3-efb4-44e5-8b60-6a98dd6c3341", "value": "IBM ITG07 June 2019" }, { "description": "Falcone, R. and Wartell, R.. (2015, July 27). Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved January 22, 2016.", "meta": { "date_accessed": "2016-01-22T00:00:00Z", "date_published": "2015-07-27T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/" ], "source": "MITRE", "title": "Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload" }, "related": [], "uuid": "0ab158b4-9085-481a-8458-40f7c752179f", "value": "Palo Alto CVE-2015-3113 July 2015" }, { "description": "Lassalle, D., et al. (2017, November 6). OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society. Retrieved November 6, 2017.", "meta": { "date_accessed": "2017-11-06T00:00:00Z", "date_published": "2017-11-06T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/" ], "source": "MITRE", "title": "OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society" }, "related": [], "uuid": "ed9f5545-377f-4a12-92e4-c0439cc5b037", "value": "Volexity OceanLotus Nov 2017" }, { "description": "Adair, S. and Lancaster, T. (2020, November 6). OceanLotus: Extending Cyber Espionage Operations Through Fake Websites. Retrieved November 20, 2020.", "meta": { "date_accessed": "2020-11-20T00:00:00Z", "date_published": "2020-11-06T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/" ], "source": "MITRE", "title": "OceanLotus: Extending Cyber Espionage Operations Through Fake Websites" }, "related": [], "uuid": "dbea2493-7e0a-47f0-88c1-5867f8bb1199", "value": "Volexity Ocean Lotus November 2020" }, { "description": "Eddie Lee. (2016, February 17). OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update. Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "date_published": "2016-02-17T00:00:00Z", "refs": [ "https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update" ], "source": "MITRE", "title": "OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update" }, "related": [], "uuid": "6e9acc29-06af-4915-8e01-7dcccb204530", "value": "OceanLotus for OS X" }, { "description": "Dumont, R.. (2019, April 9). OceanLotus: macOS malware update. Retrieved April 15, 2019.", "meta": { "date_accessed": "2019-04-15T00:00:00Z", "date_published": "2019-04-09T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/" ], "source": "MITRE", "title": "OceanLotus: macOS malware update" }, "related": [], "uuid": "e97e479b-4e6d-40b5-94cb-eac06172c0f8", "value": "ESET OceanLotus macOS April 2019" }, { "description": "Foltýn, T. (2018, March 13). OceanLotus ships new backdoor using old tricks. Retrieved May 22, 2018.", "meta": { "date_accessed": "2018-05-22T00:00:00Z", "date_published": "2018-03-13T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/" ], "source": "MITRE, Tidal Cyber", "title": "OceanLotus ships new backdoor using old tricks" }, "related": [], "uuid": "a7bcbaca-10c1-403a-9eb5-f111af1cbf6a", "value": "ESET OceanLotus" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2018, October 15). Octopus-infested seas of Central Asia. Retrieved November 14, 2018.", "meta": { "date_accessed": "2018-11-14T00:00:00Z", "date_published": "2018-10-15T00:00:00Z", "refs": [ "https://securelist.com/octopus-infested-seas-of-central-asia/88200/" ], "source": "MITRE, Tidal Cyber", "title": "Octopus-infested seas of Central Asia" }, "related": [], "uuid": "77407057-53f1-4fde-bc74-00f73d417f7d", "value": "Securelist Octopus Oct 2018" }, { "description": "LOLBAS. (n.d.). Odbcconf.exe. Retrieved March 7, 2019.", "meta": { "date_accessed": "2019-03-07T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Odbcconf/" ], "source": "MITRE", "title": "Odbcconf.exe" }, "related": [], "uuid": "febcaaec-b535-4347-a4c7-b3284b251897", "value": "LOLBAS Odbcconf" }, { "description": "Microsoft. (2017, January 18). ODBCCONF.EXE. Retrieved March 7, 2019.", "meta": { "date_accessed": "2019-03-07T00:00:00Z", "date_published": "2017-01-18T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/sql/odbc/odbcconf-exe?view=sql-server-2017" ], "source": "MITRE", "title": "ODBCCONF.EXE" }, "related": [], "uuid": "9df74876-2abf-4ced-b986-36212225d795", "value": "Microsoft odbcconf.exe" }, { "description": "GrimHacker. (2017, July 24). Office365 ActiveSync Username Enumeration. Retrieved December 9, 2021.", "meta": { "date_accessed": "2021-12-09T00:00:00Z", "date_published": "2017-07-24T00:00:00Z", "refs": [ "https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/" ], "source": "MITRE", "title": "Office365 ActiveSync Username Enumeration" }, "related": [], "uuid": "cab25908-63da-484d-8c42-4451f46086e2", "value": "GrimBlog UsernameEnum" }, { "description": "gremwell. (2020, March 24). Office 365 User Enumeration. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2020-03-24T00:00:00Z", "refs": [ "https://github.com/gremwell/o365enum" ], "source": "MITRE", "title": "Office 365 User Enumeration" }, "related": [], "uuid": "314fb591-d5f2-4f0c-ab0b-97977308b5dc", "value": "GitHub Office 365 User Enumeration" }, { "description": "Carr, N. (2016, August 14). OfficeCrackros. Retrieved February 12, 2018.", "meta": { "date_accessed": "2018-02-12T00:00:00Z", "date_published": "2016-08-14T00:00:00Z", "refs": [ "https://github.com/itsreallynick/office-crackros" ], "source": "MITRE", "title": "OfficeCrackros" }, "related": [], "uuid": "6298d7b0-c6f9-46dd-91f0-41ef0ad515a5", "value": "GitHub Office-Crackros Aug 2016" }, { "description": "Shukrun, S. (2019, June 2). Office Templates and GlobalDotName - A Stealthy Office Persistence Technique. Retrieved August 26, 2019.", "meta": { "date_accessed": "2019-08-26T00:00:00Z", "date_published": "2019-06-02T00:00:00Z", "refs": [ "https://www.221bluestreet.com/post/office-templates-and-globaldotname-a-stealthy-office-persistence-technique" ], "source": "MITRE", "title": "Office Templates and GlobalDotName - A Stealthy Office Persistence Technique" }, "related": [], "uuid": "f574182a-5d91-43c8-b560-e84a7e941c96", "value": "GlobalDotName Jun 2019" }, { "description": "Microsoft. (2019, June 11). Office VBA Reference. Retrieved June 23, 2020.", "meta": { "date_accessed": "2020-06-23T00:00:00Z", "date_published": "2019-06-11T00:00:00Z", "refs": [ "https://docs.microsoft.com/office/vba/api/overview/" ], "source": "MITRE", "title": "Office VBA Reference" }, "related": [], "uuid": "ba0e3c5d-7934-4ece-b4a1-c03bc355f378", "value": "Microsoft VBA" }, { "description": "LOLBAS. (2021, August 16). OfflineScannerShell.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-08-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/OfflineScannerShell/" ], "source": "Tidal Cyber", "title": "OfflineScannerShell.exe" }, "related": [], "uuid": "8194442f-4f86-438e-bd0c-f4cbda0264b8", "value": "OfflineScannerShell.exe - LOLBAS Project" }, { "description": "Arsene, L. (2020, April 21). Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal. Retrieved May 19, 2020.", "meta": { "date_accessed": "2020-05-19T00:00:00Z", "date_published": "2020-04-21T00:00:00Z", "refs": [ "https://labs.bitdefender.com/2020/04/oil-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-advance-of-historic-opec-deal/" ], "source": "MITRE", "title": "Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal" }, "related": [], "uuid": "e3d932fc-0148-43b9-bcc7-971dd7ba3bf8", "value": "Bitdefender Agent Tesla April 2020" }, { "description": "Falcone, R.. (2017, April 27). OilRig Actors Provide a Glimpse into Development and Testing Efforts. Retrieved May 3, 2017.", "meta": { "date_accessed": "2017-05-03T00:00:00Z", "date_published": "2017-04-27T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/" ], "source": "MITRE", "title": "OilRig Actors Provide a Glimpse into Development and Testing Efforts" }, "related": [], "uuid": "fb561cdd-03f6-4867-b5b5-7e4deb11f0d0", "value": "Palo Alto OilRig April 2017" }, { "description": "Falcone, R. and Lee, B. (2017, October 9). OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan. Retrieved January 8, 2018.", "meta": { "date_accessed": "2018-01-08T00:00:00Z", "date_published": "2017-10-09T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/" ], "source": "MITRE", "title": "OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan" }, "related": [], "uuid": "f5f3e1e7-1d83-4ddc-a878-134cd0d268ce", "value": "OilRig New Delivery Oct 2017" }, { "description": "Grunzweig, J. and Falcone, R.. (2016, October 4). OilRig Malware Campaign Updates Toolset and Expands Targets. Retrieved May 3, 2017.", "meta": { "date_accessed": "2017-05-03T00:00:00Z", "date_published": "2016-10-04T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/" ], "source": "MITRE, Tidal Cyber", "title": "OilRig Malware Campaign Updates Toolset and Expands Targets" }, "related": [], "uuid": "14bbb07b-caeb-4d17-8e54-047322a5930c", "value": "Palo Alto OilRig Oct 2016" }, { "description": "Falcone, R., et al. (2018, September 04). OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE. Retrieved September 24, 2018.", "meta": { "date_accessed": "2018-09-24T00:00:00Z", "date_published": "2018-09-04T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie/" ], "source": "MITRE", "title": "OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE" }, "related": [], "uuid": "84815940-b98a-4f5c-82fe-7d8bf2f51a09", "value": "Unit 42 OilRig Sept 2018" }, { "description": "Falcone, R. (2020, July 22). OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory. Retrieved July 28, 2020.", "meta": { "date_accessed": "2020-07-28T00:00:00Z", "date_published": "2020-07-22T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/" ], "source": "MITRE", "title": "OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory" }, "related": [], "uuid": "2929baa5-ead7-4936-ab67-c4742afc473c", "value": "Unit42 RDAT July 2020" }, { "description": "Lee, B., Falcone, R. (2018, July 25). OilRig Targets Technology Service Provider and Government Agency with QUADAGENT. Retrieved August 9, 2018.", "meta": { "date_accessed": "2018-08-09T00:00:00Z", "date_published": "2018-07-25T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/" ], "source": "MITRE", "title": "OilRig Targets Technology Service Provider and Government Agency with QUADAGENT" }, "related": [], "uuid": "320f49df-7b0a-4a6a-8542-17b0f56c94c9", "value": "Unit 42 QUADAGENT July 2018" }, { "description": "Falcone, R. and Lee, B. (2017, July 27). OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group. Retrieved January 8, 2018.", "meta": { "date_accessed": "2018-01-08T00:00:00Z", "date_published": "2017-07-27T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/" ], "source": "MITRE", "title": "OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group" }, "related": [], "uuid": "e42c60cb-7827-4896-96e9-1323d5973aac", "value": "OilRig ISMAgent July 2017" }, { "description": "Falcone, R. (2018, January 25). OilRig uses RGDoor IIS Backdoor on Targets in the Middle East. Retrieved July 6, 2018.", "meta": { "date_accessed": "2018-07-06T00:00:00Z", "date_published": "2018-01-25T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/" ], "source": "MITRE", "title": "OilRig uses RGDoor IIS Backdoor on Targets in the Middle East" }, "related": [], "uuid": "94b37da6-f808-451e-8f2d-5df0e93358ca", "value": "Unit 42 RGDoor Jan 2018" }, { "description": "Wilhoit, K. and Falcone, R. (2018, September 12). OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government. Retrieved February 18, 2019.", "meta": { "date_accessed": "2019-02-18T00:00:00Z", "date_published": "2018-09-12T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government/" ], "source": "MITRE", "title": "OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government" }, "related": [], "uuid": "2ec6eabe-92e2-454c-ba7b-b27fec5b428d", "value": "Palo Alto OilRig Sep 2018" }, { "description": "Hromcova, Z. (2019, July). OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY. Retrieved May 6, 2020.", "meta": { "date_accessed": "2020-05-06T00:00:00Z", "date_published": "2019-07-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2019/07/ESET_Okrum_and_Ketrican.pdf" ], "source": "MITRE", "title": "OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY" }, "related": [], "uuid": "197163a8-1a38-4edd-ba73-f44e7a329f41", "value": "ESET Okrum July 2019" }, { "description": "Brumaghin, E., et al. (2018, October 15). Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2018-10-15T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html" ], "source": "MITRE", "title": "Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox" }, "related": [], "uuid": "a7f38717-afbe-41c1-a404-bcb023c337e3", "value": "Talos Agent Tesla Oct 2018" }, { "description": "Ishimaru, S.. (2017, April 13). Old Malware Tricks To Bypass Detection in the Age of Big Data. Retrieved May 30, 2019.", "meta": { "date_accessed": "2019-05-30T00:00:00Z", "date_published": "2017-04-13T00:00:00Z", "refs": [ "https://securelist.com/old-malware-tricks-to-bypass-detection-in-the-age-of-big-data/78010/" ], "source": "MITRE", "title": "Old Malware Tricks To Bypass Detection in the Age of Big Data" }, "related": [], "uuid": "3430ac9b-1621-42b4-9cc7-5ee60191051f", "value": "Securelist Malware Tricks April 2017" }, { "description": "Haag, M., Levan, K. (2017, April 6). Old Phishing Attacks Deploy a New Methodology: Verclsid.exe. Retrieved August 10, 2020.", "meta": { "date_accessed": "2020-08-10T00:00:00Z", "date_published": "2017-04-06T00:00:00Z", "refs": [ "https://redcanary.com/blog/verclsid-exe-threat-detection/" ], "source": "MITRE", "title": "Old Phishing Attacks Deploy a New Methodology: Verclsid.exe" }, "related": [], "uuid": "f64e934f-737d-4461-8158-ae855bc472c4", "value": "Red Canary Verclsid.exe" }, { "description": "Mercer, W. and Rascagneres, P. (2018, February 12). Olympic Destroyer Takes Aim At Winter Olympics. Retrieved March 14, 2019.", "meta": { "date_accessed": "2019-03-14T00:00:00Z", "date_published": "2018-02-12T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/02/olympic-destroyer.html" ], "source": "MITRE", "title": "Olympic Destroyer Takes Aim At Winter Olympics" }, "related": [], "uuid": "25a2e179-7abd-4091-8af4-e9d2bf24ef11", "value": "Talos Olympic Destroyer 2018" }, { "description": "Busselen, M. (2020, April 7). On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations. Retrieved May 20, 2020.", "meta": { "date_accessed": "2020-05-20T00:00:00Z", "date_published": "2020-04-07T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/" ], "source": "MITRE", "title": "On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations" }, "related": [], "uuid": "f71410b4-5f79-439a-ae9e-8965f9bc577f", "value": "Crowdstrike Pirate Panda April 2020" }, { "description": "LOLBAS. (2021, August 22). OneDriveStandaloneUpdater.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-08-22T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/OneDriveStandaloneUpdater/" ], "source": "Tidal Cyber", "title": "OneDriveStandaloneUpdater.exe" }, "related": [], "uuid": "3d7dcd68-a7b2-438c-95bb-b7523a39c6f7", "value": "OneDriveStandaloneUpdater.exe - LOLBAS Project" }, { "description": "Hernandez, A. S. Tarter, P. Ocamp, E. J. (2022, January 19). One Source to Rule Them All: Chasing AVADDON Ransomware. Retrieved January 26, 2022.", "meta": { "date_accessed": "2022-01-26T00:00:00Z", "date_published": "2022-01-19T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/chasing-avaddon-ransomware" ], "source": "MITRE", "title": "One Source to Rule Them All: Chasing AVADDON Ransomware" }, "related": [], "uuid": "c5aeed6b-2d5d-4d49-b05e-261d565808d9", "value": "chasing_avaddon_ransomware" }, { "description": "Wikipedia. (n.d.). Onion Routing. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Onion_routing" ], "source": "MITRE", "title": "Onion Routing" }, "related": [], "uuid": "0667caad-39cd-469b-91c0-1210c09e6041", "value": "Onion Routing" }, { "description": "Carr, N., et al. (2018, August 01). On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. Retrieved August 23, 2018.", "meta": { "date_accessed": "2018-08-23T00:00:00Z", "date_published": "2018-08-01T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html" ], "source": "MITRE", "title": "On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation" }, "related": [], "uuid": "54e5f23a-5ca6-4feb-8046-db2fb71b400a", "value": "FireEye FIN7 Aug 2018" }, { "description": "Phile Stokes. (2018, September 20). On the Trail of OSX.FairyTale | Adware Playing at Malware. Retrieved August 24, 2021.", "meta": { "date_accessed": "2021-08-24T00:00:00Z", "date_published": "2018-09-20T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/trail-osx-fairytale-adware-playing-malware/" ], "source": "MITRE", "title": "On the Trail of OSX.FairyTale | Adware Playing at Malware" }, "related": [], "uuid": "27f8ad45-53d2-48ba-b549-f7674cf9c2e7", "value": "OSX.FairyTale" }, { "description": "Lee, B., Falcone, R. (2018, February 23). OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan. Retrieved July 16, 2018.", "meta": { "date_accessed": "2018-07-16T00:00:00Z", "date_published": "2018-02-23T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/02/unit42-oopsie-oilrig-uses-threedollars-deliver-new-trojan/" ], "source": "MITRE", "title": "OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan" }, "related": [], "uuid": "d4c2bac0-e95c-46af-ae52-c93de3d92f19", "value": "Unit 42 OopsIE! Feb 2018" }, { "description": "Huss, D., et al. (2017, February 2). Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX. Retrieved April 5, 2018.", "meta": { "date_accessed": "2018-04-05T00:00:00Z", "date_published": "2017-02-02T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx" ], "source": "MITRE", "title": "Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX" }, "related": [], "uuid": "63787035-f136-43e1-b445-22853bbed92b", "value": "Proofpoint ZeroT Feb 2017" }, { "description": "LOLBAS. (2022, June 17). OpenConsole.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-06-17T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/OpenConsole/" ], "source": "Tidal Cyber", "title": "OpenConsole.exe" }, "related": [], "uuid": "e597522a-68ac-4d7e-80c4-db1c66d2da04", "value": "OpenConsole.exe - LOLBAS Project" }, { "description": "Apple. (n.d.). Open items automatically when you log in on Mac. Retrieved October 1, 2021.", "meta": { "date_accessed": "2021-10-01T00:00:00Z", "refs": [ "https://support.apple.com/guide/mac-help/open-items-automatically-when-you-log-in-mh15189/mac" ], "source": "MITRE", "title": "Open items automatically when you log in on Mac" }, "related": [], "uuid": "46a480eb-52d1-44c9-8b44-7e516b27cf82", "value": "Open Login Items Apple" }, { "description": "rvrsh3ll. (2016, May 18). Operating with EmPyre. Retrieved July 12, 2017.", "meta": { "date_accessed": "2017-07-12T00:00:00Z", "date_published": "2016-05-18T00:00:00Z", "refs": [ "https://medium.com/rvrsh3ll/operating-with-empyre-ea764eda3363" ], "source": "MITRE", "title": "Operating with EmPyre" }, "related": [], "uuid": "459a4ad5-0e28-4bfc-a73e-b9dd516d516f", "value": "Operating with EmPyre" }, { "description": "Global Research & Analysis Team, Kaspersky Lab (GReAT). (2018, August 23). Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware. Retrieved September 27, 2022.", "meta": { "date_accessed": "2022-09-27T00:00:00Z", "date_published": "2018-08-23T00:00:00Z", "refs": [ "https://securelist.com/operation-applejeus/87553/" ], "source": "MITRE", "title": "Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware" }, "related": [], "uuid": "336ea5f5-d8cc-4af5-9aa0-203e319b3c28", "value": "Windows AppleJeus GReAT" }, { "description": "Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Destructive Malware Report. Retrieved March 2, 2016.", "meta": { "date_accessed": "2016-03-02T00:00:00Z", "date_published": "2016-02-24T00:00:00Z", "refs": [ "https://web.archive.org/web/20160303200515/https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf" ], "source": "MITRE", "title": "Operation Blockbuster: Destructive Malware Report" }, "related": [], "uuid": "de278b77-52cb-4126-9341-5b32843ae9f1", "value": "Novetta Blockbuster Destructive Malware" }, { "description": "Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Loaders, Installers and Uninstallers Report. Retrieved March 2, 2016.", "meta": { "date_accessed": "2016-03-02T00:00:00Z", "date_published": "2016-02-24T00:00:00Z", "refs": [ "https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf" ], "source": "MITRE", "title": "Operation Blockbuster: Loaders, Installers and Uninstallers Report" }, "related": [], "uuid": "5d3e2f36-3833-4203-9884-c3ff806da286", "value": "Novetta Blockbuster Loaders" }, { "description": "Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report. Retrieved March 16, 2016.", "meta": { "date_accessed": "2016-03-16T00:00:00Z", "date_published": "2016-02-24T00:00:00Z", "refs": [ "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf" ], "source": "MITRE", "title": "Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report" }, "related": [], "uuid": "80d88e80-b5a7-48b7-a999-96b06d082997", "value": "Novetta Blockbuster RATs" }, { "description": "Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Tools Report. Retrieved March 10, 2016.", "meta": { "date_accessed": "2016-03-10T00:00:00Z", "date_published": "2016-02-24T00:00:00Z", "refs": [ "https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Tools-Report.pdf" ], "source": "MITRE", "title": "Operation Blockbuster: Tools Report" }, "related": [], "uuid": "6dd1b091-9ace-4e31-9845-3b1091147ecd", "value": "Novetta Blockbuster Tools" }, { "description": "Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. Retrieved February 25, 2016.", "meta": { "date_accessed": "2016-02-25T00:00:00Z", "date_published": "2016-02-24T00:00:00Z", "refs": [ "https://web.archive.org/web/20160226161828/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Operation Blockbuster: Unraveling the Long Thread of the Sony Attack" }, "related": [], "uuid": "bde96b4f-5f98-4ce5-a507-4b05d192b6d7", "value": "Novetta Blockbuster" }, { "description": "Eng, E., Caselden, D.. (2015, June 23). Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign. Retrieved January 14, 2016.", "meta": { "date_accessed": "2016-01-14T00:00:00Z", "date_published": "2015-06-23T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html" ], "source": "MITRE, Tidal Cyber", "title": "Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign" }, "related": [], "uuid": "dbb779c4-4d75-4fb4-ad3a-7d1f0f74e26f", "value": "FireEye Clandestine Wolf" }, { "description": "Cylance. (2014, December). Operation Cleaver. Retrieved September 14, 2017.", "meta": { "date_accessed": "2017-09-14T00:00:00Z", "date_published": "2014-12-01T00:00:00Z", "refs": [ "https://web.archive.org/web/20200302085133/https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Operation Cleaver" }, "related": [], "uuid": "f0b45225-3ec3-406f-bd74-87f24003761b", "value": "Cylance Cleaver" }, { "description": "PwC and BAE Systems. (2017, April). Operation Cloud Hopper. Retrieved April 5, 2017.", "meta": { "date_accessed": "2017-04-05T00:00:00Z", "date_published": "2017-04-01T00:00:00Z", "refs": [ "https://web.archive.org/web/20220224041316/https:/www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Operation Cloud Hopper" }, "related": [], "uuid": "fe741064-8cd7-428b-bdb9-9f2ab7e92489", "value": "PWC Cloud Hopper April 2017" }, { "description": "PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.", "meta": { "date_accessed": "2017-04-13T00:00:00Z", "date_published": "2017-04-01T00:00:00Z", "refs": [ "https://www.pwc.co.uk/cyber-security/pdf/pwc-uk-operation-cloud-hopper-technical-annex-april-2017.pdf" ], "source": "MITRE", "title": "Operation Cloud Hopper: Technical Annex" }, "related": [], "uuid": "da6c8a72-c732-44d5-81ac-427898706eed", "value": "PWC Cloud Hopper Technical Annex April 2017" }, { "description": "Dahan, A. (2017). Operation Cobalt Kitty. Retrieved December 27, 2018.", "meta": { "date_accessed": "2018-12-27T00:00:00Z", "date_published": "2017-01-01T00:00:00Z", "refs": [ "https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty.pdf" ], "source": "MITRE", "title": "Operation Cobalt Kitty" }, "related": [], "uuid": "bf838a23-1620-4668-807a-4354083d69b1", "value": "Cybereason Cobalt Kitty 2017" }, { "description": "Dahan, A. (2017, May 24). OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2017-05-24T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/operation-cobalt-kitty-apt" ], "source": "MITRE", "title": "OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP" }, "related": [], "uuid": "1ef3025b-d4a9-49aa-b744-2dbea10a0abf", "value": "Cybereason Oceanlotus May 2017" }, { "description": "Cybereason Nocturnus. (2022, May 4). Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques. Retrieved September 22, 2022.", "meta": { "date_accessed": "2022-09-22T00:00:00Z", "date_published": "2022-05-04T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques" ], "source": "MITRE", "title": "Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques" }, "related": [], "uuid": "fe3e2c7e-2287-406c-b717-cf7721b5843a", "value": "Cybereason OperationCuckooBees May 2022" }, { "description": "Raiu, C., and Ivanov, A. (2016, June 17). Operation Daybreak. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2016-06-17T00:00:00Z", "refs": [ "https://securelist.com/operation-daybreak/75100/" ], "source": "MITRE, Tidal Cyber", "title": "Operation Daybreak" }, "related": [], "uuid": "04961952-9bac-48f3-adc7-40a3a2bcee84", "value": "Securelist ScarCruft Jun 2016" }, { "description": "Moran, N., et al. (2014, November 21). Operation Double Tap. Retrieved January 14, 2016.", "meta": { "date_accessed": "2016-01-14T00:00:00Z", "date_published": "2014-11-21T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html" ], "source": "MITRE", "title": "Operation Double Tap" }, "related": [], "uuid": "4b9af128-98da-48b6-95c7-8d27979c2ab1", "value": "FireEye Operation Double Tap" }, { "description": "ClearSky Research Team. (2020, August 13). Operation 'Dream Job' Widespread North Korean Espionage Campaign. Retrieved December 20, 2021.", "meta": { "date_accessed": "2021-12-20T00:00:00Z", "date_published": "2020-08-13T00:00:00Z", "refs": [ "https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf" ], "source": "MITRE", "title": "Operation 'Dream Job' Widespread North Korean Espionage Campaign" }, "related": [], "uuid": "2827e6e4-8163-47fb-9e22-b59e59cd338f", "value": "ClearSky Lazarus Aug 2020" }, { "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", "meta": { "date_accessed": "2021-12-22T00:00:00Z", "date_published": "2016-02-23T00:00:00Z", "refs": [ "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" ], "source": "MITRE", "title": "Operation Dust Storm" }, "related": [], "uuid": "001dd53c-74e6-4add-aeb7-da76b0d2afe8", "value": "Cylance Dust Storm" }, { "description": "ClearSky. (2016, January 7). Operation DustySky. Retrieved January 8, 2016.", "meta": { "date_accessed": "2016-01-08T00:00:00Z", "date_published": "2016-01-07T00:00:00Z", "refs": [ "https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Operation DustySky" }, "related": [], "uuid": "b9e0770d-f54a-4ada-abd1-65c45eee00fa", "value": "DustySky" }, { "description": "ClearSky Cybersecurity. (2016, June 9). Operation DustySky - Part 2. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2016-06-09T00:00:00Z", "refs": [ "http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf" ], "source": "MITRE", "title": "Operation DustySky - Part 2" }, "related": [], "uuid": "4a3ecdec-254c-4eb4-9126-f540bb21dffe", "value": "DustySky2" }, { "description": "Chen, J. et al. (2019, November). Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data. Retrieved June 9, 2020.", "meta": { "date_accessed": "2020-06-09T00:00:00Z", "date_published": "2019-11-01T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf" ], "source": "MITRE", "title": "Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data" }, "related": [], "uuid": "93adbf0d-5f5e-498e-aca1-ed3eb11561e7", "value": "Trend Micro Tick November 2019" }, { "description": "Moran, N. et al.. (2013, November 10). Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "date_published": "2013-11-10T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html" ], "source": "MITRE", "title": "Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method" }, "related": [], "uuid": "68b5a913-b696-4ca5-89ed-63453023d2a2", "value": "FireEye DeputyDog 9002 November 2013" }, { "description": "Gruzweig, J. et al. (2021, March 2). Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities. Retrieved March 3, 2021.", "meta": { "date_accessed": "2021-03-03T00:00:00Z", "date_published": "2021-03-02T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/" ], "source": "MITRE, Tidal Cyber", "title": "Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities" }, "related": [], "uuid": "ef0626e9-281c-4770-b145-ffe36e18e369", "value": "Volexity Exchange Marauder March 2021" }, { "description": "Faou, M., Tartare, M., Dupuy, T. (2019, October). OPERATION GHOST. Retrieved September 23, 2020.", "meta": { "date_accessed": "2020-09-23T00:00:00Z", "date_published": "2019-10-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf" ], "source": "MITRE", "title": "OPERATION GHOST" }, "related": [], "uuid": "fbc77b85-cc5a-4c65-956d-b8556974b4ef", "value": "ESET Dukes October 2019" }, { "description": "IssueMakersLab. (2017, May 1). Operation GoldenAxe. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2017-05-01T00:00:00Z", "refs": [ "http://www.issuemakerslab.com/research3/" ], "source": "MITRE", "title": "Operation GoldenAxe" }, "related": [], "uuid": "10a21964-d31f-40af-bf32-5ccd7d8c99a2", "value": "IssueMakersLab Andariel GoldenAxe May 2017" }, { "description": "Cherepanov, A.. (2016, May 17). Operation Groundbait: Analysis of a surveillance toolkit. Retrieved May 18, 2016.", "meta": { "date_accessed": "2016-05-18T00:00:00Z", "date_published": "2016-05-17T00:00:00Z", "refs": [ "http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf" ], "source": "MITRE", "title": "Operation Groundbait: Analysis of a surveillance toolkit" }, "related": [], "uuid": "218e69fd-558c-459b-9a57-ad2ee3e96296", "value": "ESET Operation Groundbait" }, { "description": "Fagerland, S., et al. (2013, May). Operation Hangover: Unveiling an Indian Cyberattack Infrastructure. Retrieved September 26, 2016.", "meta": { "date_accessed": "2016-09-26T00:00:00Z", "date_published": "2013-05-01T00:00:00Z", "refs": [ "http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf" ], "source": "MITRE", "title": "Operation Hangover: Unveiling an Indian Cyberattack Infrastructure" }, "related": [], "uuid": "fd581c0c-d93e-4396-a372-99cde3cd0c7c", "value": "Operation Hangover May 2013" }, { "description": "Breitenbacher, D and Osis, K. (2020, June 17). OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies. Retrieved December 20, 2021.", "meta": { "date_accessed": "2021-12-20T00:00:00Z", "date_published": "2020-06-17T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf" ], "source": "MITRE", "title": "OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies" }, "related": [], "uuid": "b16a0141-dea3-4b34-8279-7bc1ce3d7052", "value": "ESET Lazarus Jun 2020" }, { "description": "AhnLab. (2019, February 28). Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2019-02-28T00:00:00Z", "refs": [ "https://global.ahnlab.com/global/upload/download/techreport/%5BAnalysis_Report%5DOperation%20Kabar%20Cobra.pdf" ], "source": "MITRE", "title": "Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group" }, "related": [], "uuid": "4035e871-9291-4d7f-9c5f-d8482d4dc8a7", "value": "AhnLab Kimsuky Kabar Cobra Feb 2019" }, { "description": "Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf" ], "source": "MITRE", "title": "OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs" }, "related": [], "uuid": "31504d92-6c4d-43f0-8548-ccc3aa05ba48", "value": "Villeneuve et al 2014" }, { "description": "Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs" ], "source": "MITRE, Tidal Cyber", "title": "OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs" }, "related": [], "uuid": "bb45cf96-ceae-4f46-a0f5-08cd89f699c9", "value": "Mandiant Operation Ke3chang November 2014" }, { "description": "Ventura, V. (2021, September 16). Operation Layover: How we tracked an attack on the aviation industry to five years of compromise. Retrieved September 15, 2023.", "meta": { "date_accessed": "2023-09-15T00:00:00Z", "date_published": "2021-09-16T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/operation-layover-how-we-tracked-attack/" ], "source": "MITRE", "title": "Operation Layover: How we tracked an attack on the aviation industry to five years of compromise" }, "related": [], "uuid": "f19b4bd5-99f9-54c0-bffe-cc9c052aea12", "value": "Cisco Operation Layover September 2021" }, { "description": "Falcone, R., et al.. (2015, June 16). Operation Lotus Blossom. Retrieved February 15, 2016.", "meta": { "date_accessed": "2016-02-15T00:00:00Z", "date_published": "2015-06-16T00:00:00Z", "refs": [ "https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html" ], "source": "MITRE, Tidal Cyber", "title": "Operation Lotus Blossom" }, "related": [], "uuid": "46fdb8ca-b14d-43bd-a20f-cae7b26e56c6", "value": "Lotus Blossom Jun 2015" }, { "description": "Villeneuve, N., Haq, H., Moran, N. (2013, August 23). OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY. Retrieved April 1, 2016.", "meta": { "date_accessed": "2016-04-01T00:00:00Z", "date_published": "2013-08-23T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html" ], "source": "MITRE", "title": "OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY" }, "related": [], "uuid": "6b24e4aa-e773-4ca3-8267-19e036dc1144", "value": "FireEye Operation Molerats" }, { "description": "Beek, C. (2020, November 5). Operation North Star: Behind The Scenes. Retrieved December 20, 2021.", "meta": { "date_accessed": "2021-12-20T00:00:00Z", "date_published": "2020-11-05T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/" ], "source": "MITRE", "title": "Operation North Star: Behind The Scenes" }, "related": [], "uuid": "a283d229-3a2a-43ef-bcbe-aa6d41098b51", "value": "McAfee Lazarus Nov 2020" }, { "description": "Cashman, M. (2020, July 29). Operation North Star Campaign. Retrieved December 20, 2021.", "meta": { "date_accessed": "2021-12-20T00:00:00Z", "date_published": "2020-07-29T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/?hilite=%27Operation%27%2C%27North%27%2C%27Star%27" ], "source": "MITRE", "title": "Operation North Star Campaign" }, "related": [], "uuid": "43581a7d-d71a-4121-abb6-127483a49d12", "value": "McAfee Lazarus Jul 2020" }, { "description": "Sherstobitoff, R., Malhotra, A. (2018, October 18). ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group. Retrieved November 30, 2018.", "meta": { "date_accessed": "2018-11-30T00:00:00Z", "date_published": "2018-10-18T00:00:00Z", "refs": [ "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf" ], "source": "MITRE", "title": "‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group" }, "related": [], "uuid": "04b475ab-c7f6-4373-a4b0-04b5d8028f95", "value": "McAfee Oceansalt Oct 2018" }, { "description": "Ned Moran, Mike Scott, Mike Oppenheim of FireEye. (2014, November 3). Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement. Retrieved April 18, 2019.", "meta": { "date_accessed": "2019-04-18T00:00:00Z", "date_published": "2014-11-03T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html" ], "source": "MITRE", "title": "Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement" }, "related": [], "uuid": "1d57b1c8-930b-4bcb-a51e-39020327cc5d", "value": "FireEye OpPoisonedHandover February 2016" }, { "description": "Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 4, 2015.", "meta": { "date_accessed": "2015-11-04T00:00:00Z", "date_published": "2014-09-01T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf" ], "source": "MITRE, Tidal Cyber", "title": "OPERATION QUANTUM ENTANGLEMENT" }, "related": [], "uuid": "c94f9652-32c3-4975-a9c0-48f93bdfe790", "value": "Operation Quantum Entanglement" }, { "description": "Huss, D. & Mesa, M. (2017, August 25). Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "date_published": "2017-08-25T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures" ], "source": "MITRE", "title": "Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures" }, "related": [], "uuid": "b796f889-400c-440b-86b2-1588fd15f3ae", "value": "ProofPoint GoT 9002 Aug 2017" }, { "description": "FireEye Labs. (2015, April 18). Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack. Retrieved April 24, 2017.", "meta": { "date_accessed": "2017-04-24T00:00:00Z", "date_published": "2015-04-18T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html" ], "source": "MITRE", "title": "Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack" }, "related": [], "uuid": "6f5986b7-07ee-4bca-9cb1-248744e94d7f", "value": "FireEye Op RussianDoll" }, { "description": "Villeneuve, N. et al.. (2013). OPERATION SAFFRON ROSE . Retrieved May 28, 2020.", "meta": { "date_accessed": "2020-05-28T00:00:00Z", "date_published": "2013-01-01T00:00:00Z", "refs": [ "https://www.mandiant.com/sites/default/files/2021-09/rpt-operation-saffron-rose.pdf" ], "source": "MITRE", "title": "OPERATION SAFFRON ROSE" }, "related": [], "uuid": "2f4c0941-d14e-4eb8-828c-f1d9a1e14a95", "value": "FireEye Operation Saffron Rose 2013" }, { "description": "Livelli, K, et al. (2018, November 12). Operation Shaheen. Retrieved May 1, 2019.", "meta": { "date_accessed": "2019-05-01T00:00:00Z", "date_published": "2018-11-12T00:00:00Z", "refs": [ "https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf?_ga=2.161661948.1943296560.1555683782-1066572390.1555511517" ], "source": "MITRE", "title": "Operation Shaheen" }, "related": [], "uuid": "57802e46-e12c-4230-8d1c-08854a0de06a", "value": "Cylance Shaheen Nov 2018" }, { "description": "Sherstobitoff, R., Malhotra, A., et. al.. (2018, December 18). Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure. Retrieved May 14, 2020.", "meta": { "date_accessed": "2020-05-14T00:00:00Z", "date_published": "2018-12-18T00:00:00Z", "refs": [ "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf" ], "source": "MITRE", "title": "Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure" }, "related": [], "uuid": "96b6d012-8620-4ef5-bf9a-5f88e465a495", "value": "McAfee Sharpshooter December 2018" }, { "description": "Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "refs": [ "https://web.archive.org/web/20230115144216/http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Operation SMN: Axiom Threat Actor Group Report" }, "related": [], "uuid": "0dd428b9-849b-4108-87b1-20050b86f420", "value": "Novetta-Axiom" }, { "description": "Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.", "meta": { "date_accessed": "2019-07-18T00:00:00Z", "date_published": "2019-06-25T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers" ], "source": "MITRE", "title": "Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers" }, "related": [], "uuid": "620b7353-0e58-4503-b534-9250a8f5ae3c", "value": "Cybereason Soft Cell June 2019" }, { "description": "Microsoft. (2016, March 26). Operations overview | Graph API concepts. Retrieved June 18, 2020.", "meta": { "date_accessed": "2020-06-18T00:00:00Z", "date_published": "2016-03-26T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-operations-overview" ], "source": "MITRE", "title": "Operations overview | Graph API concepts" }, "related": [], "uuid": "fed0fef5-e366-4e24-9554-0599744cd1c6", "value": "Azure AD Graph API" }, { "description": "M. Porolli. (2021, January 21). Operation Spalax: Targeted malware attacks in Colombia. Retrieved September 16, 2022.", "meta": { "date_accessed": "2022-09-16T00:00:00Z", "date_published": "2021-01-21T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/" ], "source": "MITRE", "title": "Operation Spalax: Targeted malware attacks in Colombia" }, "related": [], "uuid": "b699dd10-7d3f-4542-bf8a-b3f0c747bd0e", "value": "ESET Operation Spalax Jan 2021" }, { "description": "Miller, J. et al. (2021, July 13). Operation SpoofedScholars: A Conversation with TA453. Retrieved August 18, 2021.", "meta": { "date_accessed": "2021-08-18T00:00:00Z", "date_published": "2021-07-13T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453" ], "source": "MITRE", "title": "Operation SpoofedScholars: A Conversation with TA453" }, "related": [], "uuid": "a987872f-2176-437c-a38f-58676b7b12de", "value": "Proofpoint TA453 July2021" }, { "description": "Huss, D. (2016, March 1). Operation Transparent Tribe. Retrieved June 8, 2016.", "meta": { "date_accessed": "2016-06-08T00:00:00Z", "date_published": "2016-03-01T00:00:00Z", "refs": [ "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Operation Transparent Tribe" }, "related": [], "uuid": "8e39d0da-114f-4ae6-8130-ca1380077d6a", "value": "Proofpoint Operation Transparent Tribe March 2016" }, { "description": "Alintanahin, K. (2015). Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers. Retrieved June 14, 2019.", "meta": { "date_accessed": "2019-06-14T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/wp/wp-operation-tropic-trooper.pdf" ], "source": "MITRE", "title": "Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers" }, "related": [], "uuid": "65d1f980-1dc2-4d36-8148-2d8747a39883", "value": "TrendMicro TropicTrooper 2015" }, { "description": "ClearSky and Trend Micro. (2017, July). Operation Wilted Tulip - Exposing a cyber espionage apparatus. Retrieved May 17, 2021.", "meta": { "date_accessed": "2021-05-17T00:00:00Z", "date_published": "2017-07-01T00:00:00Z", "refs": [ "https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Operation Wilted Tulip - Exposing a cyber espionage apparatus" }, "related": [], "uuid": "696b12c6-ce1e-4e79-b781-43e0c70f9f2e", "value": "ClearSky and Trend Micro Operation Wilted Tulip July 2017" }, { "description": "ClearSky Cyber Security and Trend Micro. (2017, July). Operation Wilted Tulip: Exposing a cyber espionage apparatus. Retrieved August 21, 2017.", "meta": { "date_accessed": "2017-08-21T00:00:00Z", "date_published": "2017-07-01T00:00:00Z", "refs": [ "http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf" ], "source": "MITRE", "title": "Operation Wilted Tulip: Exposing a cyber espionage apparatus" }, "related": [], "uuid": "50233005-8dc4-4e91-9477-df574271df40", "value": "ClearSky Wilted Tulip July 2017" }, { "description": "Bilodeau, O., Bureau, M., Calvet, J., Dorais-Joncas, A., Léveillé, M., Vanheuverzwijn, B. (2014, March 18). Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign. Retrieved February 10, 2021.", "meta": { "date_accessed": "2021-02-10T00:00:00Z", "date_published": "2014-03-18T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/" ], "source": "MITRE", "title": "Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign" }, "related": [], "uuid": "721cdb36-d3fc-4212-b324-6be2b5f9cb46", "value": "ESET Windigo Mar 2014" }, { "description": "Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.", "meta": { "date_accessed": "2020-10-08T00:00:00Z", "date_published": "2019-12-19T00:00:00Z", "refs": [ "https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf" ], "source": "MITRE", "title": "Operation Wocao: Shining a light on one of China’s hidden hacking groups" }, "related": [], "uuid": "aa3e31c7-71cd-4a3f-b482-9049c9abb631", "value": "FoxIT Wocao December 2019" }, { "description": "Cedric Pernet, Kenney Lu. (2015, March 19). Operation Woolen-Goldfish - When Kittens Go phishing. Retrieved April 21, 2021.", "meta": { "date_accessed": "2021-04-21T00:00:00Z", "date_published": "2015-03-19T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/wp/wp-operation-woolen-goldfish.pdf" ], "source": "MITRE", "title": "Operation Woolen-Goldfish - When Kittens Go phishing" }, "related": [], "uuid": "0f077c93-aeda-4c95-9996-c52812a31267", "value": "TrendMicro Operation Woolen Goldfish March 2015" }, { "description": "I. Ilascu. (2019, March 3). Op 'Sharpshooter' Connected to North Korea's Lazarus Group. Retrieved September 26, 2022.", "meta": { "date_accessed": "2022-09-26T00:00:00Z", "date_published": "2019-03-03T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/op-sharpshooter-connected-to-north-koreas-lazarus-group/" ], "source": "MITRE", "title": "Op 'Sharpshooter' Connected to North Korea's Lazarus Group" }, "related": [], "uuid": "84430646-6568-4288-8710-2827692a8862", "value": "Bleeping Computer Op Sharpshooter March 2019" }, { "description": "Symantec Security Response Attack Investigation Team. (2018, April 23). Orangeworm: Indicators of Compromise. Retrieved July 8, 2018.", "meta": { "date_accessed": "2018-07-08T00:00:00Z", "date_published": "2018-04-23T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/sites/default/files/2018-04/Orangeworm%20IOCs.pdf" ], "source": "MITRE", "title": "Orangeworm: Indicators of Compromise" }, "related": [], "uuid": "293596ad-a13f-456b-8916-d1e1b1afe0da", "value": "Symantec Orangeworm IOCs April 2018" }, { "description": "Symantec Threat Intelligence. (2020, June 25). WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations. Retrieved May 20, 2021.", "meta": { "date_accessed": "2021-05-20T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us" ], "source": "MITRE", "title": "Organizations" }, "related": [], "uuid": "061d8f74-a202-4089-acae-687e4f96933b", "value": "Symantec WastedLocker June 2020" }, { "description": "Pantig, J. (2018, July 30). OSX.Calisto. Retrieved September 7, 2018.", "meta": { "date_accessed": "2018-09-07T00:00:00Z", "date_published": "2018-07-30T00:00:00Z", "refs": [ "https://web.archive.org/web/20190111082249/https://www.symantec.com/security-center/writeup/2018-073014-2512-99?om_rssid=sr-latestthreats30days" ], "source": "MITRE", "title": "OSX.Calisto" }, "related": [], "uuid": "cefef3d8-94f5-4d94-9689-6ed38702454f", "value": "Symantec Calisto July 2018" }, { "description": "Wardle, P. (2021, November 11). OSX.CDDS (OSX.MacMa). Retrieved June 30, 2022.", "meta": { "date_accessed": "2022-06-30T00:00:00Z", "date_published": "2021-11-11T00:00:00Z", "refs": [ "https://objective-see.org/blog/blog_0x69.html" ], "source": "MITRE", "title": "OSX.CDDS (OSX.MacMa)" }, "related": [], "uuid": "7240261e-d901-4a68-b6fc-deec308e8a50", "value": "Objective-See MacMa Nov 2021" }, { "description": "fluffybunny. (2019, July 9). OSX.Dok Analysis. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2019-07-09T00:00:00Z", "refs": [ "http://www.hexed.in/2019/07/osxdok-analysis.html" ], "source": "MITRE", "title": "OSX.Dok Analysis" }, "related": [], "uuid": "96f9d36a-01a5-418e-85f4-957e58d49c1b", "value": "hexed osx.dok analysis 2019" }, { "description": "Thomas Reed. (2020, April 21). OSX.DubRobber. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "date_published": "2020-04-21T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/detections/osx-dubrobber/" ], "source": "MITRE", "title": "OSX.DubRobber" }, "related": [], "uuid": "11ef576f-1bac-49e3-acba-85d70a42503e", "value": "malwarebyteslabs xcsset dubrobber" }, { "description": "Patrick Wardle. (2020, July 3). OSX.EvilQuest Uncovered part ii: insidious capabilities. Retrieved March 21, 2021.", "meta": { "date_accessed": "2021-03-21T00:00:00Z", "date_published": "2020-07-03T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x60.html" ], "source": "MITRE", "title": "OSX.EvilQuest Uncovered part ii: insidious capabilities" }, "related": [], "uuid": "4fee237c-c2ec-47f5-b382-ec6bd4779281", "value": "wardle evilquest partii" }, { "description": "Patrick Wardle. (2020, June 29). OSX.EvilQuest Uncovered part i: infection, persistence, and more!. Retrieved March 18, 2021.", "meta": { "date_accessed": "2021-03-18T00:00:00Z", "date_published": "2020-06-29T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x59.html" ], "source": "MITRE", "title": "OSX.EvilQuest Uncovered part i: infection, persistence, and more!" }, "related": [], "uuid": "1ebd91db-9b56-442f-bb61-9e154b5966ac", "value": "wardle evilquest parti" }, { "description": "ESET. (2012, January 1). OSX/Flashback. Retrieved April 19, 2022.", "meta": { "date_accessed": "2022-04-19T00:00:00Z", "date_published": "2012-01-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/200x/white-papers/osx_flashback.pdf" ], "source": "MITRE", "title": "OSX/Flashback" }, "related": [], "uuid": "ce6e5a21-0063-4356-a77a-5c5f9fd2cf5c", "value": "eset_osx_flashback" }, { "description": "Ofer Caspi. (2017, May 4). OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "date_published": "2017-05-04T00:00:00Z", "refs": [ "https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/" ], "source": "MITRE", "title": "OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic" }, "related": [], "uuid": "8c178fd8-db34-45c6-901a-a8b2c178d809", "value": "CheckPoint Dok" }, { "description": "Long, Joshua. (2018, February 21). OSX/Shlayer: New Mac malware comes out of its shell. Retrieved August 28, 2019.", "meta": { "date_accessed": "2019-08-28T00:00:00Z", "date_published": "2018-02-21T00:00:00Z", "refs": [ "https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/" ], "source": "MITRE", "title": "OSX/Shlayer: New Mac malware comes out of its shell" }, "related": [], "uuid": "46eb883c-e203-4cd9-8f1c-c6ea12bc2742", "value": "Intego Shlayer Feb 2018" }, { "description": "Stalmans, E. (2017, April 28). Outlook Forms and Shells. Retrieved February 4, 2019.", "meta": { "date_accessed": "2019-02-04T00:00:00Z", "date_published": "2017-04-28T00:00:00Z", "refs": [ "https://sensepost.com/blog/2017/outlook-forms-and-shells/" ], "source": "MITRE", "title": "Outlook Forms and Shells" }, "related": [], "uuid": "5d91a713-2f05-43bd-9fef-aa3f51f4c45a", "value": "SensePost Outlook Forms" }, { "description": "Stalmans, E. (2017, October 11). Outlook Home Page – Another Ruler Vector. Retrieved February 4, 2019.", "meta": { "date_accessed": "2019-02-04T00:00:00Z", "date_published": "2017-10-11T00:00:00Z", "refs": [ "https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/" ], "source": "MITRE", "title": "Outlook Home Page – Another Ruler Vector" }, "related": [], "uuid": "d2758a4b-d326-45a7-9ebf-03efcd1832da", "value": "SensePost Outlook Home Page" }, { "description": "Soutcast. (2018, September 14). Outlook Today Homepage Persistence. Retrieved February 5, 2019.", "meta": { "date_accessed": "2019-02-05T00:00:00Z", "date_published": "2018-09-14T00:00:00Z", "refs": [ "https://medium.com/@bwtech789/outlook-today-homepage-persistence-33ea9b505943" ], "source": "MITRE", "title": "Outlook Today Homepage Persistence" }, "related": [], "uuid": "cb7beffb-a955-40fd-b114-de6533efc80d", "value": "Outlook Today Home Page" }, { "description": "Recorded Future. (2019, June 20). Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "date_published": "2019-06-20T00:00:00Z", "refs": [ "https://www.recordedfuture.com/identifying-cobalt-strike-servers/" ], "source": "MITRE", "title": "Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers" }, "related": [], "uuid": "4e554042-53bb-44d4-9acc-44c86329ac47", "value": "Recorded Future Beacon 2019" }, { "description": "Ackerman, G., et al. (2018, December 21). OVERRULED: Containing a Potentially Destructive Adversary. Retrieved January 17, 2019.", "meta": { "date_accessed": "2019-01-17T00:00:00Z", "date_published": "2018-12-21T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html" ], "source": "MITRE", "title": "OVERRULED: Containing a Potentially Destructive Adversary" }, "related": [], "uuid": "4b4c9e72-eee1-4fa4-8dcb-501ec49882b0", "value": "FireEye APT33 Guardrail" }, { "description": "Kubernetes. (n.d.). Overview of Cloud Native Security. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "refs": [ "https://kubernetes.io/docs/concepts/security/overview/" ], "source": "MITRE", "title": "Overview of Cloud Native Security" }, "related": [], "uuid": "55ee5bcc-ba56-58ac-9afb-2349aa75fe39", "value": "Kubernetes Cloud Native Security" }, { "description": "Apple Inc.. (2012, July 23). Overview of Dynamic Libraries. Retrieved March 24, 2021.", "meta": { "date_accessed": "2021-03-24T00:00:00Z", "date_published": "2012-07-23T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html" ], "source": "MITRE", "title": "Overview of Dynamic Libraries" }, "related": [], "uuid": "e3b8cc52-2096-418c-b291-1bc76022961d", "value": "Apple Doco Archive Dynamic Libraries" }, { "description": "Apple. (2012, July 23). Overview of Dynamic Libraries. Retrieved September 7, 2023.", "meta": { "date_accessed": "2023-09-07T00:00:00Z", "date_published": "2012-07-23T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html" ], "source": "MITRE", "title": "Overview of Dynamic Libraries" }, "related": [], "uuid": "39ffd162-4052-57ec-bd20-2fe6b8e6beab", "value": "Apple Dev Dynamic Libraries" }, { "description": "The Kubeflow Authors. (n.d.). Overview of Kubeflow Pipelines. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://www.kubeflow.org/docs/components/pipelines/overview/pipelines-overview/" ], "source": "MITRE", "title": "Overview of Kubeflow Pipelines" }, "related": [], "uuid": "0b40474c-173c-4a8c-8cc7-bac2dcfcaedd", "value": "Kubeflow Pipelines" }, { "description": "Microsoft. (n.d.). Overview of Remote Desktop Gateway. Retrieved June 6, 2016.", "meta": { "date_accessed": "2016-06-06T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc731150.aspx" ], "source": "MITRE", "title": "Overview of Remote Desktop Gateway" }, "related": [], "uuid": "3e832a4f-b8e6-4c28-bb33-f2db817403b9", "value": "TechNet RDP Gateway" }, { "description": "Wiley, B. et al. (2021, December 29). OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt. Retrieved January 18, 2022.", "meta": { "date_accessed": "2022-01-18T00:00:00Z", "date_published": "2021-12-29T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/" ], "source": "MITRE, Tidal Cyber", "title": "OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt" }, "related": [], "uuid": "fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2", "value": "CrowdStrike AQUATIC PANDA December 2021" }, { "description": "OWASP. (2017, April 16). OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks. Retrieved February 12, 2019.", "meta": { "date_accessed": "2019-02-12T00:00:00Z", "date_published": "2017-04-16T00:00:00Z", "refs": [ "https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/" ], "source": "MITRE", "title": "OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks" }, "related": [], "uuid": "044ef2b7-44cc-4da6-b8e2-45d630558534", "value": "OWASP Top 10 2017" }, { "description": "OWASP. (2018, February 23). OWASP Top Ten Project. Retrieved April 3, 2018.", "meta": { "date_accessed": "2018-04-03T00:00:00Z", "date_published": "2018-02-23T00:00:00Z", "refs": [ "https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project" ], "source": "MITRE", "title": "OWASP Top Ten Project" }, "related": [], "uuid": "c6db3a77-4d01-4b4d-886d-746d676ed6d0", "value": "OWASP Top 10" }, { "description": "Debian Policy Manual v4.6.1.1. (2022, August 14). Package maintainer scripts and installation procedure. Retrieved September 27, 2022.", "meta": { "date_accessed": "2022-09-27T00:00:00Z", "date_published": "2022-08-14T00:00:00Z", "refs": [ "https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-mscriptsinstact" ], "source": "MITRE", "title": "Package maintainer scripts and installation procedure" }, "related": [], "uuid": "e32e293a-f583-494e-9eb5-c82167f2e000", "value": "Debian Manual Maintainer Scripts" }, { "description": "Google Cloud. (n.d.). Packet Mirroring overview. Retrieved March 17, 2022.", "meta": { "date_accessed": "2022-03-17T00:00:00Z", "refs": [ "https://cloud.google.com/vpc/docs/packet-mirroring" ], "source": "MITRE", "title": "Packet Mirroring overview" }, "related": [], "uuid": "c91c6399-3520-4410-936d-48c3b13235ca", "value": "GCP Packet Mirroring" }, { "description": "Scott-Railton, J., et al. (2015, December 8). Packrat. Retrieved December 18, 2020.", "meta": { "date_accessed": "2020-12-18T00:00:00Z", "date_published": "2015-12-08T00:00:00Z", "refs": [ "https://citizenlab.ca/2015/12/packrat-report/" ], "source": "MITRE", "title": "Packrat" }, "related": [], "uuid": "316f347f-3e92-4861-a075-db64adf6b6a8", "value": "Citizenlab Packrat 2015" }, { "description": "Rhino Security Labs. (2019, August 22). Pacu. Retrieved October 17, 2019.", "meta": { "date_accessed": "2019-10-17T00:00:00Z", "date_published": "2019-08-22T00:00:00Z", "refs": [ "https://github.com/RhinoSecurityLabs/pacu" ], "source": "MITRE", "title": "Pacu" }, "related": [], "uuid": "bda43b1b-ea8d-4371-9984-6d8a7cc24965", "value": "GitHub Pacu" }, { "description": "Rhino Security Labs. (2021, April 29). Pacu Detection Disruption Module. Retrieved August 4, 2023.", "meta": { "date_accessed": "2023-08-04T00:00:00Z", "date_published": "2021-04-29T00:00:00Z", "refs": [ "https://github.com/RhinoSecurityLabs/pacu/blob/master/pacu/modules/detection__disruption/main.py" ], "source": "MITRE", "title": "Pacu Detection Disruption Module" }, "related": [], "uuid": "deba605b-7abc-5794-a820-448a395aab69", "value": "Pacu Detection Disruption Module" }, { "description": "Threat Intelligence. (2020, September 29). Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2020-09-29T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt" ], "source": "MITRE, Tidal Cyber", "title": "Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors" }, "related": [], "uuid": "84ecd475-8d3f-4e7c-afa8-2dff6078bed5", "value": "Symantec Palmerworm Sep 2020" }, { "description": "Apple. (2011, May 11). PAM - Pluggable Authentication Modules. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "date_published": "2011-05-11T00:00:00Z", "refs": [ "https://opensource.apple.com/source/dovecot/dovecot-239/dovecot/doc/wiki/PasswordDatabase.PAM.txt" ], "source": "MITRE", "title": "PAM - Pluggable Authentication Modules" }, "related": [], "uuid": "4838a58e-c00d-4b4c-937d-8da5d9f1a4b5", "value": "Apple PAM" }, { "description": "die.net. (n.d.). pam_unix(8) - Linux man page. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "refs": [ "https://linux.die.net/man/8/pam_unix" ], "source": "MITRE", "title": "pam_unix(8) - Linux man page" }, "related": [], "uuid": "6bc5ad93-3cc2-4429-ac4c-aae72193df27", "value": "Man Pam_Unix" }, { "description": "Lancaster, T. and Idrizovic, E.. (2017, June 27). Paranoid PlugX. Retrieved July 13, 2017.", "meta": { "date_accessed": "2017-07-13T00:00:00Z", "date_published": "2017-06-27T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/" ], "source": "MITRE", "title": "Paranoid PlugX" }, "related": [], "uuid": "27f17e79-ef38-4c20-9250-40c81fa8717a", "value": "Palo Alto PlugX June 2017" }, { "description": "Lancaster, T., Idrizovic, E. (2017, June 27). Paranoid PlugX. Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "date_published": "2017-06-27T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-paranoid-plugx/" ], "source": "MITRE", "title": "Paranoid PlugX" }, "related": [], "uuid": "9dc629a0-543c-4221-86cc-0dfb93903988", "value": "Unit42 PlugX June 2017" }, { "description": "Secuirtyinbits . (2019, May 14). Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3. Retrieved June 6, 2019.", "meta": { "date_accessed": "2019-06-06T00:00:00Z", "date_published": "2019-05-14T00:00:00Z", "refs": [ "https://www.securityinbits.com/malware-analysis/parent-pid-spoofing-stage-2-ataware-ransomware-part-3" ], "source": "MITRE", "title": "Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3" }, "related": [], "uuid": "0828b2fd-c85f-44c7-bb05-61e6eba34336", "value": "Secuirtyinbits Ataware3 May 2019" }, { "description": "Dragos. (n.d.). PARISITE. Retrieved December 21, 2020.", "meta": { "date_accessed": "2020-12-21T00:00:00Z", "refs": [ "https://www.dragos.com/threat/parisite/" ], "source": "MITRE", "title": "PARISITE" }, "related": [], "uuid": "15e974db-51a9-4ec1-9725-cff8bb9bc2fa", "value": "Dragos PARISITE" }, { "description": "Department of Justice. (2018, September 6). Criminal Complaint - United States of America v. PARK JIN HYOK. Retrieved March 29, 2019.", "meta": { "date_accessed": "2019-03-29T00:00:00Z", "refs": [ "https://www.justice.gov/opa/press-release/file/1092091/download" ], "source": "MITRE", "title": "PARK JIN HYOK" }, "related": [], "uuid": "950f8c1e-8793-43b7-abc7-0c9f6790b3b7", "value": "DOJ Lazarus Sony 2018" }, { "description": "Ignacio Sanmillan. (2018, February 7). Executable and Linkable Format 101. Part 2: Symbols. Retrieved September 29, 2022.", "meta": { "date_accessed": "2022-09-29T00:00:00Z", "refs": [ "https://www.intezer.com/blog/malware-analysis/executable-linkable-format-101-part-2-symbols/" ], "source": "MITRE", "title": "Part 2: Symbols" }, "related": [], "uuid": "2d1faa93-fed5-4b0d-b6c9-72bbc4782201", "value": "intezer stripped binaries elf files 2018" }, { "description": "Jon Gabilondo. (2019, September 22). How to Inject Code into Mach-O Apps. Part II.. Retrieved March 24, 2021.", "meta": { "date_accessed": "2021-03-24T00:00:00Z", "refs": [ "https://jon-gabilondo-angulo-7635.medium.com/how-to-inject-code-into-mach-o-apps-part-ii-ddb13ebc8191" ], "source": "MITRE", "title": "Part II." }, "related": [], "uuid": "67f3ce33-0197-41ef-a9d0-474c97ecf570", "value": "Gabilondo DYLD_INSERT_LIBRARIES Catalina Bypass" }, { "description": "Microsoft. (n.d.). Partners: Offer delegated administration. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/topic/partners-offer-delegated-administration-26530dc0-ebba-415b-86b1-b55bc06b073e?ui=en-us&rs=en-us&ad=us" ], "source": "MITRE", "title": "Partners: Offer delegated administration" }, "related": [], "uuid": "fa0ed0fd-bf57-4a0f-9370-e22f27b20e42", "value": "Office 365 Delegated Administration" }, { "description": "Microsoft. (2015, July 30). Part of Windows 10 or really Malware?. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2015-07-30T00:00:00Z", "refs": [ "https://answers.microsoft.com/windows/forum/windows_10-security/part-of-windows-10-or-really-malware/af715663-a34a-423c-850d-2a46f369a54c" ], "source": "MITRE", "title": "Part of Windows 10 or really Malware?" }, "related": [], "uuid": "183843b5-66dc-4229-ba66-3171d9b8e33d", "value": "Microsoft IFEOorMalware July 2015" }, { "description": "CIRCL Computer Incident Response Center. (n.d.). Passive DNS. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "refs": [ "https://www.circl.lu/services/passive-dns/" ], "source": "MITRE", "title": "Passive DNS" }, "related": [], "uuid": "c19f8683-97fb-4e0c-a9f5-12033b1d38ca", "value": "Circl Passive DNS" }, { "description": "Patrick Wardle. (2019, October 12). Pass the AppleJeus. Retrieved September 28, 2022.", "meta": { "date_accessed": "2022-09-28T00:00:00Z", "date_published": "2019-10-12T00:00:00Z", "refs": [ "https://objective-see.org/blog/blog_0x49.html" ], "source": "MITRE", "title": "Pass the AppleJeus" }, "related": [], "uuid": "4cfec669-1db5-4a67-81e2-18383e4c4d3d", "value": "ObjectiveSee AppleJeus 2019" }, { "description": "Deply, B. (2014, January 13). Pass the ticket. Retrieved June 2, 2016.", "meta": { "date_accessed": "2016-06-02T00:00:00Z", "date_published": "2014-01-13T00:00:00Z", "refs": [ "http://blog.gentilkiwi.com/securite/mimikatz/pass-the-ticket-kerberos" ], "source": "MITRE", "title": "Pass the ticket" }, "related": [], "uuid": "3ff12b9c-1c4e-4383-a771-792f5e95dcf1", "value": "GentilKiwi Pass the Ticket" }, { "description": "Wikipedia. (n.d.). Password cracking. Retrieved December 23, 2015.", "meta": { "date_accessed": "2015-12-23T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Password_cracking" ], "source": "MITRE", "title": "Password cracking" }, "related": [], "uuid": "d5ebb79f-b39a-46cb-b546-2db383783a58", "value": "Wikipedia Password cracking" }, { "description": "Korznikov, A. (2017, March 17). Passwordless RDP Session Hijacking Feature All Windows versions. Retrieved December 11, 2017.", "meta": { "date_accessed": "2017-12-11T00:00:00Z", "date_published": "2017-03-17T00:00:00Z", "refs": [ "http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html" ], "source": "MITRE", "title": "Passwordless RDP Session Hijacking Feature All Windows versions" }, "related": [], "uuid": "8877e1f3-11e6-4ae0-adbd-c9b98b07ee25", "value": "RDP Hijacking Korznikov" }, { "description": "ise. (2019, February 19). Password Managers: Under the Hood of Secrets Management. Retrieved January 22, 2021.", "meta": { "date_accessed": "2021-01-22T00:00:00Z", "date_published": "2019-02-19T00:00:00Z", "refs": [ "https://www.ise.io/casestudies/password-manager-hacking/" ], "source": "MITRE", "title": "Password Managers: Under the Hood of Secrets Management" }, "related": [], "uuid": "253104ab-20b0-43d2-8338-afdd3237cc53", "value": "ise Password Manager February 2019" }, { "description": "Hall, J., Lich, B. (2017, September 9). Password must meet complexity requirements. Retrieved April 5, 2018.", "meta": { "date_accessed": "2018-04-05T00:00:00Z", "date_published": "2017-09-09T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements" ], "source": "MITRE", "title": "Password must meet complexity requirements" }, "related": [], "uuid": "918d4b6c-5783-4332-96d9-430e4c5ae030", "value": "Microsoft Password Complexity" }, { "description": "Thyer, J. (2015, October 30). Password Spraying & Other Fun with RPCCLIENT. Retrieved April 25, 2017.", "meta": { "date_accessed": "2017-04-25T00:00:00Z", "date_published": "2015-10-30T00:00:00Z", "refs": [ "http://www.blackhillsinfosec.com/?p=4645" ], "source": "MITRE", "title": "Password Spraying & Other Fun with RPCCLIENT" }, "related": [], "uuid": "f45c7a4b-dafc-4e5c-ad3f-db4b0388a1d7", "value": "BlackHillsInfosec Password Spraying" }, { "description": "Teusink, N. (2009, August 25). Passwords stored using reversible encryption: how it works (part 1). Retrieved November 17, 2021.", "meta": { "date_accessed": "2021-11-17T00:00:00Z", "date_published": "2009-08-25T00:00:00Z", "refs": [ "http://blog.teusink.net/2009/08/passwords-stored-using-reversible.html" ], "source": "MITRE", "title": "Passwords stored using reversible encryption: how it works (part 1)" }, "related": [], "uuid": "180246ca-94d8-4c78-894d-ae3b6fad3257", "value": "how_pwd_rev_enc_1" }, { "description": "Teusink, N. (2009, August 26). Passwords stored using reversible encryption: how it works (part 2). Retrieved November 17, 2021.", "meta": { "date_accessed": "2021-11-17T00:00:00Z", "date_published": "2009-08-26T00:00:00Z", "refs": [ "http://blog.teusink.net/2009/08/passwords-stored-using-reversible_26.html" ], "source": "MITRE", "title": "Passwords stored using reversible encryption: how it works (part 2)" }, "related": [], "uuid": "cc08f190-5c17-441c-a6fa-99f8fdb8d1ae", "value": "how_pwd_rev_enc_2" }, { "description": "Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018.", "meta": { "date_accessed": "2018-07-16T00:00:00Z", "date_published": "2018-06-07T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/" ], "source": "MITRE, Tidal Cyber", "title": "Patchwork APT Group Targets US Think Tanks" }, "related": [], "uuid": "d3ed7dd9-0941-4160-aa6a-c0244c63560f", "value": "Volexity Patchwork June 2018" }, { "description": "Levene, B. et al.. (2018, March 7). Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent. Retrieved March 31, 2018.", "meta": { "date_accessed": "2018-03-31T00:00:00Z", "date_published": "2018-03-07T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/" ], "source": "MITRE", "title": "Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent" }, "related": [], "uuid": "2609e461-1e23-4dc2-aa44-d09f4acb8c6e", "value": "PaloAlto Patchwork Mar 2018" }, { "description": "Hamada, J.. (2016, July 25). Patchwork cyberespionage group expands targets from governments to wide range of industries. Retrieved August 17, 2016.", "meta": { "date_accessed": "2016-08-17T00:00:00Z", "date_published": "2016-07-25T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries" ], "source": "MITRE, Tidal Cyber", "title": "Patchwork cyberespionage group expands targets from governments to wide range of industries" }, "related": [], "uuid": "a6172463-56e2-49f2-856d-f4f8320d7c6e", "value": "Symantec Patchwork" }, { "description": "Hacquebord, F.. (2017, April 25). Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2017-04-25T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks" ], "source": "MITRE", "title": "Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks" }, "related": [], "uuid": "7d12c764-facd-4086-acd0-5c0287344520", "value": "Trend Micro Pawn Storm OAuth 2017" }, { "description": "Hacquebord, F. (n.d.). Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets. Retrieved December 29, 2020.", "meta": { "date_accessed": "2020-12-29T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/white_papers/wp-pawn-storm-in-2019.pdf" ], "source": "MITRE", "title": "Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets" }, "related": [], "uuid": "104f3264-3e8a-46ca-b9b2-e16a59938570", "value": "TrendMicro Pawn Storm 2019" }, { "description": "Hacquebord, F., Remorin, L. (2020, December 17). Pawn Storm’s Lack of Sophistication as a Strategy. Retrieved January 13, 2021.", "meta": { "date_accessed": "2021-01-13T00:00:00Z", "date_published": "2020-12-17T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/20/l/pawn-storm-lack-of-sophistication-as-a-strategy.html" ], "source": "MITRE", "title": "Pawn Storm’s Lack of Sophistication as a Strategy" }, "related": [], "uuid": "3bc249cd-f29a-4a74-a179-a6860e43683f", "value": "TrendMicro Pawn Storm Dec 2020" }, { "description": "ClearSky. (2020, December 17). Pay2Key Ransomware – A New Campaign by Fox Kitten. Retrieved December 21, 2020.", "meta": { "date_accessed": "2020-12-21T00:00:00Z", "date_published": "2020-12-17T00:00:00Z", "refs": [ "https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf" ], "source": "MITRE", "title": "Pay2Key Ransomware – A New Campaign by Fox Kitten" }, "related": [], "uuid": "6e09bc1a-8a5d-4512-9176-40eed91af358", "value": "ClearSky Pay2Kitten December 2020" }, { "description": "Bob Sullivan. (2000, July 24). PayPal alert! Beware the 'PaypaI' scam. Retrieved March 2, 2017.", "meta": { "date_accessed": "2017-03-02T00:00:00Z", "date_published": "2000-07-24T00:00:00Z", "refs": [ "https://www.zdnet.com/article/paypal-alert-beware-the-paypai-scam-5000109103/" ], "source": "MITRE", "title": "PayPal alert! Beware the 'PaypaI' scam" }, "related": [], "uuid": "bcea7897-6cb2-467d-ad3b-ffd20badf19f", "value": "PaypalScam" }, { "description": "LOLBAS. (2018, May 25). Pcalua.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Pcalua/" ], "source": "Tidal Cyber", "title": "Pcalua.exe" }, "related": [], "uuid": "958064d4-7f9f-46a9-b475-93d6587ed770", "value": "Pcalua.exe - LOLBAS Project" }, { "description": "Bontchev, V. (2019, July 30). pcodedmp.py - A VBA p-code disassembler. Retrieved September 17, 2020.", "meta": { "date_accessed": "2020-09-17T00:00:00Z", "date_published": "2019-07-30T00:00:00Z", "refs": [ "https://github.com/bontchev/pcodedmp" ], "source": "MITRE", "title": "pcodedmp.py - A VBA p-code disassembler" }, "related": [], "uuid": "3057d857-6984-4247-918b-952b75ee152e", "value": "pcodedmp Bontchev" }, { "description": "LiveMirror. (2014, September 17). PcShare. Retrieved October 11, 2022.", "meta": { "date_accessed": "2022-10-11T00:00:00Z", "date_published": "2014-09-17T00:00:00Z", "refs": [ "https://github.com/LiveMirror/pcshare" ], "source": "MITRE", "title": "PcShare" }, "related": [], "uuid": "f113559f-a6da-43bc-bc64-9ff7155b82bc", "value": "GitHub PcShare 2014" }, { "description": "LOLBAS. (2018, May 25). Pcwrun.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Pcwrun/" ], "source": "Tidal Cyber", "title": "Pcwrun.exe" }, "related": [], "uuid": "b5946ca4-1f1b-4cba-af2f-0b99d6fff8b0", "value": "Pcwrun.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Pcwutl.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Pcwutl/" ], "source": "Tidal Cyber", "title": "Pcwutl.dll" }, "related": [], "uuid": "1050758d-20da-4c4a-83d3-40aeff3db9ca", "value": "Pcwutl.dll - LOLBAS Project" }, { "description": "Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved January 31, 2024.", "meta": { "date_accessed": "2024-01-31T00:00:00Z", "date_published": "2023-09-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/" ], "source": "Tidal Cyber", "title": "Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets" }, "related": [], "uuid": "98a631f4-4b95-4159-b311-dee1216ec208", "value": "Microsoft Peach Sandstorm September 14 2023" }, { "description": "Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved September 18, 2023.", "meta": { "date_accessed": "2023-09-18T00:00:00Z", "date_published": "2023-09-14T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/" ], "source": "MITRE", "title": "Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets" }, "related": [], "uuid": "84d026ed-b8f2-5bbb-865a-2d93aa4b2ef8", "value": "Microsoft Peach Sandstorm 2023" }, { "description": "Microsoft. (2021, October 6). PEB structure (winternl.h). Retrieved November 19, 2021.", "meta": { "date_accessed": "2021-11-19T00:00:00Z", "date_published": "2021-10-06T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb" ], "source": "MITRE", "title": "PEB structure (winternl.h)" }, "related": [], "uuid": "e0ec4cf6-1e6a-41ab-8704-a66c5cc4d226", "value": "Microsoft PEB 2021" }, { "description": "InGuardians. (2022, January 5). Peirates GitHub. Retrieved February 8, 2022.", "meta": { "date_accessed": "2022-02-08T00:00:00Z", "date_published": "2022-01-05T00:00:00Z", "refs": [ "https://github.com/inguardians/peirates" ], "source": "MITRE", "title": "Peirates GitHub" }, "related": [], "uuid": "a75cde8b-76e4-4dc3-b1d5-cf08479905e7", "value": "Peirates GitHub" }, { "description": "García, C. (2019, April 3). Pentesting Active Directory Forests. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2019-04-03T00:00:00Z", "refs": [ "https://www.slideshare.net/rootedcon/carlos-garca-pentesting-active-directory-forests-rooted2019" ], "source": "MITRE", "title": "Pentesting Active Directory Forests" }, "related": [], "uuid": "3ca2e78e-751e-460b-9f3c-f851d054bce4", "value": "Pentesting AD Forests" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, September 27). People's Republic of China-Linked Cyber Actors Hide in Router Firmware. Retrieved September 29, 2023.", "meta": { "date_accessed": "2023-09-29T00:00:00Z", "date_published": "2023-09-27T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a" ], "source": "Tidal Cyber", "title": "People's Republic of China-Linked Cyber Actors Hide in Router Firmware" }, "related": [], "uuid": "309bfb48-76d1-4ae9-9c6a-30b54658133c", "value": "U.S. CISA BlackTech September 27 2023" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved May 25, 2023.", "meta": { "date_accessed": "2023-05-25T00:00:00Z", "date_published": "2023-05-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a" ], "source": "Tidal Cyber", "title": "People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection" }, "related": [], "uuid": "12320f38-ebbf-486a-a450-8a548c3722d6", "value": "U.S. CISA Volt Typhoon May 24 2023" }, { "description": "NSA et al. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved July 27, 2023.", "meta": { "date_accessed": "2023-07-27T00:00:00Z", "date_published": "2023-05-24T00:00:00Z", "refs": [ "https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF" ], "source": "MITRE", "title": "People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection" }, "related": [], "uuid": "14872f08-e219-5c0d-a2d7-43a3ba348b4b", "value": "Joint Cybersecurity Advisory Volt Typhoon June 2023" }, { "description": "Microsoft. (2004, February 6). Perimeter Firewall Design. Retrieved April 25, 2016.", "meta": { "date_accessed": "2016-04-25T00:00:00Z", "date_published": "2004-02-06T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc700828.aspx" ], "source": "MITRE", "title": "Perimeter Firewall Design" }, "related": [], "uuid": "bb149242-1916-400d-93b8-d0def161ed85", "value": "TechNet Firewall Design" }, { "description": "Moe, O. (2018, April 10). Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe. Retrieved June 27, 2018.", "meta": { "date_accessed": "2018-06-27T00:00:00Z", "date_published": "2018-04-10T00:00:00Z", "refs": [ "https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/" ], "source": "MITRE", "title": "Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe" }, "related": [], "uuid": "8661b51c-ddb7-484f-919d-22079c39d1e4", "value": "Oddvar Moe IFEO APR 2018" }, { "description": "Moe, O. (2018, March 21). Persistence using RunOnceEx - Hidden from Autoruns.exe. Retrieved June 29, 2018.", "meta": { "date_accessed": "2018-06-29T00:00:00Z", "date_published": "2018-03-21T00:00:00Z", "refs": [ "https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/" ], "source": "MITRE", "title": "Persistence using RunOnceEx - Hidden from Autoruns.exe" }, "related": [], "uuid": "36d52213-8d9f-4642-892b-40460d5631d7", "value": "Oddvar Moe RunOnceEx Mar 2018" }, { "description": "Chris Ross. (2018, October 17). Persistent Credential Theft with Authorization Plugins. Retrieved April 22, 2021.", "meta": { "date_accessed": "2021-04-22T00:00:00Z", "date_published": "2018-10-17T00:00:00Z", "refs": [ "https://xorrior.com/persistent-credential-theft/" ], "source": "MITRE", "title": "Persistent Credential Theft with Authorization Plugins" }, "related": [], "uuid": "e397815d-34ea-4275-90d8-1b85e5b47369", "value": "Xorrior Authorization Plugins" }, { "description": "Pitt, L. (2020, August 6). Persistent JXA. Retrieved April 14, 2021.", "meta": { "date_accessed": "2021-04-14T00:00:00Z", "date_published": "2020-08-06T00:00:00Z", "refs": [ "https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5" ], "source": "MITRE", "title": "Persistent JXA" }, "related": [], "uuid": "d9b6bb05-6ab4-4f5e-9ef0-f3e0cc97ce29", "value": "SpecterOps JXA 2020" }, { "description": "Leo Pitt. (2020, August 6). Persistent JXA - A poor man's Powershell for macOS. Retrieved January 11, 2021.", "meta": { "date_accessed": "2021-01-11T00:00:00Z", "date_published": "2020-08-06T00:00:00Z", "refs": [ "https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5" ], "source": "MITRE", "title": "Persistent JXA - A poor man's Powershell for macOS" }, "related": [], "uuid": "2d66932e-1b73-4255-a9a8-ea8effb3a776", "value": "PersistentJXA_leopitt" }, { "description": "LOLBAS. (2018, May 25). Pester.bat. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/pester/" ], "source": "Tidal Cyber", "title": "Pester.bat" }, "related": [], "uuid": "93f281f6-6fcc-474a-b222-b303ea417a18", "value": "Pester.bat - LOLBAS Project" }, { "description": "Trend Micro. (2014, December 11). PE_URSNIF.A2. Retrieved June 5, 2019.", "meta": { "date_accessed": "2019-06-05T00:00:00Z", "date_published": "2014-12-11T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PE_URSNIF.A2?_ga=2.131425807.1462021705.1559742358-1202584019.1549394279" ], "source": "MITRE", "title": "PE_URSNIF.A2" }, "related": [], "uuid": "71f5b9da-b882-4376-ac93-b4ce952d0271", "value": "TrendMicro PE_URSNIF.A2" }, { "description": "Case, A. (2012, October 10). Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2012-10-10T00:00:00Z", "refs": [ "https://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html" ], "source": "MITRE", "title": "Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit" }, "related": [], "uuid": "6149f9ed-9218-489b-b87c-8208de89be68", "value": "Volatility Phalanx2" }, { "description": "Adamitis, D. (2020, May 6). Phantom in the Command Shell. Retrieved December 22, 2021.", "meta": { "date_accessed": "2021-12-22T00:00:00Z", "date_published": "2020-05-06T00:00:00Z", "refs": [ "https://www.prevailion.com/phantom-in-the-command-shell-2/" ], "source": "MITRE", "title": "Phantom in the Command Shell" }, "related": [], "uuid": "533b8ae2-2fc3-4cf4-bcaa-5d8bfcba91c0", "value": "Prevailion EvilNum May 2020" }, { "description": "Hanson, R. (2016, September 24). phishery. Retrieved July 21, 2018.", "meta": { "date_accessed": "2018-07-21T00:00:00Z", "date_published": "2016-09-24T00:00:00Z", "refs": [ "https://github.com/ryhanson/phishery" ], "source": "MITRE", "title": "phishery" }, "related": [], "uuid": "7e643cf0-5df7-455d-add7-2342f36bdbcb", "value": "ryhanson phishery SEPT 2016" }, { "description": "Ryan Hanson. (2016, September 24). phishery. Retrieved October 23, 2020.", "meta": { "date_accessed": "2020-10-23T00:00:00Z", "date_published": "2016-09-24T00:00:00Z", "refs": [ "https://github.com/ryhanson/phishery" ], "source": "MITRE", "title": "phishery" }, "related": [], "uuid": "6da51561-a813-4802-aa84-1b3de1bc2e14", "value": "GitHub Phishery" }, { "description": "ANSSI. (2021, December 6). PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET. Retrieved April 13, 2022.", "meta": { "date_accessed": "2022-04-13T00:00:00Z", "date_published": "2021-12-06T00:00:00Z", "refs": [ "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-011.pdf" ], "source": "MITRE", "title": "PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET" }, "related": [], "uuid": "96ee2b87-9727-4914-affe-d9dc5d58c955", "value": "ANSSI Nobelium Phishing December 2021" }, { "description": "Nelson, M. (2015, January 21). Phishing for Credentials: If you want it, just ask!. Retrieved December 17, 2018.", "meta": { "date_accessed": "2018-12-17T00:00:00Z", "date_published": "2015-01-21T00:00:00Z", "refs": [ "https://enigma0x3.net/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/" ], "source": "MITRE", "title": "Phishing for Credentials: If you want it, just ask!" }, "related": [], "uuid": "7fff81f0-2b99-4f4f-8eca-c6a54c4d8205", "value": "Enigma Phishing for Credentials Jan 2015" }, { "description": "KISA. (n.d.). Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi. Retrieved March 7, 2022.", "meta": { "date_accessed": "2022-03-07T00:00:00Z", "refs": [ "https://www.boho.or.kr/krcert/publicationView.do?bulletin_writing_sequence=35936" ], "source": "MITRE", "title": "Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi" }, "related": [], "uuid": "8742ac96-a316-4264-9d3d-265784483f1a", "value": "KISA Operation Muzabi" }, { "description": "Stalmans, E.. (2017, August 2). Phishing with OAuth and o365/Azure. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2017-08-02T00:00:00Z", "refs": [ "https://staaldraad.github.io/2017/08/02/o356-phishing-with-oauth/" ], "source": "MITRE", "title": "Phishing with OAuth and o365/Azure" }, "related": [], "uuid": "ae139c14-05ec-4c75-861b-15d86b4913fc", "value": "Staaldraad Phishing with OAuth 2017" }, { "description": "Phobos Ransomware. (2020, December 30). Phobos Ransomware, Fast.exe. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2020-12-30T00:00:00Z", "refs": [ "https://www.virustotal.com/gui/file/0b4c743246478a6a8c9fa3ff8e04f297507c2f0ea5d61a1284fe65387d172f81/detection" ], "source": "MITRE", "title": "Phobos Ransomware, Fast.exe" }, "related": [], "uuid": "929dbb22-34a5-4377-95dd-9e240ecb343a", "value": "phobos_virustotal" }, { "description": "Brumaghin, E., Unterbrink, H. (2018, August 22). Picking Apart Remcos Botnet-In-A-Box. Retrieved November 6, 2018.", "meta": { "date_accessed": "2018-11-06T00:00:00Z", "date_published": "2018-08-22T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html" ], "source": "MITRE", "title": "Picking Apart Remcos Botnet-In-A-Box" }, "related": [], "uuid": "c5cb2eff-ed48-47ff-bfd6-79152bf51430", "value": "Talos Remcos Aug 2018" }, { "description": "McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2019-04-05T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html" ], "source": "MITRE", "title": "Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware" }, "related": [], "uuid": "e8a2bc6a-04e3-484e-af67-5f57656c7206", "value": "FireEye FIN6 Apr 2019" }, { "description": "Huseyin Can YUCEEL & Picus Labs. (2022, March 22). Retrieved March 31, 2023.", "meta": { "date_accessed": "2023-03-31T00:00:00Z", "refs": [ "https://www.picussecurity.com/resource/the-mitre-attck-t1003-os-credential-dumping-technique-and-its-adversary-use" ], "source": "MITRE", "title": "Picus Labs Proc cump 2022" }, "related": [], "uuid": "e8a50a79-6ca4-5c91-87ad-0b1ba9eca505", "value": "Picus Labs Proc cump 2022" }, { "description": "Lily Hay Newman. (n.d.). ‘Pig Butchering’ Scams Are Now a $3 Billion Threat. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "refs": [ "https://www.wired.com/story/pig-butchering-fbi-ic3-2022-report/" ], "source": "MITRE", "title": "‘Pig Butchering’ Scams Are Now a $3 Billion Threat" }, "related": [], "uuid": "dc833e17-7105-5790-b30b-b4fed7fd2d2f", "value": "wired-pig butchering" }, { "description": "Jérôme Segura. (2023, December 15). PikaBot distributed via malicious search ads. Retrieved January 11, 2023.", "meta": { "date_accessed": "2023-01-11T00:00:00Z", "date_published": "2023-12-15T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads" ], "source": "Tidal Cyber", "title": "PikaBot distributed via malicious search ads" }, "related": [], "uuid": "50b29ef4-7ade-4672-99b6-fdf367170a5b", "value": "Malwarebytes Pikabot December 15 2023" }, { "description": "Trustwave SpiderLabs. (2020, June 22). Pillowmint: FIN7’s Monkey Thief . Retrieved July 27, 2020.", "meta": { "date_accessed": "2020-07-27T00:00:00Z", "date_published": "2020-06-22T00:00:00Z", "refs": [ "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/pillowmint-fin7s-monkey-thief/" ], "source": "MITRE", "title": "Pillowmint: FIN7’s Monkey Thief" }, "related": [], "uuid": "31bf381d-a0fc-4a4f-8d39-832480891685", "value": "Trustwave Pillowmint June 2020" }, { "description": "Microsoft. (n.d.). Ping. Retrieved April 8, 2016.", "meta": { "date_accessed": "2016-04-08T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490968.aspx" ], "source": "MITRE", "title": "Ping" }, "related": [], "uuid": "5afc8ad5-f50d-464f-ba84-e347b3f3e994", "value": "TechNet Ping" }, { "description": "Rehberger, J. (2018, December). Pivot to the Cloud using Pass the Cookie. Retrieved April 5, 2019.", "meta": { "date_accessed": "2019-04-05T00:00:00Z", "date_published": "2018-12-01T00:00:00Z", "refs": [ "https://wunderwuzzi23.github.io/blog/passthecookie.html" ], "source": "MITRE", "title": "Pivot to the Cloud using Pass the Cookie" }, "related": [], "uuid": "dc67930f-5c7b-41be-97e9-d8f4a55e6019", "value": "Pass The Cookie" }, { "description": "LOLBAS. (2020, August 12). Pktmon.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-08-12T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Pktmon/" ], "source": "Tidal Cyber", "title": "Pktmon.exe" }, "related": [], "uuid": "8f0ad4ed-869b-4332-b091-7551262cff29", "value": "Pktmon.exe - LOLBAS Project" }, { "description": "Osanda Malith Jayathissa. (2017, March 24). Places of Interest in Stealing NetNTLM Hashes. Retrieved January 26, 2018.", "meta": { "date_accessed": "2018-01-26T00:00:00Z", "date_published": "2017-03-24T00:00:00Z", "refs": [ "https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/" ], "source": "MITRE", "title": "Places of Interest in Stealing NetNTLM Hashes" }, "related": [], "uuid": "991f885e-b3f4-4f3f-b0f9-c9862f918f36", "value": "Osanda Stealing NetNTLM Hashes" }, { "description": "Kaplan, D, et al. (2017, June 7). PLATINUM continues to evolve, find ways to maintain invisibility. Retrieved February 19, 2018.", "meta": { "date_accessed": "2018-02-19T00:00:00Z", "date_published": "2017-06-07T00:00:00Z", "refs": [ "https://cloudblogs.microsoft.com/microsoftsecure/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc" ], "source": "MITRE", "title": "PLATINUM continues to evolve, find ways to maintain invisibility" }, "related": [], "uuid": "e71c669e-50bc-4e91-8cee-7cbedab420d1", "value": "Microsoft PLATINUM June 2017" }, { "description": "Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2016-04-29T00:00:00Z", "refs": [ "https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf" ], "source": "MITRE, Tidal Cyber", "title": "PLATINUM: Targeted attacks in South and Southeast Asia" }, "related": [], "uuid": "d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297", "value": "Microsoft PLATINUM April 2016" }, { "description": "Somerville, L. and Toro, A. (2017, March 30). Playing Cat & Mouse: Introducing the Felismus Malware. Retrieved November 16, 2017.", "meta": { "date_accessed": "2017-11-16T00:00:00Z", "date_published": "2017-03-30T00:00:00Z", "refs": [ "https://blogs.forcepoint.com/security-labs/playing-cat-mouse-introducing-felismus-malware" ], "source": "MITRE", "title": "Playing Cat & Mouse: Introducing the Felismus Malware" }, "related": [], "uuid": "23b94586-3856-4937-9b02-4fe184b7ba01", "value": "Forcepoint Felismus Mar 2017" }, { "description": "Symantec Threat Hunter Team. (2023, April 19). Play Ransomware Group Using New Custom Data-Gathering Tools. Retrieved August 10, 2023.", "meta": { "date_accessed": "2023-08-10T00:00:00Z", "date_published": "2023-04-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy" ], "source": "Tidal Cyber", "title": "Play Ransomware Group Using New Custom Data-Gathering Tools" }, "related": [], "uuid": "a78613a5-ce17-4d11-8f2f-3e642cd7673c", "value": "Symantec Play Ransomware April 19 2023" }, { "description": "Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved August 10, 2023.", "meta": { "date_accessed": "2023-08-10T00:00:00Z", "date_published": "2022-09-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.trendmicro.com/en_us/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html" ], "source": "Tidal Cyber", "title": "Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa" }, "related": [], "uuid": "2d2b527d-25b0-4b58-9ae6-c87060b64069", "value": "Trend Micro Play Playbook September 06 2022" }, { "description": "Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "date_published": "2022-09-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.trendmicro.com/es_es/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html" ], "source": "Tidal Cyber", "title": "Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa" }, "related": [], "uuid": "ed02529c-920d-4a92-8e86-be1ed7083991", "value": "Trend Micro Play Ransomware September 06 2022" }, { "description": "Tomonaga, S. (2018, June 8). PLEAD Downloader Used by BlackTech. Retrieved May 6, 2020.", "meta": { "date_accessed": "2020-05-06T00:00:00Z", "date_published": "2018-06-08T00:00:00Z", "refs": [ "https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html" ], "source": "MITRE", "title": "PLEAD Downloader Used by BlackTech" }, "related": [], "uuid": "871f4af2-ed99-4256-a74d-b8c0816a82ab", "value": "JPCert PLEAD Downloader June 2018" }, { "description": "Alintanahin, K.. (2014, May 23). PLEAD Targeted Attacks Against Taiwanese Government Agencies. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2014-05-23T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/plead-targeted-attacks-against-taiwanese-government-agencies-2/" ], "source": "MITRE", "title": "PLEAD Targeted Attacks Against Taiwanese Government Agencies" }, "related": [], "uuid": "9a052eba-1708-44c9-a20f-8b4ef208fa14", "value": "Trend Micro PLEAD RTLO" }, { "description": "FileInfo.com team. (2019, November 26). .PLIST File Extension. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2019-11-26T00:00:00Z", "refs": [ "https://fileinfo.com/extension/plist" ], "source": "MITRE", "title": ".PLIST File Extension" }, "related": [], "uuid": "24331b9d-68af-4db2-887f-3a984b6c5783", "value": "fileinfo plist file description" }, { "description": "LOLBAS. (2020, December 25). Pnputil.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-12-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Pnputil/" ], "source": "Tidal Cyber", "title": "Pnputil.exe" }, "related": [], "uuid": "21d0419a-5454-4808-b7e6-2b1b9de08ed6", "value": "Pnputil.exe - LOLBAS Project" }, { "description": "Nischay Hegde and Siddartha Malladi. (2023, July 12). PoC Exploit: Fake Proof of Concept with Backdoor Malware. Retrieved September 28, 2023.", "meta": { "date_accessed": "2023-09-28T00:00:00Z", "date_published": "2023-07-12T00:00:00Z", "refs": [ "https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware" ], "source": "MITRE", "title": "PoC Exploit: Fake Proof of Concept with Backdoor Malware" }, "related": [], "uuid": "edc18649-2fcf-5fb3-a717-db4bb28ca25f", "value": "uptycs Fake POC linux malware 2023" }, { "description": "Graeber, M. (2017, September 14). PoCSubjectInterfacePackage. Retrieved January 31, 2018.", "meta": { "date_accessed": "2018-01-31T00:00:00Z", "date_published": "2017-09-14T00:00:00Z", "refs": [ "https://github.com/mattifestation/PoCSubjectInterfacePackage" ], "source": "MITRE", "title": "PoCSubjectInterfacePackage" }, "related": [], "uuid": "1a9bc729-532b-47ab-89ba-90b0ff41f8aa", "value": "GitHub SIP POC Sept 2017" }, { "description": "kubenetes. (n.d.). Pod v1 core. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#pod-v1-core" ], "source": "MITRE", "title": "Pod v1 core" }, "related": [], "uuid": "8a7a4a51-e16d-447e-8f1e-c02d6dae3e26", "value": "Kube Pod" }, { "description": "Mercer, W. Rascagneres, P. Ventura, V. (2020, October 6). PoetRAT: Malware targeting public and private sector in Azerbaijan evolves . Retrieved April 9, 2021.", "meta": { "date_accessed": "2021-04-09T00:00:00Z", "date_published": "2020-10-06T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2020/10/poetrat-update.html" ], "source": "MITRE", "title": "PoetRAT: Malware targeting public and private sector in Azerbaijan evolves" }, "related": [], "uuid": "5862c90a-3bae-48d0-8749-9a6510fe3630", "value": "Talos PoetRAT October 2020" }, { "description": "Mercer, W, et al. (2020, April 16). PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. Retrieved April 27, 2020.", "meta": { "date_accessed": "2020-04-27T00:00:00Z", "date_published": "2020-04-16T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html" ], "source": "MITRE", "title": "PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors" }, "related": [], "uuid": "fe2a79a5-bc50-4147-b919-f3d0eb7430b6", "value": "Talos PoetRAT April 2020" }, { "description": "Brumaghin, E., et al. (2017, November 02). Poisoning the Well: Banking Trojan Targets Google Search Results. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2017-11-02T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html#More" ], "source": "MITRE", "title": "Poisoning the Well: Banking Trojan Targets Google Search Results" }, "related": [], "uuid": "f96711d4-010d-4d7e-8074-31dd1b41c54d", "value": "Talos Zeus Panda Nov 2017" }, { "description": "FireEye. (2014). POISON IVY: Assessing Damage and Extracting Intelligence. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf" ], "source": "MITRE", "title": "POISON IVY: Assessing Damage and Extracting Intelligence" }, "related": [], "uuid": "c189447e-a903-4dc2-a38b-1f4accc64e20", "value": "FireEye Poison Ivy" }, { "description": "Fernando Mercês. (2016, September 5). Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems. Retrieved March 5, 2018.", "meta": { "date_accessed": "2018-03-05T00:00:00Z", "date_published": "2016-09-05T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/?_ga=2.180041126.367598458.1505420282-1759340220.1502477046" ], "source": "MITRE", "title": "Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems" }, "related": [], "uuid": "38d9c5a2-8fa5-4cb7-a1a9-86b3f54c1eb7", "value": "Umbreon Trend Micro" }, { "description": "AWS. (n.d.). Policies and permissions in IAM. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html" ], "source": "MITRE", "title": "Policies and permissions in IAM" }, "related": [], "uuid": "9bb520fa-0c4f-48aa-8b0a-8f1d42ee1d0c", "value": "AWS IAM Policies and Permissions" }, { "description": "Microsoft. (2023, January 26). Policy CSP - WindowsLogon. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2023-01-26T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowslogon" ], "source": "MITRE", "title": "Policy CSP - WindowsLogon" }, "related": [], "uuid": "36a7ed58-95ef-594f-a15b-5c3b5911a630", "value": "EnableMPRNotifications" }, { "description": "Microsoft. (n.d.). Polling for Changes Using the DirSync Control. Retrieved March 30, 2018.", "meta": { "date_accessed": "2018-03-30T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/ms677626.aspx" ], "source": "MITRE", "title": "Polling for Changes Using the DirSync Control" }, "related": [], "uuid": "6b7ad651-8c48-462d-90db-07ed3d570118", "value": "Microsoft DirSync" }, { "description": "Li, V. (2019, October 2). Polyglot Files: a Hacker’s best friend. Retrieved September 27, 2022.", "meta": { "date_accessed": "2022-09-27T00:00:00Z", "date_published": "2019-10-02T00:00:00Z", "refs": [ "https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a" ], "source": "MITRE", "title": "Polyglot Files: a Hacker’s best friend" }, "related": [], "uuid": "ea9c1fc9-41d7-5629-b714-62f9ecf70e3b", "value": "Polyglot Files: a Hacker’s best friend" }, { "description": "Eisenkraft, K., Olshtein, A. (2019, October 17). Pony’s C&C servers hidden inside the Bitcoin blockchain. Retrieved June 15, 2020.", "meta": { "date_accessed": "2020-06-15T00:00:00Z", "date_published": "2019-10-17T00:00:00Z", "refs": [ "https://research.checkpoint.com/2019/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/" ], "source": "MITRE", "title": "Pony’s C&C servers hidden inside the Bitcoin blockchain" }, "related": [], "uuid": "ce64739e-1311-4e1b-8352-ff941786ff39", "value": "CheckPoint Redaman October 2019" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (2016, February 9). Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage. Retrieved March 16, 2016.", "meta": { "date_accessed": "2016-03-16T00:00:00Z", "date_published": "2016-02-09T00:00:00Z", "refs": [ "https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/" ], "source": "MITRE, Tidal Cyber", "title": "Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage" }, "related": [], "uuid": "e53bc63e-986f-4d48-a6b7-ed8e93494ed5", "value": "Kaspersky Poseidon Group" }, { "description": "Hodgson, M. (2019, May 8). Post-mortem and remediations for Apr 11 security incident. Retrieved February 17, 2020.", "meta": { "date_accessed": "2020-02-17T00:00:00Z", "date_published": "2019-05-08T00:00:00Z", "refs": [ "https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident" ], "source": "MITRE", "title": "Post-mortem and remediations for Apr 11 security incident" }, "related": [], "uuid": "f1d15b92-8840-45ae-b23d-0cba20fc22cc", "value": "Breach Post-mortem SSH Hijack" }, { "description": "Elastic. (n.d.). Potential Protocol Tunneling via EarthWorm. Retrieved July 7, 2023.", "meta": { "date_accessed": "2023-07-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.elastic.co/guide/en/security/current/potential-protocol-tunneling-via-earthworm.html" ], "source": "Tidal Cyber", "title": "Potential Protocol Tunneling via EarthWorm" }, "related": [], "uuid": "a02790a1-f7c5-43b6-bc7e-075b2c0aa791", "value": "Elastic Docs Potential Protocol Tunneling via EarthWorm" }, { "description": "B. Ancel. (2014, August 20). Poweliks – Command Line Confusion. Retrieved March 5, 2018.", "meta": { "date_accessed": "2018-03-05T00:00:00Z", "date_published": "2014-08-20T00:00:00Z", "refs": [ "https://thisissecurity.stormshield.com/2014/08/20/poweliks-command-line-confusion/" ], "source": "MITRE", "title": "Poweliks – Command Line Confusion" }, "related": [], "uuid": "49a21bba-b77d-4b0e-b666-20ef2826e92c", "value": "This is Security Command Line Confusion" }, { "description": "Santos, R. (2014, August 1). POWELIKS: Malware Hides In Windows Registry. Retrieved August 9, 2018.", "meta": { "date_accessed": "2018-08-09T00:00:00Z", "date_published": "2014-08-01T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-registry/" ], "source": "MITRE", "title": "POWELIKS: Malware Hides In Windows Registry" }, "related": [], "uuid": "4a42df15-4d09-4f4f-8333-2b41356fdb80", "value": "TrendMicro POWELIKS AUG 2014" }, { "description": "Microsoft. (2021, December 15). Powercfg command-line options. Retrieved June 5, 2023.", "meta": { "date_accessed": "2023-06-05T00:00:00Z", "date_published": "2021-12-15T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/powercfg-command-line-options?adlt=strict" ], "source": "MITRE", "title": "Powercfg command-line options" }, "related": [], "uuid": "d9b5be77-5e44-5786-a683-82642b8dd8c9", "value": "Microsoft: Powercfg command-line options" }, { "description": "Adair, S.. (2016, November 9). PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs. Retrieved January 11, 2017.", "meta": { "date_accessed": "2017-01-11T00:00:00Z", "date_published": "2016-11-09T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/" ], "source": "MITRE", "title": "PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs" }, "related": [], "uuid": "4026c055-6020-41bb-a4c8-54b308867023", "value": "Volexity PowerDuke November 2016" }, { "description": "Cybereason Nocturnus. (2022, February 1). PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage. Retrieved June 1, 2022.", "meta": { "date_accessed": "2022-06-01T00:00:00Z", "date_published": "2022-02-01T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/research/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage" ], "source": "MITRE", "title": "PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage" }, "related": [], "uuid": "095aaa25-b674-4313-bc4f-3227b00c0459", "value": "Cybereason PowerLess February 2022" }, { "description": "MalwareTech. (2013, August 13). PowerLoader Injection – Something truly amazing. Retrieved December 16, 2017.", "meta": { "date_accessed": "2017-12-16T00:00:00Z", "date_published": "2013-08-13T00:00:00Z", "refs": [ "https://www.malwaretech.com/2013/08/powerloader-injection-something-truly.html" ], "source": "MITRE", "title": "PowerLoader Injection – Something truly amazing" }, "related": [], "uuid": "9a9a6ca1-d7c5-4385-924b-cdeffd66602e", "value": "MalwareTech Power Loader Aug 2013" }, { "description": "LOLBAS. (2019, July 19). Powerpnt.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-07-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Powerpnt/" ], "source": "Tidal Cyber", "title": "Powerpnt.exe" }, "related": [], "uuid": "23c48ab3-9426-4949-9a35-d1b9ecb4bb47", "value": "Powerpnt.exe - LOLBAS Project" }, { "description": "Vikas, S. (2020, August 26). PowerShell Command History Forensics. Retrieved September 4, 2020.", "meta": { "date_accessed": "2020-09-04T00:00:00Z", "date_published": "2020-08-26T00:00:00Z", "refs": [ "https://community.sophos.com/products/malware/b/blog/posts/powershell-command-history-forensics" ], "source": "MITRE", "title": "PowerShell Command History Forensics" }, "related": [], "uuid": "9cff28da-c379-49e7-b971-7dccc72054fc", "value": "Sophos PowerShell Command History Forensics" }, { "description": "PowerShell Team. (2017, November 2). PowerShell Constrained Language Mode. Retrieved March 27, 2023.", "meta": { "date_accessed": "2023-03-27T00:00:00Z", "date_published": "2017-11-02T00:00:00Z", "refs": [ "https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/" ], "source": "MITRE", "title": "PowerShell Constrained Language Mode" }, "related": [], "uuid": "d6eaa28f-f900-528a-bba0-560a37c90a98", "value": "Microsoft PowerShell CLM" }, { "description": "El-Sherei, S. (2016, May 20). PowerShell, C-Sharp and DDE The Power Within. Retrieved November 22, 2017.", "meta": { "date_accessed": "2017-11-22T00:00:00Z", "date_published": "2016-05-20T00:00:00Z", "refs": [ "https://sensepost.com/blog/2016/powershell-c-sharp-and-dde-the-power-within/" ], "source": "MITRE", "title": "PowerShell, C-Sharp and DDE The Power Within" }, "related": [], "uuid": "28b3c105-8d64-4767-a735-d353d1fee756", "value": "SensePost PS DDE May 2016" }, { "description": "PowerSploit. (n.d.). Retrieved December 4, 2014.", "meta": { "date_accessed": "2014-12-04T00:00:00Z", "refs": [ "https://github.com/mattifestation/PowerSploit" ], "source": "MITRE", "title": "Powersploit" }, "related": [], "uuid": "8e870f75-ed76-4898-bfbb-ad3c0c1ae0ca", "value": "Powersploit" }, { "description": "PowerSploit. (n.d.). PowerSploit. Retrieved February 6, 2018.", "meta": { "date_accessed": "2018-02-06T00:00:00Z", "refs": [ "http://powersploit.readthedocs.io" ], "source": "MITRE", "title": "PowerSploit" }, "related": [], "uuid": "56628e55-94cd-4c5e-8f5a-34ffb7a45174", "value": "PowerSploit Documentation" }, { "description": "Graeber, M. (2014, July 8). PowerSploit. Retrieved February 6, 2018.", "meta": { "date_accessed": "2018-02-06T00:00:00Z", "date_published": "2014-07-08T00:00:00Z", "refs": [ "http://www.powershellmagazine.com/2014/07/08/powersploit/" ], "source": "MITRE", "title": "PowerSploit" }, "related": [], "uuid": "7765d4f7-bf2d-43b9-a87e-74114a092645", "value": "PowerShellMagazine PowerSploit July 2014" }, { "description": "PowerShellMafia. (2012, May 26). PowerSploit - A PowerShell Post-Exploitation Framework. Retrieved February 6, 2018.", "meta": { "date_accessed": "2018-02-06T00:00:00Z", "date_published": "2012-05-26T00:00:00Z", "refs": [ "https://github.com/PowerShellMafia/PowerSploit" ], "source": "MITRE", "title": "PowerSploit - A PowerShell Post-Exploitation Framework" }, "related": [], "uuid": "ec3edb54-9f1b-401d-a265-cd8924e5cb2b", "value": "GitHub PowerSploit May 2012" }, { "description": "Salvati, M. (2017, June 2). Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes). Retrieved February 7, 2019.", "meta": { "date_accessed": "2019-02-07T00:00:00Z", "date_published": "2017-06-02T00:00:00Z", "refs": [ "https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html" ], "source": "MITRE", "title": "Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes)" }, "related": [], "uuid": "34deeec2-6edc-492c-bb35-5ccb1dc8e4df", "value": "byt3bl33d3r NTLM Relaying" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved February 9, 2024.", "meta": { "date_accessed": "2024-02-09T00:00:00Z", "date_published": "2024-02-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a" ], "source": "Tidal Cyber", "title": "PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure" }, "related": [], "uuid": "c74f5ecf-8810-4670-b778-24171c078724", "value": "U.S. CISA Volt Typhoon February 7 2024" }, { "description": "Zimbra. (2023, March 16). Preauth. Retrieved May 31, 2023.", "meta": { "date_accessed": "2023-05-31T00:00:00Z", "date_published": "2023-03-16T00:00:00Z", "refs": [ "https://wiki.zimbra.com/wiki/Preauth" ], "source": "MITRE", "title": "Preauth" }, "related": [], "uuid": "f8931e8d-9a03-5407-857a-2a1c5a895eed", "value": "Zimbra Preauth" }, { "description": "Microsoft. (2012, July 18). Preauthentication. Retrieved August 24, 2020.", "meta": { "date_accessed": "2020-08-24T00:00:00Z", "date_published": "2012-07-18T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961961(v=technet.10)?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Preauthentication" }, "related": [], "uuid": "edaf08ec-0a56-480a-93ef-eb8038147e5c", "value": "Microsoft Preauthentication Jul 2012" }, { "description": "Ahuja, A., Anderson, H., Grant, D., Woodbridge, J.. (2016, November 2). Predicting Domain Generation Algorithms with Long Short-Term Memory Networks. Retrieved April 26, 2019.", "meta": { "date_accessed": "2019-04-26T00:00:00Z", "date_published": "2016-11-02T00:00:00Z", "refs": [ "https://arxiv.org/pdf/1611.00791.pdf" ], "source": "MITRE", "title": "Predicting Domain Generation Algorithms with Long Short-Term Memory Networks" }, "related": [], "uuid": "4462e71d-0373-4fc0-8cde-93a2972bedd5", "value": "Elastic Predicting DGA" }, { "description": "Callum Roxan, Sami Ruohonen. (2021, May 10). Prelude to Ransomware: SystemBC. Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "date_published": "2021-05-10T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://labs.withsecure.com/publications/prelude-to-ransomware-systembc" ], "source": "Tidal Cyber", "title": "Prelude to Ransomware: SystemBC" }, "related": [], "uuid": "4004e072-9e69-4e81-a2b7-840e106cf3d9", "value": "WithSecure SystemBC May 10 2021" }, { "description": "LOLBAS. (2018, May 25). Presentationhost.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Presentationhost/" ], "source": "Tidal Cyber", "title": "Presentationhost.exe" }, "related": [], "uuid": "37539e72-18f5-435a-a949-f9fa5991149a", "value": "Presentationhost.exe - LOLBAS Project" }, { "description": "Microsoft. (2020, September 29). Prevent dangling DNS entries and avoid subdomain takeover. Retrieved October 12, 2020.", "meta": { "date_accessed": "2020-10-12T00:00:00Z", "date_published": "2020-09-29T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover" ], "source": "MITRE", "title": "Prevent dangling DNS entries and avoid subdomain takeover" }, "related": [], "uuid": "b8005a55-7e77-4dc1-abed-f75a0a3d8afb", "value": "Microsoft Sub Takeover 2020" }, { "description": "Microsoft. (2020, March 10). Preventing SMB traffic from lateral connections and entering or leaving the network. Retrieved June 1, 2020.", "meta": { "date_accessed": "2020-06-01T00:00:00Z", "date_published": "2020-03-10T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections" ], "source": "MITRE", "title": "Preventing SMB traffic from lateral connections and entering or leaving the network" }, "related": [], "uuid": "cd2fd958-63ce-4ac9-85e6-bb32f29d88b0", "value": "Microsoft Preventing SMB" }, { "description": "Bar, T., Conant, S., Efraim, L. (2016, June 28). Prince of Persia – Game Over. Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "date_published": "2016-06-28T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/" ], "source": "MITRE", "title": "Prince of Persia – Game Over" }, "related": [], "uuid": "e08bfc40-a580-4fa3-9531-d5e1bede374e", "value": "Palo Alto Prince of Persia" }, { "description": "LOLBAS. (2021, June 21). PrintBrm.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-06-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/PrintBrm/" ], "source": "Tidal Cyber", "title": "PrintBrm.exe" }, "related": [], "uuid": "a7ab6f09-c22f-4627-afb1-c13a963efca5", "value": "PrintBrm.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Print.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Print/" ], "source": "Tidal Cyber", "title": "Print.exe" }, "related": [], "uuid": "696ce89a-b3a1-4993-b30d-33a669a57031", "value": "Print.exe - LOLBAS Project" }, { "description": "Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/" ], "source": "MITRE", "title": "Privilege Escalation in Google Cloud Platform – Part 1 (IAM)" }, "related": [], "uuid": "55373476-1cbe-49f5-aecb-69d60b336d38", "value": "Rhingo Security Labs GCP Privilege Escalation" }, { "description": "Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/" ], "source": "MITRE", "title": "Privilege Escalation in Google Cloud Platform – Part 1 (IAM)" }, "related": [], "uuid": "55173e12-9edc-5685-ac0b-acd51617cc6e", "value": "Rhino Google Cloud Privilege Escalation" }, { "description": "Ahl, I. (2017, June 06). Privileges and Credentials: Phished at the Request of Counsel. Retrieved May 17, 2018.", "meta": { "date_accessed": "2018-05-17T00:00:00Z", "date_published": "2017-06-06T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html" ], "source": "MITRE", "title": "Privileges and Credentials: Phished at the Request of Counsel" }, "related": [], "uuid": "d75508b1-8b85-47c9-a087-bc64e8e4cb33", "value": "FireEye APT19" }, { "description": "Mele, G. et al. (2021, February 10). Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies. Retrieved March 17, 2021.", "meta": { "date_accessed": "2021-03-17T00:00:00Z", "date_published": "2021-02-10T00:00:00Z", "refs": [ "https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies" ], "source": "MITRE", "title": "Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies" }, "related": [], "uuid": "710ed789-de1f-4601-a8ba-32147827adcb", "value": "Anomali Static Kitten February 2021" }, { "description": "LOLBAS. (2020, October 14). Procdump.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-10-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Procdump/" ], "source": "Tidal Cyber", "title": "Procdump.exe" }, "related": [], "uuid": "3e37fe71-71d0-424e-96ff-81070e2571ae", "value": "Procdump.exe - LOLBAS Project" }, { "description": "Schofield, M. & Satran, M. (2018, May 30). Process Creation Flags. Retrieved June 4, 2019.", "meta": { "date_accessed": "2019-06-04T00:00:00Z", "date_published": "2018-05-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/desktop/ProcThread/process-creation-flags" ], "source": "MITRE", "title": "Process Creation Flags" }, "related": [], "uuid": "d4edd219-c91a-4ff1-8f22-10daa1057f29", "value": "Microsoft Process Creation Flags May 2018" }, { "description": "hasherezade. (2017, December 18). Process Doppelgänging – a new way to impersonate a process. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-12-18T00:00:00Z", "refs": [ "https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/" ], "source": "MITRE", "title": "Process Doppelgänging – a new way to impersonate a process" }, "related": [], "uuid": "b7a86159-7005-4b61-8b4e-a3dcd77c6a7d", "value": "hasherezade Process Doppelgänging Dec 2017" }, { "description": "Microsoft. (2018, May 31). Processes and Threads. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/procthread/processes-and-threads" ], "source": "MITRE", "title": "Processes and Threads" }, "related": [], "uuid": "250c689d-9a9c-4f02-8b99-ca43fbdaddae", "value": "Microsoft Processes and Threads" }, { "description": "ProcessHacker. (2009, October 27). Process Hacker. Retrieved April 11, 2022.", "meta": { "date_accessed": "2022-04-11T00:00:00Z", "date_published": "2009-10-27T00:00:00Z", "refs": [ "https://github.com/processhacker/processhacker" ], "source": "MITRE", "title": "Process Hacker" }, "related": [], "uuid": "3fc82a92-cfba-405d-b30e-22eba69ab1ee", "value": "ProcessHacker Github" }, { "description": "Leitch, J. (n.d.). Process Hollowing. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "refs": [ "http://www.autosectools.com/process-hollowing.pdf" ], "source": "MITRE", "title": "Process Hollowing" }, "related": [], "uuid": "8feb180a-bfad-42cb-b8ee-792c5088567a", "value": "Leitch Hollowing" }, { "description": "Financial Security Institute. (2020, February 28). Profiling of TA505 Threat Group That Continues to Attack the Financial Sector. Retrieved July 14, 2022.", "meta": { "date_accessed": "2022-07-14T00:00:00Z", "date_published": "2020-02-28T00:00:00Z", "refs": [ "https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1382.do?page=1&column=&search=&searchSDate=&searchEDate=&bbsDataCategory=" ], "source": "MITRE", "title": "Profiling of TA505 Threat Group That Continues to Attack the Financial Sector" }, "related": [], "uuid": "d4e2c109-341c-45b3-9d41-3eb980724524", "value": "Korean FSI TA505 2020" }, { "description": "Microsoft. (2017, March 30). Profiling Overview. Retrieved June 24, 2020.", "meta": { "date_accessed": "2020-06-24T00:00:00Z", "date_published": "2017-03-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/dotnet/framework/unmanaged-api/profiling/profiling-overview" ], "source": "MITRE", "title": "Profiling Overview" }, "related": [], "uuid": "eb0909ea-616c-4d79-b145-ee2f1ae539fb", "value": "Microsoft Profiling Mar 2017" }, { "description": "Microsoft. (n.d.). Programming reference for the Win32 API. Retrieved March 15, 2020.", "meta": { "date_accessed": "2020-03-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/api/" ], "source": "MITRE", "title": "Programming reference for the Win32 API" }, "related": [], "uuid": "585b9975-3cfb-4485-a9eb-5eea337ebd3c", "value": "Microsoft Win32" }, { "description": "ThreatConnect Inc. and Defense Group Inc. (DGI). (2015, September 23). Project CameraShy: Closing the Aperture on China's Unit 78020. Retrieved December 17, 2015.", "meta": { "date_accessed": "2015-12-17T00:00:00Z", "date_published": "2015-09-23T00:00:00Z", "refs": [ "http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Project CameraShy: Closing the Aperture on China's Unit 78020" }, "related": [], "uuid": "9942b6a5-6ffb-4a26-9392-6c8bb9954997", "value": "CameraShy" }, { "description": "Falcone, R. and Conant S. (2016, March 25). ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe. Retrieved September 2, 2021.", "meta": { "date_accessed": "2021-09-02T00:00:00Z", "date_published": "2016-03-25T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/" ], "source": "MITRE", "title": "ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe" }, "related": [], "uuid": "adee82e6-a74a-4a91-ab5a-97847b135ca3", "value": "Unit 42 ProjectM March 2016" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2016, August 8). ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms. Retrieved August 17, 2016.", "meta": { "date_accessed": "2016-08-17T00:00:00Z", "date_published": "2016-08-08T00:00:00Z", "refs": [ "https://securelist.com/faq-the-projectsauron-apt/75533/" ], "source": "MITRE, Tidal Cyber", "title": "ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms" }, "related": [], "uuid": "baeaa632-3fa5-4d2b-9537-ccc7674fd7d6", "value": "Kaspersky ProjectSauron Blog" }, { "description": "GReAT. (2019, April 10). Project TajMahal – a sophisticated new APT framework. Retrieved October 14, 2019.", "meta": { "date_accessed": "2019-10-14T00:00:00Z", "date_published": "2019-04-10T00:00:00Z", "refs": [ "https://securelist.com/project-tajmahal/90240/" ], "source": "MITRE", "title": "Project TajMahal – a sophisticated new APT framework" }, "related": [], "uuid": "1ed20522-52ae-4d0c-b42e-c680490958ac", "value": "Kaspersky TajMahal April 2019" }, { "description": "Higgins, K. (2015, October 13). Prolific Cybercrime Gang Favors Legit Login Credentials. Retrieved October 4, 2017.", "meta": { "date_accessed": "2017-10-04T00:00:00Z", "date_published": "2015-10-13T00:00:00Z", "refs": [ "https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?" ], "source": "MITRE", "title": "Prolific Cybercrime Gang Favors Legit Login Credentials" }, "related": [], "uuid": "afe0549d-dc1b-4bcf-9a1d-55698afd530e", "value": "DarkReading FireEye FIN5 Oct 2015" }, { "description": "Mercer, W. et al. (2020, June 29). PROMETHIUM extends global reach with StrongPity3 APT. Retrieved July 20, 2020.", "meta": { "date_accessed": "2020-07-20T00:00:00Z", "date_published": "2020-06-29T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html" ], "source": "MITRE", "title": "PROMETHIUM extends global reach with StrongPity3 APT" }, "related": [], "uuid": "188d990e-f0be-40f2-90f3-913dfe687d27", "value": "Talos Promethium June 2020" }, { "description": "Lich, B. (2016, May 31). Protect derived domain credentials with Credential Guard. Retrieved June 1, 2016.", "meta": { "date_accessed": "2016-06-01T00:00:00Z", "date_published": "2016-05-31T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/credential-guard" ], "source": "MITRE", "title": "Protect derived domain credentials with Credential Guard" }, "related": [], "uuid": "d5b2446b-4685-490f-8181-1169cd049bee", "value": "TechNet Credential Guard" }, { "description": "Microsoft. (2016, October 12). Protected Users Security Group. Retrieved May 29, 2020.", "meta": { "date_accessed": "2020-05-29T00:00:00Z", "date_published": "2016-10-12T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group" ], "source": "MITRE", "title": "Protected Users Security Group" }, "related": [], "uuid": "e6316ecd-da29-4928-a868-c9876badce62", "value": "Microsoft Protected Users Security Group" }, { "description": "CISA. (n.d.). Protecting Against Malicious Use of Remote Monitoring and Management Software. Retrieved February 2, 2023.", "meta": { "date_accessed": "2023-02-02T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/alerts/aa23-025a" ], "source": "MITRE", "title": "Protecting Against Malicious Use of Remote Monitoring and Management Software" }, "related": [], "uuid": "1ee55a8c-9e9d-520a-a3d3-1d2da57e0265", "value": "CISA Remote Monitoring and Management Software" }, { "description": "Microsoft. (2022, August 26). Protecting Microsoft 365 from on-premises attacks. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-08-26T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/protect-m365-from-on-premises-attacks" ], "source": "MITRE", "title": "Protecting Microsoft 365 from on-premises attacks" }, "related": [], "uuid": "95e19778-95ce-585a-892e-e6a8c20389f7", "value": "Protecting Microsoft 365 From On-Premises Attacks" }, { "description": "Pilkington, M. (2012, December 17). Protecting Privileged Domain Accounts: PsExec Deep-Dive. Retrieved August 17, 2016.", "meta": { "date_accessed": "2016-08-17T00:00:00Z", "date_published": "2012-12-17T00:00:00Z", "refs": [ "https://www.sans.org/blog/protecting-privileged-domain-accounts-psexec-deep-dive/" ], "source": "MITRE", "title": "Protecting Privileged Domain Accounts: PsExec Deep-Dive" }, "related": [], "uuid": "a8d1e40d-b291-443c-86cc-edf6db00b898", "value": "SANS PsExec" }, { "description": "Docker. (n.d.). Protect the Docker Daemon Socket. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://docs.docker.com/engine/security/protect-access/" ], "source": "MITRE", "title": "Protect the Docker Daemon Socket" }, "related": [], "uuid": "48ce6b2c-57e7-4467-b0ea-3160ac46817e", "value": "Docker Daemon Socket Protect" }, { "description": "Smith, A.. (2017, December 22). Protect your network from Emotet Trojan with Malwarebytes Endpoint Security. Retrieved January 17, 2019.", "meta": { "date_accessed": "2019-01-17T00:00:00Z", "date_published": "2017-12-22T00:00:00Z", "refs": [ "https://support.malwarebytes.com/docs/DOC-2295" ], "source": "MITRE", "title": "Protect your network from Emotet Trojan with Malwarebytes Endpoint Security" }, "related": [], "uuid": "3642af0b-f14d-4860-a87c-fb57dc107a49", "value": "Malwarebytes Emotet Dec 2017" }, { "description": "LOLBAS. (2022, July 24). ProtocolHandler.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-07-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/ProtocolHandler/" ], "source": "Tidal Cyber", "title": "ProtocolHandler.exe" }, "related": [], "uuid": "1f678111-dfa3-4c06-9359-816b9ca12cd0", "value": "ProtocolHandler.exe - LOLBAS Project" }, { "description": "Amit Serper. (2018, May 10). ProtonB What this Mac Malware Actually Does. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "date_published": "2018-05-10T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does" ], "source": "MITRE", "title": "ProtonB What this Mac Malware Actually Does" }, "related": [], "uuid": "9c43d646-9ac2-43b5-80b6-9e69dcb57617", "value": "cybereason osx proton" }, { "description": "LOLBAS. (2023, June 30). Provlaunch.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-06-30T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Provlaunch/" ], "source": "Tidal Cyber", "title": "Provlaunch.exe" }, "related": [], "uuid": "56a57369-4707-4dff-ad23-431109f24233", "value": "Provlaunch.exe - LOLBAS Project" }, { "description": "FBI. (2022, August 18). Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts . Retrieved July 6, 2023.", "meta": { "date_accessed": "2023-07-06T00:00:00Z", "date_published": "2022-08-18T00:00:00Z", "refs": [ "https://www.ic3.gov/Media/News/2022/220818.pdf" ], "source": "MITRE", "title": "Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts" }, "related": [], "uuid": "17f9b7b0-3e1a-5d75-9030-da79fcccdb49", "value": "FBI Proxies Credential Stuffing" }, { "description": "Crystal Morin. (2023, April 4). Proxyjacking has Entered the Chat. Retrieved July 6, 2023.", "meta": { "date_accessed": "2023-07-06T00:00:00Z", "date_published": "2023-04-04T00:00:00Z", "refs": [ "https://sysdig.com/blog/proxyjacking-attackers-log4j-exploited/" ], "source": "MITRE", "title": "Proxyjacking has Entered the Chat" }, "related": [], "uuid": "26562be2-cab6-5867-9a43-d8a59c663596", "value": "Sysdig Proxyjacking" }, { "description": "Lawrence Abrams. (2017, July 12). PSA: Don't Open SPAM Containing Password Protected Word Docs. Retrieved January 5, 2022.", "meta": { "date_accessed": "2022-01-05T00:00:00Z", "date_published": "2017-07-12T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/psa-dont-open-spam-containing-password-protected-word-docs/" ], "source": "MITRE", "title": "PSA: Don't Open SPAM Containing Password Protected Word Docs" }, "related": [], "uuid": "fe6f3ee6-b0a4-4092-947b-48e02a9255c1", "value": "Password Protected Word Docs" }, { "description": "Haight, J. (2016, April 21). PS>Attack. Retrieved June 1, 2016.", "meta": { "date_accessed": "2016-06-01T00:00:00Z", "date_published": "2016-04-21T00:00:00Z", "refs": [ "https://github.com/jaredhaight/PSAttack" ], "source": "MITRE", "title": "PS>Attack" }, "related": [], "uuid": "929e37ed-c230-4517-a2ef-b7896bd3e4a2", "value": "Github PSAttack" }, { "description": "Russinovich, M. (2004, June 28). PsExec. Retrieved December 17, 2015.", "meta": { "date_accessed": "2015-12-17T00:00:00Z", "date_published": "2004-06-28T00:00:00Z", "refs": [ "http://windowsitpro.com/systems-management/psexec" ], "source": "MITRE", "title": "PsExec" }, "related": [], "uuid": "d6216ce3-1e63-4bb1-b379-b530c8203a96", "value": "PsExec Russinovich" }, { "description": "Medin, T. (2013, August 8). PsExec UAC Bypass. Retrieved June 3, 2016.", "meta": { "date_accessed": "2016-06-03T00:00:00Z", "date_published": "2013-08-08T00:00:00Z", "refs": [ "http://pen-testing.sans.org/blog/pen-testing/2013/08/08/psexec-uac-bypass" ], "source": "MITRE", "title": "PsExec UAC Bypass" }, "related": [], "uuid": "824739ac-633a-40e0-bb01-2bfd43714d67", "value": "SANS UAC Bypass" }, { "description": "HarmJ0y et al. (2021, June 16). PSPKIAudit. Retrieved August 2, 2022.", "meta": { "date_accessed": "2022-08-02T00:00:00Z", "date_published": "2021-06-16T00:00:00Z", "refs": [ "https://github.com/GhostPack/PSPKIAudit" ], "source": "MITRE", "title": "PSPKIAudit" }, "related": [], "uuid": "ac3d5502-0ab9-446e-bf8c-22675f92f017", "value": "GitHub PSPKIAudit" }, { "description": "LOLBAS. (2020, June 27). Psr.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-06-27T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Psr/" ], "source": "Tidal Cyber", "title": "Psr.exe" }, "related": [], "uuid": "a00782cf-f6b2-4b63-9d8d-97efe17e11c0", "value": "Psr.exe - LOLBAS Project" }, { "description": "Microsoft. (n.d.). PsSetCreateProcessNotifyRoutine routine. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/hardware/ff559951.aspx" ], "source": "MITRE", "title": "PsSetCreateProcessNotifyRoutine routine" }, "related": [], "uuid": "c407645d-1109-49a7-a4c0-51ec9cd54c8d", "value": "Microsoft PsSetCreateProcessNotifyRoutine routine" }, { "description": "Kerrisk, M. (2020, February 9). PTRACE(2) - Linux Programmer's Manual. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2020-02-09T00:00:00Z", "refs": [ "http://man7.org/linux/man-pages/man2/ptrace.2.html" ], "source": "MITRE", "title": "PTRACE(2) - Linux Programmer's Manual" }, "related": [], "uuid": "fc5e63e7-090a-441b-8e34-9946e1840b49", "value": "PTRACE man" }, { "description": "Wikipedia. (2017, June 29). Public-key cryptography. Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "date_published": "2017-06-29T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Public-key_cryptography" ], "source": "MITRE", "title": "Public-key cryptography" }, "related": [], "uuid": "1b7514e7-477d-44a2-acee-d1819066dee4", "value": "Wikipedia Public Key Crypto" }, { "description": "Committee of Inquiry into the Cyber Attack on SingHealth. (2019, January 10). Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database. Retrieved June 29, 2020.", "meta": { "date_accessed": "2020-06-29T00:00:00Z", "date_published": "2019-01-10T00:00:00Z", "refs": [ "https://www.mci.gov.sg/-/media/mcicorp/doc/report-of-the-coi-into-the-cyber-attack-on-singhealth-10-jan-2019.ashx" ], "source": "MITRE", "title": "Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database" }, "related": [], "uuid": "d1f699e3-7c9d-4a95-ad58-f46e665a4d37", "value": "SingHealth Breach Jan 2019" }, { "description": "Jason Gerend. (2017, October 16). pubprn. Retrieved July 23, 2021.", "meta": { "date_accessed": "2021-07-23T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/pubprn" ], "source": "MITRE", "title": "pubprn" }, "related": [], "uuid": "c845c67a-20ab-405c-95fe-2f667f83b886", "value": "pubprn" }, { "description": "LOLBAS. (2018, May 25). Pubprn.vbs. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/Pubprn/" ], "source": "Tidal Cyber", "title": "Pubprn.vbs" }, "related": [], "uuid": "d2b6b9fd-5f80-41c0-ac22-06b78c86a9e5", "value": "Pubprn.vbs - LOLBAS Project" }, { "description": "White, J. (2017, March 10). Pulling Back the Curtains on EncodedCommand PowerShell Attacks. Retrieved February 12, 2018.", "meta": { "date_accessed": "2018-02-12T00:00:00Z", "date_published": "2017-03-10T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/" ], "source": "MITRE", "title": "Pulling Back the Curtains on EncodedCommand PowerShell Attacks" }, "related": [], "uuid": "069ef9af-3402-4b13-8c60-b397b0b0bfd7", "value": "PaloAlto EncodedCommand March 2017" }, { "description": "Anomali Threat Research. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2018-12-06T00:00:00Z", "refs": [ "https://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat" ], "source": "MITRE", "title": "Pulling Linux Rabbit/Rabbot Malware Out of a Hat" }, "related": [], "uuid": "ec413dc7-028c-4153-9e98-abe85961747f", "value": "anomali-linux-rabbit" }, { "description": "Anomali Labs. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved March 4, 2019.", "meta": { "date_accessed": "2019-03-04T00:00:00Z", "date_published": "2018-12-06T00:00:00Z", "refs": [ "https://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat" ], "source": "MITRE", "title": "Pulling Linux Rabbit/Rabbot Malware Out of a Hat" }, "related": [], "uuid": "e843eb47-21b0-44b9-8065-02aea0a0b05f", "value": "Anomali Linux Rabbit 2018" }, { "description": "Gross, J. and Walter, J.. (2016, January 12). Puttering into the Future.... Retrieved January 22, 2016.", "meta": { "date_accessed": "2016-01-22T00:00:00Z", "date_published": "2016-01-12T00:00:00Z", "refs": [ "http://blog.cylance.com/puttering-into-the-future" ], "source": "MITRE", "title": "Puttering into the Future..." }, "related": [], "uuid": "058d6e8e-7ab9-4151-97de-1778ac95e18d", "value": "Cylance Putter Panda" }, { "description": "Moe, O. (2018, January 14). Putting Data in Alternate Data Streams and How to Execute It. Retrieved June 30, 2018.", "meta": { "date_accessed": "2018-06-30T00:00:00Z", "date_published": "2018-01-14T00:00:00Z", "refs": [ "https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/" ], "source": "MITRE", "title": "Putting Data in Alternate Data Streams and How to Execute It" }, "related": [], "uuid": "4a711970-870c-4710-9dbc-7cfebd2e315c", "value": "Oddvar Moe ADS1 Jan 2018" }, { "description": "Moe, O. (2018, April 11). Putting Data in Alternate Data Streams and How to Execute It - Part 2. Retrieved June 30, 2018.", "meta": { "date_accessed": "2018-06-30T00:00:00Z", "date_published": "2018-04-11T00:00:00Z", "refs": [ "https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/" ], "source": "MITRE", "title": "Putting Data in Alternate Data Streams and How to Execute It - Part 2" }, "related": [], "uuid": "b280f0c8-effe-45a4-a64a-a9a8b6ad2122", "value": "Oddvar Moe ADS2 Apr 2018" }, { "description": "Moran, B. (2020, November 18). Putting Together the RDPieces. Retrieved October 17, 2022.", "meta": { "date_accessed": "2022-10-17T00:00:00Z", "date_published": "2020-11-18T00:00:00Z", "refs": [ "https://www.osdfcon.org/presentations/2020/Brian-Moran_Putting-Together-the-RDPieces.pdf" ], "source": "MITRE", "title": "Putting Together the RDPieces" }, "related": [], "uuid": "794331fb-f1f2-4aaa-aae8-d1c4c95fb00f", "value": "Moran RDPieces" }, { "description": "PuTTY. (n.d.). PuTTY Download Page. Retrieved November 16, 2023.", "meta": { "date_accessed": "2023-11-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.putty.org/" ], "source": "Tidal Cyber", "title": "PuTTY Download Page" }, "related": [], "uuid": "bf278270-128e-483b-9f09-ce24f5f6ed80", "value": "PuTTY Download Page" }, { "description": "Wikipedia. (2007, August 9). pwdump. Retrieved June 22, 2016.", "meta": { "date_accessed": "2016-06-22T00:00:00Z", "date_published": "2007-08-09T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Pwdump" ], "source": "MITRE", "title": "pwdump" }, "related": [], "uuid": "6a1a1ae1-a587-41f5-945f-011d6808e5b8", "value": "Wikipedia pwdump" }, { "description": "THe DFIR Report. (2020, November 23). PYSA/Mespinoza Ransomware. Retrieved March 17, 2021.", "meta": { "date_accessed": "2021-03-17T00:00:00Z", "date_published": "2020-11-23T00:00:00Z", "refs": [ "https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/" ], "source": "MITRE", "title": "PYSA/Mespinoza Ransomware" }, "related": [], "uuid": "a00ae87e-6e64-4f1c-8639-adca436c217e", "value": "DFIR Pysa Nov 2020" }, { "description": "NHS Digital. (2020, October 10). Pysa Ransomware: Another 'big-game hunter' ransomware. Retrieved March 17, 2021.", "meta": { "date_accessed": "2021-03-17T00:00:00Z", "date_published": "2020-10-10T00:00:00Z", "refs": [ "https://digital.nhs.uk/cyber-alerts/2020/cc-3633" ], "source": "MITRE", "title": "Pysa Ransomware: Another 'big-game hunter' ransomware" }, "related": [], "uuid": "5a853dfb-d935-4d85-a5bf-0ab5279fd32e", "value": "NHS Digital Pysa Oct 2020" }, { "description": "decalage2. (2019, December 3). python-oletools. Retrieved September 18, 2020.", "meta": { "date_accessed": "2020-09-18T00:00:00Z", "date_published": "2019-12-03T00:00:00Z", "refs": [ "https://github.com/decalage2/oletools" ], "source": "MITRE", "title": "python-oletools" }, "related": [], "uuid": "9036fac0-dca8-4956-b0b4-469801adad28", "value": "oletools toolkit" }, { "description": "Nettitude. (2018, July 23). Python Server for PoshC2. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2018-07-23T00:00:00Z", "refs": [ "https://github.com/nettitude/PoshC2_Python" ], "source": "MITRE", "title": "Python Server for PoshC2" }, "related": [], "uuid": "45e79c0e-a2f6-4b56-b621-4142756bd1b1", "value": "GitHub PoshC2" }, { "description": "Trend Micro. (2020, December 17). QAKBOT: A decade-old malware still with new tricks. Retrieved September 27, 2021.", "meta": { "date_accessed": "2021-09-27T00:00:00Z", "date_published": "2020-12-17T00:00:00Z", "refs": [ "https://success.trendmicro.com/solution/000283381" ], "source": "MITRE", "title": "QAKBOT: A decade-old malware still with new tricks" }, "related": [], "uuid": "c061ce45-1452-4c11-9586-bd5eb2d718ab", "value": "Trend Micro Qakbot December 2020" }, { "description": "Cyberint. (2021, May 25). Qakbot Banking Trojan. Retrieved September 27, 2021.", "meta": { "date_accessed": "2021-09-27T00:00:00Z", "date_published": "2021-05-25T00:00:00Z", "refs": [ "https://blog.cyberint.com/qakbot-banking-trojan" ], "source": "MITRE", "title": "Qakbot Banking Trojan" }, "related": [], "uuid": "1baeac94-9168-4813-ab72-72e609250745", "value": "Cyberint Qakbot May 2021" }, { "description": "Sette, N. et al. (2020, June 4). Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks. Retrieved September 27, 2021.", "meta": { "date_accessed": "2021-09-27T00:00:00Z", "date_published": "2020-06-04T00:00:00Z", "refs": [ "https://www.kroll.com/en/insights/publications/cyber/qakbot-malware-exfiltrating-emails-thread-hijacking-attacks" ], "source": "MITRE", "title": "Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks" }, "related": [], "uuid": "716960fd-c22d-42af-ba9b-295fee02657f", "value": "Kroll Qakbot June 2020" }, { "description": "Mendoza, E. et al. (2020, May 25). Qakbot Resurges, Spreads through VBS Files. Retrieved September 27, 2021.", "meta": { "date_accessed": "2021-09-27T00:00:00Z", "date_published": "2020-05-25T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/ph/security/news/cybercrime-and-digital-threats/qakbot-resurges-spreads-through-vbs-files" ], "source": "MITRE", "title": "Qakbot Resurges, Spreads through VBS Files" }, "related": [], "uuid": "e2791c37-e149-43e7-b7c3-c91a6d1bc91e", "value": "Trend Micro Qakbot May 2020" }, { "description": "Kuzmenko, A. et al. (2021, September 2). QakBot technical analysis. Retrieved September 27, 2021.", "meta": { "date_accessed": "2021-09-27T00:00:00Z", "date_published": "2021-09-02T00:00:00Z", "refs": [ "https://securelist.com/qakbot-technical-analysis/103931/" ], "source": "MITRE", "title": "QakBot technical analysis" }, "related": [], "uuid": "f40cabe3-a324-4b4d-8e95-25c036dbd8b5", "value": "Kaspersky QakBot September 2021" }, { "description": "Rainey, K. (n.d.). Qbot. Retrieved September 27, 2021.", "meta": { "date_accessed": "2021-09-27T00:00:00Z", "refs": [ "https://redcanary.com/threat-detection-report/threats/qbot/" ], "source": "MITRE", "title": "Qbot" }, "related": [], "uuid": "6e4960e7-ae5e-4b68-ac85-4bd84e940634", "value": "Red Canary Qbot" }, { "description": "hoakley. (2020, October 29). Quarantine and the quarantine flag. Retrieved September 13, 2021.", "meta": { "date_accessed": "2021-09-13T00:00:00Z", "date_published": "2020-10-29T00:00:00Z", "refs": [ "https://eclecticlight.co/2020/10/29/quarantine-and-the-quarantine-flag/" ], "source": "MITRE", "title": "Quarantine and the quarantine flag" }, "related": [], "uuid": "7cce88cc-fbfb-43e1-a330-ac55bce9e394", "value": "TheEclecticLightCompany Quarantine and the flag" }, { "description": "MaxXor. (n.d.). QuasarRAT. Retrieved July 10, 2018.", "meta": { "date_accessed": "2018-07-10T00:00:00Z", "refs": [ "https://github.com/quasar/QuasarRAT" ], "source": "MITRE", "title": "QuasarRAT" }, "related": [], "uuid": "c87e4427-af97-4e93-9596-ad5a588aa171", "value": "GitHub QuasarRAT" }, { "description": "0DAY IN {REA_TEAM}. (2024, January 6). [QuickNote] Technical Analysis of recent Pikabot Core Module. Retrieved January 11, 2024.", "meta": { "date_accessed": "2024-01-11T00:00:00Z", "date_published": "2024-01-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://kienmanowar.wordpress.com/2024/01/06/quicknote-technical-analysis-of-recent-pikabot-core-module/" ], "source": "Tidal Cyber", "title": "[QuickNote] Technical Analysis of recent Pikabot Core Module" }, "related": [], "uuid": "08ec9726-5a1d-4b2e-82d5-a5a9e7e917ae", "value": "0DAY IN {REA_TEAM} Pikabot January 6 2024" }, { "description": "Stevens, D. (2009, November 22). Quickpost: SelectMyParent or Playing With the Windows Process Tree. Retrieved June 3, 2019.", "meta": { "date_accessed": "2019-06-03T00:00:00Z", "date_published": "2009-11-22T00:00:00Z", "refs": [ "https://blog.didierstevens.com/2009/11/22/quickpost-selectmyparent-or-playing-with-the-windows-process-tree/" ], "source": "MITRE", "title": "Quickpost: SelectMyParent or Playing With the Windows Process Tree" }, "related": [], "uuid": "1fee31b0-2d9c-4c02-b494-d3a6b80f12f3", "value": "DidierStevens SelectMyParent Nov 2009" }, { "description": "Microsoft. (2019, May 8). Quickstart: Register an application with the Microsoft identity platform. Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "date_published": "2019-05-08T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app" ], "source": "MITRE", "title": "Quickstart: Register an application with the Microsoft identity platform" }, "related": [], "uuid": "36a06c99-55ca-4163-9450-c3b84ae10039", "value": "Microsoft - Azure AD App Registration - May 2019" }, { "description": "Microsoft. (2023, January 13). Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI. Retrieved September 25, 2023.", "meta": { "date_accessed": "2023-09-25T00:00:00Z", "date_published": "2023-01-13T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-cli" ], "source": "MITRE", "title": "Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI" }, "related": [], "uuid": "8f076aae-38c0-5335-9f7a-1e29b90fc33f", "value": "Microsoft Azure Key Vault" }, { "description": "Google. (2019, October 3). Quickstart: Using the dashboard. Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "date_published": "2019-10-03T00:00:00Z", "refs": [ "https://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard" ], "source": "MITRE", "title": "Quickstart: Using the dashboard" }, "related": [], "uuid": "a470fe2a-40ce-4060-8dfc-2cdb56bbc18b", "value": "Google Command Center Dashboard" }, { "description": "Antazo, F. and Yambao, M. (2016, August 10). R980 Ransomware Found Abusing Disposable Email Address Service. Retrieved October 13, 2020.", "meta": { "date_accessed": "2020-10-13T00:00:00Z", "date_published": "2016-08-10T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/r980-ransomware-disposable-email-service/" ], "source": "MITRE", "title": "R980 Ransomware Found Abusing Disposable Email Address Service" }, "related": [], "uuid": "6afd89ba-2f51-4192-82b3-d961cc86adf1", "value": "Trend Micro R980 2016" }, { "description": "Costa, F. (2022, May 1). RaaS AvosLocker Incident Response Analysis. Retrieved January 11, 2023.", "meta": { "date_accessed": "2023-01-11T00:00:00Z", "date_published": "2022-05-01T00:00:00Z", "refs": [ "https://www.linkedin.com/pulse/raas-avoslocker-incident-response-analysis-fl%C3%A1vio-costa?trk=articles_directory" ], "source": "MITRE", "title": "RaaS AvosLocker Incident Response Analysis" }, "related": [], "uuid": "a94268d8-6b7c-574b-a588-d8fd80c27fd3", "value": "Costa AvosLocker May 2022" }, { "description": "Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team - TDR. (2022, June 28). Raccoon Stealer v2 – Part 1: The return of the dead. Retrieved November 16, 2023.", "meta": { "date_accessed": "2023-11-16T00:00:00Z", "date_published": "2022-06-28T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/" ], "source": "Tidal Cyber", "title": "Raccoon Stealer v2 – Part 1: The return of the dead" }, "related": [], "uuid": "df0c9cbd-8692-497e-9f81-cf9e44a3a5cd", "value": "Sekoia.io Raccoon Stealer June 28 2022" }, { "description": "DOJ. (2018, March 23). U.S. v. Rafatnejad et al . Retrieved February 3, 2021.", "meta": { "date_accessed": "2021-02-03T00:00:00Z", "refs": [ "https://www.justice.gov/usao-sdny/press-release/file/1045781/download" ], "source": "MITRE", "title": "Rafatnejad et al" }, "related": [], "uuid": "7dfdccd5-d035-4678-89c1-f5f1630d7a79", "value": "DOJ Iran Indictments March 2018" }, { "description": "SophosLabs. (2020, May 21). Ragnar Locker ransomware deploys virtual machine to dodge security. Retrieved June 29, 2020.", "meta": { "date_accessed": "2020-06-29T00:00:00Z", "date_published": "2020-05-21T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/" ], "source": "MITRE", "title": "Ragnar Locker ransomware deploys virtual machine to dodge security" }, "related": [], "uuid": "04ed6dc0-45c2-4e36-8ec7-a75f6f715f0a", "value": "Sophos Ragnar May 2020" }, { "description": "Stringer, M.. (2018, November 21). RainDance. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "date_published": "2018-11-21T00:00:00Z", "refs": [ "https://github.com/True-Demon/raindance" ], "source": "MITRE", "title": "RainDance" }, "related": [], "uuid": "321bba10-06c6-4c4f-a3e0-318561fa0fed", "value": "GitHub Raindance" }, { "description": "Symantec Threat Hunter Team. (2021, January 18). Raindrop: New Malware Discovered in SolarWinds Investigation. Retrieved January 19, 2021.", "meta": { "date_accessed": "2021-01-19T00:00:00Z", "date_published": "2021-01-18T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware" ], "source": "MITRE", "title": "Raindrop: New Malware Discovered in SolarWinds Investigation" }, "related": [], "uuid": "9185092d-3d99-466d-b885-f4e76fe74b6b", "value": "Symantec RAINDROP January 2021" }, { "description": "Sanmillan, I.. (2020, May 13). Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks. Retrieved May 27, 2020.", "meta": { "date_accessed": "2020-05-27T00:00:00Z", "date_published": "2020-05-13T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/" ], "source": "MITRE", "title": "Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks" }, "related": [], "uuid": "3c149b0b-f37c-4d4e-aa61-351c87fd57ce", "value": "Eset Ramsay May 2020" }, { "description": "Ash, B., et al. (2018, June 26). RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families. Retrieved July 2, 2018.", "meta": { "date_accessed": "2018-07-02T00:00:00Z", "date_published": "2018-06-26T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/" ], "source": "MITRE, Tidal Cyber", "title": "RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families" }, "related": [], "uuid": "45098a85-a61f-491a-a549-f62b02dc2ecd", "value": "Rancor Unit42 June 2018" }, { "description": "FBI. (n.d.). Ransomware. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "refs": [ "https://www.cisa.gov/sites/default/files/Ransomware_Trifold_e-version.pdf" ], "source": "MITRE", "title": "Ransomware" }, "related": [], "uuid": "54e296c9-edcc-5af7-99be-b118da29711f", "value": "FBI-ransomware" }, { "description": "Singleton, C. and Kiefer, C. (2020, September 28). Ransomware 2020: Attack Trends Affecting Organizations Worldwide. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2020-09-28T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/" ], "source": "MITRE", "title": "Ransomware 2020: Attack Trends Affecting Organizations Worldwide" }, "related": [], "uuid": "eb767436-4a96-4e28-bd34-944842d7593e", "value": "IBM Ransomware Trends September 2020" }, { "description": "DHS/CISA. (2020, October 28). Ransomware Activity Targeting the Healthcare and Public Health Sector. Retrieved October 28, 2020.", "meta": { "date_accessed": "2020-10-28T00:00:00Z", "date_published": "2020-10-28T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/aa20-302a" ], "source": "MITRE, Tidal Cyber", "title": "Ransomware Activity Targeting the Healthcare and Public Health Sector" }, "related": [], "uuid": "984e86e6-32e4-493c-8172-3d29de4720cc", "value": "DHS/CISA Ransomware Targeting Healthcare October 2020" }, { "description": "Zafra, D., et al. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved March 2, 2021.", "meta": { "date_accessed": "2021-03-02T00:00:00Z", "date_published": "2020-02-24T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html" ], "source": "MITRE", "title": "Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT" }, "related": [], "uuid": "44856547-2de5-45ff-898f-a523095bd593", "value": "FireEye Ransomware Feb 2020" }, { "description": "Zafra, D. Lunden, K. Brubaker, N. Kennelly, J.. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved February 9, 2021.", "meta": { "date_accessed": "2021-02-09T00:00:00Z", "date_published": "2020-02-24T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html" ], "source": "MITRE", "title": "Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT" }, "related": [], "uuid": "9ffa0f35-98e4-4265-8b66-9c805a2b6525", "value": "FireEye Ransomware Disrupt Industrial Production" }, { "description": "Check Point. (2020, November 6). Ransomware Alert: Pay2Key. Retrieved January 4, 2021.", "meta": { "date_accessed": "2021-01-04T00:00:00Z", "date_published": "2020-11-06T00:00:00Z", "refs": [ "https://research.checkpoint.com/2020/ransomware-alert-pay2key/" ], "source": "MITRE", "title": "Ransomware Alert: Pay2Key" }, "related": [], "uuid": "e4ea263d-f70e-4f9c-92a1-cb0e565a5ae9", "value": "Check Point Pay2Key November 2020" }, { "description": "Microsoft. (2022, May 9). Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself. Retrieved March 10, 2023.", "meta": { "date_accessed": "2023-03-10T00:00:00Z", "date_published": "2022-05-09T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/" ], "source": "MITRE", "title": "Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself" }, "related": [], "uuid": "833018b5-6ef6-5327-9af5-1a551df25cd2", "value": "Microsoft Ransomware as a Service" }, { "description": "Mundo, A. (2020, March 26). Ransomware Maze. Retrieved May 18, 2020.", "meta": { "date_accessed": "2020-05-18T00:00:00Z", "date_published": "2020-03-26T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/" ], "source": "MITRE", "title": "Ransomware Maze" }, "related": [], "uuid": "627a14dd-5300-4f58-869c-0ec91ffb664e", "value": "McAfee Maze March 2020" }, { "description": "Sivagnanam Gn, Sean Gallagher. (2020, December 16). Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor. Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "date_published": "2020-12-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://news.sophos.com/en-us/2020/12/16/systembc/" ], "source": "Tidal Cyber", "title": "Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor" }, "related": [], "uuid": "eca1301f-deeb-4a97-8c4e-e61210706116", "value": "Sophos SystemBC December 16 2020" }, { "description": "Trend Micro Research. (2022, April 4). Ransomware Spotlight AvosLocker. Retrieved January 11, 2023.", "meta": { "date_accessed": "2023-01-11T00:00:00Z", "date_published": "2022-04-04T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-avoslocker" ], "source": "MITRE", "title": "Ransomware Spotlight AvosLocker" }, "related": [], "uuid": "01fdc732-0951-59e2-afaf-5fe761357e7f", "value": "Trend Micro AvosLocker Apr 2022" }, { "description": "Trend Micro. (2022, September 1). Ransomware Spotlight Black Basta. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2022-09-01T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbasta" ], "source": "MITRE", "title": "Ransomware Spotlight Black Basta" }, "related": [], "uuid": "1f2942ab-e6a9-5a50-b266-3436c8c0b5ec", "value": "Trend Micro Black Basta Spotlight September 2022" }, { "description": "Trend Micro Research. (2022, February 8). Ransomware Spotlight: LockBit. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "date_published": "2022-02-08T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-lockbit" ], "source": "Tidal Cyber", "title": "Ransomware Spotlight: LockBit" }, "related": [], "uuid": "f72dade0-ec82-40e7-96a0-9f124d59bd35", "value": "Trend Micro LockBit Spotlight February 08 2023" }, { "description": "Trend Micro Research. (2023, July 21). Ransomware Spotlight: Play. Retrieved August 10, 2023.", "meta": { "date_accessed": "2023-08-10T00:00:00Z", "date_published": "2023-07-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-play" ], "source": "Tidal Cyber", "title": "Ransomware Spotlight: Play" }, "related": [], "uuid": "6cf9c6f0-7818-45dd-9afc-f69e394c23e4", "value": "Trend Micro Play Spotlight July 21 2023" }, { "description": "Group IB. (2020, May). Ransomware Uncovered: Attackers’ Latest Methods. Retrieved August 5, 2020.", "meta": { "date_accessed": "2020-08-05T00:00:00Z", "date_published": "2020-05-01T00:00:00Z", "refs": [ "https://www.group-ib.com/whitepapers/ransomware-uncovered.html" ], "source": "MITRE", "title": "Ransomware Uncovered: Attackers’ Latest Methods" }, "related": [], "uuid": "18d20965-f1f4-439f-a4a3-34437ad1fe14", "value": "Group IB Ransomware May 2020" }, { "description": "joshhighet. (n.d.). ransomwatch. Retrieved June 30, 2023.", "meta": { "date_accessed": "2023-06-30T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.com/joshhighet/ransomwatch" ], "source": "Tidal Cyber", "title": "ransomwatch" }, "related": [], "uuid": "62037959-58e4-475a-bb91-ff360d20c1d7", "value": "GitHub ransomwatch" }, { "description": "mkz. (2020). rarfile 3.1. Retrieved February 20, 2020.", "meta": { "date_accessed": "2020-02-20T00:00:00Z", "date_published": "2020-01-01T00:00:00Z", "refs": [ "https://pypi.org/project/rarfile/" ], "source": "MITRE", "title": "rarfile 3.1" }, "related": [], "uuid": "e40d1cc8-b8c7-4f43-b6a7-c50a4f7bf1f0", "value": "PyPI RAR" }, { "description": "A. Roshal. (2020). RARLAB. Retrieved February 20, 2020.", "meta": { "date_accessed": "2020-02-20T00:00:00Z", "date_published": "2020-01-01T00:00:00Z", "refs": [ "https://www.rarlab.com/" ], "source": "MITRE", "title": "RARLAB" }, "related": [], "uuid": "c1334e4f-67c8-451f-b50a-86003f6e3d3b", "value": "WinRAR Homepage" }, { "description": "Aquino, M. (2013, June 13). RARSTONE Found In Targeted Attacks. Retrieved December 17, 2015.", "meta": { "date_accessed": "2015-12-17T00:00:00Z", "date_published": "2013-06-13T00:00:00Z", "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/rarstone-found-in-targeted-attacks/" ], "source": "MITRE", "title": "RARSTONE Found In Targeted Attacks" }, "related": [], "uuid": "2327592e-4e8a-481e-bdf9-d548c776adee", "value": "Aquino RARSTONE" }, { "description": "LOLBAS. (2020, January 10). Rasautou.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-01-10T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Rasautou/" ], "source": "Tidal Cyber", "title": "Rasautou.exe" }, "related": [], "uuid": "dc299f7a-403b-4a22-9386-0be3e160d185", "value": "Rasautou.exe - LOLBAS Project" }, { "description": "Lauren Podber, Stef Rand. (2022, May 5). Raspberry Robin gets the worm early. Retrieved May 19, 2023.", "meta": { "date_accessed": "2023-05-19T00:00:00Z", "date_published": "2022-05-05T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://redcanary.com/blog/raspberry-robin/" ], "source": "Tidal Cyber", "title": "Raspberry Robin gets the worm early" }, "related": [], "uuid": "fb04d89a-3f39-48be-b986-9c4eac4dd8a4", "value": "Red Canary Raspberry Robin May 2022" }, { "description": "Microsoft Threat Intelligence. (2022, October 27). Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity. Retrieved May 19, 2023.", "meta": { "date_accessed": "2023-05-19T00:00:00Z", "date_published": "2022-10-27T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/" ], "source": "Tidal Cyber", "title": "Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity" }, "related": [], "uuid": "8017e42a-8373-4d24-8d89-638a925b704b", "value": "Microsoft Security Raspberry Robin October 2022" }, { "description": "Dragos, Inc. (2018, August 2). RASPITE. Retrieved November 26, 2018.", "meta": { "date_accessed": "2018-11-26T00:00:00Z", "date_published": "2018-08-02T00:00:00Z", "refs": [ "https://www.dragos.com/blog/20180802Raspite.html" ], "source": "MITRE", "title": "RASPITE" }, "related": [], "uuid": "bf4ccd52-0a03-41b6-bde7-34ead90171c3", "value": "Dragos Raspite Aug 2018" }, { "description": "Trend Micro. (2017, February 27). RATANKBA: Delving into Large-scale Watering Holes against Enterprises. Retrieved May 22, 2018.", "meta": { "date_accessed": "2018-05-22T00:00:00Z", "date_published": "2017-02-27T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/17/b/ratankba-watering-holes-against-enterprises.html" ], "source": "MITRE", "title": "RATANKBA: Delving into Large-scale Watering Holes against Enterprises" }, "related": [], "uuid": "7d08ec64-7fb8-4520-b26b-95b0dee891fe", "value": "RATANKBA" }, { "description": "TrendLabs Security Intelligence Blog. (2015, April). RawPOS Technical Brief. Retrieved October 4, 2017.", "meta": { "date_accessed": "2017-10-04T00:00:00Z", "date_published": "2015-04-01T00:00:00Z", "refs": [ "http://sjc1-te-ftp.trendmicro.com/images/tex/pdf/RawPOS%20Technical%20Brief.pdf" ], "source": "MITRE", "title": "RawPOS Technical Brief" }, "related": [], "uuid": "e483ed86-713b-42c6-ad77-e9b889bbcb81", "value": "TrendMicro RawPOS April 2015" }, { "description": "Nick Craig-Wood. (n.d.). Rclone syncs your files to cloud storage. Retrieved August 30, 2022.", "meta": { "date_accessed": "2022-08-30T00:00:00Z", "refs": [ "https://rclone.org" ], "source": "MITRE", "title": "Rclone syncs your files to cloud storage" }, "related": [], "uuid": "3c7824de-d958-4254-beec-bc4e5ab989b0", "value": "Rclone" }, { "description": "Justin Schoenfeld and Aaron Didier. (2021, May 4). Rclone Wars: Transferring leverage in a ransomware attack. Retrieved August 30, 2022.", "meta": { "date_accessed": "2022-08-30T00:00:00Z", "date_published": "2021-05-04T00:00:00Z", "refs": [ "https://redcanary.com/blog/rclone-mega-extortion/" ], "source": "MITRE", "title": "Rclone Wars: Transferring leverage in a ransomware attack" }, "related": [], "uuid": "d47e5f7c-cf70-4f7c-ac83-57e4e1187485", "value": "Rclone Wars" }, { "description": "LOLBAS. (2018, May 25). rcsi.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Rcsi/" ], "source": "Tidal Cyber", "title": "rcsi.exe" }, "related": [], "uuid": "dc02058a-7ed3-4253-a976-6f99b9e91406", "value": "rcsi.exe - LOLBAS Project" }, { "description": "Beaumont, K. (2017, March 19). RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation. Retrieved December 11, 2017.", "meta": { "date_accessed": "2017-12-11T00:00:00Z", "date_published": "2017-03-19T00:00:00Z", "refs": [ "https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6" ], "source": "MITRE", "title": "RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation" }, "related": [], "uuid": "0a615508-c155-4004-86b8-916bbfd8ae42", "value": "RDP Hijacking Medium" }, { "description": "Stas'M Corp. (2014, October 22). RDP Wrapper Library by Stas'M. Retrieved March 28, 2022.", "meta": { "date_accessed": "2022-03-28T00:00:00Z", "date_published": "2014-10-22T00:00:00Z", "refs": [ "https://github.com/stascorp/rdpwrap" ], "source": "MITRE", "title": "RDP Wrapper Library by Stas'M" }, "related": [], "uuid": "777a0a6f-3684-4888-ae1b-adc386be763a", "value": "RDPWrap Github" }, { "description": "LOLBAS. (2022, May 18). rdrleakdiag.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-05-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Rdrleakdiag/" ], "source": "Tidal Cyber", "title": "rdrleakdiag.exe" }, "related": [], "uuid": "1feff728-2230-4a45-bd64-6093f8b42646", "value": "rdrleakdiag.exe - LOLBAS Project" }, { "description": "Faou, M. and Boutin, J. (2017, February). Read The Manual: A Guide to the RTM Banking Trojan. Retrieved March 9, 2017.", "meta": { "date_accessed": "2017-03-09T00:00:00Z", "date_published": "2017-02-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Read The Manual: A Guide to the RTM Banking Trojan" }, "related": [], "uuid": "ab2cced7-05b8-4788-8d3c-8eadb0aaf38c", "value": "ESET RTM Feb 2017" }, { "description": "Moran, N. (2013, May 20). Ready for Summer: The Sunshop Campaign. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "date_published": "2013-05-20T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2013/05/ready-for-summer-the-sunshop-campaign.html" ], "source": "MITRE", "title": "Ready for Summer: The Sunshop Campaign" }, "related": [], "uuid": "ec246c7a-3396-46f9-acc4-a100cb5e5fe6", "value": "FireEye Sunshop Campaign May 2013" }, { "description": "STEPHEN ECKELS. (2022, February 28). Ready, Set, Go — Golang Internals and Symbol Recovery. Retrieved September 29, 2022.", "meta": { "date_accessed": "2022-09-29T00:00:00Z", "date_published": "2022-02-28T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/golang-internals-symbol-recovery" ], "source": "MITRE", "title": "Ready, Set, Go — Golang Internals and Symbol Recovery" }, "related": [], "uuid": "60eb0109-9655-41ab-bf76-37b17bf9594a", "value": "Mandiant golang stripped binaries explanation" }, { "description": "Microsoft, EliotSeattle, et al. (2022, August 18). REAgentC command-line options. Retrieved October 19, 2022.", "meta": { "date_accessed": "2022-10-19T00:00:00Z", "date_published": "2022-08-18T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/reagentc-command-line-options?view=windows-11" ], "source": "MITRE", "title": "REAgentC command-line options" }, "related": [], "uuid": "d26c830b-c196-5503-bf8c-4cfe90a6e7e5", "value": "reagentc_cmd" }, { "description": "Berk Veral. (2020, March 9). Real-life cybercrime stories from DART, the Microsoft Detection and Response Team. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2020-03-09T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2020/03/09/real-life-cybercrime-stories-dart-microsoft-detection-and-response-team" ], "source": "MITRE", "title": "Real-life cybercrime stories from DART, the Microsoft Detection and Response Team" }, "related": [], "uuid": "bd8c6a86-1a63-49cd-a97f-3d119e4223d4", "value": "Microsoft DART Case Report 001" }, { "description": "Siles, R. (2003, August). Real World ARP Spoofing. Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "date_published": "2003-08-01T00:00:00Z", "refs": [ "https://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411" ], "source": "MITRE", "title": "Real World ARP Spoofing" }, "related": [], "uuid": "1f9f5bfc-c044-4046-8586-39163a305c1e", "value": "Sans ARP Spoofing Aug 2003" }, { "description": "Github. (n.d.). Receiving webhooks with the GitHub CLI. Retrieved August 4, 2023.", "meta": { "date_accessed": "2023-08-04T00:00:00Z", "refs": [ "https://docs.github.com/en/webhooks-and-events/webhooks/receiving-webhooks-with-the-github-cli" ], "source": "MITRE", "title": "Receiving webhooks with the GitHub CLI" }, "related": [], "uuid": "8ddee62e-adc0-5b28-b271-4b14b01f84c1", "value": "Github CLI Create Webhook" }, { "description": "GReAT. (2019, August 12). Recent Cloud Atlas activity. Retrieved May 8, 2020.", "meta": { "date_accessed": "2020-05-08T00:00:00Z", "date_published": "2019-08-12T00:00:00Z", "refs": [ "https://securelist.com/recent-cloud-atlas-activity/92016/" ], "source": "MITRE", "title": "Recent Cloud Atlas activity" }, "related": [], "uuid": "4c3ae600-0787-4847-b528-ae3e8ff1b5ef", "value": "Kaspersky Cloud Atlas August 2019" }, { "description": "Adamitis, D. et al. (2019, May 20). Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques. Retrieved June 5, 2019.", "meta": { "date_accessed": "2019-06-05T00:00:00Z", "date_published": "2019-05-20T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html" ], "source": "MITRE", "title": "Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques" }, "related": [], "uuid": "5b8b6429-14ef-466b-b806-5603e694efc1", "value": "Talos MuddyWater May 2019" }, { "description": "Free Desktop. (2017, December 24). Recognized Desktop Entry Keys. Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "date_published": "2017-12-24T00:00:00Z", "refs": [ "https://specifications.freedesktop.org/desktop-entry-spec/1.2/ar01s06.html" ], "source": "MITRE", "title": "Recognized Desktop Entry Keys" }, "related": [], "uuid": "4ffb9866-1cf4-46d1-b7e5-d75bd98de018", "value": "Free Desktop Entry Keys" }, { "description": "Insikt Group (Recorded Future). (2017, May 17). Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3. Retrieved June 18, 2017.", "meta": { "date_accessed": "2017-06-18T00:00:00Z", "date_published": "2017-05-17T00:00:00Z", "refs": [ "https://www.recordedfuture.com/chinese-mss-behind-apt3/" ], "source": "MITRE", "title": "Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3" }, "related": [], "uuid": "a894d79f-5977-4ef9-9aa5-7bfec795ceb2", "value": "Recorded Future APT3 May 2017" }, { "description": "Chen, J. and Hsieh, M. (2017, November 7). REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography. Retrieved December 27, 2017.", "meta": { "date_accessed": "2017-12-27T00:00:00Z", "date_published": "2017-11-07T00:00:00Z", "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/" ], "source": "MITRE, Tidal Cyber", "title": "REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography" }, "related": [], "uuid": "4ca0e6a9-8c20-49a0-957a-7108083a8a29", "value": "Trend Micro Daserf Nov 2017" }, { "description": "Jahoda, M. et al.. (2017, March 14). redhat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-03-14T00:00:00Z", "refs": [ "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing" ], "source": "MITRE", "title": "redhat Security Guide - Chapter 7 - System Auditing" }, "related": [], "uuid": "cdedab06-7745-4a5e-aa62-00ed81ccc8d0", "value": "RHEL auditd" }, { "description": "Jahoda, M. et al.. (2017, March 14). Red Hat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-03-14T00:00:00Z", "refs": [ "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing" ], "source": "MITRE", "title": "Red Hat Security Guide - Chapter 7 - System Auditing" }, "related": [], "uuid": "599337b3-8587-5578-9be5-e6e4f0edd0ef", "value": "Red Hat System Auditing" }, { "description": "Cylance. (2015, April 13). Redirect to SMB. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "date_published": "2015-04-13T00:00:00Z", "refs": [ "https://www.cylance.com/content/dam/cylance/pdfs/white_papers/RedirectToSMB.pdf" ], "source": "MITRE", "title": "Redirect to SMB" }, "related": [], "uuid": "32c7626a-b284-424c-8294-7fac37e71336", "value": "Cylance Redirect to SMB" }, { "description": "Felch, M.. (2018, August 31). Red Teaming Microsoft Part 1 Active Directory Leaks via Azure. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "date_published": "2018-08-31T00:00:00Z", "refs": [ "https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/" ], "source": "MITRE", "title": "Red Teaming Microsoft Part 1 Active Directory Leaks via Azure" }, "related": [], "uuid": "48971032-8fa2-40ff-adef-e91d7109b859", "value": "Black Hills Red Teaming MS AD Azure, 2018" }, { "description": "de Plaa, C. (2019, June 19). Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2019-06-19T00:00:00Z", "refs": [ "https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/" ], "source": "MITRE", "title": "Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR" }, "related": [], "uuid": "c4c3370a-2d6b-4ebd-961e-58d584066377", "value": "OutFlank System Calls" }, { "description": "US-CERT. (2017, June 5). Reducing the Risk of SNMP Abuse. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2017-06-05T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/TA17-156A" ], "source": "MITRE", "title": "Reducing the Risk of SNMP Abuse" }, "related": [], "uuid": "82b814f3-2853-48a9-93ff-701d16d97535", "value": "US-CERT TA17-156A SNMP Abuse 2017" }, { "description": "Marek Majkowsk, Cloudflare. (2017, May 24). Reflections on reflection (attacks). Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2017-05-24T00:00:00Z", "refs": [ "https://blog.cloudflare.com/reflections-on-reflections/" ], "source": "MITRE", "title": "Reflections on reflection (attacks)" }, "related": [], "uuid": "a6914c13-f95f-4c30-a129-905ed43e3454", "value": "Cloudflare ReflectionDoS May 2017" }, { "description": "Karen Victor. (2020, May 18). Reflective Loading Runs Netwalker Fileless Ransomware. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2020-05-18T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/20/e/netwalker-fileless-ransomware-injected-via-reflective-loading.html" ], "source": "MITRE", "title": "Reflective Loading Runs Netwalker Fileless Ransomware" }, "related": [], "uuid": "2d4cb6f1-bc44-454b-94c1-88a81324903e", "value": "Trend Micro" }, { "description": "Microsoft. (2012, April 17). Reg. Retrieved May 1, 2015.", "meta": { "date_accessed": "2015-05-01T00:00:00Z", "date_published": "2012-04-17T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc732643.aspx" ], "source": "MITRE", "title": "Reg" }, "related": [], "uuid": "1e1b21bd-18b3-4c77-8eb8-911b028ab603", "value": "Microsoft Reg" }, { "description": "LOLBAS. (n.d.). Regasm.exe. Retrieved July 31, 2019.", "meta": { "date_accessed": "2019-07-31T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Regasm/" ], "source": "MITRE", "title": "Regasm.exe" }, "related": [], "uuid": "b6a3356f-72c2-4ec2-a276-2432eb691055", "value": "LOLBAS Regasm" }, { "description": "Microsoft. (n.d.). Regasm.exe (Assembly Registration Tool). Retrieved July 1, 2016.", "meta": { "date_accessed": "2016-07-01T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/tzat5yw6.aspx" ], "source": "MITRE", "title": "Regasm.exe (Assembly Registration Tool)" }, "related": [], "uuid": "66a3de54-4a16-4b1b-b18f-e3842aeb7b40", "value": "MSDN Regasm" }, { "description": "Russinovich, M. & Sharkey, K. (2016, July 4). RegDelNull v1.11. Retrieved August 10, 2018.", "meta": { "date_accessed": "2018-08-10T00:00:00Z", "date_published": "2016-07-04T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/sysinternals/downloads/regdelnull" ], "source": "MITRE", "title": "RegDelNull v1.11" }, "related": [], "uuid": "d34d35ee-9d0b-4556-ad19-04cfa9001bf2", "value": "Microsoft RegDelNull July 2016" }, { "description": "LOLBAS. (2018, May 25). Regedit.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Regedit/" ], "source": "Tidal Cyber", "title": "Regedit.exe" }, "related": [], "uuid": "86e47198-751b-4754-8741-6dd8f2960416", "value": "Regedit.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Reg.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Reg/" ], "source": "Tidal Cyber", "title": "Reg.exe" }, "related": [], "uuid": "ba0e31a1-125b-43c3-adf0-567ca393eeab", "value": "Reg.exe - LOLBAS Project" }, { "description": "Russinovich, M. & Sharkey, K. (2006, January 10). Reghide. Retrieved August 9, 2018.", "meta": { "date_accessed": "2018-08-09T00:00:00Z", "date_published": "2006-01-10T00:00:00Z", "refs": [ "https://docs.microsoft.com/sysinternals/downloads/reghide" ], "source": "MITRE", "title": "Reghide" }, "related": [], "uuid": "42503ec7-f5da-4116-a3b3-a1b18a66eed3", "value": "Microsoft Reghide NOV 2006" }, { "description": "LOLBAS. (2020, July 3). Regini.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-07-03T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Regini/" ], "source": "Tidal Cyber", "title": "Regini.exe" }, "related": [], "uuid": "db2573d2-6ecd-4c5a-b038-2f799f9723ae", "value": "Regini.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Register-cimprovider.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Register-cimprovider/" ], "source": "Tidal Cyber", "title": "Register-cimprovider.exe" }, "related": [], "uuid": "d445d016-c4f1-45c8-929d-913867275417", "value": "Register-cimprovider.exe - LOLBAS Project" }, { "description": "Microsoft. (2018, May 31). Registry. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry" ], "source": "MITRE", "title": "Registry" }, "related": [], "uuid": "08dc94ff-a289-45bd-93c2-1183fd507493", "value": "Microsoft Registry" }, { "description": "Tilbury, C. (2014, August 28). Registry Analysis with CrowdResponse. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-08-28T00:00:00Z", "refs": [ "http://blog.crowdstrike.com/registry-analysis-with-crowdresponse/" ], "source": "MITRE", "title": "Registry Analysis with CrowdResponse" }, "related": [], "uuid": "136325ee-0712-49dd-b3ab-a6f2bfb218b0", "value": "Tilbury 2014" }, { "description": "Microsoft. (2013, February 4). Registry-Free Profiler Startup and Attach. Retrieved June 24, 2020.", "meta": { "date_accessed": "2020-06-24T00:00:00Z", "date_published": "2013-02-04T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ee471451(v=vs.100)" ], "source": "MITRE", "title": "Registry-Free Profiler Startup and Attach" }, "related": [], "uuid": "4e85ef68-dfb7-4db3-ac76-92f4b78cb1cd", "value": "Microsoft COR_PROFILER Feb 2013" }, { "description": "Microsoft. (2016, August 31). Registry (Global Object Access Auditing). Retrieved January 31, 2018.", "meta": { "date_accessed": "2018-01-31T00:00:00Z", "date_published": "2016-08-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn311461(v=ws.11)" ], "source": "MITRE", "title": "Registry (Global Object Access Auditing)" }, "related": [], "uuid": "f58ac1e4-c470-4aac-a077-7f358e25b0fa", "value": "Microsoft Registry Auditing Aug 2016" }, { "description": "Microsoft. (n.d.). Registry Key Security and Access Rights. Retrieved March 16, 2017.", "meta": { "date_accessed": "2017-03-16T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms724878.aspx" ], "source": "MITRE", "title": "Registry Key Security and Access Rights" }, "related": [], "uuid": "c5627d86-1b59-4c2a-aac0-88f1b4dc6974", "value": "MSDN Registry Key Security" }, { "description": "Microsoft. (2018, May 31). Registry Key Security and Access Rights. Retrieved March 16, 2017.", "meta": { "date_accessed": "2017-03-16T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Registry Key Security and Access Rights" }, "related": [], "uuid": "f8f12cbb-029c-48b1-87ce-624a7f98c8ab", "value": "Registry Key Security" }, { "description": "Microsoft. (2021, December 14). Registry Trees for Devices and Drivers. Retrieved March 28, 2023.", "meta": { "date_accessed": "2023-03-28T00:00:00Z", "date_published": "2021-12-14T00:00:00Z", "refs": [ "https://learn.microsoft.com/windows-hardware/drivers/install/overview-of-registry-trees-and-keys" ], "source": "MITRE", "title": "Registry Trees for Devices and Drivers" }, "related": [], "uuid": "4bde767e-d4a7-56c5-9aa3-b3f3cc2e3e70", "value": "Microsoft Registry Drivers" }, { "description": "Microsoft. (n.d.). Registry Values for System-Wide Security. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/windows/desktop/ms694331(v=vs.85).aspx" ], "source": "MITRE", "title": "Registry Values for System-Wide Security" }, "related": [], "uuid": "e0836ebc-66fd-46ac-adf6-727b46f2fb38", "value": "Microsoft System Wide Com Keys" }, { "description": "LOLBAS. (n.d.). Regsvcs.exe. Retrieved July 31, 2019.", "meta": { "date_accessed": "2019-07-31T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Regsvcs/" ], "source": "MITRE", "title": "Regsvcs.exe" }, "related": [], "uuid": "3f669f4c-0b94-4b78-ad3e-fd62f7600902", "value": "LOLBAS Regsvcs" }, { "description": "Microsoft. (n.d.). Regsvcs.exe (.NET Services Installation Tool). Retrieved July 1, 2016.", "meta": { "date_accessed": "2016-07-01T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/04za0hca.aspx" ], "source": "MITRE", "title": "Regsvcs.exe (.NET Services Installation Tool)" }, "related": [], "uuid": "4f3651df-159e-4006-8cb6-de0d0712a194", "value": "MSDN Regsvcs" }, { "description": "LOLBAS. (n.d.). Regsvr32.exe. Retrieved July 31, 2019.", "meta": { "date_accessed": "2019-07-31T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Regsvr32/" ], "source": "MITRE", "title": "Regsvr32.exe" }, "related": [], "uuid": "8e32abef-534e-475a-baad-946b6ec681c1", "value": "LOLBAS Regsvr32" }, { "description": "Bacurio, F., Salvio, J. (2017, February 14). REMCOS: A New RAT In The Wild. Retrieved November 6, 2018.", "meta": { "date_accessed": "2018-11-06T00:00:00Z", "date_published": "2017-02-14T00:00:00Z", "refs": [ "https://www.fortinet.com/blog/threat-research/remcos-a-new-rat-in-the-wild-2.html" ], "source": "MITRE", "title": "REMCOS: A New RAT In The Wild" }, "related": [], "uuid": "c4d5d6e7-47c0-457a-b396-53d34f87e444", "value": "Fortinet Remcos Feb 2017" }, { "description": "Mandiant. (2022, August). Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-08-01T00:00:00Z", "refs": [ "https://www.mandiant.com/sites/default/files/2022-08/remediation-hardening-strategies-for-m365-defend-against-apt29-white-paper.pdf" ], "source": "MITRE", "title": "Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29" }, "related": [], "uuid": "4054604b-7c0f-5012-b40c-2b117f6b54c2", "value": "Mandiant Remediation and Hardening Strategies for Microsoft 365" }, { "description": "Mandiant. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved January 22, 2021.", "meta": { "date_accessed": "2021-01-22T00:00:00Z", "date_published": "2021-01-19T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/collateral/en/wp-m-unc2452.pdf" ], "source": "MITRE", "title": "Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452" }, "related": [], "uuid": "ed031297-d0f5-44a7-9723-ba692e923a6e", "value": "Mandiant Defend UNC2452 White Paper" }, { "description": "Mike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved September 25, 2021.", "meta": { "date_accessed": "2021-09-25T00:00:00Z", "date_published": "2021-01-19T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html" ], "source": "MITRE", "title": "Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452" }, "related": [], "uuid": "7aa5c294-df8e-4994-9b9e-69444d75ef37", "value": "Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452" }, { "description": "Microsoft. (n.d.). Remote Desktop Services. Retrieved June 1, 2016.", "meta": { "date_accessed": "2016-06-01T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx" ], "source": "MITRE", "title": "Remote Desktop Services" }, "related": [], "uuid": "b8fc1bdf-f602-4a9b-a51c-fa49e70f24cd", "value": "TechNet Remote Desktop Services" }, { "description": "LOLBAS. (2021, June 1). Remote.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-06-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Remote/" ], "source": "Tidal Cyber", "title": "Remote.exe" }, "related": [], "uuid": "9a298f83-80b8-45a3-9f63-6119be6621b4", "value": "Remote.exe - LOLBAS Project" }, { "description": "Margosis, A.. (2018, December 10). Remote Use of Local Accounts: LAPS Changes Everything. Retrieved March 13, 2020.", "meta": { "date_accessed": "2020-03-13T00:00:00Z", "date_published": "2018-12-10T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/secguide/2018/12/10/remote-use-of-local-accounts-laps-changes-everything/" ], "source": "MITRE", "title": "Remote Use of Local Accounts: LAPS Changes Everything" }, "related": [], "uuid": "2239d595-4b80-4828-9d06-f8de221f9534", "value": "Microsoft Remote Use of Local" }, { "description": "Sittikorn S. (2022, April 15). Removal Of SD Value to Hide Schedule Task - Registry. Retrieved June 1, 2022.", "meta": { "date_accessed": "2022-06-01T00:00:00Z", "date_published": "2022-04-15T00:00:00Z", "refs": [ "https://github.com/SigmaHQ/sigma/blob/master/rules/windows/registry/registry_delete/registry_delete_schtasks_hide_task_via_sd_value_removal.yml" ], "source": "MITRE", "title": "Removal Of SD Value to Hide Schedule Task - Registry" }, "related": [], "uuid": "27812e3f-9177-42ad-8681-91c65aba4743", "value": "SigmaHQ" }, { "description": "Heiligenstein, L. (n.d.). REP-25: Disable Windows Event Logging. Retrieved April 7, 2022.", "meta": { "date_accessed": "2022-04-07T00:00:00Z", "refs": [ "https://ptylu.github.io/content/report/report.html?report=25" ], "source": "MITRE", "title": "REP-25: Disable Windows Event Logging" }, "related": [], "uuid": "408c0c8c-5d8e-5ebe-bd31-81b405c615d8", "value": "disable_win_evt_logging" }, { "description": "Brower, N., Lich, B. (2017, April 19). Replace a process level token. Retrieved December 19, 2017.", "meta": { "date_accessed": "2017-12-19T00:00:00Z", "date_published": "2017-04-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/device-security/security-policy-settings/replace-a-process-level-token" ], "source": "MITRE", "title": "Replace a process level token" }, "related": [], "uuid": "75130a36-e859-438b-9536-410c2831b2de", "value": "Microsoft Replace Process Token" }, { "description": "LOLBAS. (2018, May 25). Replace.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Replace/" ], "source": "Tidal Cyber", "title": "Replace.exe" }, "related": [], "uuid": "82a473e9-208c-4c47-bf38-92aee43238dd", "value": "Replace.exe - LOLBAS Project" }, { "description": "Bugcrowd. (n.d.). Replay Attack. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "refs": [ "https://www.bugcrowd.com/glossary/replay-attack/" ], "source": "MITRE", "title": "Replay Attack" }, "related": [], "uuid": "ed31056c-23cb-5cb0-9b70-f363c54b27f7", "value": "Bugcrowd Replay Attack" }, { "description": "Apple. (n.d.). Reply to, forward, or redirect emails in Mail on Mac. Retrieved June 22, 2021.", "meta": { "date_accessed": "2021-06-22T00:00:00Z", "refs": [ "https://support.apple.com/guide/mail/reply-to-forward-or-redirect-emails-mlhlp1010/mac" ], "source": "MITRE", "title": "Reply to, forward, or redirect emails in Mail on Mac" }, "related": [], "uuid": "0ff40575-cd2d-4a70-a07b-fff85f520062", "value": "Mac Forwarding Rules" }, { "description": "Augusto, I. (2018, March 8). Reptile - LMK Linux rootkit. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2018-03-08T00:00:00Z", "refs": [ "https://github.com/f0rb1dd3n/Reptile" ], "source": "MITRE", "title": "Reptile - LMK Linux rootkit" }, "related": [], "uuid": "6e8cc88a-fb3f-4464-9380-868f597def6e", "value": "GitHub Reptile" }, { "description": "AWS. (n.d.). Requesting temporary security credentials. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html" ], "source": "MITRE", "title": "Requesting temporary security credentials" }, "related": [], "uuid": "c6f29134-5af2-42e1-af4f-fbb9eae03432", "value": "AWS Temporary Security Credentials" }, { "description": "Sean Gallagher. (2017, April 21). Researchers claim China trying to hack South Korea missile defense efforts. Retrieved October 17, 2021.", "meta": { "date_accessed": "2021-10-17T00:00:00Z", "date_published": "2017-04-21T00:00:00Z", "refs": [ "https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/" ], "source": "MITRE, Tidal Cyber", "title": "Researchers claim China trying to hack South Korea missile defense efforts" }, "related": [], "uuid": "c9c647b6-f4fb-44d6-9376-23c1ae9520b4", "value": "ARS Technica China Hack SK April 2017" }, { "description": "Zetter, K. (2019, October 3). Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC. Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "date_published": "2019-10-03T00:00:00Z", "refs": [ "https://www.vice.com/en/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec" ], "source": "MITRE", "title": "Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC" }, "related": [], "uuid": "5f28adee-1313-48ec-895c-27341bd1071f", "value": "Wired SandCat Oct 2019" }, { "description": "Moe, O. (2017, August 15). Research on CMSTP.exe. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2017-08-15T00:00:00Z", "refs": [ "https://msitpros.com/?p=3960" ], "source": "MITRE", "title": "Research on CMSTP.exe" }, "related": [], "uuid": "8dbbf13b-e73c-43c2-a053-7b07fdf25c85", "value": "MSitPros CMSTP Aug 2017" }, { "description": "Phil Stokes. (2020, November 5). Resourceful macOS Malware Hides in Named Fork. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2020-11-05T00:00:00Z", "refs": [ "https://www.sentinelone.com/labs/resourceful-macos-malware-hides-in-named-fork/" ], "source": "MITRE", "title": "Resourceful macOS Malware Hides in Named Fork" }, "related": [], "uuid": "0008dfd8-25a1-4e6a-9154-da7bcbb7daa7", "value": "sentinellabs resource named fork 2020" }, { "description": "Gaffie, L. (2016, August 25). Responder. Retrieved November 17, 2017.", "meta": { "date_accessed": "2017-11-17T00:00:00Z", "date_published": "2016-08-25T00:00:00Z", "refs": [ "https://github.com/SpiderLabs/Responder" ], "source": "MITRE", "title": "Responder" }, "related": [], "uuid": "3ef681a9-4ab0-420b-9d1a-b8152c50b3ca", "value": "GitHub Responder" }, { "description": "Sadowski, J; Hall, R. (2022, March 4). Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation. Retrieved June 9, 2022.", "meta": { "date_accessed": "2022-06-09T00:00:00Z", "date_published": "2022-03-04T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation" ], "source": "MITRE", "title": "Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation" }, "related": [], "uuid": "63d89139-9dd4-4ed6-bf6e-8cd872c5d034", "value": "Mandiant UNC2589 March 2022" }, { "description": "Falcon Complete Team. (2021, May 11). Response When Minutes Matter: Rising Up Against Ransomware. Retrieved October 8, 2021.", "meta": { "date_accessed": "2021-10-08T00:00:00Z", "date_published": "2021-05-11T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-big-game-hunting-ransomware-attack/" ], "source": "MITRE", "title": "Response When Minutes Matter: Rising Up Against Ransomware" }, "related": [], "uuid": "a4cb3caf-e7ef-4662-93c6-63a0c3352a32", "value": "CrowdStrike BGH Ransomware 2021" }, { "description": "Google. (2019, October 7). Restoring and deleting persistent disk snapshots. Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "date_published": "2019-10-07T00:00:00Z", "refs": [ "https://cloud.google.com/compute/docs/disks/restore-and-delete-snapshots" ], "source": "MITRE", "title": "Restoring and deleting persistent disk snapshots" }, "related": [], "uuid": "ffa46676-518e-4fef-965d-e91efae95dfc", "value": "Google - Restore Cloud Snapshot" }, { "description": "Google. (n.d.). Rest Resource: instance. Retrieved March 3, 2020.", "meta": { "date_accessed": "2020-03-03T00:00:00Z", "refs": [ "https://cloud.google.com/compute/docs/reference/rest/v1/instances" ], "source": "MITRE", "title": "Rest Resource: instance" }, "related": [], "uuid": "9733447c-072f-4da8-9cc7-0a0ce6a3b820", "value": "Google Instances Resource" }, { "description": "Secureworks. (2019, July 24). Resurgent Iron Liberty Targeting Energy Sector. Retrieved August 12, 2020.", "meta": { "date_accessed": "2020-08-12T00:00:00Z", "date_published": "2019-07-24T00:00:00Z", "refs": [ "https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector" ], "source": "MITRE, Tidal Cyber", "title": "Resurgent Iron Liberty Targeting Energy Sector" }, "related": [], "uuid": "c666200d-5392-43f2-9ad0-1268d7b2e86f", "value": "Secureworks IRON LIBERTY July 2019" }, { "description": "Levene, B., Falcone, R., Grunzweig, J., Lee, B., Olson, R. (2015, August 20). Retefe Banking Trojan Targets Sweden, Switzerland and Japan. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2015-08-20T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/" ], "source": "MITRE", "title": "Retefe Banking Trojan Targets Sweden, Switzerland and Japan" }, "related": [], "uuid": "52f841b0-10a8-4f48-8265-5b336489ff80", "value": "Palo Alto Retefe" }, { "description": "AWS. (n.d.). Retrieve secrets from AWS Secrets Manager. Retrieved September 25, 2023.", "meta": { "date_accessed": "2023-09-25T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html" ], "source": "MITRE", "title": "Retrieve secrets from AWS Secrets Manager" }, "related": [], "uuid": "ec87e183-3018-5cac-9fab-711003be54f7", "value": "AWS Secrets Manager" }, { "description": "Grafnetter, M. (2015, October 26). Retrieving DPAPI Backup Keys from Active Directory. Retrieved December 19, 2017.", "meta": { "date_accessed": "2017-12-19T00:00:00Z", "date_published": "2015-10-26T00:00:00Z", "refs": [ "https://www.dsinternals.com/en/retrieving-dpapi-backup-keys-from-active-directory/" ], "source": "MITRE", "title": "Retrieving DPAPI Backup Keys from Active Directory" }, "related": [], "uuid": "e48dc4ce-e7c5-44e4-b033-7ab4bbdbe1cb", "value": "Directory Services Internals DPAPI Backup Keys Oct 2015" }, { "description": "Jazi, Hossein. (2021, January 6). Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat. Retrieved March 22, 2022.", "meta": { "date_accessed": "2022-03-22T00:00:00Z", "date_published": "2021-01-06T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/" ], "source": "MITRE", "title": "Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat" }, "related": [], "uuid": "62ad7dbc-3ed2-4fa5-a56a-2810ce131167", "value": "Malwarebytes RokRAT VBA January 2021" }, { "description": "Sharma, R. (2018, August 15). Revamped jRAT Uses New Anti-Parsing Techniques. Retrieved September 21, 2018.", "meta": { "date_accessed": "2018-09-21T00:00:00Z", "date_published": "2018-08-15T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/jrat-new-anti-parsing-techniques" ], "source": "MITRE", "title": "Revamped jRAT Uses New Anti-Parsing Techniques" }, "related": [], "uuid": "8aed9534-2ec6-4c9f-b63b-9bb135432cfb", "value": "jRAT Symantec Aug 2018" }, { "description": "Lorber, N. (2021, May 7). Revealing the Snip3 Crypter, a Highly Evasive RAT Loader. Retrieved September 13, 2023.", "meta": { "date_accessed": "2023-09-13T00:00:00Z", "date_published": "2021-05-07T00:00:00Z", "refs": [ "https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader" ], "source": "MITRE", "title": "Revealing the Snip3 Crypter, a Highly Evasive RAT Loader" }, "related": [], "uuid": "abe44c50-8347-5c98-8b04-d41afbe59d4c", "value": "Morphisec Snip3 May 2021" }, { "description": "Microsoft. (2016, June 9). Reverse-engineering DUBNIUM. Retrieved March 31, 2021.", "meta": { "date_accessed": "2021-03-31T00:00:00Z", "date_published": "2016-06-09T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2016/06/09/reverse-engineering-dubnium-2/" ], "source": "MITRE", "title": "Reverse-engineering DUBNIUM" }, "related": [], "uuid": "ae28afad-e2d6-4c3c-a309-ee7c44a3e586", "value": "Microsoft DUBNIUM June 2016" }, { "description": "Microsoft. (2016, June 20). Reverse-engineering DUBNIUM’s Flash-targeting exploit. Retrieved March 31, 2021.", "meta": { "date_accessed": "2021-03-31T00:00:00Z", "date_published": "2016-06-20T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2016/06/20/reverse-engineering-dubniums-flash-targeting-exploit/" ], "source": "MITRE", "title": "Reverse-engineering DUBNIUM’s Flash-targeting exploit" }, "related": [], "uuid": "999a471e-6373-463b-a77b-d3020b4a8702", "value": "Microsoft DUBNIUM Flash June 2016" }, { "description": "Microsoft. (2016, July 14). Reverse engineering DUBNIUM – Stage 2 payload analysis . Retrieved March 31, 2021.", "meta": { "date_accessed": "2021-03-31T00:00:00Z", "date_published": "2016-07-14T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2016/07/14/reverse-engineering-dubnium-stage-2-payload-analysis/" ], "source": "MITRE", "title": "Reverse engineering DUBNIUM – Stage 2 payload analysis" }, "related": [], "uuid": "e1bd8fb3-e0b4-4659-85a1-d37e1c3d167f", "value": "Microsoft DUBNIUM July 2016" }, { "description": "Cyber Safety Review Board. (2023, July 24). Review of the Attacks Associated with LAPSUS$ and Related Threat Groups. Retrieved November 16, 2023.", "meta": { "date_accessed": "2023-11-16T00:00:00Z", "date_published": "2023-07-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf" ], "source": "Tidal Cyber", "title": "Review of the Attacks Associated with LAPSUS$ and Related Threat Groups" }, "related": [], "uuid": "f8311977-303c-4d05-a7f4-25b3ae36318b", "value": "CSRB LAPSUS$ July 24 2023" }, { "description": "Intel 471 Malware Intelligence team. (2020, March 31). REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "date_published": "2020-03-31T00:00:00Z", "refs": [ "https://intel471.com/blog/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/" ], "source": "MITRE", "title": "REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation" }, "related": [], "uuid": "b939dc98-e00e-4d47-84a4-3eaaeb5c0abf", "value": "Intel 471 REvil March 2020" }, { "description": "Abrams, L. (2021, March 19). REvil ransomware has a new ‘Windows Safe Mode’ encryption mode. Retrieved June 23, 2021.", "meta": { "date_accessed": "2021-06-23T00:00:00Z", "date_published": "2021-03-19T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/" ], "source": "MITRE", "title": "REvil ransomware has a new ‘Windows Safe Mode’ encryption mode" }, "related": [], "uuid": "790ef274-aea4-49b7-8b59-1b95185c5f50", "value": "BleepingComputer REvil 2021" }, { "description": "Counter Threat Unit Research Team. (2019, September 24). REvil/Sodinokibi Ransomware. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "date_published": "2019-09-24T00:00:00Z", "refs": [ "https://www.secureworks.com/research/revil-sodinokibi-ransomware" ], "source": "MITRE, Tidal Cyber", "title": "REvil/Sodinokibi Ransomware" }, "related": [], "uuid": "8f4e2baf-4227-4bbd-bfdb-5598717dcf88", "value": "Secureworks REvil September 2019" }, { "description": "Secureworks . (2019, September 24). REvil: The GandCrab Connection. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "date_published": "2019-09-24T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/revil-the-gandcrab-connection" ], "source": "MITRE", "title": "REvil: The GandCrab Connection" }, "related": [], "uuid": "46b5d57b-17be-48ff-b723-406f6a55d84a", "value": "Secureworks GandCrab and REvil September 2019" }, { "description": "Nelson, M. (2018, January 29). Reviving DDE: Using OneNote and Excel for Code Execution. Retrieved February 3, 2018.", "meta": { "date_accessed": "2018-02-03T00:00:00Z", "date_published": "2018-01-29T00:00:00Z", "refs": [ "https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee" ], "source": "MITRE", "title": "Reviving DDE: Using OneNote and Excel for Code Execution" }, "related": [], "uuid": "188a0f02-8d1e-4e4e-b2c0-ddf1bf1bdf93", "value": "Enigma Reviving DDE Jan 2018" }, { "description": "Bohannon, D. (2017, July 27). Revoke-Obfuscation. Retrieved February 12, 2018.", "meta": { "date_accessed": "2018-02-12T00:00:00Z", "date_published": "2017-07-27T00:00:00Z", "refs": [ "https://github.com/danielbohannon/Revoke-Obfuscation" ], "source": "MITRE", "title": "Revoke-Obfuscation" }, "related": [], "uuid": "3624d75e-be50-4c10-9e8a-28523568ff9f", "value": "GitHub Revoke-Obfuscation" }, { "description": "Bohannon, D. & Holmes, L. (2017, July 27). Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science. Retrieved February 12, 2018.", "meta": { "date_accessed": "2018-02-12T00:00:00Z", "date_published": "2017-07-27T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf" ], "source": "MITRE", "title": "Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science" }, "related": [], "uuid": "e03e9d19-18bb-4d28-8c96-8c1cef89a20b", "value": "FireEye Revoke-Obfuscation July 2017" }, { "description": "Health Sector Cybersecurity Coordination Center (HC3). (2023, August 4). Rhysida Ransomware. Retrieved August 11, 2023.", "meta": { "date_accessed": "2023-08-11T00:00:00Z", "date_published": "2023-08-04T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.hhs.gov/sites/default/files/rhysida-ransomware-sector-alert-tlpclear.pdf" ], "source": "Tidal Cyber", "title": "Rhysida Ransomware" }, "related": [], "uuid": "3f6e2821-5073-4382-b5dd-08676eaa2240", "value": "HC3 Analyst Note Rhysida Ransomware August 2023" }, { "description": "Microsoft Threat Intelligence. (2022, May 19). Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "date_published": "2022-05-19T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/" ], "source": "MITRE", "title": "Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices" }, "related": [], "uuid": "6425d351-2c88-5af9-970a-4d0d184d0c70", "value": "Microsoft XorDdos Linux Stealth 2022" }, { "description": "RISKIQ. (2022, March 15). RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure. Retrieved July 29, 2022.", "meta": { "date_accessed": "2022-07-29T00:00:00Z", "date_published": "2022-03-15T00:00:00Z", "refs": [ "https://web.archive.org/web/20220527112908/https://www.riskiq.com/blog/labs/ukraine-malware-infrastructure/" ], "source": "MITRE", "title": "RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure" }, "related": [], "uuid": "a4a3fd3d-1c13-40e5-b462-fa69a1861986", "value": "httrack_unhcr" }, { "description": "US-CERT. (n.d.). Risks of Default Passwords on the Internet. Retrieved April 12, 2019.", "meta": { "date_accessed": "2019-04-12T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA13-175A" ], "source": "MITRE", "title": "Risks of Default Passwords on the Internet" }, "related": [], "uuid": "0c365c3f-3aa7-4c63-b96e-7716b95db049", "value": "US-CERT Alert TA13-175A Risks of Default Passwords on the Internet" }, { "description": "Dirk-jan Mollema. (2022, January 31). ROADtools. Retrieved January 31, 2022.", "meta": { "date_accessed": "2022-01-31T00:00:00Z", "date_published": "2022-01-31T00:00:00Z", "refs": [ "https://github.com/dirkjanm/ROADtools" ], "source": "MITRE", "title": "ROADtools" }, "related": [], "uuid": "90c592dc-2c9d-401a-96ab-b539f7522956", "value": "ROADtools Github" }, { "description": "HarmJ0y. (2017, January 17). Roasting AS-REPs. Retrieved August 24, 2020.", "meta": { "date_accessed": "2020-08-24T00:00:00Z", "date_published": "2017-01-17T00:00:00Z", "refs": [ "http://www.harmj0y.net/blog/activedirectory/roasting-as-reps/" ], "source": "MITRE", "title": "Roasting AS-REPs" }, "related": [], "uuid": "bfb01fbf-4dc0-4943-8a21-457f28f4b01f", "value": "Harmj0y Roasting AS-REPs Jan 2017" }, { "description": "Anomali Labs. (2019, March 15). Rocke Evolves Its Arsenal With a New Malware Family Written in Golang. Retrieved April 24, 2019.", "meta": { "date_accessed": "2019-04-24T00:00:00Z", "date_published": "2019-03-15T00:00:00Z", "refs": [ "https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang" ], "source": "MITRE", "title": "Rocke Evolves Its Arsenal With a New Malware Family Written in Golang" }, "related": [], "uuid": "31051c8a-b523-4b8e-b834-2168c59e783b", "value": "Anomali Rocke March 2019" }, { "description": "Liebenberg, D.. (2018, August 30). Rocke: The Champion of Monero Miners. Retrieved May 26, 2020.", "meta": { "date_accessed": "2020-05-26T00:00:00Z", "date_published": "2018-08-30T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html" ], "source": "MITRE, Tidal Cyber", "title": "Rocke: The Champion of Monero Miners" }, "related": [], "uuid": "bff0ee40-e583-4f73-a013-4669ca576904", "value": "Talos Rocke August 2018" }, { "description": "Check Point Software Technologies. (2015). ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES. Retrieved March 16, 2018.", "meta": { "date_accessed": "2018-03-16T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf" ], "source": "MITRE", "title": "ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES" }, "related": [], "uuid": "71da7d4c-f1f8-4f5c-a609-78a414851baf", "value": "Check Point Rocket Kitten" }, { "description": "Pantazopoulos, N.. (2018, November 8). RokRat Analysis. Retrieved May 21, 2020.", "meta": { "date_accessed": "2020-05-21T00:00:00Z", "date_published": "2018-11-08T00:00:00Z", "refs": [ "https://research.nccgroup.com/2018/11/08/rokrat-analysis/" ], "source": "MITRE", "title": "RokRat Analysis" }, "related": [], "uuid": "bcad3b27-858f-4c1d-a24c-dbc4dcee3cdc", "value": "NCCGroup RokRat Nov 2018" }, { "description": "Mercer, W., Rascagneres, P. (2017, November 28). ROKRAT Reloaded. Retrieved May 21, 2018.", "meta": { "date_accessed": "2018-05-21T00:00:00Z", "date_published": "2017-11-28T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html" ], "source": "MITRE", "title": "ROKRAT Reloaded" }, "related": [], "uuid": "116f6565-d36d-4d01-9a97-a40cf589afa9", "value": "Talos ROKRAT 2" }, { "description": "Kubernetes. (n.d.). Role Based Access Control Good Practices. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "refs": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/" ], "source": "MITRE", "title": "Role Based Access Control Good Practices" }, "related": [], "uuid": "37c0e0e1-cc4d-5a93-b8a0-224f031b7324", "value": "Kubernetes RBAC" }, { "description": "Google Cloud. (n.d.). Roles for service account authentication. Retrieved July 10, 2023.", "meta": { "date_accessed": "2023-07-10T00:00:00Z", "refs": [ "https://cloud.google.com/iam/docs/service-account-permissions" ], "source": "MITRE", "title": "Roles for service account authentication" }, "related": [], "uuid": "525a8afc-64e9-5cc3-9c56-95da9811da0d", "value": "Google Cloud Service Account Authentication Roles" }, { "description": "Joe Tidy. (2022, March 30). Ronin Network: What a $600m hack says about the state of crypto. Retrieved August 18, 2023.", "meta": { "date_accessed": "2023-08-18T00:00:00Z", "date_published": "2022-03-30T00:00:00Z", "refs": [ "https://www.bbc.com/news/technology-60933174" ], "source": "MITRE", "title": "Ronin Network: What a $600m hack says about the state of crypto" }, "related": [], "uuid": "8e162e39-a58f-5ba0-9a8e-101d4cfa324c", "value": "BBC-Ronin" }, { "description": "Wikipedia. (2016, December 6). Root certificate. Retrieved February 20, 2017.", "meta": { "date_accessed": "2017-02-20T00:00:00Z", "date_published": "2016-12-06T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Root_certificate" ], "source": "MITRE", "title": "Root certificate" }, "related": [], "uuid": "68b9ccbb-906e-4f06-b5bd-3969723c3616", "value": "Wikipedia Root Certificate" }, { "description": "Wikipedia. (2016, June 1). Rootkit. Retrieved June 2, 2016.", "meta": { "date_accessed": "2016-06-02T00:00:00Z", "date_published": "2016-06-01T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Rootkit" ], "source": "MITRE", "title": "Rootkit" }, "related": [], "uuid": "7e877b6b-9873-48e2-b138-e02dcb5268ca", "value": "Wikipedia Rootkit" }, { "description": "Rascagnères, P.. (2016, October 27). Rootkit analysis: Use case on HideDRV. Retrieved March 9, 2017.", "meta": { "date_accessed": "2017-03-09T00:00:00Z", "date_published": "2016-10-27T00:00:00Z", "refs": [ "http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf" ], "source": "MITRE", "title": "Rootkit analysis: Use case on HideDRV" }, "related": [], "uuid": "c383811d-c036-4fe7-add8-b4d4f73b3ce4", "value": "Sekoia HideDRV Oct 2016" }, { "description": "Alex Turing, Hui Wang. (2021, April 28). RotaJakiro: A long live secret backdoor with 0 VT detection. Retrieved June 14, 2023.", "meta": { "date_accessed": "2023-06-14T00:00:00Z", "date_published": "2021-04-28T00:00:00Z", "refs": [ "https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/" ], "source": "MITRE", "title": "RotaJakiro: A long live secret backdoor with 0 VT detection" }, "related": [], "uuid": "7a9c53dd-2c0e-5452-9ee2-01531fbf8ba8", "value": "RotaJakiro 2021 netlab360 analysis" }, { "description": "Alex Turing. (2021, May 6). RotaJakiro, the Linux version of the OceanLotus. Retrieved June 14, 2023.", "meta": { "date_accessed": "2023-06-14T00:00:00Z", "date_published": "2021-05-06T00:00:00Z", "refs": [ "https://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/" ], "source": "MITRE", "title": "RotaJakiro, the Linux version of the OceanLotus" }, "related": [], "uuid": "20967c9b-5bb6-5cdd-9466-2c9efd9ab98c", "value": "netlab360 rotajakiro vs oceanlotus" }, { "description": "Microsoft. (n.d.). Route. Retrieved April 17, 2016.", "meta": { "date_accessed": "2016-04-17T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490991.aspx" ], "source": "MITRE", "title": "Route" }, "related": [], "uuid": "0e483ec8-af40-4139-9711-53b999e069ee", "value": "TechNet Route" }, { "description": "Iacono, L. and Green, S. (2023, February 13). Royal Ransomware Deep Dive. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2023-02-13T00:00:00Z", "refs": [ "https://www.kroll.com/en/insights/publications/cyber/royal-ransomware-deep-dive" ], "source": "MITRE", "title": "Royal Ransomware Deep Dive" }, "related": [], "uuid": "dcdcc965-56d0-58e6-996b-d8bd40916745", "value": "Kroll Royal Deep Dive February 2023" }, { "description": "Morales, N. et al. (2023, February 20). Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2023-02-20T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/23/b/royal-ransomware-expands-attacks-by-targeting-linux-esxi-servers.html" ], "source": "MITRE", "title": "Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers" }, "related": [], "uuid": "e5bb846f-d11f-580c-b96a-9de4ba5eaed6", "value": "Trend Micro Royal Linux ESXi February 2023" }, { "description": "Cybereason Global SOC and Cybereason Security Research Teams. (2022, December 14). Royal Rumble: Analysis of Royal Ransomware. Retrieved March 30, 2023.", "meta": { "date_accessed": "2023-03-30T00:00:00Z", "date_published": "2022-12-14T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/royal-ransomware-analysis" ], "source": "MITRE", "title": "Royal Rumble: Analysis of Royal Ransomware" }, "related": [], "uuid": "28aef64e-20d3-5227-a3c9-e657c6e2d07e", "value": "Cybereason Royal December 2022" }, { "description": "LOLBAS. (2018, May 25). Rpcping.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Rpcping/" ], "source": "Tidal Cyber", "title": "Rpcping.exe" }, "related": [], "uuid": "dc15a187-4de7-422e-a507-223e89e317b1", "value": "Rpcping.exe - LOLBAS Project" }, { "description": "L. O'Donnell. (2019, March 3). RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope. Retrieved September 26, 2022.", "meta": { "date_accessed": "2022-09-26T00:00:00Z", "date_published": "2019-03-03T00:00:00Z", "refs": [ "https://threatpost.com/sharpshooter-complexity-scope/142359/" ], "source": "MITRE", "title": "RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope" }, "related": [], "uuid": "2361b5b1-3a01-4d77-99c6-261f444a498e", "value": "Threatpost New Op Sharpshooter Data March 2019" }, { "description": "Jackson, William. (2011, June 7). RSA confirms its tokens used in Lockheed hack. Retrieved September 24, 2018.", "meta": { "date_accessed": "2018-09-24T00:00:00Z", "date_published": "2011-06-07T00:00:00Z", "refs": [ "https://gcn.com/cybersecurity/2011/06/rsa-confirms-its-tokens-used-in-lockheed-hack/282818/" ], "source": "MITRE", "title": "RSA confirms its tokens used in Lockheed hack" }, "related": [], "uuid": "40564d23-b9ae-4bb3-8dd1-d6b01163a32d", "value": "GCN RSA June 2011" }, { "description": "RSA Incident Response. (2014, January). RSA Incident Response Emerging Threat Profile: Shell Crew. Retrieved January 14, 2016.", "meta": { "date_accessed": "2016-01-14T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://www.rsa.com/content/dam/en/white-paper/rsa-incident-response-emerging-threat-profile-shell-crew.pdf" ], "source": "MITRE", "title": "RSA Incident Response Emerging Threat Profile: Shell Crew" }, "related": [], "uuid": "6872a6d3-c4ab-40cf-82b7-5c5c8e077189", "value": "RSA Shell Crew" }, { "description": "Harmj0y. (n.d.). Rubeus. Retrieved March 29, 2023.", "meta": { "date_accessed": "2023-03-29T00:00:00Z", "refs": [ "https://github.com/GhostPack/Rubeus" ], "source": "MITRE", "title": "Rubeus" }, "related": [], "uuid": "4bde7ce6-7fc6-5660-a8aa-745f19350ee1", "value": "GitHub Rubeus March 2023" }, { "description": "Eugene Tkachenko. (2020, May 1). Rule of the Week: Possible Malicious File Double Extension. Retrieved July 27, 2021.", "meta": { "date_accessed": "2021-07-27T00:00:00Z", "date_published": "2020-05-01T00:00:00Z", "refs": [ "https://socprime.com/blog/rule-of-the-week-possible-malicious-file-double-extension/" ], "source": "MITRE", "title": "Rule of the Week: Possible Malicious File Double Extension" }, "related": [], "uuid": "14a99228-de84-4551-a6b5-9c6f1173f292", "value": "SOCPrime DoubleExtension" }, { "description": "SensePost. (2016, August 18). Ruler: A tool to abuse Exchange services. Retrieved February 4, 2019.", "meta": { "date_accessed": "2019-02-04T00:00:00Z", "date_published": "2016-08-18T00:00:00Z", "refs": [ "https://github.com/sensepost/ruler" ], "source": "MITRE", "title": "Ruler: A tool to abuse Exchange services" }, "related": [], "uuid": "aa0a1508-a872-4e69-bf20-d3c8202f18c1", "value": "SensePost Ruler GitHub" }, { "description": "Niv Goldenberg. (2018, December 12). Rule your inbox with Microsoft Cloud App Security. Retrieved June 7, 2021.", "meta": { "date_accessed": "2021-06-07T00:00:00Z", "date_published": "2018-12-12T00:00:00Z", "refs": [ "https://techcommunity.microsoft.com/t5/security-compliance-and-identity/rule-your-inbox-with-microsoft-cloud-app-security/ba-p/299154" ], "source": "MITRE", "title": "Rule your inbox with Microsoft Cloud App Security" }, "related": [], "uuid": "be0a1168-fa84-4742-a658-41a078b7f5fa", "value": "Microsoft Cloud App Security" }, { "description": "Microsoft. (n.d.). Run and RunOnce Registry Keys. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "refs": [ "http://msdn.microsoft.com/en-us/library/aa376977" ], "source": "MITRE", "title": "Run and RunOnce Registry Keys" }, "related": [], "uuid": "0d633a50-4afd-4479-898e-1a785f5637da", "value": "Microsoft Run Key" }, { "description": "Microsoft. (2016, August 31). Runas. Retrieved October 1, 2021.", "meta": { "date_accessed": "2021-10-01T00:00:00Z", "date_published": "2016-08-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771525(v=ws.11)" ], "source": "MITRE", "title": "Runas" }, "related": [], "uuid": "af05c12e-f9c6-421a-9a5d-0797c01ab2dc", "value": "Microsoft RunAs" }, { "description": "Microsoft TechNet. (n.d.). Runas. Retrieved April 21, 2017.", "meta": { "date_accessed": "2017-04-21T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490994.aspx" ], "source": "MITRE", "title": "Runas" }, "related": [], "uuid": "8b4bdce9-da19-443f-88d2-11466e126c09", "value": "Microsoft runas" }, { "description": "Wikipedia. (2018, August 3). Run Command. Retrieved October 12, 2018.", "meta": { "date_accessed": "2018-10-12T00:00:00Z", "date_published": "2018-08-03T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Run_command" ], "source": "MITRE", "title": "Run Command" }, "related": [], "uuid": "2fd66037-95dd-4819-afc7-00b7fd6f54fe", "value": "Wikipedia Run Command" }, { "description": "Prakash, T. (2017, June 21). Run commands on Windows system remotely using Winexe. Retrieved January 22, 2018.", "meta": { "date_accessed": "2018-01-22T00:00:00Z", "date_published": "2017-06-21T00:00:00Z", "refs": [ "http://www.secpod.com/blog/winexe/" ], "source": "MITRE", "title": "Run commands on Windows system remotely using Winexe" }, "related": [], "uuid": "ca8ea354-44d4-4606-8b3e-1102b27f251c", "value": "Secpod Winexe June 2017" }, { "description": "LOLBAS. (2018, May 25). Rundll32.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Rundll32/" ], "source": "Tidal Cyber", "title": "Rundll32.exe" }, "related": [], "uuid": "90aff246-ce27-4f21-96f9-38543718ab07", "value": "Rundll32.exe - LOLBAS Project" }, { "description": "Attackify. (n.d.). Rundll32.exe Obscurity. Retrieved August 23, 2021.", "meta": { "date_accessed": "2021-08-23T00:00:00Z", "refs": [ "https://www.attackify.com/blog/rundll32_execution_order/" ], "source": "MITRE", "title": "Rundll32.exe Obscurity" }, "related": [], "uuid": "daa35853-eb46-4ef4-b543-a2c5157f96bf", "value": "Attackify Rundll32.exe Obscurity" }, { "description": "LOLBAS. (2022, December 13). Runexehelper.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-12-13T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Runexehelper/" ], "source": "Tidal Cyber", "title": "Runexehelper.exe" }, "related": [], "uuid": "86ff0379-2b73-4981-9f13-2b02b53bc90f", "value": "Runexehelper.exe - LOLBAS Project" }, { "description": "hoakley. (2018, May 22). Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "date_published": "2018-05-22T00:00:00Z", "refs": [ "https://eclecticlight.co/2018/05/22/running-at-startup-when-to-use-a-login-item-or-a-launchagent-launchdaemon/" ], "source": "MITRE", "title": "Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon" }, "related": [], "uuid": "11ee6303-5103-4063-a765-659ead217c6c", "value": "ELC Running at startup" }, { "description": "Microsoft. (2020, August 21). Running Remote Commands. Retrieved July 26, 2021.", "meta": { "date_accessed": "2021-07-26T00:00:00Z", "date_published": "2020-08-21T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.1" ], "source": "MITRE", "title": "Running Remote Commands" }, "related": [], "uuid": "24c526e1-7199-45ca-99b4-75e75c7041cd", "value": "Powershell Remote Commands" }, { "description": "LOLBAS. (2018, May 25). Runonce.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Runonce/" ], "source": "Tidal Cyber", "title": "Runonce.exe" }, "related": [], "uuid": "b97d4b16-ead2-4cc7-90e5-f8b05d84faf3", "value": "Runonce.exe - LOLBAS Project" }, { "description": "Apple Inc.. (2012, July 7). Run-Path Dependent Libraries. Retrieved March 31, 2021.", "meta": { "date_accessed": "2021-03-31T00:00:00Z", "date_published": "2012-07-07T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/RunpathDependentLibraries.html" ], "source": "MITRE", "title": "Run-Path Dependent Libraries" }, "related": [], "uuid": "e9e5cff5-836a-4b66-87d5-03a727c0f467", "value": "Apple Developer Doco Archive Run-Path" }, { "description": "LOLBAS. (2018, May 25). Runscripthelper.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Runscripthelper/" ], "source": "Tidal Cyber", "title": "Runscripthelper.exe" }, "related": [], "uuid": "6d7151e3-685a-4dc7-a44d-aefae4f3db6a", "value": "Runscripthelper.exe - LOLBAS Project" }, { "description": "Microsoft. (2023, March 10). Run scripts in your VM by using Run Command. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "date_published": "2023-03-10T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/virtual-machines/run-command-overview" ], "source": "MITRE", "title": "Run scripts in your VM by using Run Command" }, "related": [], "uuid": "4f2e6adb-6e3d-5f1f-b873-4b99797f2bfa", "value": "Microsoft Run Command" }, { "description": "Paganini, P. (2017, November 9). Russia-Linked APT28 group observed using DDE attack to deliver malware. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-11-09T00:00:00Z", "refs": [ "http://securityaffairs.co/wordpress/65318/hacking/dde-attack-apt28.html" ], "source": "MITRE", "title": "Russia-Linked APT28 group observed using DDE attack to deliver malware" }, "related": [], "uuid": "d5ab8075-334f-492c-8318-c691f210b984", "value": "McAfee APT28 DDE2 Nov 2017" }, { "description": "Paganini, P. (2018, October 16). Russia-linked APT group DustSquad targets diplomatic entities in Central Asia. Retrieved August 24, 2021.", "meta": { "date_accessed": "2021-08-24T00:00:00Z", "date_published": "2018-10-16T00:00:00Z", "refs": [ "https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html" ], "source": "MITRE", "title": "Russia-linked APT group DustSquad targets diplomatic entities in Central Asia" }, "related": [], "uuid": "0e6b019c-cf8e-40a7-9e7c-6a7dc5309dc6", "value": "Security Affairs DustSquad Oct 2018" }, { "description": "Kovacs, E. (2018, October 18). Russia-Linked Hackers Target Diplomatic Entities in Central Asia. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "date_published": "2018-10-18T00:00:00Z", "refs": [ "https://www.securityweek.com/russia-linked-hackers-target-diplomatic-entities-central-asia" ], "source": "MITRE", "title": "Russia-Linked Hackers Target Diplomatic Entities in Central Asia" }, "related": [], "uuid": "659f86ef-7e90-42ff-87b7-2e289f9f6cc2", "value": "SecurityWeek Nomadic Octopus Oct 2018" }, { "description": "U.S. Federal Bureau of Investigation. (2024, February 27). Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. Retrieved February 28, 2024.", "meta": { "date_accessed": "2024-02-28T00:00:00Z", "date_published": "2024-02-27T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.ic3.gov/Media/News/2024/240227.pdf" ], "source": "Tidal Cyber", "title": "Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations" }, "related": [], "uuid": "962fb031-dfd1-43a7-8202-3a2231b0472b", "value": "U.S. Federal Bureau of Investigation 2 27 2024" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, December 13). Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally. Retrieved December 14, 2023.", "meta": { "date_accessed": "2023-12-14T00:00:00Z", "date_published": "2023-12-13T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a" ], "source": "Tidal Cyber", "title": "Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally" }, "related": [], "uuid": "5f66f864-58c2-4b41-8011-61f954e04b7e", "value": "U.S. CISA SVR TeamCity Exploits December 2023" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, December 7). Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. Retrieved December 14, 2023.", "meta": { "date_accessed": "2023-12-14T00:00:00Z", "date_published": "2023-12-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a" ], "source": "Tidal Cyber", "title": "Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns" }, "related": [], "uuid": "3d53c154-8ced-4dbe-ab4e-db3bc15bfe4b", "value": "U.S. CISA Star Blizzard December 2023" }, { "description": "NSA/FBI. (2020, August). Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware. Retrieved August 25, 2020.", "meta": { "date_accessed": "2020-08-25T00:00:00Z", "date_published": "2020-08-01T00:00:00Z", "refs": [ "https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF" ], "source": "MITRE", "title": "Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware" }, "related": [], "uuid": "d697a342-4100-4e6b-95b9-4ae3ba80924b", "value": "NSA/FBI Drovorub August 2020" }, { "description": "NSA, CISA, FBI, NCSC. (2021, July). Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. Retrieved July 26, 2021.", "meta": { "date_accessed": "2021-07-26T00:00:00Z", "date_published": "2021-07-01T00:00:00Z", "refs": [ "https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF" ], "source": "MITRE, Tidal Cyber", "title": "Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments" }, "related": [], "uuid": "e70f0742-5f3e-4701-a46b-4a58c0281537", "value": "Cybersecurity Advisory GRU Brute Force Campaign July 2021" }, { "description": "Cimpanu, C.. (2017, March 29). Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2017-03-29T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/russian-hacker-pleads-guilty-for-role-in-infamous-linux-ebury-malware/" ], "source": "MITRE", "title": "Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware" }, "related": [], "uuid": "e5d69297-b0f3-4586-9eb7-d2922b3ee7bb", "value": "BleepingComputer Ebury March 2017" }, { "description": "Catalin Cimpanu. (2021, December 9). Russian hackers bypass 2FA by annoying victims with repeated push notifications. Retrieved March 31, 2022.", "meta": { "date_accessed": "2022-03-31T00:00:00Z", "date_published": "2021-12-09T00:00:00Z", "refs": [ "https://therecord.media/russian-hackers-bypass-2fa-by-annoying-victims-with-repeated-push-notifications/" ], "source": "MITRE", "title": "Russian hackers bypass 2FA by annoying victims with repeated push notifications" }, "related": [], "uuid": "ad2b0648-b657-4daa-9510-82375a252fc4", "value": "Russian 2FA Push Annoyance - Cimpanu" }, { "description": "Duncan, B., Harbison, M. (2019, January 23). Russian Language Malspam Pushing Redaman Banking Malware. Retrieved June 16, 2020.", "meta": { "date_accessed": "2020-06-16T00:00:00Z", "date_published": "2019-01-23T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/russian-language-malspam-pushing-redaman-banking-malware/" ], "source": "MITRE", "title": "Russian Language Malspam Pushing Redaman Banking Malware" }, "related": [], "uuid": "433cd55a-f912-4d5a-aff6-92133d08267b", "value": "Unit42 Redaman January 2019" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved March 16, 2022.", "meta": { "date_accessed": "2022-03-16T00:00:00Z", "date_published": "2022-03-15T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-074a" ], "source": "MITRE", "title": "Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability" }, "related": [], "uuid": "fa03324e-c79c-422e-80f1-c270fd87d4e2", "value": "CISA MFA PrintNightmare" }, { "description": "Cyber Security Infrastructure Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved May 31, 2022.", "meta": { "date_accessed": "2022-05-31T00:00:00Z", "date_published": "2022-03-15T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-074a" ], "source": "MITRE", "title": "Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability" }, "related": [], "uuid": "00c6ff88-6eeb-486d-ae69-dffd5aebafe6", "value": "Russians Exploit Default MFA Protocol - CISA March 2022" }, { "description": "CISA. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved February 14, 2022.", "meta": { "date_accessed": "2022-02-14T00:00:00Z", "date_published": "2018-04-20T00:00:00Z", "refs": [ "https://www.cisa.gov/uscert/ncas/alerts/TA18-106A" ], "source": "MITRE", "title": "Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices" }, "related": [], "uuid": "26b520dc-5c68-40f4-82fb-366d27fc0c2f", "value": "alert_TA18_106A" }, { "description": "US-CERT. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2018-04-20T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/alerts/TA18-106A" ], "source": "MITRE", "title": "Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices" }, "related": [], "uuid": "8fdf280d-680f-4b8f-8fb9-6b3118ec3983", "value": "US-CERT TA18-106A Network Infrastructure Devices 2018" }, { "description": "UK Gov. (2022, April 5). Russia's FSB malign activity: factsheet. Retrieved April 5, 2022.", "meta": { "date_accessed": "2022-04-05T00:00:00Z", "date_published": "2022-04-05T00:00:00Z", "refs": [ "https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet" ], "source": "MITRE", "title": "Russia's FSB malign activity: factsheet" }, "related": [], "uuid": "27e7d347-9d85-4897-9e04-33f58acc5687", "value": "UK GOV FSB Factsheet April 2022" }, { "description": "Unit 42. (2022, February 3). Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. Retrieved February 21, 2022.", "meta": { "date_accessed": "2022-02-21T00:00:00Z", "date_published": "2022-02-03T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/" ], "source": "MITRE", "title": "Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine" }, "related": [], "uuid": "a5df39b2-77f8-4814-8198-8620655aa79b", "value": "Unit 42 Gamaredon February 2022" }, { "description": "Greenberg, A. (2022, November 10). Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless. Retrieved March 22, 2023.", "meta": { "date_accessed": "2023-03-22T00:00:00Z", "date_published": "2022-11-10T00:00:00Z", "refs": [ "https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/" ], "source": "MITRE", "title": "Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless" }, "related": [], "uuid": "28c53a97-5500-5bfb-8aac-3c0bf94c2dfe", "value": "Wired Russia Cyberwar" }, { "description": "RyanW3stman. (2023, October 10). RyanW3stman Tweet October 10 2023. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2023-10-10T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://twitter.com/RyanW3stman/status/1711732225996165135" ], "source": "Tidal Cyber", "title": "RyanW3stman Tweet October 10 2023" }, "related": [], "uuid": "cfd0ad64-54b2-446f-9624-9c90a9a94f52", "value": "RyanW3stman Tweet October 10 2023" }, { "description": "The DFIR Report. (2020, October 18). Ryuk in 5 Hours. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2020-10-18T00:00:00Z", "refs": [ "https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/" ], "source": "MITRE", "title": "Ryuk in 5 Hours" }, "related": [], "uuid": "892150f4-769d-447d-b652-e5d85790ee37", "value": "DFIR Ryuk in 5 Hours October 2020" }, { "description": "ANSSI. (2021, February 25). RYUK RANSOMWARE. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "date_published": "2021-02-25T00:00:00Z", "refs": [ "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf" ], "source": "MITRE", "title": "RYUK RANSOMWARE" }, "related": [], "uuid": "0a23be83-3438-4437-9e51-0cfa16a00d57", "value": "ANSSI RYUK RANSOMWARE" }, { "description": "Abrams, L. (2021, January 14). Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices. Retrieved February 11, 2021.", "meta": { "date_accessed": "2021-02-11T00:00:00Z", "date_published": "2021-01-14T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/" ], "source": "MITRE", "title": "Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices" }, "related": [], "uuid": "f6670b73-4d57-4aad-8264-1d42d585e280", "value": "Bleeping Computer - Ryuk WoL" }, { "description": "The DFIR Report. (2020, November 5). Ryuk Speed Run, 2 Hours to Ransom. Retrieved November 6, 2020.", "meta": { "date_accessed": "2020-11-06T00:00:00Z", "date_published": "2020-11-05T00:00:00Z", "refs": [ "https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/" ], "source": "MITRE", "title": "Ryuk Speed Run, 2 Hours to Ransom" }, "related": [], "uuid": "3b904516-3b26-4caa-8814-6e69b76a7c8c", "value": "DFIR Ryuk 2 Hour Speed Run November 2020" }, { "description": "The DFIR Report. (2020, October 8). Ryuk’s Return. Retrieved October 9, 2020.", "meta": { "date_accessed": "2020-10-09T00:00:00Z", "date_published": "2020-10-08T00:00:00Z", "refs": [ "https://thedfirreport.com/2020/10/08/ryuks-return/" ], "source": "MITRE", "title": "Ryuk’s Return" }, "related": [], "uuid": "eba1dafb-ff62-4d34-b268-3b9ba6a7a822", "value": "DFIR Ryuk's Return October 2020" }, { "description": "Gietzen, S. (n.d.). S3 Ransomware Part 1: Attack Vector. Retrieved April 14, 2021.", "meta": { "date_accessed": "2021-04-14T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/" ], "source": "MITRE", "title": "S3 Ransomware Part 1: Attack Vector" }, "related": [], "uuid": "bb28711f-186d-4101-b153-6340ce826343", "value": "Rhino S3 Ransomware Part 1" }, { "description": "Gietzen, S. (n.d.). S3 Ransomware Part 2: Prevention and Defense. Retrieved April 14, 2021.", "meta": { "date_accessed": "2021-04-14T00:00:00Z", "refs": [ "https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/" ], "source": "MITRE", "title": "S3 Ransomware Part 2: Prevention and Defense" }, "related": [], "uuid": "a2b3e738-257c-4078-9fde-d55b08c8003b", "value": "Rhino S3 Ransomware Part 2" }, { "description": "Travis Clarke. (2020, March 21). S3Recon GitHub. Retrieved March 4, 2022.", "meta": { "date_accessed": "2022-03-04T00:00:00Z", "date_published": "2020-03-21T00:00:00Z", "refs": [ "https://github.com/clarketm/s3recon" ], "source": "MITRE", "title": "S3Recon GitHub" }, "related": [], "uuid": "803c51be-a54e-4fab-8ea0-c6bef18e84d3", "value": "S3Recon GitHub" }, { "description": "Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, July 30). Sakula Malware Family. Retrieved January 26, 2016.", "meta": { "date_accessed": "2016-01-26T00:00:00Z", "date_published": "2015-07-30T00:00:00Z", "refs": [ "http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-family/" ], "source": "MITRE", "title": "Sakula Malware Family" }, "related": [], "uuid": "e9a2ffd8-7aed-4343-8678-66fc3e758d19", "value": "Dell Sakula" }, { "description": "Wine API. (n.d.). samlib.dll. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "refs": [ "https://source.winehq.org/WineAPI/samlib.html" ], "source": "MITRE", "title": "samlib.dll" }, "related": [], "uuid": "d0fdc669-959c-42ed-be5d-386a4e90a897", "value": "Wine API samlib.dll" }, { "description": "Palotay, D. and Mackenzie, P. (2018, April). SamSam Ransomware Chooses Its Targets Carefully. Retrieved April 15, 2019.", "meta": { "date_accessed": "2019-04-15T00:00:00Z", "date_published": "2018-04-01T00:00:00Z", "refs": [ "https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-ransomware-chooses-Its-targets-carefully-wpna.pdf" ], "source": "MITRE", "title": "SamSam Ransomware Chooses Its Targets Carefully" }, "related": [], "uuid": "4da5e9c3-7205-4a6e-b147-be7c971380f0", "value": "Sophos SamSam Apr 2018" }, { "description": "Symantec Security Response Attack Investigation Team. (2018, October 30). SamSam: Targeted Ransomware Attacks Continue. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2018-10-30T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/samsam-targeted-ransomware-attacks" ], "source": "MITRE", "title": "SamSam: Targeted Ransomware Attacks Continue" }, "related": [], "uuid": "c5022a91-bdf4-4187-9967-dfe6362219ea", "value": "Symantec SamSam Oct 2018" }, { "description": "Ventura, V. (2018, January 22). SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2018-01-22T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-over.html" ], "source": "MITRE", "title": "SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks" }, "related": [], "uuid": "0965bb64-be96-46b9-b60f-6829c43a661f", "value": "Talos SamSam Jan 2018" }, { "description": "ANSSI. (2021, January 27). SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "date_published": "2021-01-27T00:00:00Z", "refs": [ "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf" ], "source": "MITRE", "title": "SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS" }, "related": [], "uuid": "5e619fef-180a-46d4-8bf5-998860b5ad7e", "value": "ANSSI Sandworm January 2021" }, { "description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.", "meta": { "date_accessed": "2017-10-06T00:00:00Z", "date_published": "2016-01-07T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html" ], "source": "MITRE", "title": "Sandworm Team and the Ukrainian Power Authority Attacks" }, "related": [], "uuid": "63622990-5467-42b2-8f45-b675dfc4dc8f", "value": "iSIGHT Sandworm 2014" }, { "description": "DOJ. (2020, August 26). San Jose Man Pleads Guilty To Damaging Cisco’s Network. Retrieved December 15, 2020.", "meta": { "date_accessed": "2020-12-15T00:00:00Z", "date_published": "2020-08-26T00:00:00Z", "refs": [ "https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network" ], "source": "MITRE", "title": "San Jose Man Pleads Guilty To Damaging Cisco’s Network" }, "related": [], "uuid": "b8d9006d-7466-49cf-a70e-384edee530ce", "value": "DOJ - Cisco Insider" }, { "description": "Blasco, J. (2014, August 28). Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2014-08-28T00:00:00Z", "refs": [ "https://cybersecurity.att.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks" ], "source": "MITRE", "title": "Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks" }, "related": [], "uuid": "48753fc9-b7b7-465f-92a7-fb3f51b032cb", "value": "ATT ScanBox" }, { "description": "Stephens, A. (2020, July 13). SCANdalous! (External Detection Using Network Scan Data and Automation). Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2020-07-13T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-automation" ], "source": "MITRE", "title": "SCANdalous! (External Detection Using Network Scan Data and Automation)" }, "related": [], "uuid": "3a60f7de-9ead-444e-9d08-689c655b26c7", "value": "Mandiant SCANdalous Jul 2020" }, { "description": "GReAT. (2019, May 13). ScarCruft continues to evolve, introduces Bluetooth harvester. Retrieved June 4, 2019.", "meta": { "date_accessed": "2019-06-04T00:00:00Z", "date_published": "2019-05-13T00:00:00Z", "refs": [ "https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/" ], "source": "MITRE", "title": "ScarCruft continues to evolve, introduces Bluetooth harvester" }, "related": [], "uuid": "2dd5b872-a4ab-4b77-8457-a3d947298fc0", "value": "Securelist ScarCruft May 2019" }, { "description": "SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved July 12, 2023.", "meta": { "date_accessed": "2023-07-12T00:00:00Z", "date_published": "2023-07-11T00:00:00Z", "refs": [ "https://sysdig.com/blog/scarleteel-2-0/" ], "source": "MITRE", "title": "SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto" }, "related": [], "uuid": "90e60242-82d8-5648-b7e4-def6fd508e16", "value": "Sysdig ScarletEel 2.0" }, { "description": "Alessandro Brucato. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved September 25, 2023.", "meta": { "date_accessed": "2023-09-25T00:00:00Z", "date_published": "2023-07-11T00:00:00Z", "refs": [ "https://sysdig.com/blog/scarleteel-2-0/" ], "source": "MITRE", "title": "SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto" }, "related": [], "uuid": "285266e7-7a62-5f98-9b0f-fefde4b21c88", "value": "Sysdig ScarletEel 2.0 2023" }, { "description": "Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.", "meta": { "date_accessed": "2016-02-10T00:00:00Z", "date_published": "2016-01-24T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/" ], "source": "MITRE, Tidal Cyber", "title": "Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists" }, "related": [], "uuid": "f84a5b6d-3af1-45b1-ac55-69ceced8735f", "value": "Scarlet Mimic Jan 2016" }, { "description": "CrowdStrike. (n.d.). Scattered Spider. Retrieved July 5, 2023.", "meta": { "date_accessed": "2023-07-05T00:00:00Z", "refs": [ "https://www.crowdstrike.com/adversaries/scattered-spider/" ], "source": "MITRE", "title": "Scattered Spider" }, "related": [], "uuid": "a865a984-7f7b-5f82-ac4a-6fac79a2a753", "value": "CrowdStrike Scattered Spider Profile" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, November 16). Scattered Spider. Retrieved November 16, 2023.", "meta": { "date_accessed": "2023-11-16T00:00:00Z", "date_published": "2023-11-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a" ], "source": "Tidal Cyber", "title": "Scattered Spider" }, "related": [], "uuid": "9c242265-c28c-4580-8e6a-478d8700b092", "value": "U.S. CISA Scattered Spider November 16 2023" }, { "description": "CrowdStrike. (2023, January 10). SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security. Retrieved July 5, 2023.", "meta": { "date_accessed": "2023-07-05T00:00:00Z", "date_published": "2023-01-10T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic/" ], "source": "MITRE", "title": "SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security" }, "related": [], "uuid": "d7d86f5d-1f02-54b0-b6f4-879878563245", "value": "CrowdStrike Scattered Spider BYOVD January 2023" }, { "description": "LOLBAS. (2018, May 25). Sc.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Sc/" ], "source": "Tidal Cyber", "title": "Sc.exe" }, "related": [], "uuid": "5ce3ef73-f789-4939-a60e-e0a373048bda", "value": "Sc.exe - LOLBAS Project" }, { "description": "Satyajit321. (2015, November 3). Scheduled Tasks History Retention settings. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2015-11-03T00:00:00Z", "refs": [ "https://social.technet.microsoft.com/Forums/en-US/e5bca729-52e7-4fcb-ba12-3225c564674c/scheduled-tasks-history-retention-settings?forum=winserver8gen" ], "source": "MITRE", "title": "Scheduled Tasks History Retention settings" }, "related": [], "uuid": "63e53238-30b5-46ef-8083-7d2888b01561", "value": "TechNet Forum Scheduled Task Operational Setting" }, { "description": "Koromicha. (2019, September 7). Scheduling tasks using at command in Linux. Retrieved December 3, 2019.", "meta": { "date_accessed": "2019-12-03T00:00:00Z", "date_published": "2019-09-07T00:00:00Z", "refs": [ "https://kifarunix.com/scheduling-tasks-using-at-command-in-linux/" ], "source": "MITRE", "title": "Scheduling tasks using at command in Linux" }, "related": [], "uuid": "dbab6766-ab87-4528-97e5-cc3121aa77b9", "value": "Kifarunix - Task Scheduling in Linux" }, { "description": "Microsoft. (n.d.). Schtasks. Retrieved April 28, 2016.", "meta": { "date_accessed": "2016-04-28T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb490996.aspx" ], "source": "MITRE", "title": "Schtasks" }, "related": [], "uuid": "17c03e27-222d-41b5-9fa2-34f0939e5371", "value": "TechNet Schtasks" }, { "description": "LOLBAS. (2018, May 25). Schtasks.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Schtasks/" ], "source": "Tidal Cyber", "title": "Schtasks.exe" }, "related": [], "uuid": "2ef31677-b7ec-4200-a342-7c9196e1aa58", "value": "Schtasks.exe - LOLBAS Project" }, { "description": "Wikipedia. (2017, November 22). Screensaver. Retrieved December 5, 2017.", "meta": { "date_accessed": "2017-12-05T00:00:00Z", "date_published": "2017-11-22T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Screensaver" ], "source": "MITRE", "title": "Screensaver" }, "related": [], "uuid": "b5d69465-27df-4acc-b6cc-f51be8780b7b", "value": "Wikipedia Screensaver" }, { "description": "Strategic Cyber, LLC. (n.d.). Scripted Web Delivery. Retrieved January 23, 2018.", "meta": { "date_accessed": "2018-01-23T00:00:00Z", "refs": [ "https://www.cobaltstrike.com/help-scripted-web-delivery" ], "source": "MITRE", "title": "Scripted Web Delivery" }, "related": [], "uuid": "89ed4c93-b69d-4eed-8212-cd2ebee08bcb", "value": "CobaltStrike Scripted Web Delivery" }, { "description": "Mudge, R. (2017, January 24). Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-01-24T00:00:00Z", "refs": [ "https://blog.cobaltstrike.com/2017/01/24/scripting-matt-nelsons-mmc20-application-lateral-movement-technique/" ], "source": "MITRE", "title": "Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique" }, "related": [], "uuid": "ccafe7af-fbb3-4478-9035-f588e5e3c8b8", "value": "Cobalt Strike DCOM Jan 2017" }, { "description": "LOLBAS. (2018, May 25). Scriptrunner.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Scriptrunner/" ], "source": "Tidal Cyber", "title": "Scriptrunner.exe" }, "related": [], "uuid": "805d16cc-8bd0-4f80-b0ac-c5b5df51427c", "value": "Scriptrunner.exe - LOLBAS Project" }, { "description": "LOLBAS. (2021, January 7). Scrobj.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-01-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Scrobj/" ], "source": "Tidal Cyber", "title": "Scrobj.dll" }, "related": [], "uuid": "c50ff71f-c742-4d63-a18e-e1ce41d55193", "value": "Scrobj.dll - LOLBAS Project" }, { "description": "Russinovich, M. (2016, July 4). SDelete v2.0. Retrieved February 8, 2018.", "meta": { "date_accessed": "2018-02-08T00:00:00Z", "date_published": "2016-07-04T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete" ], "source": "MITRE", "title": "SDelete v2.0" }, "related": [], "uuid": "356c7d49-5abc-4566-9657-5ce58cf7be67", "value": "Microsoft SDelete July 2016" }, { "description": "Sean Metcalf. (2019, May 9). Sean Metcalf Twitter. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2019-05-09T00:00:00Z", "refs": [ "https://twitter.com/PyroTek3/status/1126487227712921600/photo/1" ], "source": "MITRE", "title": "Sean Metcalf Twitter" }, "related": [], "uuid": "c7482430-58f9-4365-a7c6-d17067b257e4", "value": "Sean Metcalf Twitter DNS Records" }, { "description": "Amazon. (n.d.). Search CloudTrail logs for API calls to EC2 Instances. Retrieved June 17, 2020.", "meta": { "date_accessed": "2020-06-17T00:00:00Z", "refs": [ "https://aws.amazon.com/premiumsupport/knowledge-center/cloudtrail-search-api-calls/" ], "source": "MITRE", "title": "Search CloudTrail logs for API calls to EC2 Instances" }, "related": [], "uuid": "636b933d-8953-4579-980d-227527dfcc94", "value": "AWS CloudTrail Search" }, { "description": "Matveeva, V. (2017, August 15). Secrets of Cobalt. Retrieved October 10, 2018.", "meta": { "date_accessed": "2018-10-10T00:00:00Z", "date_published": "2017-08-15T00:00:00Z", "refs": [ "https://www.group-ib.com/blog/cobalt" ], "source": "MITRE", "title": "Secrets of Cobalt" }, "related": [], "uuid": "2d9ef1de-2ee6-4500-a87d-b55f83e65900", "value": "Group IB Cobalt Aug 2017" }, { "description": "NSA IAD. (2017, April 20). Secure Host Baseline - Credential Guard. Retrieved April 25, 2017.", "meta": { "date_accessed": "2017-04-25T00:00:00Z", "date_published": "2017-04-20T00:00:00Z", "refs": [ "https://github.com/iadgov/Secure-Host-Baseline/tree/master/Credential%20Guard" ], "source": "MITRE", "title": "Secure Host Baseline - Credential Guard" }, "related": [], "uuid": "11bb1f9b-53c1-4738-ab66-56522f228743", "value": "GitHub SHB Credential Guard" }, { "description": "National Security Agency. (2016, May 4). Secure Host Baseline EMET. Retrieved June 22, 2016.", "meta": { "date_accessed": "2016-06-22T00:00:00Z", "date_published": "2016-05-04T00:00:00Z", "refs": [ "https://github.com/iadgov/Secure-Host-Baseline/tree/master/EMET" ], "source": "MITRE", "title": "Secure Host Baseline EMET" }, "related": [], "uuid": "00953d3e-5fe7-454a-8d01-6405f74cca80", "value": "Secure Host Baseline EMET" }, { "description": "Microsoft. (n.d.). Secure the Windows 10 boot process. Retrieved April 23, 2020.", "meta": { "date_accessed": "2020-04-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process" ], "source": "MITRE", "title": "Secure the Windows 10 boot process" }, "related": [], "uuid": "3f0ff65d-56a0-4c29-b561-e6342b0b6b65", "value": "TechNet Secure Boot Process" }, { "description": "SecureWorks. (2019, August 27) LYCEUM Takes Center Stage in Middle East Campaign. Retrieved November 19, 2019", "meta": { "date_accessed": "2019-11-19T00:00:00Z", "date_published": "2019-08-27T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign" ], "source": "MITRE", "title": "SecureWorks August 2019" }, "related": [], "uuid": "573edbb6-687b-4bc2-bc4a-764a548633b5", "value": "SecureWorks August 2019" }, { "description": "Mathew Branwell. (2012, March 21). Securing .bash_history file. Retrieved July 8, 2017.", "meta": { "date_accessed": "2017-07-08T00:00:00Z", "date_published": "2012-03-21T00:00:00Z", "refs": [ "http://www.akyl.net/securing-bashhistory-file-make-sure-your-linux-system-users-won%E2%80%99t-hide-or-delete-their-bashhistory" ], "source": "MITRE", "title": "Securing .bash_history file" }, "related": [], "uuid": "15280399-e9c8-432c-8ee2-47ced9377378", "value": "Securing bash history" }, { "description": "Plett, C., Poggemeyer, L. (2012, October 26). Securing Privileged Access Reference Material. Retrieved April 25, 2017.", "meta": { "date_accessed": "2017-04-25T00:00:00Z", "date_published": "2012-10-26T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#a-nameesaebmaesae-administrative-forest-design-approach" ], "source": "MITRE", "title": "Securing Privileged Access Reference Material" }, "related": [], "uuid": "716844d6-a6ed-41d4-9067-3822ed32828f", "value": "Microsoft Securing Privileged Access" }, { "description": "Berkeley Security, University of California. (n.d.). Securing Remote Desktop for System Administrators. Retrieved November 4, 2014.", "meta": { "date_accessed": "2014-11-04T00:00:00Z", "refs": [ "https://security.berkeley.edu/node/94" ], "source": "MITRE", "title": "Securing Remote Desktop for System Administrators" }, "related": [], "uuid": "98bdf25b-fbad-497f-abd2-8286d9e0479c", "value": "Berkley Secure" }, { "description": "Cisco. (2006, May 10). Securing Simple Network Management Protocol. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2006-05-10T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/20370-snmpsecurity-20370.html" ], "source": "MITRE", "title": "Securing Simple Network Management Protocol" }, "related": [], "uuid": "31de3a32-ae7a-42bf-9153-5d891651a7d1", "value": "Cisco Securing SNMP" }, { "description": "Metcalf, S. (2016, October 21). Securing Windows Workstations: Developing a Secure Baseline. Retrieved November 17, 2017.", "meta": { "date_accessed": "2017-11-17T00:00:00Z", "date_published": "2016-10-21T00:00:00Z", "refs": [ "https://adsecurity.org/?p=3299" ], "source": "MITRE", "title": "Securing Windows Workstations: Developing a Secure Baseline" }, "related": [], "uuid": "078b9848-8e5f-4750-bb90-3e110876a6a4", "value": "ADSecurity Windows Secure Baseline" }, { "description": "Gorelik, M.. (2019, June 10). SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY. Retrieved June 13, 2019.", "meta": { "date_accessed": "2019-06-13T00:00:00Z", "date_published": "2019-06-10T00:00:00Z", "refs": [ "http://blog.morphisec.com/security-alert-fin8-is-back" ], "source": "MITRE", "title": "SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY" }, "related": [], "uuid": "1b6ce918-651a-480d-8305-82bccbf42e96", "value": "Morphisec ShellTea June 2019" }, { "description": "Tedesco, B. (2016, September 23). Security Alert Summary. Retrieved February 12, 2018.", "meta": { "date_accessed": "2018-02-12T00:00:00Z", "date_published": "2016-09-23T00:00:00Z", "refs": [ "https://www.carbonblack.com/2016/09/23/security-advisory-variants-well-known-adware-families-discovered-include-sophisticated-obfuscation-techniques-previously-associated-nation-state-attacks/" ], "source": "MITRE", "title": "Security Alert Summary" }, "related": [], "uuid": "bed8ae68-9738-46fb-abc9-0004fa35636a", "value": "Carbon Black Obfuscation Sept 2016" }, { "description": "Jay Pipes. (2013, December 23). Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!. Retrieved October 6, 2021.", "meta": { "date_accessed": "2021-10-06T00:00:00Z", "date_published": "2013-12-23T00:00:00Z", "refs": [ "http://lists.openstack.org/pipermail/openstack/2013-December/004138.html" ], "source": "MITRE", "title": "Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!" }, "related": [], "uuid": "255181c2-b1c5-4531-bc16-853f21bc6435", "value": "Havana authentication bug" }, { "description": "Microsoft. (2014, November 19). Security Considerations for Trusts. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "date_published": "2014-11-19T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/cc755321.aspx" ], "source": "MITRE", "title": "Security Considerations for Trusts" }, "related": [], "uuid": "01ddd53c-1f02-466d-abf2-43bf1ab2d3fc", "value": "Microsoft Trust Considerations Nov 2014" }, { "description": "Amazon. (n.d.). Security groups for your VPC. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" ], "source": "MITRE", "title": "Security groups for your VPC" }, "related": [], "uuid": "a5dd078b-10c7-433d-b7b5-929cf8437413", "value": "AWS Sec Groups VPC" }, { "description": "Microsoft. (n.d.). Security Identifiers. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx" ], "source": "MITRE", "title": "Security Identifiers" }, "related": [], "uuid": "c921c476-741e-4b49-8f94-752984adbba5", "value": "Microsoft SID" }, { "description": "Schneider Electric. (2018, August 24). Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor. Retrieved May 28, 2019.", "meta": { "date_accessed": "2019-05-28T00:00:00Z", "date_published": "2018-08-24T00:00:00Z", "refs": [ "https://www.se.com/ww/en/download/document/SESN-2018-236-01/" ], "source": "MITRE", "title": "Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor" }, "related": [], "uuid": "e4d8ce63-8626-4c8f-a437-b6a120ff61c7", "value": "Schneider Electric USB Malware" }, { "description": "Microsoft. (n.d.). Security Subsystem Architecture. Retrieved November 27, 2017.", "meta": { "date_accessed": "2017-11-27T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/cc961760.aspx" ], "source": "MITRE", "title": "Security Subsystem Architecture" }, "related": [], "uuid": "27dae010-e3b3-4080-8039-9f89a29607e6", "value": "Microsoft Security Subsystem" }, { "description": "CISA. (2019, September 27). Security Tip (ST05-016): Understanding Internationalized Domain Names. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2019-09-27T00:00:00Z", "refs": [ "https://us-cert.cisa.gov/ncas/tips/ST05-016" ], "source": "MITRE", "title": "Security Tip (ST05-016): Understanding Internationalized Domain Names" }, "related": [], "uuid": "3cc2c996-10e9-4e25-999c-21dc2c69e4af", "value": "CISA IDN ST05-016" }, { "description": "Dr. Nestori Syynimaa. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved September 28, 2022.", "meta": { "date_accessed": "2022-09-28T00:00:00Z", "date_published": "2017-11-16T00:00:00Z", "refs": [ "https://o365blog.com/post/federation-vulnerability/" ], "source": "MITRE", "title": "Security vulnerability in Azure AD & Office 365 identity federation" }, "related": [], "uuid": "d2005eb6-4da4-4938-97fb-caa0e2381f4e", "value": "AADInternals zure AD Federated Domain" }, { "description": "Dr. Nestori Syynimaa.. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved February 1, 2022.", "meta": { "date_accessed": "2022-02-01T00:00:00Z", "date_published": "2017-11-16T00:00:00Z", "refs": [ "https://o365blog.com/post/federation-vulnerability/" ], "source": "MITRE", "title": "Security vulnerability in Azure AD & Office 365 identity federation" }, "related": [], "uuid": "123995be-36f5-4cd6-b80a-d601c2d0971e", "value": "Azure AD Federation Vulnerability" }, { "description": "ESET Research. (2015, July 10). Sednit APT Group Meets Hacking Team. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2015-07-10T00:00:00Z", "refs": [ "http://www.welivesecurity.com/2015/07/10/sednit-apt-group-meets-hacking-team/" ], "source": "MITRE", "title": "Sednit APT Group Meets Hacking Team" }, "related": [], "uuid": "e21c39ad-85e5-49b4-8df7-e8890b09c7c1", "value": "ESET Sednit July 2015" }, { "description": "Calvet, J. (2014, November 11). Sednit Espionage Group Attacking Air-Gapped Networks. Retrieved January 4, 2017.", "meta": { "date_accessed": "2017-01-04T00:00:00Z", "date_published": "2014-11-11T00:00:00Z", "refs": [ "http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/" ], "source": "MITRE", "title": "Sednit Espionage Group Attacking Air-Gapped Networks" }, "related": [], "uuid": "8673f7fc-5b23-432a-a2d8-700ece46bd0f", "value": "ESET Sednit USBStealer 2014" }, { "description": "ESET. (2017, December 21). Sednit update: How Fancy Bear Spent the Year. Retrieved February 18, 2019.", "meta": { "date_accessed": "2019-02-18T00:00:00Z", "date_published": "2017-12-21T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/" ], "source": "MITRE", "title": "Sednit update: How Fancy Bear Spent the Year" }, "related": [], "uuid": "406e434e-0602-4a08-bbf6-6d72311a720e", "value": "ESET Sednit 2017 Activity" }, { "description": "ESET. (2018, November 20). Sednit: What’s going on with Zebrocy?. Retrieved February 12, 2019.", "meta": { "date_accessed": "2019-02-12T00:00:00Z", "date_published": "2018-11-20T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/" ], "source": "MITRE", "title": "Sednit: What’s going on with Zebrocy?" }, "related": [], "uuid": "1e503e32-75aa-482b-81d3-ac61e806fa5c", "value": "ESET Zebrocy Nov 2018" }, { "description": "Symantec DeepSight Adversary Intelligence Team. (2018, December 10). Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms. Retrieved December 14, 2018.", "meta": { "date_accessed": "2018-12-14T00:00:00Z", "date_published": "2018-12-10T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group" ], "source": "MITRE, Tidal Cyber", "title": "Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms" }, "related": [], "uuid": "a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d", "value": "Symantec MuddyWater Dec 2018" }, { "description": "SanDisk. (n.d.). Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.). Retrieved October 2, 2018.", "meta": { "date_accessed": "2018-10-02T00:00:00Z", "source": "MITRE", "title": "Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.)" }, "related": [], "uuid": "578464ff-79d4-4358-9aa6-df8d7063fee1", "value": "SanDisk SMART" }, { "description": "SELinux Project. (2017, November 30). SELinux Project Wiki. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-11-30T00:00:00Z", "refs": [ "https://selinuxproject.org/page/Main_Page" ], "source": "MITRE", "title": "SELinux Project Wiki" }, "related": [], "uuid": "3b64ce9e-6eec-42ee-bec1-1a8b5420f01d", "value": "SELinux official" }, { "description": "Microsoft. (n.d.). SendNotifyMessage function. Retrieved December 16, 2017.", "meta": { "date_accessed": "2017-12-16T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms644953.aspx" ], "source": "MITRE", "title": "SendNotifyMessage function" }, "related": [], "uuid": "c65b3dc8-4129-4c14-b3d1-7fdd1d39ebd5", "value": "Microsoft SendNotifyMessage function" }, { "description": "The DFIR Report. (2022, May 9). SEO Poisoning – A Gootloader Story. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2022-05-09T00:00:00Z", "refs": [ "https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/" ], "source": "MITRE", "title": "SEO Poisoning – A Gootloader Story" }, "related": [], "uuid": "aa12dc30-ba81-46c5-b412-ca4a01e72d7f", "value": "DFIR Report Gootloader" }, { "description": "Arntz, P. (2018, May 29). SEO poisoning: Is it worth it?. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2018-05-29T00:00:00Z", "refs": [ "https://www.malwarebytes.com/blog/news/2018/05/seo-poisoning-is-it-worth-it" ], "source": "MITRE", "title": "SEO poisoning: Is it worth it?" }, "related": [], "uuid": "250b09a2-dd97-4fbf-af2f-618d1f126957", "value": "MalwareBytes SEO" }, { "description": "Ducklin, P. (2020, October 2). Serious Security: Phishing without links – when phishers bring along their own web pages. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2020-10-02T00:00:00Z", "refs": [ "https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/" ], "source": "MITRE", "title": "Serious Security: Phishing without links – when phishers bring along their own web pages" }, "related": [], "uuid": "b4aa5bf9-31db-42ee-93e8-a576ecc00b57", "value": "Sophos Attachment" }, { "description": "Campbell, B. et al. (2022, March 21). Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain. Retrieved April 11, 2022.", "meta": { "date_accessed": "2022-04-11T00:00:00Z", "date_published": "2022-03-21T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain" ], "source": "MITRE", "title": "Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain" }, "related": [], "uuid": "c2f7958b-f521-4133-9aeb-c5c8fae23e78", "value": "ProofPoint Serpent" }, { "description": "Wikipedia. (2017, December 16). Server Message Block. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "date_published": "2017-12-16T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Server_Message_Block" ], "source": "MITRE", "title": "Server Message Block" }, "related": [], "uuid": "3ea03c65-12e0-4e28-bbdc-17bb8c1e1831", "value": "Wikipedia Server Message Block" }, { "description": "Wikipedia. (2016, June 12). Server Message Block. Retrieved June 12, 2016.", "meta": { "date_accessed": "2016-06-12T00:00:00Z", "date_published": "2016-06-12T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Server_Message_Block" ], "source": "MITRE", "title": "Server Message Block" }, "related": [], "uuid": "087b4779-22d5-4872-adb7-583904a92285", "value": "Wikipedia SMB" }, { "description": "Schwarz, D. and Proofpoint Staff. (2019, January 9). ServHelper and FlawedGrace - New malware introduced by TA505. Retrieved May 28, 2019.", "meta": { "date_accessed": "2019-05-28T00:00:00Z", "date_published": "2019-01-09T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505" ], "source": "MITRE", "title": "ServHelper and FlawedGrace - New malware introduced by TA505" }, "related": [], "uuid": "b744f739-8810-4fb9-96e3-6488f9ed6305", "value": "Proofpoint TA505 Jan 2019" }, { "description": "Kubernetes. (n.d.). Service Accounts. Retrieved July 14, 2023.", "meta": { "date_accessed": "2023-07-14T00:00:00Z", "refs": [ "https://kubernetes.io/docs/concepts/security/service-accounts/" ], "source": "MITRE", "title": "Service Accounts" }, "related": [], "uuid": "522eaa6b-0075-5346-bf3c-db1e7820aba2", "value": "Kubernetes Service Accounts Security" }, { "description": "Microsoft. (2018, May 31). Service Control Manager. Retrieved March 28, 2020.", "meta": { "date_accessed": "2020-03-28T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/win32/services/service-control-manager" ], "source": "MITRE", "title": "Service Control Manager" }, "related": [], "uuid": "00d22c6d-a51a-4107-bf75-53ec3330db92", "value": "Microsoft Service Control Manager" }, { "description": "Rapid7. (2016, June 22). Service Persistence. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2016-06-22T00:00:00Z", "refs": [ "https://www.rapid7.com/db/modules/exploit/linux/local/service_persistence" ], "source": "MITRE", "title": "Service Persistence" }, "related": [], "uuid": "75441af3-2ff6-42c8-b7f1-c8dc2c27efe2", "value": "Rapid7 Service Persistence 22JUNE2016" }, { "description": "Microsoft. (n.d.). Service Principal Names. Retrieved March 22, 2018.", "meta": { "date_accessed": "2018-03-22T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/ms677949.aspx" ], "source": "MITRE", "title": "Service Principal Names" }, "related": [], "uuid": "985ad31b-c385-473d-978d-40b6cd85268a", "value": "Microsoft SPN" }, { "description": "Microsoft. (2010, April 13). Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe). Retrieved March 22, 2018.", "meta": { "date_accessed": "2018-03-22T00:00:00Z", "date_published": "2010-04-13T00:00:00Z", "refs": [ "https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx" ], "source": "MITRE", "title": "Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)" }, "related": [], "uuid": "dd5dc432-32de-4bf3-b2c7-0bbdda031dd0", "value": "Microsoft SetSPN" }, { "description": "The Cyber (@r0wdy_). (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2017-11-30T00:00:00Z", "refs": [ "https://twitter.com/r0wdy_/status/936365549553991680" ], "source": "MITRE", "title": "Service Recovery Parameters" }, "related": [], "uuid": "8875ff5d-65bc-402a-bfe0-32adc10fb008", "value": "Twitter Service Recovery Nov 2017" }, { "description": "@r0wdy_. (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2017-11-30T00:00:00Z", "refs": [ "https://twitter.com/r0wdy_/status/936365549553991680" ], "source": "MITRE", "title": "Service Recovery Parameters" }, "related": [], "uuid": "7757776d-b0e9-4a99-8a55-2cd1b248c4a0", "value": "Tweet Registry Perms Weakness" }, { "description": "Microsoft. (n.d.). Services. Retrieved June 7, 2016.", "meta": { "date_accessed": "2016-06-07T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc772408.aspx" ], "source": "MITRE", "title": "Services" }, "related": [], "uuid": "b50a3c2e-e997-4af5-8be0-3a8b3a959827", "value": "TechNet Services" }, { "description": "Brian Krebs. (2012, October 22). Service Sells Access to Fortune 500 Firms. Retrieved March 10, 2023.", "meta": { "date_accessed": "2023-03-10T00:00:00Z", "date_published": "2012-10-22T00:00:00Z", "refs": [ "https://krebsonsecurity.com/2012/10/service-sells-access-to-fortune-500-firms/" ], "source": "MITRE", "title": "Service Sells Access to Fortune 500 Firms" }, "related": [], "uuid": "37d237ae-f0a8-5b30-8f97-d751c1560391", "value": "Krebs Access Brokers Fortune 500" }, { "description": "Hsu, S. (2018, June 30). Session vs Token Based Authentication. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2018-06-30T00:00:00Z", "refs": [ "https://medium.com/@sherryhsu/session-vs-token-based-authentication-11a6c5ac45e4" ], "source": "MITRE", "title": "Session vs Token Based Authentication" }, "related": [], "uuid": "08b5165c-1c98-4ebc-9f9f-778115e9e06d", "value": "Medium Authentication Tokens" }, { "description": "Microsoft. (n.d.). Set-InboxRule. Retrieved June 7, 2021.", "meta": { "date_accessed": "2021-06-07T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/powershell/module/exchange/set-inboxrule?view=exchange-ps" ], "source": "MITRE", "title": "Set-InboxRule" }, "related": [], "uuid": "28cc6142-cc4f-4e63-bcff-94347bc06b37", "value": "Microsoft Set-InboxRule" }, { "description": "LOLBAS. (2022, October 21). Setres.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-10-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Setres/" ], "source": "Tidal Cyber", "title": "Setres.exe" }, "related": [], "uuid": "631de0bd-d536-4183-bc5a-25af83bd795a", "value": "Setres.exe - LOLBAS Project" }, { "description": "Microsoft. (n.d.). Setting Process-Wide Security Through the Registry. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx" ], "source": "MITRE", "title": "Setting Process-Wide Security Through the Registry" }, "related": [], "uuid": "749d83a9-3c9f-42f4-b5ed-fa775b079716", "value": "Microsoft Process Wide Com Keys" }, { "description": "LOLBAS. (2021, August 26). SettingSyncHost.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-08-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/SettingSyncHost/" ], "source": "Tidal Cyber", "title": "SettingSyncHost.exe" }, "related": [], "uuid": "57f573f2-1c9b-4037-8f4d-9ae65d13af94", "value": "SettingSyncHost.exe - LOLBAS Project" }, { "description": "Daniel Petri. (2009, January 8). Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008. Retrieved November 15, 2019.", "meta": { "date_accessed": "2019-11-15T00:00:00Z", "date_published": "2009-01-08T00:00:00Z", "refs": [ "https://www.petri.com/setting-up-logon-script-through-active-directory-users-computers-windows-server-2008" ], "source": "MITRE", "title": "Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008" }, "related": [], "uuid": "1de42b0a-3dd6-4f75-bcf3-a2373e349a39", "value": "Petri Logon Script AD" }, { "description": "AWS. (n.d.). Setting up Run Command. Retrieved March 13, 2023.", "meta": { "date_accessed": "2023-03-13T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/systems-manager/latest/userguide/run-command-setting-up.html" ], "source": "MITRE", "title": "Setting up Run Command" }, "related": [], "uuid": "9d320336-5be4-5c20-8205-a139376fe648", "value": "AWS Setting Up Run Command" }, { "description": "Tegan. (2019, August 15). Setting up System Authentication. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2019-08-15T00:00:00Z", "refs": [ "https://help.realvnc.com/hc/en-us/articles/360002250097-Setting-up-System-Authentication" ], "source": "MITRE", "title": "Setting up System Authentication" }, "related": [], "uuid": "de6e1202-19aa-41af-8446-521abc20200d", "value": "VNC Authentication" }, { "description": "Apple Support. (n.d.). Set up a computer running VNC software for Remote Desktop. Retrieved August 18, 2021.", "meta": { "date_accessed": "2021-08-18T00:00:00Z", "refs": [ "https://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed09830/mac" ], "source": "MITRE", "title": "Set up a computer running VNC software for Remote Desktop" }, "related": [], "uuid": "c1f7fb59-6e61-4a7f-b14d-a3d1d3da45af", "value": "MacOS VNC software for Remote Desktop" }, { "description": "LOLBAS. (2018, May 25). Setupapi.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Setupapi/" ], "source": "Tidal Cyber", "title": "Setupapi.dll" }, "related": [], "uuid": "1a8a1434-fc4a-4c3e-9a9b-fb91692d7efd", "value": "Setupapi.dll - LOLBAS Project" }, { "description": "Microsoft. (2013, February 22). Set up Recovery Actions to Take Place When a Service Fails. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2013-02-22T00:00:00Z", "refs": [ "https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753662(v=ws.11)" ], "source": "MITRE", "title": "Set up Recovery Actions to Take Place When a Service Fails" }, "related": [], "uuid": "6284d130-83e5-4961-a723-af4f9a01c24e", "value": "Microsoft Service Recovery Feb 2013" }, { "description": "Microsoft. (n.d.). SetWindowLong function. Retrieved December 16, 2017.", "meta": { "date_accessed": "2017-12-16T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms633591.aspx" ], "source": "MITRE", "title": "SetWindowLong function" }, "related": [], "uuid": "11755d06-a9df-4a19-a165-2995f25c4b12", "value": "Microsoft SetWindowLong function" }, { "description": "GReAT. (2017, August 15). ShadowPad in corporate networks. Retrieved March 22, 2021.", "meta": { "date_accessed": "2021-03-22T00:00:00Z", "date_published": "2017-08-15T00:00:00Z", "refs": [ "https://securelist.com/shadowpad-in-corporate-networks/81432/" ], "source": "MITRE", "title": "ShadowPad in corporate networks" }, "related": [], "uuid": "862877d7-e18c-4613-bdad-0700bf3d45ae", "value": "Securelist ShadowPad Aug 2017" }, { "description": "Kaspersky Lab. (2017, August). ShadowPad: popular server management software hit in supply chain attack. Retrieved March 22, 2021.", "meta": { "date_accessed": "2021-03-22T00:00:00Z", "date_published": "2017-08-01T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/08/07172148/ShadowPad_technical_description_PDF.pdf" ], "source": "MITRE", "title": "ShadowPad: popular server management software hit in supply chain attack" }, "related": [], "uuid": "95c9a28d-6056-4f87-9a46-9491318889e2", "value": "Kaspersky ShadowPad Aug 2017" }, { "description": "Falcone, R.. (2016, November 30). Shamoon 2: Return of the Disttrack Wiper. Retrieved January 11, 2017.", "meta": { "date_accessed": "2017-01-11T00:00:00Z", "date_published": "2016-11-30T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/" ], "source": "MITRE", "title": "Shamoon 2: Return of the Disttrack Wiper" }, "related": [], "uuid": "15007a87-a281-41ae-b203-fdafe02a885f", "value": "Palo Alto Shamoon Nov 2016" }, { "description": "Falcone, R. (2018, December 13). Shamoon 3 Targets Oil and Gas Organization. Retrieved March 14, 2019.", "meta": { "date_accessed": "2019-03-14T00:00:00Z", "date_published": "2018-12-13T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/" ], "source": "MITRE", "title": "Shamoon 3 Targets Oil and Gas Organization" }, "related": [], "uuid": "c2148166-faf4-4ab7-a37e-deae0c88c08d", "value": "Unit 42 Shamoon3 2018" }, { "description": "Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 19). Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems. Retrieved May 29, 2020.", "meta": { "date_accessed": "2020-05-29T00:00:00Z", "date_published": "2018-12-19T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/" ], "source": "MITRE", "title": "Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems" }, "related": [], "uuid": "11cb784e-0bfe-4e64-a1ed-56530798f358", "value": "McAfee Shamoon December19 2018" }, { "description": "Mundo, A., Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 14). Shamoon Returns to Wipe Systems in Middle East, Europe . Retrieved May 29, 2020.", "meta": { "date_accessed": "2020-05-29T00:00:00Z", "date_published": "2018-12-14T00:00:00Z", "refs": [ "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/" ], "source": "MITRE", "title": "Shamoon Returns to Wipe Systems in Middle East, Europe" }, "related": [], "uuid": "d731f5b4-77a1-4de1-a00a-e2ad918de670", "value": "McAfee Shamoon December 2018" }, { "description": "Microsoft. (n.d.). Share a Folder or Drive. Retrieved June 30, 2017.", "meta": { "date_accessed": "2017-06-30T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/cc770880.aspx" ], "source": "MITRE", "title": "Share a Folder or Drive" }, "related": [], "uuid": "80a9b92a-1404-4454-88f0-dd929a12e16f", "value": "TechNet Shared Folder" }, { "description": "Amazon Web Services. (n.d.). Share an Amazon EBS snapshot. Retrieved March 2, 2022.", "meta": { "date_accessed": "2022-03-02T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html" ], "source": "MITRE", "title": "Share an Amazon EBS snapshot" }, "related": [], "uuid": "6f454218-91b7-4606-9467-c6d465c0fd1f", "value": "AWS EBS Snapshot Sharing" }, { "description": "Wheeler, D. (2003, April 11). Shared Libraries. Retrieved September 7, 2023.", "meta": { "date_accessed": "2023-09-07T00:00:00Z", "date_published": "2003-04-11T00:00:00Z", "refs": [ "https://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html" ], "source": "MITRE", "title": "Shared Libraries" }, "related": [], "uuid": "054d769a-f88e-55e9-971a-f169ee434cfe", "value": "Linux Shared Libraries" }, { "description": "The Linux Documentation Project. (n.d.). Shared Libraries. Retrieved January 31, 2020.", "meta": { "date_accessed": "2020-01-31T00:00:00Z", "refs": [ "https://www.tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html" ], "source": "MITRE", "title": "Shared Libraries" }, "related": [], "uuid": "2862845b-72b3-41d8-aafb-b36e90c6c30a", "value": "TLDP Shared Libraries" }, { "description": "halflife. (1997, September 1). Shared Library Redirection Techniques. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "1997-09-01T00:00:00Z", "refs": [ "http://phrack.org/issues/51/8.html" ], "source": "MITRE", "title": "Shared Library Redirection Techniques" }, "related": [], "uuid": "9b3f0dc7-d830-43c5-8a5b-ad3c811920c5", "value": "Phrack halfdead 1997" }, { "description": "Wikipedia. (2017, April 15). Shared resource. Retrieved June 30, 2017.", "meta": { "date_accessed": "2017-06-30T00:00:00Z", "date_published": "2017-04-15T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Shared_resource" ], "source": "MITRE", "title": "Shared resource" }, "related": [], "uuid": "6cc6164e-84b3-4413-9895-6719248808fb", "value": "Wikipedia Shared Resource" }, { "description": "Microsoft. (n.d.). Sharepoint Sharing Events. Retrieved October 8, 2021.", "meta": { "date_accessed": "2021-10-08T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/microsoft-365/compliance/use-sharing-auditing?view=o365-worldwide#sharepoint-sharing-events" ], "source": "MITRE", "title": "Sharepoint Sharing Events" }, "related": [], "uuid": "2086d37a-05a8-4604-9c69-75a178406b4a", "value": "Sharepoint Sharing Events" }, { "description": "HarmJ0y. (2018, August 22). SharpDPAPI - Certificates. Retrieved August 2, 2022.", "meta": { "date_accessed": "2022-08-02T00:00:00Z", "date_published": "2018-08-22T00:00:00Z", "refs": [ "https://github.com/GhostPack/SharpDPAPI#certificates" ], "source": "MITRE", "title": "SharpDPAPI - Certificates" }, "related": [], "uuid": "941e214d-4188-4ca0-9ef8-b26aa96373a2", "value": "GitHub GhostPack Certificates" }, { "description": "LOLBAS. (2018, May 25). Shdocvw.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Shdocvw/" ], "source": "Tidal Cyber", "title": "Shdocvw.dll" }, "related": [], "uuid": "0739d5fe-b460-4ed4-be75-cff422643a32", "value": "Shdocvw.dll - LOLBAS Project" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2018, October 04). Shedding Skin – Turla’s Fresh Faces. Retrieved November 7, 2018.", "meta": { "date_accessed": "2018-11-07T00:00:00Z", "date_published": "2018-10-04T00:00:00Z", "refs": [ "https://securelist.com/shedding-skin-turlas-fresh-faces/88069/" ], "source": "MITRE", "title": "Shedding Skin – Turla’s Fresh Faces" }, "related": [], "uuid": "5b08ea46-e25d-4df9-9b91-f8e7a1d5f7ee", "value": "Securelist Turla Oct 2018" }, { "description": "LOLBAS. (2018, May 25). Shell32.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Shell32/" ], "source": "Tidal Cyber", "title": "Shell32.dll" }, "related": [], "uuid": "9465358f-e0cc-41f0-a7f9-01d5faca8157", "value": "Shell32.dll - LOLBAS Project" }, { "description": "Cylance SPEAR Team. (2017, February 9). Shell Crew Variants Continue to Fly Under Big AV’s Radar. Retrieved February 15, 2017.", "meta": { "date_accessed": "2017-02-15T00:00:00Z", "date_published": "2017-02-09T00:00:00Z", "refs": [ "https://www.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar" ], "source": "MITRE", "title": "Shell Crew Variants Continue to Fly Under Big AV’s Radar" }, "related": [], "uuid": "c0fe5d29-838b-4e91-bd33-59ab3dbcfbc3", "value": "Cylance Shell Crew Feb 2017" }, { "description": "Cesar Anjos. (2018, May 31). Shell Logins as a Magento Reinfection Vector. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://blog.sucuri.net/2018/05/shell-logins-as-a-magento-reinfection-vector.html" ], "source": "MITRE", "title": "Shell Logins as a Magento Reinfection Vector" }, "related": [], "uuid": "b8b3f360-e14c-49ea-a4e5-8d6d9727e731", "value": "Magento" }, { "description": "Hiroaki, H. and Lu, L. (2019, June 12). Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns. Retrieved May 29, 2020.", "meta": { "date_accessed": "2020-05-29T00:00:00Z", "date_published": "2019-06-12T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/" ], "source": "MITRE", "title": "Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns" }, "related": [], "uuid": "e664a0c7-154f-449e-904d-335be1b72b29", "value": "Trend Micro TA505 June 2019" }, { "description": "LOLBAS. (2021, January 6). Shimgvw.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-01-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Shimgvw/" ], "source": "Tidal Cyber", "title": "Shimgvw.dll" }, "related": [], "uuid": "aba1cc57-ac30-400f-8b02-db7bf279dfb6", "value": "Shimgvw.dll - LOLBAS Project" }, { "description": "FireEye. (2021, May 11). Shining a Light on DARKSIDE Ransomware Operations. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2021-05-11T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html" ], "source": "MITRE", "title": "Shining a Light on DARKSIDE Ransomware Operations" }, "related": [], "uuid": "6ac6acc2-9fea-4887-99b2-9988991b47b6", "value": "FireEye Shining A Light on DARKSIDE May 2021" }, { "description": "Fabian Marquardt. (2023, August 25). Shining some light on the DarkGate loader. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "date_published": "2023-08-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://github.security.telekom.com/2023/08/darkgate-loader.html" ], "source": "Tidal Cyber", "title": "Shining some light on the DarkGate loader" }, "related": [], "uuid": "1cb60362-f73e-49e6-b0ee-e8f67a25c058", "value": "Telekom Security DarkGate August 25 2023" }, { "description": "Inman, R. and Gurney, P. (2022, June 6). Shining the Light on Black Basta. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2022-06-06T00:00:00Z", "refs": [ "https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/" ], "source": "MITRE", "title": "Shining the Light on Black Basta" }, "related": [], "uuid": "b5f91f77-b102-5812-a79f-69b254487da8", "value": "NCC Group Black Basta June 2022" }, { "description": "Merritt, E.. (2015, November 16). Shining the Spotlight on Cherry Picker PoS Malware. Retrieved April 20, 2016.", "meta": { "date_accessed": "2016-04-20T00:00:00Z", "date_published": "2015-11-16T00:00:00Z", "refs": [ "https://www.trustwave.com/Resources/SpiderLabs-Blog/Shining-the-Spotlight-on-Cherry-Picker-PoS-Malware/" ], "source": "MITRE", "title": "Shining the Spotlight on Cherry Picker PoS Malware" }, "related": [], "uuid": "e09f639e-bdd3-4e88-8032-f665e347272b", "value": "Trustwave Cherry Picker" }, { "description": "Jaron Bradley. (2021, April 26). Shlayer malware abusing Gatekeeper bypass on macOS. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2021-04-26T00:00:00Z", "refs": [ "https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/" ], "source": "MITRE", "title": "Shlayer malware abusing Gatekeeper bypass on macOS" }, "related": [], "uuid": "9ece29ee-c4e9-4a30-9958-88b114a417ce", "value": "Shlayer jamf gatekeeper bypass 2021" }, { "description": "Shodan. (n.d.). Shodan. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "refs": [ "https://shodan.io" ], "source": "MITRE", "title": "Shodan" }, "related": [], "uuid": "a142aceb-3ef5-4231-8771-bb3b2dae9acd", "value": "Shodan" }, { "description": "Elastic. (n.d.). Shortcut File Written or Modified for Persistence. Retrieved June 1, 2022.", "meta": { "date_accessed": "2022-06-01T00:00:00Z", "refs": [ "https://www.elastic.co/guide/en/security/7.17/shortcut-file-written-or-modified-for-persistence.html#shortcut-file-written-or-modified-for-persistence" ], "source": "MITRE", "title": "Shortcut File Written or Modified for Persistence" }, "related": [], "uuid": "4a12e927-0511-40b1-85f3-869ffc452c2e", "value": "Shortcut for Persistence" }, { "description": "Unprotect Project. (2019, March 18). Shortcut Hiding. Retrieved October 3, 2023.", "meta": { "date_accessed": "2023-10-03T00:00:00Z", "date_published": "2019-03-18T00:00:00Z", "refs": [ "https://unprotect.it/technique/shortcut-hiding/" ], "source": "MITRE", "title": "Shortcut Hiding" }, "related": [], "uuid": "b62d40bc-2782-538a-8913-429908c6a2ee", "value": "Unprotect Shortcut" }, { "description": "AVG. (n.d.). Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop?. Retrieved June 8, 2023.", "meta": { "date_accessed": "2023-06-08T00:00:00Z", "refs": [ "https://www.avg.com/en/signal/should-you-shut-down-sleep-or-hibernate-your-pc-or-mac-laptop" ], "source": "MITRE", "title": "Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop?" }, "related": [], "uuid": "e9064801-0297-51d0-9089-db58f4811a9f", "value": "Sleep, shut down, hibernate" }, { "description": "Cisco. (2023, March 6). show clock detail - Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2023-03-06T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s2.html#wp1896741674" ], "source": "MITRE", "title": "show clock detail - Cisco IOS Security Command Reference: Commands S to Z" }, "related": [], "uuid": "a2215813-31b0-5624-92d8-479e7bd1a30b", "value": "show_clock_detail_cisco_cmd" }, { "description": "Cisco. (2022, August 16). show processes - . Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2022-08-16T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/show_monitor_permit_list_through_show_process_memory.html#wp3599497760" ], "source": "MITRE", "title": "show processes -" }, "related": [], "uuid": "944e529b-5e8a-54a1-b205-71dcb7dd304f", "value": "show_processes_cisco_cmd" }, { "description": "Cisco. (2022, August 16). show running-config - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2022-08-16T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/show_protocols_through_showmon.html#wp2760878733" ], "source": "MITRE", "title": "show running-config - Cisco IOS Configuration Fundamentals Command Reference" }, "related": [], "uuid": "5a68a45a-a53e-5d73-a82a-0cc951071aef", "value": "show_run_config_cmd_cisco" }, { "description": "Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022.", "meta": { "date_accessed": "2022-02-17T00:00:00Z", "date_published": "2022-01-31T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine" ], "source": "MITRE, Tidal Cyber", "title": "Shuckworm Continues Cyber-Espionage Attacks Against Ukraine" }, "related": [], "uuid": "3abb9cfb-8927-4447-b904-6ed071787bef", "value": "Symantec Shuckworm January 2022" }, { "description": "Microsoft. (2017, October 15). Shutdown. Retrieved October 4, 2019.", "meta": { "date_accessed": "2019-10-04T00:00:00Z", "date_published": "2017-10-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/shutdown" ], "source": "MITRE", "title": "Shutdown" }, "related": [], "uuid": "c587f021-596a-4e63-ac51-afa2793a859d", "value": "Microsoft Shutdown Oct 2017" }, { "description": "Threat Intelligence Team. (2021, December 2). SideCopy APT: Connecting lures victims, payloads to infrastructure. Retrieved June 13, 2022.", "meta": { "date_accessed": "2022-06-13T00:00:00Z", "date_published": "2021-12-02T00:00:00Z", "refs": [ "https://www.malwarebytes.com/blog/news/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure" ], "source": "MITRE", "title": "SideCopy APT: Connecting lures victims, payloads to infrastructure" }, "related": [], "uuid": "466569a7-1ef8-4824-bd9c-d25301184ea4", "value": "MalwareBytes SideCopy Dec 2021" }, { "description": "Rewterz. (2020, April 20). Sidewinder APT Group Campaign Analysis. Retrieved January 29, 2021.", "meta": { "date_accessed": "2021-01-29T00:00:00Z", "date_published": "2020-04-20T00:00:00Z", "refs": [ "https://www.rewterz.com/threats/sidewinder-apt-group-campaign-analysis" ], "source": "MITRE", "title": "Sidewinder APT Group Campaign Analysis" }, "related": [], "uuid": "e1cecdab-d6d1-47c6-a942-3f3329e5d98d", "value": "Rewterz Sidewinder APT April 2020" }, { "description": "Cyble. (2020, September 26). SideWinder APT Targets with futuristic Tactics and Techniques. Retrieved January 29, 2021.", "meta": { "date_accessed": "2021-01-29T00:00:00Z", "date_published": "2020-09-26T00:00:00Z", "refs": [ "https://cybleinc.com/2020/09/26/sidewinder-apt-targets-with-futuristic-tactics-and-techniques/" ], "source": "MITRE", "title": "SideWinder APT Targets with futuristic Tactics and Techniques" }, "related": [], "uuid": "25d8d6df-d3b9-4f57-bce0-d5285660e746", "value": "Cyble Sidewinder September 2020" }, { "description": "Russinovich, M. et al.. (2017, May 22). Sigcheck. Retrieved April 3, 2018.", "meta": { "date_accessed": "2018-04-03T00:00:00Z", "date_published": "2017-05-22T00:00:00Z", "refs": [ "https://docs.microsoft.com/sysinternals/downloads/sigcheck" ], "source": "MITRE", "title": "Sigcheck" }, "related": [], "uuid": "7f3a0f44-03d4-4b02-9d9d-74e8ee9eede8", "value": "Microsoft Sigcheck May 2017" }, { "description": "Linux man-pages. (2023, April 3). signal(7). Retrieved August 30, 2023.", "meta": { "date_accessed": "2023-08-30T00:00:00Z", "date_published": "2023-04-03T00:00:00Z", "refs": [ "https://man7.org/linux/man-pages/man7/signal.7.html" ], "source": "MITRE", "title": "signal(7)" }, "related": [], "uuid": "63483956-fa3e-52da-a834-b3b762c4e84e", "value": "Linux Signal Man" }, { "description": "Brod. (2013, July 15). Signed Mac Malware Using Right-to-Left Override Trick. Retrieved July 17, 2017.", "meta": { "date_accessed": "2017-07-17T00:00:00Z", "date_published": "2013-07-15T00:00:00Z", "refs": [ "https://www.f-secure.com/weblog/archives/00002576.html" ], "source": "MITRE", "title": "Signed Mac Malware Using Right-to-Left Override Trick" }, "related": [], "uuid": "07e484cb-7e72-4938-a029-f9904d751777", "value": "f-secure janicab" }, { "description": "Group-IB. (2019, August). Silence 2.0: Going Global. Retrieved May 5, 2020.", "meta": { "date_accessed": "2020-05-05T00:00:00Z", "date_published": "2019-08-01T00:00:00Z", "refs": [ "https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf" ], "source": "MITRE", "title": "Silence 2.0: Going Global" }, "related": [], "uuid": "2c314eb6-767f-45b9-8a60-dba11e06afd8", "value": "Group IB Silence Aug 2019" }, { "description": "GReAT. (2017, November 1). Silence – a new Trojan attacking financial organizations. Retrieved May 24, 2019.", "meta": { "date_accessed": "2019-05-24T00:00:00Z", "date_published": "2017-11-01T00:00:00Z", "refs": [ "https://securelist.com/the-silence/83009/" ], "source": "MITRE", "title": "Silence – a new Trojan attacking financial organizations" }, "related": [], "uuid": "004a8877-7e57-48ad-a6ce-b9ad8577cc68", "value": "SecureList Silence Nov 2017" }, { "description": "Skulkin, O.. (2019, January 20). Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis. Retrieved May 24, 2019.", "meta": { "date_accessed": "2019-05-24T00:00:00Z", "date_published": "2019-01-20T00:00:00Z", "refs": [ "https://cyberforensicator.com/2019/01/20/silence-dissecting-malicious-chm-files-and-performing-forensic-analysis/" ], "source": "MITRE", "title": "Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis" }, "related": [], "uuid": "c328d6d3-5e8b-45a6-8487-eecd7e8cbf7e", "value": "Cyber Forensicator Silence Jan 2019" }, { "description": "Group-IB. (2018, September). Silence: Moving Into the Darkside. Retrieved May 5, 2020.", "meta": { "date_accessed": "2020-05-05T00:00:00Z", "date_published": "2018-09-01T00:00:00Z", "refs": [ "https://www.group-ib.com/resources/threat-research/silence_moving-into-the-darkside.pdf" ], "source": "MITRE", "title": "Silence: Moving Into the Darkside" }, "related": [], "uuid": "10d41d2e-44be-41a7-84c1-b8f39689cb93", "value": "Group IB Silence Sept 2018" }, { "description": "CrowdStrike. (2021, September 29). Silent Chollima Adversary Profile. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2021-09-29T00:00:00Z", "refs": [ "https://adversary.crowdstrike.com/en-US/adversary/silent-chollima/" ], "source": "MITRE, Tidal Cyber", "title": "Silent Chollima Adversary Profile" }, "related": [], "uuid": "835283b5-af3b-4baf-805e-da8ebbe8b5d2", "value": "CrowdStrike Silent Chollima Adversary September 2021" }, { "description": "Malwarebytes Threat Intelligence Team. (2020, October 14). Silent Librarian APT right on schedule for 20/21 academic year. Retrieved February 3, 2021.", "meta": { "date_accessed": "2021-02-03T00:00:00Z", "date_published": "2020-10-14T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/" ], "source": "MITRE", "title": "Silent Librarian APT right on schedule for 20/21 academic year" }, "related": [], "uuid": "9bb8ddd0-a8ec-459b-9983-79ccf46297ca", "value": "Malwarebytes Silent Librarian October 2020" }, { "description": "Hassold, Crane. (2018, March 26). Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment. Retrieved February 3, 2021.", "meta": { "date_accessed": "2021-02-03T00:00:00Z", "date_published": "2018-03-26T00:00:00Z", "refs": [ "https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment" ], "source": "MITRE, Tidal Cyber", "title": "Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment" }, "related": [], "uuid": "d79d0510-4d49-464d-8074-daedd186f1c1", "value": "Phish Labs Silent Librarian" }, { "description": "Salvati, M. (2019, August 6). SILENTTRINITY Modules. Retrieved March 24, 2022.", "meta": { "date_accessed": "2022-03-24T00:00:00Z", "date_published": "2019-08-06T00:00:00Z", "refs": [ "https://github.com/byt3bl33d3r/SILENTTRINITY/tree/master/silenttrinity/core/teamserver/modules/boo" ], "source": "MITRE", "title": "SILENTTRINITY Modules" }, "related": [], "uuid": "df9252e6-2727-4b39-a5f8-9f01c85aae9d", "value": "GitHub SILENTTRINITY Modules July 2019" }, { "description": "Prizmant, D. (2021, June 7). Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments. Retrieved June 9, 2021.", "meta": { "date_accessed": "2021-06-09T00:00:00Z", "date_published": "2021-06-07T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/siloscape/" ], "source": "MITRE", "title": "Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments" }, "related": [], "uuid": "4be128a7-97b8-48fa-8a52-a53c1e56f086", "value": "Unit 42 Siloscape Jun 2021" }, { "description": "Renals, P., Conant, S. (2016). SILVERTERRIER: The Next Evolution in Nigerian Cybercrime. Retrieved November 13, 2018.", "meta": { "date_accessed": "2018-11-13T00:00:00Z", "date_published": "2016-01-01T00:00:00Z", "refs": [ "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/silverterrier-next-evolution-in-nigerian-cybercrime.pdf" ], "source": "MITRE, Tidal Cyber", "title": "SILVERTERRIER: The Next Evolution in Nigerian Cybercrime" }, "related": [], "uuid": "a6ba79ca-7d4a-48d3-aae3-ee766770f83b", "value": "Unit42 SilverTerrier 2016" }, { "description": "Unit42. (2016). SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE. Retrieved November 13, 2018.", "meta": { "date_accessed": "2018-11-13T00:00:00Z", "date_published": "2016-01-01T00:00:00Z", "refs": [ "https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/whitepapers/unit42-silverterrier-rise-of-nigerian-business-email-compromise" ], "source": "MITRE, Tidal Cyber", "title": "SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE" }, "related": [], "uuid": "59630d6e-d034-4788-b418-a72bafefe54e", "value": "Unit42 SilverTerrier 2018" }, { "description": "Timac. (2012, December 18). Simple code injection using DYLD_INSERT_LIBRARIES. Retrieved March 26, 2020.", "meta": { "date_accessed": "2020-03-26T00:00:00Z", "date_published": "2012-12-18T00:00:00Z", "refs": [ "https://blog.timac.org/2012/1218-simple-code-injection-using-dyld_insert_libraries/" ], "source": "MITRE", "title": "Simple code injection using DYLD_INSERT_LIBRARIES" }, "related": [], "uuid": "54fcbc49-f4e3-48a4-9d67-52ca08b322b2", "value": "Timac DYLD_INSERT_LIBRARIES" }, { "description": "Mandiant Intelligence. (2023, May 16). SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack. Retrieved June 2, 2023.", "meta": { "date_accessed": "2023-06-02T00:00:00Z", "date_published": "2023-05-16T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/sim-swapping-abuse-azure-serial" ], "source": "MITRE", "title": "SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack" }, "related": [], "uuid": "c596a0e0-6e9c-52e4-b1bb-9c0542f960f2", "value": "SIM Swapping and Abuse of the Microsoft Azure Serial Console" }, { "description": "Navarro, E. (2008, July 11). SIP’s (Subject Interface Package) and Authenticode. Retrieved January 31, 2018.", "meta": { "date_accessed": "2018-01-31T00:00:00Z", "date_published": "2008-07-11T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/eduardonavarro/2008/07/11/sips-subject-interface-package-and-authenticode/" ], "source": "MITRE", "title": "SIP’s (Subject Interface Package) and Authenticode" }, "related": [], "uuid": "ac37f167-3ae9-437b-9215-c30c1ab4e249", "value": "EduardosBlog SIPs July 2008" }, { "description": "Andy. (2018, May 12). ‘Anonymous’ Hackers Deface Russian Govt. Site to Protest Web-Blocking (NSFW). Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "refs": [ "https://torrentfreak.com/anonymous-hackers-deface-russian-govt-site-to-protest-web-blocking-nsfw-180512/" ], "source": "MITRE", "title": "Site to Protest Web-Blocking (NSFW)" }, "related": [], "uuid": "ca63ccd4-8c81-4de6-8eb4-06a6c68ce4d3", "value": "Anonymous Hackers Deface Russian Govt Site" }, { "description": "Dell SecureWorks. (2015, January 12). Skeleton Key Malware Analysis. Retrieved April 8, 2019.", "meta": { "date_accessed": "2019-04-08T00:00:00Z", "date_published": "2015-01-12T00:00:00Z", "refs": [ "https://www.secureworks.com/research/skeleton-key-malware-analysis" ], "source": "MITRE", "title": "Skeleton Key Malware Analysis" }, "related": [], "uuid": "cea9ce77-7641-4086-b92f-a4c3ad94a49c", "value": "Dell Skeleton" }, { "description": "Command Five Pty Ltd. (2011, September). SK Hack by an Advanced Persistent Threat. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2011-09-01T00:00:00Z", "refs": [ "https://www.commandfive.com/papers/C5_APT_SKHack.pdf" ], "source": "MITRE", "title": "SK Hack by an Advanced Persistent Threat" }, "related": [], "uuid": "ccca927e-fa03-4eba-b631-9989804a1f3c", "value": "Command Five SK 2011" }, { "description": "Remillano, A., Urbanec, J. (2019, September 19). Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload. Retrieved June 4, 2020.", "meta": { "date_accessed": "2020-06-04T00:00:00Z", "date_published": "2019-09-19T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/" ], "source": "MITRE", "title": "Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload" }, "related": [], "uuid": "53291621-f0ad-4cb7-af08-78b96eb67168", "value": "Trend Micro Skidmap" }, { "description": "Detectify. (2016, April 28). Slack bot token leakage exposing business critical information. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2016-04-28T00:00:00Z", "refs": [ "https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/" ], "source": "MITRE", "title": "Slack bot token leakage exposing business critical information" }, "related": [], "uuid": "46c40ed4-5a15-4b38-b625-bebc569dbf69", "value": "Detectify Slack Tokens" }, { "description": "BishopFox. (n.d.). Sliver. Retrieved September 15, 2021.", "meta": { "date_accessed": "2021-09-15T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/" ], "source": "MITRE", "title": "Sliver" }, "related": [], "uuid": "f706839a-c6e7-469b-a0c0-02c0d55eb4f6", "value": "GitHub Sliver C2" }, { "description": "BishopFox. (n.d.). Sliver DNS C2 . Retrieved September 15, 2021.", "meta": { "date_accessed": "2021-09-15T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/wiki/DNS-C2" ], "source": "MITRE", "title": "Sliver DNS C2" }, "related": [], "uuid": "41c1ac3e-d03a-4e09-aebe-a8c191236e7e", "value": "GitHub Sliver C2 DNS" }, { "description": "BishopFox. (n.d.). Sliver Download. Retrieved September 16, 2021.", "meta": { "date_accessed": "2021-09-16T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/blob/7489c69962b52b09ed377d73d142266564845297/client/command/filesystem/download.go" ], "source": "MITRE", "title": "Sliver Download" }, "related": [], "uuid": "f9f6468f-6115-4753-a1ff-3658e410f964", "value": "GitHub Sliver Download" }, { "description": "BishopFox. (2021, August 18). Sliver Filesystem. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2021-08-18T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/tree/master/client/command/filesystem" ], "source": "MITRE", "title": "Sliver Filesystem" }, "related": [], "uuid": "820beaff-a0d5-4017-9a9c-6fbd7874b585", "value": "GitHub Sliver File System August 2021" }, { "description": "BishopFox. (n.d.). Sliver HTTP(S) C2. Retrieved September 16, 2021.", "meta": { "date_accessed": "2021-09-16T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/wiki/HTTP(S)-C2" ], "source": "MITRE", "title": "Sliver HTTP(S) C2" }, "related": [], "uuid": "0194a86d-c7bf-4115-ab45-4c67fcfdb2a1", "value": "GitHub Sliver HTTP" }, { "description": "BishopFox. (n.d.). Sliver Ifconfig. Retrieved September 16, 2021.", "meta": { "date_accessed": "2021-09-16T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/blob/ea329226636ab8e470086a17f13aa8d330baad22/client/command/network/ifconfig.go" ], "source": "MITRE", "title": "Sliver Ifconfig" }, "related": [], "uuid": "e9783116-144f-49e9-a3c5-28bf3ff9c654", "value": "GitHub Sliver Ifconfig" }, { "description": "BishopFox. (n.d.). Sliver Netstat. Retrieved September 16, 2021.", "meta": { "date_accessed": "2021-09-16T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/tree/58a56a077f0813bb312f9fa4df7453b510c3a73b/implant/sliver/netstat" ], "source": "MITRE", "title": "Sliver Netstat" }, "related": [], "uuid": "37ef7619-8157-4522-aea7-779d75464029", "value": "GitHub Sliver Netstat" }, { "description": "BishopFox. (n.d.). Sliver Screenshot. Retrieved September 16, 2021.", "meta": { "date_accessed": "2021-09-16T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/blob/master/implant/sliver/screen/screenshot_windows.go" ], "source": "MITRE", "title": "Sliver Screenshot" }, "related": [], "uuid": "0417572e-d1c7-4db5-8644-5b94c79cc14d", "value": "GitHub Sliver Screen" }, { "description": "BishopFox. (n.d.). Sliver Transport Encryption. Retrieved September 16, 2021.", "meta": { "date_accessed": "2021-09-16T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/wiki/Transport-Encryption" ], "source": "MITRE", "title": "Sliver Transport Encryption" }, "related": [], "uuid": "b33a9d44-1468-4b3e-8d27-9c48c81bec74", "value": "GitHub Sliver Encryption" }, { "description": "BishopFox. (n.d.). Sliver Upload. Retrieved September 16, 2021.", "meta": { "date_accessed": "2021-09-16T00:00:00Z", "refs": [ "https://github.com/BishopFox/sliver/blob/ea329226636ab8e470086a17f13aa8d330baad22/client/command/filesystem/upload.go" ], "source": "MITRE", "title": "Sliver Upload" }, "related": [], "uuid": "96e6e207-bf8b-4a3e-9a92-779e8bb6bb67", "value": "GitHub Sliver Upload" }, { "description": "Cimpanu, C. (2018, September 13). Sly malware author hides cryptomining botnet behind ever-shifting proxy service. Retrieved September 15, 2020.", "meta": { "date_accessed": "2020-09-15T00:00:00Z", "date_published": "2018-09-13T00:00:00Z", "refs": [ "https://www.zdnet.com/article/sly-malware-author-hides-cryptomining-botnet-behind-ever-shifting-proxy-service/" ], "source": "MITRE", "title": "Sly malware author hides cryptomining botnet behind ever-shifting proxy service" }, "related": [], "uuid": "3edb88be-2ca6-4925-ba2e-a5a4ac5f9ab0", "value": "Zdnet Ngrok September 2018" }, { "description": "NCSC GCHQ. (2022, January 27). Small Sieve Malware Analysis Report. Retrieved August 22, 2022.", "meta": { "date_accessed": "2022-08-22T00:00:00Z", "date_published": "2022-01-27T00:00:00Z", "refs": [ "https://www.ncsc.gov.uk/files/NCSC-Malware-Analysis-Report-Small-Sieve.pdf" ], "source": "MITRE", "title": "Small Sieve Malware Analysis Report" }, "related": [], "uuid": "0edb8946-be38-45f5-a27c-bdbebc383d72", "value": "NCSC GCHQ Small Sieve Jan 2022" }, { "description": "smartmontools. (n.d.). smartmontools. Retrieved October 2, 2018.", "meta": { "date_accessed": "2018-10-02T00:00:00Z", "refs": [ "https://www.smartmontools.org/" ], "source": "MITRE", "title": "smartmontools" }, "related": [], "uuid": "efae8de6-1b8d-47c0-b7a0-e3d0c227a14c", "value": "SmartMontools" }, { "description": "byt3bl33d3r. (2018, September 8). SMB: Command Reference. Retrieved July 17, 2020.", "meta": { "date_accessed": "2020-07-17T00:00:00Z", "date_published": "2018-09-08T00:00:00Z", "refs": [ "https://github.com/byt3bl33d3r/CrackMapExec/wiki/SMB-Command-Reference" ], "source": "MITRE", "title": "SMB: Command Reference" }, "related": [], "uuid": "a6e1e3b4-1b69-43b7-afbe-aedb812c5778", "value": "CME Github September 2018" }, { "description": "US-CERT. (2017, March 16). SMB Security Best Practices. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "date_published": "2017-03-16T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices" ], "source": "MITRE", "title": "SMB Security Best Practices" }, "related": [], "uuid": "710d2292-c693-4857-9196-397449061e76", "value": "US-CERT SMB Security" }, { "description": "Tim Schroeder. (2013, April 21). SMLoginItemSetEnabled Demystified. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "date_published": "2013-04-21T00:00:00Z", "refs": [ "https://blog.timschroeder.net/2013/04/21/smloginitemsetenabled-demystified/" ], "source": "MITRE", "title": "SMLoginItemSetEnabled Demystified" }, "related": [], "uuid": "ad14bad2-95c8-49b0-9777-e464fc8359a0", "value": "SMLoginItemSetEnabled Schroeder 2013" }, { "description": "Hasherezade. (2016, September 12). Smoke Loader – downloader with a smokescreen still alive. Retrieved March 20, 2018.", "meta": { "date_accessed": "2018-03-20T00:00:00Z", "date_published": "2016-09-12T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2016/08/smoke-loader-downloader-with-a-smokescreen-still-alive/" ], "source": "MITRE", "title": "Smoke Loader – downloader with a smokescreen still alive" }, "related": [], "uuid": "b619e338-16aa-478c-b227-b22f78d572a3", "value": "Malwarebytes SmokeLoader 2016" }, { "description": "Baker, B., Unterbrink H. (2018, July 03). Smoking Guns - Smoke Loader learned new tricks. Retrieved July 5, 2018.", "meta": { "date_accessed": "2018-07-05T00:00:00Z", "date_published": "2018-07-03T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html#more" ], "source": "MITRE", "title": "Smoking Guns - Smoke Loader learned new tricks" }, "related": [], "uuid": "072ac051-7564-4dd3-a279-7f75c91b55f1", "value": "Talos Smoke Loader July 2018" }, { "description": "FireEye. (2021, June 16). Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2021-06-16T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html" ], "source": "MITRE", "title": "Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise" }, "related": [], "uuid": "a81ad3ef-fd96-432c-a7c8-ccc86d127a1b", "value": "FireEye SMOKEDHAM June 2021" }, { "description": "Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved January 16, 2019.", "meta": { "date_accessed": "2019-01-16T00:00:00Z", "date_published": "2017-08-08T00:00:00Z", "refs": [ "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/smuggling-hta-files-in-internet-exploreredge/" ], "source": "MITRE", "title": "Smuggling HTA files in Internet Explorer/Edge" }, "related": [], "uuid": "b16bae1a-75aa-478b-b8c7-458ee5a3f7e5", "value": "Environmental Keyed HTA" }, { "description": "Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved May 20, 2021.", "meta": { "date_accessed": "2021-05-20T00:00:00Z", "date_published": "2017-08-08T00:00:00Z", "refs": [ "https://research.nccgroup.com/2017/08/08/smuggling-hta-files-in-internet-explorer-edge/" ], "source": "MITRE", "title": "Smuggling HTA files in Internet Explorer/Edge" }, "related": [], "uuid": "f5615cdc-bc56-415b-8e38-6f3fd1c33c88", "value": "nccgroup Smuggling HTA 2017" }, { "description": "Accenture Security. (2018, November 29). SNAKEMACKEREL. Retrieved April 15, 2019.", "meta": { "date_accessed": "2019-04-15T00:00:00Z", "date_published": "2018-11-29T00:00:00Z", "refs": [ "https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50" ], "source": "MITRE", "title": "SNAKEMACKEREL" }, "related": [], "uuid": "c38d021c-d84c-4aa7-b7a5-be47e18df1d8", "value": "Accenture SNAKEMACKEREL Nov 2018" }, { "description": "Sophos. (2019, December 9). Snatch ransomware reboots PCs into Safe Mode to bypass protection. Retrieved June 23, 2021.", "meta": { "date_accessed": "2021-06-23T00:00:00Z", "date_published": "2019-12-09T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/" ], "source": "MITRE", "title": "Snatch ransomware reboots PCs into Safe Mode to bypass protection" }, "related": [], "uuid": "63019d16-07ec-4e53-98b7-529cc09b8429", "value": "Sophos Snatch Ransomware 2019" }, { "description": "Metcalf, S. (2015, September 19). Sneaky Active Directory Persistence #14: SID History. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "date_published": "2015-09-19T00:00:00Z", "refs": [ "https://adsecurity.org/?p=1772" ], "source": "MITRE", "title": "Sneaky Active Directory Persistence #14: SID History" }, "related": [], "uuid": "26961107-c48e-46d5-8d80-cda543b3be3b", "value": "AdSecurity SID History Sept 2015" }, { "description": "Metcalf, S. (2016, March 14). Sneaky Active Directory Persistence #17: Group Policy. Retrieved March 5, 2019.", "meta": { "date_accessed": "2019-03-05T00:00:00Z", "date_published": "2016-03-14T00:00:00Z", "refs": [ "https://adsecurity.org/?p=2716" ], "source": "MITRE", "title": "Sneaky Active Directory Persistence #17: Group Policy" }, "related": [], "uuid": "e304715f-7da1-4342-ba5b-d0387d93aeb2", "value": "ADSecurity GPO Persistence 2016" }, { "description": "Jornet, A. (2021, December 23). Snip3, an investigation into malware. Retrieved September 19, 2023.", "meta": { "date_accessed": "2023-09-19T00:00:00Z", "date_published": "2021-12-23T00:00:00Z", "refs": [ "https://telefonicatech.com/blog/snip3-investigacion-malware" ], "source": "MITRE", "title": "Snip3, an investigation into malware" }, "related": [], "uuid": "f026dd44-1491-505b-8a8a-e4f28c6cd6a7", "value": "Telefonica Snip3 December 2021" }, { "description": "Felipe Duarte, Ido Naor. (2022, March 9). Sockbot in GoLand. Retrieved September 22, 2023.", "meta": { "date_accessed": "2023-09-22T00:00:00Z", "date_published": "2022-03-09T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://secjoes-reports.s3.eu-central-1.amazonaws.com/Sockbot%2Bin%2BGoLand.pdf" ], "source": "Tidal Cyber", "title": "Sockbot in GoLand" }, "related": [], "uuid": "bca2b5c2-bc3b-4504-806e-5c5b6fee96e6", "value": "Security Joes Sockbot March 09 2022" }, { "description": "Mamedov, O, et al. (2019, July 3). Sodin ransomware exploits Windows vulnerability and processor architecture. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "date_published": "2019-07-03T00:00:00Z", "refs": [ "https://securelist.com/sodin-ransomware/91473/" ], "source": "MITRE", "title": "Sodin ransomware exploits Windows vulnerability and processor architecture" }, "related": [], "uuid": "ea46271d-3251-4bd7-afa8-f1bd7baf9570", "value": "Kaspersky Sodin July 2019" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (2015, December 4). Sofacy APT hits high profile targets with updated toolset. Retrieved December 10, 2015.", "meta": { "date_accessed": "2015-12-10T00:00:00Z", "date_published": "2015-12-04T00:00:00Z", "refs": [ "https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/" ], "source": "MITRE", "title": "Sofacy APT hits high profile targets with updated toolset" }, "related": [], "uuid": "46226f98-c762-48e3-9bcd-19ff14184bb5", "value": "Kaspersky Sofacy" }, { "description": "Lee, B, et al. (2018, February 28). Sofacy Attacks Multiple Government Entities. Retrieved March 15, 2018.", "meta": { "date_accessed": "2018-03-15T00:00:00Z", "date_published": "2018-02-28T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/" ], "source": "MITRE", "title": "Sofacy Attacks Multiple Government Entities" }, "related": [], "uuid": "0bcc2d76-987c-4a9b-9e00-1400eec4e606", "value": "Unit 42 Sofacy Feb 2018" }, { "description": "Falcone, R., Lee, B.. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2018-11-20T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/" ], "source": "MITRE", "title": "Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan" }, "related": [], "uuid": "1523c6de-8879-4652-ac51-1a5085324370", "value": "Unit 42 Sofacy Nov 2018" }, { "description": "Falcone, R., Lee, B. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved November 26, 2018.", "meta": { "date_accessed": "2018-11-26T00:00:00Z", "date_published": "2018-11-20T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/" ], "source": "MITRE", "title": "Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan" }, "related": [], "uuid": "8c634bbc-4878-4b27-aa18-5996ec968809", "value": "Unit42 Cannon Nov 2018" }, { "description": "Lee, B., Falcone, R. (2018, June 06). Sofacy Group’s Parallel Attacks. Retrieved June 18, 2018.", "meta": { "date_accessed": "2018-06-18T00:00:00Z", "date_published": "2018-06-06T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/" ], "source": "MITRE", "title": "Sofacy Group’s Parallel Attacks" }, "related": [], "uuid": "a32357eb-3226-4bee-aeed-d2fbcfa52da0", "value": "Palo Alto Sofacy 06-2018" }, { "description": "F-Secure. (2015, September 8). Sofacy Recycles Carberp and Metasploit Code. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2015-09-08T00:00:00Z", "refs": [ "https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/" ], "source": "MITRE", "title": "Sofacy Recycles Carberp and Metasploit Code" }, "related": [], "uuid": "56a95d3c-5268-4e69-b669-7055fb38d570", "value": "F-Secure Sofacy 2015" }, { "description": "Dani Creus, Tyler Halfpop, Robert Falcone. (2016, September 26). Sofacy's 'Komplex' OS X Trojan. Retrieved July 8, 2017.", "meta": { "date_accessed": "2017-07-08T00:00:00Z", "date_published": "2016-09-26T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/" ], "source": "MITRE", "title": "Sofacy's 'Komplex' OS X Trojan" }, "related": [], "uuid": "a21be45e-26c3-446d-b336-b58d08df5749", "value": "Sofacy Komplex Trojan" }, { "description": "Falcone, R. (2018, March 15). Sofacy Uses DealersChoice to Target European Government Agency. Retrieved June 4, 2018.", "meta": { "date_accessed": "2018-06-04T00:00:00Z", "date_published": "2018-03-15T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-european-government-agency/" ], "source": "MITRE", "title": "Sofacy Uses DealersChoice to Target European Government Agency" }, "related": [], "uuid": "ec157d0c-4091-43f5-85f1-a271c4aac1fc", "value": "Sofacy DealersChoice" }, { "description": "Unit 42. (2020, December 23). SolarStorm Supply Chain Attack Timeline. Retrieved March 24, 2023.", "meta": { "date_accessed": "2023-03-24T00:00:00Z", "date_published": "2020-12-23T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/" ], "source": "MITRE", "title": "SolarStorm Supply Chain Attack Timeline" }, "related": [], "uuid": "ecbb602a-2427-5eba-8c2b-25d90c95f166", "value": "Unit 42 SolarStorm December 2020" }, { "description": "Symantec Threat Hunter Team. (2021, January 22). SolarWinds: How Sunburst Sends Data Back to the Attackers. Retrieved January 22, 2021.", "meta": { "date_accessed": "2021-01-22T00:00:00Z", "date_published": "2021-01-22T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-sending-data" ], "source": "MITRE", "title": "SolarWinds: How Sunburst Sends Data Back to the Attackers" }, "related": [], "uuid": "50be20ca-48d1-4eb9-a25f-76935a0770b3", "value": "Symantec Sunburst Sending Data January 2021" }, { "description": "Carnegie Mellon University. (2020, December 26). SolarWinds Orion API authentication bypass allows remote command execution. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2020-12-26T00:00:00Z", "refs": [ "https://www.kb.cert.org/vuls/id/843464" ], "source": "MITRE", "title": "SolarWinds Orion API authentication bypass allows remote command execution" }, "related": [], "uuid": "ad43df0c-bdac-43e2-bd86-640036367b6c", "value": "Carnegie Mellon University Supernova Dec 2020" }, { "description": "SolarWinds. (2020, December 24). SolarWinds Security Advisory. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2020-12-24T00:00:00Z", "refs": [ "https://www.solarwinds.com/sa-overview/securityadvisory" ], "source": "MITRE", "title": "SolarWinds Security Advisory" }, "related": [], "uuid": "4e8b908a-bdc5-441b-bc51-98dfa87f6b7a", "value": "SolarWinds Advisory Dec 2020" }, { "description": "Shoemaker, E. (2015, December 31). Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell. Retrieved March 7, 2022.", "meta": { "date_accessed": "2022-03-07T00:00:00Z", "date_published": "2015-12-31T00:00:00Z", "refs": [ "https://lockstepgroup.com/blog/monitor-dhcp-scopes-and-detect-man-in-the-middle-attacks/" ], "source": "MITRE", "title": "Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell" }, "related": [], "uuid": "6fce30c3-17d6-42a0-8470-319e2930e573", "value": "solution_monitor_dhcp_scopes" }, { "description": "SophosXOps. (2023, September 13). Sophos X-Ops Tweet September 13 2023. Retrieved September 22, 2023.", "meta": { "date_accessed": "2023-09-22T00:00:00Z", "date_published": "2023-09-13T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://twitter.com/SophosXOps/status/1702051374287007923" ], "source": "Tidal Cyber", "title": "Sophos X-Ops Tweet September 13 2023" }, "related": [], "uuid": "98af96a6-98bb-4d81-bb0c-a550e765e6ac", "value": "Sophos X-Ops Tweet September 13 2023" }, { "description": "ss64. (n.d.). Source or Dot Operator. Retrieved May 21, 2019.", "meta": { "date_accessed": "2019-05-21T00:00:00Z", "refs": [ "https://ss64.com/bash/source.html" ], "source": "MITRE", "title": "Source or Dot Operator" }, "related": [], "uuid": "a39354fc-334f-4f65-ba8a-56550f91710f", "value": "Source Manual" }, { "description": "Symantec Security Response. (2017, November 7). Sowbug: Cyber espionage group targets South American and Southeast Asian governments. Retrieved November 16, 2017.", "meta": { "date_accessed": "2017-11-16T00:00:00Z", "date_published": "2017-11-07T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments" ], "source": "MITRE, Tidal Cyber", "title": "Sowbug: Cyber espionage group targets South American and Southeast Asian governments" }, "related": [], "uuid": "14f49074-fc46-45d3-bf7e-30c896c39c07", "value": "Symantec Sowbug Nov 2017" }, { "description": "Grassi, P., et al. (2017, December 1). SP 800-63-3, Digital Identity Guidelines. Retrieved January 16, 2019.", "meta": { "date_accessed": "2019-01-16T00:00:00Z", "date_published": "2017-12-01T00:00:00Z", "refs": [ "https://pages.nist.gov/800-63-3/sp800-63b.html" ], "source": "MITRE", "title": "SP 800-63-3, Digital Identity Guidelines" }, "related": [], "uuid": "143599bf-167b-4041-82c5-8612c3e81095", "value": "NIST 800-63-3" }, { "description": "Tom Spring. (2017, January 11). Spammers Revive Hancitor Downloader Campaigns. Retrieved August 13, 2020.", "meta": { "date_accessed": "2020-08-13T00:00:00Z", "date_published": "2017-01-11T00:00:00Z", "refs": [ "https://threatpost.com/spammers-revive-hancitor-downloader-campaigns/123011/" ], "source": "MITRE", "title": "Spammers Revive Hancitor Downloader Campaigns" }, "related": [], "uuid": "70ad77af-88aa-4f06-a9cb-df9608157841", "value": "Threatpost Hancitor" }, { "description": "Check Point Research. (2019, February 4). SpeakUp: A New Undetected Backdoor Linux Trojan. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2019-02-04T00:00:00Z", "refs": [ "https://research.checkpoint.com/speakup-a-new-undetected-backdoor-linux-trojan/" ], "source": "MITRE", "title": "SpeakUp: A New Undetected Backdoor Linux Trojan" }, "related": [], "uuid": "8f0d6a8d-6bd4-4df5-aa28-70e1ec4b0b12", "value": "CheckPoint SpeakUp Feb 2019" }, { "description": "Cyfirma. (2020, December 16). Spear Phishing Attack by N. Korean Hacking Group, Kimsuky. Retrieved October 30, 2023.", "meta": { "date_accessed": "2023-10-30T00:00:00Z", "date_published": "2020-12-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cyfirma.com/outofband/n-korean-hacking-group-kimsuky-escalates-attacks/" ], "source": "Tidal Cyber", "title": "Spear Phishing Attack by N. Korean Hacking Group, Kimsuky" }, "related": [], "uuid": "de9817bc-1ac0-4f19-b5af-c402c874f431", "value": "Cyfirma Kimsuky Spear Phishing" }, { "description": "Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Retrieved June 9, 2022.", "meta": { "date_accessed": "2022-06-09T00:00:00Z", "date_published": "2022-02-25T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/" ], "source": "MITRE", "title": "Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot" }, "related": [], "uuid": "b0632490-76be-4018-982d-4b73b3d13881", "value": "Palo Alto Unit 42 OutSteel SaintBot February 2022" }, { "description": "Sadique, M. and Singh, A. (2020, September 29). Spear Phishing Campaign Delivers Buer and Bazar Malware. Retrieved November 19, 2020.", "meta": { "date_accessed": "2020-11-19T00:00:00Z", "date_published": "2020-09-29T00:00:00Z", "refs": [ "https://www.zscaler.com/blogs/research/spear-phishing-campaign-delivers-buer-and-bazar-malware" ], "source": "MITRE", "title": "Spear Phishing Campaign Delivers Buer and Bazar Malware" }, "related": [], "uuid": "fc46f152-9ed7-4850-8127-7b1f486ef2fe", "value": "Zscaler Bazar September 2020" }, { "description": "Admin. (2018, March 2). Spear-phishing campaign leveraging on MSXSL. Retrieved July 3, 2018.", "meta": { "date_accessed": "2018-07-03T00:00:00Z", "date_published": "2018-03-02T00:00:00Z", "refs": [ "https://reaqta.com/2018/03/spear-phishing-campaign-leveraging-msxsl/" ], "source": "MITRE", "title": "Spear-phishing campaign leveraging on MSXSL" }, "related": [], "uuid": "927737c9-63a3-49a6-85dc-620e055aaf0a", "value": "Reaqta MSXSL Spearphishing MAR 2018" }, { "description": "Anubhav, A., Kizhakkinan, D. (2017, February 22). Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government. Retrieved February 24, 2017.", "meta": { "date_accessed": "2017-02-24T00:00:00Z", "date_published": "2017-02-22T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html" ], "source": "MITRE", "title": "Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government" }, "related": [], "uuid": "d1509d15-04af-46bd-a6b1-30fbd179b257", "value": "FireEye Regsvr32 Targeting Mongolian Gov" }, { "description": "Moran, N. and Lanstein, A.. (2014, March 25). Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370. Retrieved April 15, 2016.", "meta": { "date_accessed": "2016-04-15T00:00:00Z", "date_published": "2014-03-25T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html" ], "source": "MITRE", "title": "Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370" }, "related": [], "uuid": "6a37e6eb-b767-4b10-9c39-660a42b19ddd", "value": "FireEye admin@338 March 2014" }, { "description": "Microsoft. (n.d.). Specifying File Handlers for File Name Extensions. Retrieved November 13, 2014.", "meta": { "date_accessed": "2014-11-13T00:00:00Z", "refs": [ "http://msdn.microsoft.com/en-us/library/bb166549.aspx" ], "source": "MITRE", "title": "Specifying File Handlers for File Name Extensions" }, "related": [], "uuid": "cc12cd2c-4f41-4d7b-902d-53c35eb41210", "value": "Microsoft File Handlers" }, { "description": "GTFOBins. (2020, November 13). split. Retrieved April 18, 2022.", "meta": { "date_accessed": "2022-04-18T00:00:00Z", "date_published": "2020-11-13T00:00:00Z", "refs": [ "https://gtfobins.github.io/gtfobins/split/" ], "source": "MITRE", "title": "split" }, "related": [], "uuid": "4b86c8c3-57b0-4558-be21-f928acb23f49", "value": "GTFO split" }, { "description": "Torbjorn Granlund, Richard M. Stallman. (2020, March null). split(1) — Linux manual page. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "refs": [ "https://man7.org/linux/man-pages/man1/split.1.html" ], "source": "MITRE", "title": "split(1) — Linux manual page" }, "related": [], "uuid": "3a4dc770-8bfa-44e9-bb0e-f0af0ae92994", "value": "split man page" }, { "description": "Johann Rehberger. (2021, April 18). Spoofing credential dialogs on macOS Linux and Windows. Retrieved August 19, 2021.", "meta": { "date_accessed": "2021-08-19T00:00:00Z", "date_published": "2021-04-18T00:00:00Z", "refs": [ "https://embracethered.com/blog/posts/2021/spoofing-credential-dialogs/" ], "source": "MITRE", "title": "Spoofing credential dialogs on macOS Linux and Windows" }, "related": [], "uuid": "4f8abaae-1483-4bf6-a79c-6a801ae5a640", "value": "Spoofing credential dialogs" }, { "description": "Security Ninja. (2015, April 16). Spoof Using Right to Left Override (RTLO) Technique. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2015-04-16T00:00:00Z", "refs": [ "https://resources.infosecinstitute.com/spoof-using-right-to-left-override-rtlo-technique-2/" ], "source": "MITRE", "title": "Spoof Using Right to Left Override (RTLO) Technique" }, "related": [], "uuid": "79d21506-07a8-444d-a2d7-c91de67c393e", "value": "Infosecinstitute RTLO Technique" }, { "description": "BBC. (2011, March 29). Spotify ads hit by malware attack. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2011-03-29T00:00:00Z", "refs": [ "https://www.bbc.com/news/technology-12891182" ], "source": "MITRE", "title": "Spotify ads hit by malware attack" }, "related": [], "uuid": "425775e4-2948-5a73-a2d8-9a3edca74b1b", "value": "BBC-malvertising" }, { "description": "National Security Agency/Central Security Service Information Assurance Directorate. (2015, August 7). Spotting the Adversary with Windows Event Log Monitoring. Retrieved September 6, 2018.", "meta": { "date_accessed": "2018-09-06T00:00:00Z", "date_published": "2015-08-07T00:00:00Z", "refs": [ "https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm" ], "source": "MITRE", "title": "Spotting the Adversary with Windows Event Log Monitoring" }, "related": [], "uuid": "c1fa6c1d-f11a-47d4-88fc-ec0a3dc44279", "value": "NSA Spotting" }, { "description": "Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.", "meta": { "date_accessed": "2015-09-29T00:00:00Z", "date_published": "2014-07-31T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html" ], "source": "MITRE, Tidal Cyber", "title": "Spy of the Tiger" }, "related": [], "uuid": "a156e24e-0da5-4ac7-b914-29f2f05e7d6f", "value": "Villeneuve 2014" }, { "description": "LOLBAS. (2018, May 25). Sqldumper.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Sqldumper/" ], "source": "Tidal Cyber", "title": "Sqldumper.exe" }, "related": [], "uuid": "793d6262-37af-46e1-a6b5-a5262f4a749d", "value": "Sqldumper.exe - LOLBAS Project" }, { "description": "Damele, B., Stampar, M. (n.d.). sqlmap. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "refs": [ "http://sqlmap.org/" ], "source": "MITRE", "title": "sqlmap" }, "related": [], "uuid": "ac643245-d54f-470f-a393-26875c0877c8", "value": "sqlmap Introduction" }, { "description": "LOLBAS. (2018, May 25). Sqlps.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Sqlps/" ], "source": "Tidal Cyber", "title": "Sqlps.exe" }, "related": [], "uuid": "31cc851a-c536-4cef-9391-d3c7d3eab64f", "value": "Sqlps.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). SQLToolsPS.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Sqltoolsps/" ], "source": "Tidal Cyber", "title": "SQLToolsPS.exe" }, "related": [], "uuid": "612c9569-80af-48d2-a853-0f6e3f55aa50", "value": "SQLToolsPS.exe - LOLBAS Project" }, { "description": "LOLBAS. (2019, June 26). Squirrel.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-06-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Squirrel/" ], "source": "Tidal Cyber", "title": "Squirrel.exe" }, "related": [], "uuid": "952b5ca5-1251-4e27-bd30-5d55d7d2da5e", "value": "Squirrel.exe - LOLBAS Project" }, { "description": "Kumar, A., Stone-Gross, Brett. (2021, September 28). Squirrelwaffle: New Loader Delivering Cobalt Strike. Retrieved August 9, 2022.", "meta": { "date_accessed": "2022-08-09T00:00:00Z", "date_published": "2021-09-28T00:00:00Z", "refs": [ "https://www.zscaler.com/blogs/security-research/squirrelwaffle-new-loader-delivering-cobalt-strike" ], "source": "MITRE", "title": "Squirrelwaffle: New Loader Delivering Cobalt Strike" }, "related": [], "uuid": "624a62db-f00f-45f9-89f6-2c3505b4979f", "value": "ZScaler Squirrelwaffle Sep 2021" }, { "description": "Palazolo, G. (2021, October 7). SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot. Retrieved August 9, 2022.", "meta": { "date_accessed": "2022-08-09T00:00:00Z", "date_published": "2021-10-07T00:00:00Z", "refs": [ "https://www.netskope.com/blog/squirrelwaffle-new-malware-loader-delivering-cobalt-strike-and-qakbot" ], "source": "MITRE", "title": "SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot" }, "related": [], "uuid": "5559895a-4647-438f-b3d5-6d6aa323a6f9", "value": "Netskope Squirrelwaffle Oct 2021" }, { "description": "Beuchler, B. (2012, September 28). SSH Agent Hijacking. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2012-09-28T00:00:00Z", "refs": [ "https://www.clockwork.com/news/2012/09/28/602/ssh_agent_hijacking" ], "source": "MITRE", "title": "SSH Agent Hijacking" }, "related": [], "uuid": "4a4026e3-977a-4f25-aeee-794947f384b2", "value": "Clockwork SSH Agent Hijacking" }, { "description": "Hatch, B. (2004, November 22). SSH and ssh-agent. Retrieved January 8, 2018.", "meta": { "date_accessed": "2018-01-08T00:00:00Z", "date_published": "2004-11-22T00:00:00Z", "refs": [ "https://www.symantec.com/connect/articles/ssh-and-ssh-agent" ], "source": "MITRE", "title": "SSH and ssh-agent" }, "related": [], "uuid": "0d576bca-511d-40a2-9916-26832eb28861", "value": "Symantec SSH and ssh-agent" }, { "description": "LOLBAS. (2021, November 8). ssh.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-11-08T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Ssh/" ], "source": "Tidal Cyber", "title": "ssh.exe" }, "related": [], "uuid": "b1a9af1c-0cfc-4e8a-88ac-7d33cddc26a1", "value": "ssh.exe - LOLBAS Project" }, { "description": "SSH.COM. (n.d.). SSH (Secure Shell). Retrieved March 23, 2020.", "meta": { "date_accessed": "2020-03-23T00:00:00Z", "refs": [ "https://www.ssh.com/ssh" ], "source": "MITRE", "title": "SSH (Secure Shell)" }, "related": [], "uuid": "ac5fc103-1946-488b-8af5-eda0636cbdd0", "value": "SSH Secure Shell" }, { "description": "SSH.COM. (n.d.). SSH tunnel. Retrieved March 15, 2020.", "meta": { "date_accessed": "2020-03-15T00:00:00Z", "refs": [ "https://www.ssh.com/ssh/tunneling" ], "source": "MITRE", "title": "SSH tunnel" }, "related": [], "uuid": "13280f38-0f17-42d3-9f92-693f1da60ffa", "value": "SSH Tunneling" }, { "description": "SSL Shopper. (n.d.). SSL Checker. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "refs": [ "https://www.sslshopper.com/ssl-checker.html" ], "source": "MITRE", "title": "SSL Checker" }, "related": [], "uuid": "a8dc493f-2021-48fa-8f28-afd13756b789", "value": "SSLShopper Lookup" }, { "description": "Ubuntu. (n.d.). SSSD. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "refs": [ "https://ubuntu.com/server/docs/service-sssd" ], "source": "MITRE", "title": "SSSD" }, "related": [], "uuid": "f2ed1c28-8cde-4279-a04c-217a4dc68121", "value": "Ubuntu SSSD Docs" }, { "description": "Vachon, F., Faou, M. (2017, July 20). Stantinko: A massive adware campaign operating covertly since 2012. Retrieved November 16, 2017.", "meta": { "date_accessed": "2017-11-16T00:00:00Z", "date_published": "2017-07-20T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2017/07/20/stantinko-massive-adware-campaign-operating-covertly-since-2012/" ], "source": "MITRE", "title": "Stantinko: A massive adware campaign operating covertly since 2012" }, "related": [], "uuid": "d81e0274-76f4-43ce-b829-69f761e280dc", "value": "Stantinko Botnet" }, { "description": "Amazon. (n.d.). Start Building on AWS Today. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://aws.amazon.com" ], "source": "MITRE", "title": "Start Building on AWS Today" }, "related": [], "uuid": "b7d41cde-18c8-4e15-a0ac-ca0afc127e33", "value": "Amazon AWS" }, { "description": "Apple. (2016, September 13). Startup Items. Retrieved July 11, 2017.", "meta": { "date_accessed": "2017-07-11T00:00:00Z", "date_published": "2016-09-13T00:00:00Z", "refs": [ "https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/StartupItems.html" ], "source": "MITRE", "title": "Startup Items" }, "related": [], "uuid": "e36dd211-22e4-4b23-befb-fbfe1a84b866", "value": "Startup Items" }, { "description": "Microsoft. (n.d.). Start your PC in safe mode in Windows 10. Retrieved June 23, 2021.", "meta": { "date_accessed": "2021-06-23T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-10-92c27cff-db89-8644-1ce4-b3e5e56fe234" ], "source": "MITRE", "title": "Start your PC in safe mode in Windows 10" }, "related": [], "uuid": "fdddb25b-22ba-4433-b25f-bad340ffc849", "value": "Microsoft Safe Mode" }, { "description": "Rufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram. (2022, March 8). Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments. Retrieved July 8, 2022.", "meta": { "date_accessed": "2022-07-08T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/apt41-us-state-governments" ], "source": "MITRE", "title": "State Governments" }, "related": [], "uuid": "e54415fe-40c2-55ff-9e75-881bc8a912b8", "value": "Mandiant APT41" }, { "description": "Desimone, J. (2018, April 18). Status Update. Retrieved July 3, 2018.", "meta": { "date_accessed": "2018-07-03T00:00:00Z", "date_published": "2018-04-18T00:00:00Z", "refs": [ "https://twitter.com/dez_/status/986614411711442944" ], "source": "MITRE", "title": "Status Update" }, "related": [], "uuid": "9cee0681-3ad2-4b1d-8eeb-5160134f3069", "value": "Twitter SquiblyTwo Detection APR 2018" }, { "description": "Pena, E., Erikson, C. (2019, October 10). Staying Hidden on the Endpoint: Evading Detection with Shellcode. Retrieved November 29, 2021.", "meta": { "date_accessed": "2021-11-29T00:00:00Z", "date_published": "2019-10-10T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/staying-hidden-on-the-endpoint-evading-detection-with-shellcode" ], "source": "MITRE", "title": "Staying Hidden on the Endpoint: Evading Detection with Shellcode" }, "related": [], "uuid": "5d43542f-aad5-4ac5-b5b6-1a2b03222fc8", "value": "Mandiant Endpoint Evading 2019" }, { "description": "Dr. Nestori Syynimaa. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-02-15T00:00:00Z", "refs": [ "https://aadinternals.com/post/deviceidentity/" ], "source": "MITRE", "title": "Stealing and faking Azure AD device identities" }, "related": [], "uuid": "b5ef16c4-1db0-51e9-93ab-54a8e480debc", "value": "AADInternals Azure AD Device Identities" }, { "description": "Syynimaa, N. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved August 3, 2022.", "meta": { "date_accessed": "2022-08-03T00:00:00Z", "date_published": "2022-02-15T00:00:00Z", "refs": [ "https://o365blog.com/post/deviceidentity/" ], "source": "MITRE", "title": "Stealing and faking Azure AD device identities" }, "related": [], "uuid": "ec94c043-92ef-4691-b21a-7ea68f39e338", "value": "O365 Blog Azure AD Device IDs" }, { "description": "Fuller, R. (2013, September 11). Stealing passwords every time they change. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2013-09-11T00:00:00Z", "refs": [ "http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html" ], "source": "MITRE", "title": "Stealing passwords every time they change" }, "related": [], "uuid": "78ed9074-a46c-4ce6-ab7d-a587bd585dc5", "value": "Carnal Ownage Password Filters Sept 2013" }, { "description": "Clayton, M.. (2012, September 14). Stealing US business secrets: Experts ID two huge cyber 'gangs' in China. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2012-09-14T00:00:00Z", "refs": [ "https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China" ], "source": "MITRE", "title": "Stealing US business secrets: Experts ID two huge cyber 'gangs' in China" }, "related": [], "uuid": "6b79006d-f6de-489c-82fa-8c3c28d652ef", "value": "CSM Elderwood Sept 2012" }, { "description": "Maldonado, D., McGuffin, T. (2016, August 6). Sticky Keys to the Kingdom. Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "date_published": "2016-08-06T00:00:00Z", "refs": [ "https://www.slideshare.net/DennisMaldonado5/sticky-keys-to-the-kingdom" ], "source": "MITRE", "title": "Sticky Keys to the Kingdom" }, "related": [], "uuid": "f903146d-b63d-4771-8d53-28ef137c9349", "value": "DEFCON2016 Sticky Keys" }, { "description": "The DFIR Report. (2023, April 4). Stolen Images Campaign Ends in Conti Ransomware. Retrieved June 23, 2023.", "meta": { "date_accessed": "2023-06-23T00:00:00Z", "date_published": "2023-04-04T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/" ], "source": "Tidal Cyber", "title": "Stolen Images Campaign Ends in Conti Ransomware" }, "related": [], "uuid": "4a89916f-3919-41fd-bf93-27f25a2363f5", "value": "The DFIR Report Stolen Images Conti" }, { "description": "ASERT team. (2018, December 5). STOLEN PENCIL Campaign Targets Academia. Retrieved February 5, 2019.", "meta": { "date_accessed": "2019-02-05T00:00:00Z", "date_published": "2018-12-05T00:00:00Z", "refs": [ "https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/" ], "source": "MITRE", "title": "STOLEN PENCIL Campaign Targets Academia" }, "related": [], "uuid": "6d3b31da-a784-4da0-91dd-b72c04fd520a", "value": "Netscout Stolen Pencil Dec 2018" }, { "description": "Cole, R., Moore, A., Stark, G., Stancill, B. (2020, February 5). STOMP 2 DIS: Brilliance in the (Visual) Basics. Retrieved September 17, 2020.", "meta": { "date_accessed": "2020-09-17T00:00:00Z", "date_published": "2020-02-05T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html" ], "source": "MITRE", "title": "STOMP 2 DIS: Brilliance in the (Visual) Basics" }, "related": [], "uuid": "bd034cc8-29e2-4d58-a72a-161b831191b7", "value": "FireEye VBA stomp Feb 2020" }, { "description": "Amazon Web Services. (n.d.). Stopping CloudTrail from Sending Events to CloudWatch Logs. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/stop-cloudtrail-from-sending-events-to-cloudwatch-logs.html" ], "source": "MITRE", "title": "Stopping CloudTrail from Sending Events to CloudWatch Logs" }, "related": [], "uuid": "affb4d4f-5c96-4c27-b702-b8ad9bc8e1b3", "value": "Stopping CloudTrail from Sending Events to CloudWatch Logs" }, { "description": "Roccia, T. (2017, January 19). Stopping Malware With a Fake Virtual Machine. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2017-01-19T00:00:00Z", "refs": [ "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/stopping-malware-fake-virtual-machine/" ], "source": "MITRE", "title": "Stopping Malware With a Fake Virtual Machine" }, "related": [], "uuid": "a541a027-733c-438f-a723-6f7e8e6f354c", "value": "McAfee Virtual Jan 2017" }, { "description": "Check Point Research. (2021, January 4). Stopping Serial Killer: Catching the Next Strike. Retrieved September 7, 2021.", "meta": { "date_accessed": "2021-09-07T00:00:00Z", "date_published": "2021-01-04T00:00:00Z", "refs": [ "https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/" ], "source": "MITRE", "title": "Stopping Serial Killer: Catching the Next Strike" }, "related": [], "uuid": "a988084f-1a58-4e5b-a616-ed31d311cccf", "value": "Checkpoint Dridex Jan 2021" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, December 19). #StopRansomware: ALPHV Blackcat. Retrieved December 19, 2023.", "meta": { "date_accessed": "2023-12-19T00:00:00Z", "date_published": "2023-12-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a" ], "source": "Tidal Cyber", "title": "#StopRansomware: ALPHV Blackcat" }, "related": [], "uuid": "d28d64cf-b5db-4438-8c5c-907ce5f55f69", "value": "U.S. CISA ALPHV Blackcat December 2023" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, October 11). #StopRansomware: AvosLocker Ransomware (Update). Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "date_published": "2023-10-11T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-284a" ], "source": "Tidal Cyber", "title": "#StopRansomware: AvosLocker Ransomware (Update)" }, "related": [], "uuid": "d419a317-6599-4fc5-91d1-a4c2bc83bf6a", "value": "U.S. CISA AvosLocker October 11 2023" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, May 16). #StopRansomware: BianLian Ransomware Group. Retrieved May 18, 2023.", "meta": { "date_accessed": "2023-05-18T00:00:00Z", "date_published": "2023-05-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a" ], "source": "Tidal Cyber", "title": "#StopRansomware: BianLian Ransomware Group" }, "related": [], "uuid": "aa52e826-f292-41f6-985d-0282230c8948", "value": "U.S. CISA BianLian Ransomware May 2023" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, June 7). #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability. Retrieved July 27, 2023.", "meta": { "date_accessed": "2023-07-27T00:00:00Z", "date_published": "2023-06-07T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a" ], "source": "Tidal Cyber", "title": "#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability" }, "related": [], "uuid": "07e48ca8-b965-4234-b04a-dfad45d58b22", "value": "U.S. CISA CL0P CVE-2023-34362 Exploitation" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2022, October 26). #StopRansomware: Daixin Team. Retrieved May 19, 2023.", "meta": { "date_accessed": "2023-05-19T00:00:00Z", "date_published": "2022-10-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-294a" ], "source": "Tidal Cyber", "title": "#StopRansomware: Daixin Team" }, "related": [], "uuid": "cbf5ecfb-de79-41cc-8250-01790ff6e89b", "value": "U.S. CISA Daixin Team October 2022" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, March 16). #StopRansomware: LockBit 3.0. Retrieved May 19, 2023.", "meta": { "date_accessed": "2023-05-19T00:00:00Z", "date_published": "2023-03-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a" ], "source": "Tidal Cyber", "title": "#StopRansomware: LockBit 3.0" }, "related": [], "uuid": "06de9247-ce40-4709-a17a-a65b8853758b", "value": "U.S. CISA LockBit 3.0 March 2023" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, November 21). #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability. Retrieved November 30, 2023.", "meta": { "date_accessed": "2023-11-30T00:00:00Z", "date_published": "2023-11-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a" ], "source": "Tidal Cyber", "title": "#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability" }, "related": [], "uuid": "21f56e0c-9605-4fbb-9cb1-f868ba6eb053", "value": "U.S. CISA LockBit Citrix Bleed November 21 2023" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2022, August 11). #StopRansomware: MedusaLocker. Retrieved August 4, 2023.", "meta": { "date_accessed": "2023-08-04T00:00:00Z", "date_published": "2022-08-11T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-181a" ], "source": "Tidal Cyber", "title": "#StopRansomware: MedusaLocker" }, "related": [], "uuid": "48b34fb3-c346-4165-a4c6-caeaa9b02dba", "value": "U.S. CISA MedusaLocker August 11 2022" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, December 18). #StopRansomware: Play Ransomware. Retrieved December 18, 2023.", "meta": { "date_accessed": "2023-12-18T00:00:00Z", "date_published": "2023-12-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a" ], "source": "Tidal Cyber", "title": "#StopRansomware: Play Ransomware" }, "related": [], "uuid": "ad96148c-8230-4923-86fd-4b1da211db1a", "value": "U.S. CISA Play Ransomware December 2023" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, November 15). #StopRansomware: Rhysida Ransomware. Retrieved November 16, 2023.", "meta": { "date_accessed": "2023-11-16T00:00:00Z", "date_published": "2023-11-15T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a" ], "source": "Tidal Cyber", "title": "#StopRansomware: Rhysida Ransomware" }, "related": [], "uuid": "6d902955-d9a9-4ec1-8dd4-264f7594605e", "value": "U.S. CISA Rhysida Ransomware November 15 2023" }, { "description": "CISA. (2023, March 2). #StopRansomware: Royal Ransomware. Retrieved March 31, 2023.", "meta": { "date_accessed": "2023-03-31T00:00:00Z", "date_published": "2023-03-02T00:00:00Z", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a" ], "source": "MITRE", "title": "#StopRansomware: Royal Ransomware" }, "related": [], "uuid": "81baa61e-13c3-51e0-bf22-08383dbfb2a1", "value": "CISA Royal AA23-061A March 2023" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2022, September 8). #StopRansomware: Vice Society. Retrieved May 19, 2023.", "meta": { "date_accessed": "2023-05-19T00:00:00Z", "date_published": "2022-09-08T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-249a-0" ], "source": "Tidal Cyber", "title": "#StopRansomware: Vice Society" }, "related": [], "uuid": "0a754513-5f20-44a0-8cea-c5d9519106c8", "value": "U.S. CISA Vice Society September 2022" }, { "description": "LOLBAS. (2021, October 21). Stordiag.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-10-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Stordiag/" ], "source": "Tidal Cyber", "title": "Stordiag.exe" }, "related": [], "uuid": "5e52a211-7ef6-42bd-93a1-5902f5e1c2ea", "value": "Stordiag.exe - LOLBAS Project" }, { "description": "netbiosX. (2017, April 19). Stored Credentials. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2017-04-19T00:00:00Z", "refs": [ "https://pentestlab.blog/2017/04/19/stored-credentials/" ], "source": "MITRE", "title": "Stored Credentials" }, "related": [], "uuid": "5be9afb8-749e-45a2-8e86-b5e6dc167b41", "value": "Pentestlab Stored Credentials" }, { "description": "Microsoft. (2021, October 28). Store passwords using reversible encryption. Retrieved January 3, 2022.", "meta": { "date_accessed": "2022-01-03T00:00:00Z", "date_published": "2021-10-28T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption" ], "source": "MITRE", "title": "Store passwords using reversible encryption" }, "related": [], "uuid": "d3b9df24-b776-4658-9bb4-f43a2fe0094c", "value": "store_pwd_rev_enc" }, { "description": "IBM Support. (2017, April 26). Storwize USB Initialization Tool may contain malicious code. Retrieved May 28, 2019.", "meta": { "date_accessed": "2019-05-28T00:00:00Z", "date_published": "2017-04-26T00:00:00Z", "refs": [ "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E" ], "source": "MITRE", "title": "Storwize USB Initialization Tool may contain malicious code" }, "related": [], "uuid": "321cf27a-327d-4824-84d0-56634d3b86f5", "value": "IBM Storwize" }, { "description": "Han, Karsten. (2019, June 4). Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "date_published": "2019-06-04T00:00:00Z", "refs": [ "https://www.gdatasoftware.com/blog/2019/06/31724-strange-bits-sodinokibi-spam-cinarat-and-fake-g-data" ], "source": "MITRE", "title": "Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA" }, "related": [], "uuid": "03b1ef5a-aa63-453a-affc-aa0caf174ce4", "value": "G Data Sodinokibi June 2019" }, { "description": "Cowan, C. (2017, March 23). Strengthening the Microsoft Edge Sandbox. Retrieved March 12, 2018.", "meta": { "date_accessed": "2018-03-12T00:00:00Z", "date_published": "2017-03-23T00:00:00Z", "refs": [ "https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/" ], "source": "MITRE", "title": "Strengthening the Microsoft Edge Sandbox" }, "related": [], "uuid": "d7097b1e-507b-4626-9cef-39367c09f722", "value": "Windows Blogs Microsoft Edge Sandbox" }, { "description": "Symantec Security Response. (2016, August 7). Strider: Cyberespionage group turns eye of Sauron on targets. Retrieved August 17, 2016.", "meta": { "date_accessed": "2016-08-17T00:00:00Z", "date_published": "2016-08-07T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets" ], "source": "MITRE, Tidal Cyber", "title": "Strider: Cyberespionage group turns eye of Sauron on targets" }, "related": [], "uuid": "664eac41-257f-4d4d-aba5-5d2e8e2117a7", "value": "Symantec Strider Blog" }, { "description": "Cybereason Nocturnus. (2022, February 1). StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations. Retrieved August 15, 2022.", "meta": { "date_accessed": "2022-08-15T00:00:00Z", "date_published": "2022-02-01T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations" ], "source": "MITRE", "title": "StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations" }, "related": [], "uuid": "30c911b2-9a5e-4510-a78c-c65e84398c7e", "value": "Cybereason StrifeWater Feb 2022" }, { "description": "Tudorica, R. et al. (2020, June 30). StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure. Retrieved July 20, 2020.", "meta": { "date_accessed": "2020-07-20T00:00:00Z", "date_published": "2020-06-30T00:00:00Z", "refs": [ "https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf" ], "source": "MITRE", "title": "StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure" }, "related": [], "uuid": "7d2e20f2-20ba-4d51-9495-034c07be41a8", "value": "Bitdefender StrongPity June 2020" }, { "description": "Microsoft Threat Intelligence Center (MSTIC). (2020, September 10). STRONTIUM: Detecting new patterns in credential harvesting. Retrieved September 11, 2020.", "meta": { "date_accessed": "2020-09-11T00:00:00Z", "date_published": "2020-09-10T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/" ], "source": "MITRE", "title": "STRONTIUM: Detecting new patterns in credential harvesting" }, "related": [], "uuid": "0a65008c-acdd-40fa-af1a-3d9941af8eac", "value": "Microsoft STRONTIUM New Patterns Cred Harvesting Sept 2020" }, { "description": "Matrosov, A., Rodionov, E., Harley, D., Malcho, J.. (n.d.). Stuxnet Under the Microscope. Retrieved December 7, 2020.", "meta": { "date_accessed": "2020-12-07T00:00:00Z", "refs": [ "https://www.esetnod32.ru/company/viruslab/analytics/doc/Stuxnet_Under_the_Microscope.pdf" ], "source": "MITRE", "title": "Stuxnet Under the Microscope" }, "related": [], "uuid": "4ec039a9-f843-42de-96ed-185c4e8c2d9f", "value": "ESET Stuxnet Under the Microscope" }, { "description": "Smith, C. (2017, May 18). Subvert CLR Process Listing With .NET Profilers. Retrieved June 24, 2020.", "meta": { "date_accessed": "2020-06-24T00:00:00Z", "date_published": "2017-05-18T00:00:00Z", "refs": [ "https://web.archive.org/web/20170720041203/http://subt0x10.blogspot.com/2017/05/subvert-clr-process-listing-with-net.html" ], "source": "MITRE", "title": "Subvert CLR Process Listing With .NET Profilers" }, "related": [], "uuid": "6ef42019-5393-423e-811d-29b728c877e1", "value": "subTee .NET Profilers May 2017" }, { "description": "Graeber, M. (2017, September). Subverting Trust in Windows. Retrieved January 31, 2018.", "meta": { "date_accessed": "2018-01-31T00:00:00Z", "date_published": "2017-09-01T00:00:00Z", "refs": [ "https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf" ], "source": "MITRE", "title": "Subverting Trust in Windows" }, "related": [], "uuid": "0b6e7651-0e17-4101-ab2b-22cb09fe1691", "value": "SpectorOps Subverting Trust Sept 2017" }, { "description": "DiMaggio, J. (2016, March 15). Suckfly: Revealing the secret life of your code signing certificates. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2016-03-15T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates" ], "source": "MITRE, Tidal Cyber", "title": "Suckfly: Revealing the secret life of your code signing certificates" }, "related": [], "uuid": "8711c175-e405-4cb0-8c86-8aaa471e5573", "value": "Symantec Suckfly March 2016" }, { "description": "Todd C. Miller. (2018). Sudo Man Page. Retrieved March 19, 2018.", "meta": { "date_accessed": "2018-03-19T00:00:00Z", "date_published": "2018-01-01T00:00:00Z", "refs": [ "https://www.sudo.ws/" ], "source": "MITRE", "title": "Sudo Man Page" }, "related": [], "uuid": "659d4302-d4cf-41af-8007-aa1da0208aa0", "value": "sudo man page 2018" }, { "description": "Stephen Eckels, Jay Smith, William Ballenthin. (2020, December 24). SUNBURST Additional Technical Details. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2020-12-24T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html" ], "source": "MITRE", "title": "SUNBURST Additional Technical Details" }, "related": [], "uuid": "c5d94f7f-f796-4872-9a19-f030c825588e", "value": "FireEye SUNBURST Additional Details Dec 2020" }, { "description": "Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2020-12-22T00:00:00Z", "refs": [ "https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/" ], "source": "MITRE", "title": "SUNBURST, TEARDROP and the NetSec New Normal" }, "related": [], "uuid": "a6b75979-af51-42ed-9bb9-01d5fb9ceac9", "value": "Check Point Sunburst Teardrop December 2020" }, { "description": "Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2020-12-22T00:00:00Z", "refs": [ "https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/" ], "source": "MITRE", "title": "SUNBURST, TEARDROP and the NetSec New Normal" }, "related": [], "uuid": "4e3d9201-83d4-5375-b3b7-e00dfb16342d", "value": "CheckPoint Sunburst & Teardrop December 2020" }, { "description": "CrowdStrike Intelligence Team. (2021, January 11). SUNSPOT: An Implant in the Build Process. Retrieved January 11, 2021.", "meta": { "date_accessed": "2021-01-11T00:00:00Z", "date_published": "2021-01-11T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/" ], "source": "MITRE", "title": "SUNSPOT: An Implant in the Build Process" }, "related": [], "uuid": "3a7b71cf-961a-4f63-84a8-31b43b18fb95", "value": "CrowdStrike SUNSPOT Implant January 2021" }, { "description": "Onuma. (2015, February 24). Superfish: Adware Preinstalled on Lenovo Laptops. Retrieved February 20, 2017.", "meta": { "date_accessed": "2017-02-20T00:00:00Z", "date_published": "2015-02-24T00:00:00Z", "refs": [ "https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/" ], "source": "MITRE", "title": "Superfish: Adware Preinstalled on Lenovo Laptops" }, "related": [], "uuid": "3d554c05-992c-41f3-99f4-6b0baac56b3a", "value": "Kaspersky Superfish" }, { "description": "Tennis, M. (2020, December 17). SUPERNOVA: A Novel .NET Webshell. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2020-12-17T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/solarstorm-supernova/" ], "source": "MITRE", "title": "SUPERNOVA: A Novel .NET Webshell" }, "related": [], "uuid": "e884d0b5-f2a2-47cb-bb77-3acdac6b1790", "value": "Unit42 SUPERNOVA Dec 2020" }, { "description": "Riley, W. (2020, December 1). SUPERNOVA SolarWinds .NET Webshell Analysis. Retrieved February 18, 2021.", "meta": { "date_accessed": "2021-02-18T00:00:00Z", "date_published": "2020-12-01T00:00:00Z", "refs": [ "https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/" ], "source": "MITRE", "title": "SUPERNOVA SolarWinds .NET Webshell Analysis" }, "related": [], "uuid": "78fee365-ab2b-4823-8358-46c362be1ac0", "value": "Guidepoint SUPERNOVA Dec 2020" }, { "description": "0x00pico. (2017, September 25). Super-Stealthy Droppers. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2017-09-25T00:00:00Z", "refs": [ "https://0x00sec.org/t/super-stealthy-droppers/3715" ], "source": "MITRE", "title": "Super-Stealthy Droppers" }, "related": [], "uuid": "7569e79b-5a80-4f42-b467-8548cc9fc319", "value": "00sec Droppers" }, { "description": "FireEye. (2014). SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye. Retrieved March 6, 2017.", "meta": { "date_accessed": "2017-03-06T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/supply-chain-analysis-from-quartermaster-to-sunshop" ], "source": "MITRE", "title": "SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye" }, "related": [], "uuid": "0647b285-963b-4427-bc96-a17b5f8839a9", "value": "FireEyeSupplyChain" }, { "description": "Moran, N., & Villeneuve, N. (2013, August 12). Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2013-08-12T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html" ], "source": "MITRE", "title": "Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]" }, "related": [], "uuid": "d38bdb47-1a8d-43f8-b7ed-dfa5e430ac2f", "value": "Moran 2013" }, { "description": "Dell SecureWorks. (2015, October 7). Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles. Retrieved January 14, 2016.", "meta": { "date_accessed": "2016-01-14T00:00:00Z", "date_published": "2015-10-07T00:00:00Z", "refs": [ "http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/" ], "source": "MITRE", "title": "Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles" }, "related": [], "uuid": "de7003cb-5127-4fd7-9475-d69e0d7f5cc8", "value": "Dell Threat Group 2889" }, { "description": "Mandiant Israel Research Team. (2022, August 17). Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors. Retrieved September 21, 2022.", "meta": { "date_accessed": "2022-09-21T00:00:00Z", "date_published": "2022-08-17T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/suspected-iranian-actor-targeting-israeli-shipping" ], "source": "MITRE", "title": "Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors" }, "related": [], "uuid": "7b3fda0b-d327-4f02-bebe-2b8974f9959d", "value": "Mandiant UNC3890 Aug 2022" }, { "description": "Luke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock. (2021, December 6). Suspected Russian Activity Targeting Government and Business Entities Around the Globe. Retrieved April 15, 2022.", "meta": { "date_accessed": "2022-04-15T00:00:00Z", "date_published": "2021-12-06T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/russian-targeting-gov-business" ], "source": "MITRE", "title": "Suspected Russian Activity Targeting Government and Business Entities Around the Globe" }, "related": [], "uuid": "f45a0551-8d49-4d40-989f-659416dc25ec", "value": "Suspected Russian Activity Targeting Government and Business Entities Around the Globe" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2024, February 26). SVR Cyber Actors Adapt Tactics for Initial Cloud Access. Retrieved March 1, 2024.", "meta": { "date_accessed": "2024-03-01T00:00:00Z", "date_published": "2024-02-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a" ], "source": "Tidal Cyber", "title": "SVR Cyber Actors Adapt Tactics for Initial Cloud Access" }, "related": [], "uuid": "e9e08eca-1e01-4ff0-a8ef-49ecf66aaf3d", "value": "U.S. CISA APT29 Cloud Access" }, { "description": "Insikt Group. (2020, March 12). Swallowing the Snake’s Tail: Tracking Turla Infrastructure. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2020-03-12T00:00:00Z", "refs": [ "https://www.recordedfuture.com/turla-apt-infrastructure/" ], "source": "MITRE", "title": "Swallowing the Snake’s Tail: Tracking Turla Infrastructure" }, "related": [], "uuid": "73aaff33-5a0e-40b7-a089-77ac57da8dca", "value": "Recorded Future Turla Infra 2020" }, { "description": "Gerend, J. et al.. (2017, October 16). sxstrace. Retrieved April 26, 2021.", "meta": { "date_accessed": "2021-04-26T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-server/administration/windows-commands/sxstrace" ], "source": "MITRE", "title": "sxstrace" }, "related": [], "uuid": "a0a753c6-7d8c-4ad9-91a9-a2c385178054", "value": "Microsoft Sxstrace" }, { "description": "Blasco, J. (2012, January 12). Sykipot variant hijacks DOD and Windows smart cards. Retrieved January 10, 2016.", "meta": { "date_accessed": "2016-01-10T00:00:00Z", "date_published": "2012-01-12T00:00:00Z", "refs": [ "https://www.alienvault.com/open-threat-exchange/blog/sykipot-variant-hijacks-dod-and-windows-smart-cards" ], "source": "MITRE", "title": "Sykipot variant hijacks DOD and Windows smart cards" }, "related": [], "uuid": "1a96544f-5b4e-4e1a-8db0-a989df9e4aaa", "value": "Alienvault Sykipot DOD Smart Cards" }, { "description": "Ivanov, A. et al. (2018, May 7). SynAck targeted ransomware uses the Doppelgänging technique. Retrieved May 22, 2018.", "meta": { "date_accessed": "2018-05-22T00:00:00Z", "date_published": "2018-05-07T00:00:00Z", "refs": [ "https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/" ], "source": "MITRE", "title": "SynAck targeted ransomware uses the Doppelgänging technique" }, "related": [], "uuid": "d9f0af0f-8a65-406b-9d7e-4051086ef301", "value": "SecureList SynAck Doppelgänging May 2018" }, { "description": "LOLBAS. (2018, May 25). SyncAppvPublishingServer.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Syncappvpublishingserver/" ], "source": "Tidal Cyber", "title": "SyncAppvPublishingServer.exe" }, "related": [], "uuid": "ce371df7-aab6-4338-9491-656481cb5601", "value": "SyncAppvPublishingServer.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). Syncappvpublishingserver.vbs. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/Syncappvpublishingserver/" ], "source": "Tidal Cyber", "title": "Syncappvpublishingserver.vbs" }, "related": [], "uuid": "adb09226-894c-4874-a2e3-fb2c6de30173", "value": "Syncappvpublishingserver.vbs - LOLBAS Project" }, { "description": "Bill Hau, Tony Lee, Josh Homan. (2015, September 15). SYNful Knock - A Cisco router implant - Part I. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2015-09-15T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/synful-knock-acis" ], "source": "MITRE", "title": "SYNful Knock - A Cisco router implant - Part I" }, "related": [], "uuid": "1f6eaa98-9184-4341-8634-5512a9c632dd", "value": "Mandiant - Synful Knock" }, { "description": "Russinovich, R. & Garnier, T. (2021, August 18). Sysmon Event ID 9. Retrieved September 24, 2021.", "meta": { "date_accessed": "2021-09-24T00:00:00Z", "date_published": "2021-08-18T00:00:00Z", "refs": [ "https://docs.microsoft.com/sysinternals/downloads/sysmon#event-id-9-rawaccessread" ], "source": "MITRE", "title": "Sysmon Event ID 9" }, "related": [], "uuid": "b24440b2-43c3-46f2-be4c-1147f6acfe57", "value": "Sysmon EID 9" }, { "description": "Russinovich, M. & Garnier, T. (2017, May 22). Sysmon v6.20. Retrieved December 13, 2017.", "meta": { "date_accessed": "2017-12-13T00:00:00Z", "date_published": "2017-05-22T00:00:00Z", "refs": [ "https://docs.microsoft.com/sysinternals/downloads/sysmon" ], "source": "MITRE", "title": "Sysmon v6.20" }, "related": [], "uuid": "41cd9e06-a56c-4b68-948c-efc497a8d0dc", "value": "Microsoft Sysmon v6 May 2017" }, { "description": "LOLBAS. (2018, May 25). Syssetup.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Syssetup/" ], "source": "Tidal Cyber", "title": "Syssetup.dll" }, "related": [], "uuid": "3bb7027f-7cbb-47e7-8cbb-cf45604669af", "value": "Syssetup.dll - LOLBAS Project" }, { "description": "Apple. (n.d.). System and kernel extensions in macOS. Retrieved March 31, 2022.", "meta": { "date_accessed": "2022-03-31T00:00:00Z", "refs": [ "https://support.apple.com/guide/deployment/system-and-kernel-extensions-in-macos-depa5fb8376f/web" ], "source": "MITRE", "title": "System and kernel extensions in macOS" }, "related": [], "uuid": "e5c4974d-dfd4-4c1c-ba4c-b6fb276effac", "value": "System and kernel extensions in macOS" }, { "description": "Linux man-pages. (2014, January). systemd(1) - Linux manual page. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "http://man7.org/linux/man-pages/man1/systemd.1.html" ], "source": "MITRE", "title": "systemd(1) - Linux manual page" }, "related": [], "uuid": "e9a58efd-8de6-40c9-9638-c642311d6a07", "value": "Linux man-pages: systemd January 2014" }, { "description": "freedesktop.org. (n.d.). systemd-journald.service. Retrieved June 15, 2022.", "meta": { "date_accessed": "2022-06-15T00:00:00Z", "refs": [ "https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html" ], "source": "MITRE", "title": "systemd-journald.service" }, "related": [], "uuid": "5ded9060-9a23-42dc-b13b-15e4e3ccabf9", "value": "FreeDesktop Journal" }, { "description": "Canonical Ltd.. (n.d.). systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown. Retrieved February 23, 2021.", "meta": { "date_accessed": "2021-02-23T00:00:00Z", "refs": [ "http://manpages.ubuntu.com/manpages/bionic/man8/systemd-rc-local-generator.8.html" ], "source": "MITRE", "title": "systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown" }, "related": [], "uuid": "6be16aba-a37f-49c4-9a36-51d2676f64e6", "value": "Ubuntu Manpage systemd rc" }, { "description": "Free Desktop. (n.d.). systemd.service — Service unit configuration. Retrieved March 20, 2023.", "meta": { "date_accessed": "2023-03-20T00:00:00Z", "refs": [ "https://www.freedesktop.org/software/systemd/man/systemd.service.html" ], "source": "MITRE", "title": "systemd.service — Service unit configuration" }, "related": [], "uuid": "cae49a7a-db3b-5202-ba45-fbfa98b073c9", "value": "freedesktop systemd.service" }, { "description": "Freedesktop.org. (n.d.). systemd.service — Service unit configuration. Retrieved March 16, 2020.", "meta": { "date_accessed": "2020-03-16T00:00:00Z", "refs": [ "https://www.freedesktop.org/software/systemd/man/systemd.service.html" ], "source": "MITRE", "title": "systemd.service — Service unit configuration" }, "related": [], "uuid": "43bae447-d2e3-4b53-b17b-12a0b54ac604", "value": "Systemd Service Units" }, { "description": "Man7. (n.d.). systemd-sleep.conf(5) — Linux manual page. Retrieved June 7, 2023.", "meta": { "date_accessed": "2023-06-07T00:00:00Z", "refs": [ "https://man7.org/linux/man-pages/man5/systemd-sleep.conf.5.html" ], "source": "MITRE", "title": "systemd-sleep.conf(5) — Linux manual page" }, "related": [], "uuid": "9537f6f9-1521-5c21-b14f-ac459a2d1b70", "value": "systemdsleep Linux" }, { "description": "Freedesktop.org. (2018, September 29). systemd System and Service Manager. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2018-09-29T00:00:00Z", "refs": [ "https://www.freedesktop.org/wiki/Software/systemd/" ], "source": "MITRE", "title": "systemd System and Service Manager" }, "related": [], "uuid": "940dcbbe-45d3-4f36-8d48-d606d41a679e", "value": "Freedesktop.org Linux systemd 29SEP2018" }, { "description": "archlinux. (2020, August 11). systemd/Timers. Retrieved October 12, 2020.", "meta": { "date_accessed": "2020-10-12T00:00:00Z", "date_published": "2020-08-11T00:00:00Z", "refs": [ "https://wiki.archlinux.org/index.php/Systemd/Timers" ], "source": "MITRE", "title": "systemd/Timers" }, "related": [], "uuid": "670f02f1-3927-4f38-aa2b-9ca0d8cf5b8e", "value": "archlinux Systemd Timers Aug 2020" }, { "description": "Microsoft. (n.d.). Systeminfo. Retrieved April 8, 2016.", "meta": { "date_accessed": "2016-04-08T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb491007.aspx" ], "source": "MITRE", "title": "Systeminfo" }, "related": [], "uuid": "5462ba66-6e26-41c2-bc28-6c19085d4469", "value": "TechNet Systeminfo" }, { "description": "SS64. (n.d.). system_profiler. Retrieved March 11, 2022.", "meta": { "date_accessed": "2022-03-11T00:00:00Z", "refs": [ "https://ss64.com/osx/system_profiler.html" ], "source": "MITRE", "title": "system_profiler" }, "related": [], "uuid": "2a3c5216-b153-4d89-b0b1-f32af3aa83d0", "value": "Peripheral Discovery macOS" }, { "description": "Microsoft. (n.d.). System Time. Retrieved November 25, 2016.", "meta": { "date_accessed": "2016-11-25T00:00:00Z", "refs": [ "https://msdn.microsoft.com/ms724961.aspx" ], "source": "MITRE", "title": "System Time" }, "related": [], "uuid": "5e15e03b-be8b-4f3d-a3ae-0df7a4ecfbec", "value": "MSDN System Time" }, { "description": "redcanaryco. (2021, September 3). T1562.002 - Disable Windows Event Logging. Retrieved September 13, 2021.", "meta": { "date_accessed": "2021-09-13T00:00:00Z", "date_published": "2021-09-03T00:00:00Z", "refs": [ "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md" ], "source": "MITRE", "title": "T1562.002 - Disable Windows Event Logging" }, "related": [], "uuid": "e136f5a2-d4c2-4c6c-8f72-0f8ed9abeed1", "value": "T1562.002_redcanaryco" }, { "description": "Grunzweig, J. and Miller-Osborn, J.. (2016, February 4). T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques. Retrieved April 15, 2016.", "meta": { "date_accessed": "2016-04-15T00:00:00Z", "date_published": "2016-02-04T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/" ], "source": "MITRE", "title": "T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques" }, "related": [], "uuid": "d7eefe85-86cf-4b9d-bf70-f16c5a0227cc", "value": "Palo Alto T9000 Feb 2016" }, { "description": "US-CERT. (2018, March 27). TA18-068A Brute Force Attacks Conducted by Cyber Actors. Retrieved October 2, 2019.", "meta": { "date_accessed": "2019-10-02T00:00:00Z", "date_published": "2018-03-27T00:00:00Z", "refs": [ "https://www.us-cert.gov/ncas/alerts/TA18-086A" ], "source": "MITRE", "title": "TA18-068A Brute Force Attacks Conducted by Cyber Actors" }, "related": [], "uuid": "d9992f57-8ff3-432f-b445-937ff4a6ebf9", "value": "US-CERT TA18-068A 2018" }, { "description": "Proofpoint Threat Research Team. (2020, November 23). TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader. Retrieved April 13, 2021.", "meta": { "date_accessed": "2021-04-13T00:00:00Z", "date_published": "2020-11-23T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader" ], "source": "MITRE", "title": "TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader" }, "related": [], "uuid": "f72685de-c775-41c4-94ed-45fd7f873a1d", "value": "Proofpoint TA416 November 2020" }, { "description": "Terefos, A. (2020, November 18). TA505: A Brief History of Their Time. Retrieved July 14, 2022.", "meta": { "date_accessed": "2022-07-14T00:00:00Z", "date_published": "2020-11-18T00:00:00Z", "refs": [ "https://research.nccgroup.com/2020/11/18/ta505-a-brief-history-of-their-time/" ], "source": "MITRE", "title": "TA505: A Brief History of Their Time" }, "related": [], "uuid": "45e0b869-5447-491b-9e8b-fbf63c62f5d6", "value": "NCC Group TA505" }, { "description": "Proofpoint Staff. (2018, July 19). TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT. Retrieved April 19, 2019.", "meta": { "date_accessed": "2019-04-19T00:00:00Z", "date_published": "2018-07-19T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat" ], "source": "MITRE", "title": "TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT" }, "related": [], "uuid": "4f92af77-0428-4c67-8eec-98ecc3b55630", "value": "ProofPoint SettingContent-ms July 2018" }, { "description": "Frydrych, M. (2020, April 14). TA505 Continues to Infect Networks With SDBbot RAT. Retrieved May 29, 2020.", "meta": { "date_accessed": "2020-05-29T00:00:00Z", "date_published": "2020-04-14T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/" ], "source": "MITRE", "title": "TA505 Continues to Infect Networks With SDBbot RAT" }, "related": [], "uuid": "bcef8bf8-5fc2-4921-b920-74ef893b8a27", "value": "IBM TA505 April 2020" }, { "description": "Schwarz, D. et al. (2019, October 16). TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader. Retrieved May 29, 2020.", "meta": { "date_accessed": "2020-05-29T00:00:00Z", "date_published": "2019-10-16T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader" ], "source": "MITRE", "title": "TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader" }, "related": [], "uuid": "711ea2b3-58e2-4b38-aa71-877029c12e64", "value": "Proofpoint TA505 October 2019" }, { "description": "Proofpoint Staff. (2018, June 8). TA505 shifts with the times. Retrieved May 28, 2019.", "meta": { "date_accessed": "2019-05-28T00:00:00Z", "date_published": "2018-06-08T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/ta505-shifts-times" ], "source": "MITRE", "title": "TA505 shifts with the times" }, "related": [], "uuid": "e48dec7b-5635-4ae0-b0db-229660806c06", "value": "Proofpoint TA505 June 2018" }, { "description": "Trend Micro. (2019, August 27). TA505: Variety in Use of ServHelper and FlawedAmmyy. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2019-08-27T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/19/h/ta505-at-it-again-variety-is-the-spice-of-servhelper-and-flawedammyy.html" ], "source": "MITRE", "title": "TA505: Variety in Use of ServHelper and FlawedAmmyy" }, "related": [], "uuid": "460758ea-ed3e-4e9b-ba2e-97c9d42154a4", "value": "TrendMicro TA505 Aug 2019" }, { "description": "Duncan, B. (2021, January 7). TA551: Email Attack Campaign Switches from Valak to IcedID. Retrieved March 17, 2021.", "meta": { "date_accessed": "2021-03-17T00:00:00Z", "date_published": "2021-01-07T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/ta551-shathak-icedid/" ], "source": "MITRE", "title": "TA551: Email Attack Campaign Switches from Valak to IcedID" }, "related": [], "uuid": "8e34bf1e-86ce-4d52-a6fa-037572766e99", "value": "Unit 42 TA551 Jan 2021" }, { "description": "IBM X-Force. (2023, May 30). TA577 OneNote Malspam Results in QakBot Deployment. Retrieved January 24, 2024.", "meta": { "date_accessed": "2024-01-24T00:00:00Z", "date_published": "2023-05-30T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://exchange.xforce.ibmcloud.com/threats/guid:7f0659d266174b9a9ba40c618b853782" ], "source": "Tidal Cyber", "title": "TA577 OneNote Malspam Results in QakBot Deployment" }, "related": [], "uuid": "30ebffb8-be3e-4094-a41b-882aec9e14b8", "value": "IBM TA577 OneNote Malspam" }, { "description": "Cobalt Strike. (2017, December 8). Tactics, Techniques, and Procedures. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-12-08T00:00:00Z", "refs": [ "https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" ], "source": "MITRE", "title": "Tactics, Techniques, and Procedures" }, "related": [], "uuid": "ee56d7a3-32c4-4f75-ad0c-73164a83b5a6", "value": "Cobalt Strike TTPs Dec 2017" }, { "description": "Lee, Y. (2020, August 19). Taiwan says China behind cyberattacks on government agencies, emails. Retrieved April 6, 2022.", "meta": { "date_accessed": "2022-04-06T00:00:00Z", "date_published": "2020-08-19T00:00:00Z", "refs": [ "https://www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK" ], "source": "MITRE", "title": "Taiwan says China behind cyberattacks on government agencies, emails" }, "related": [], "uuid": "77293f88-e336-4786-b042-7f0080bbff32", "value": "Reuters Taiwan BlackTech August 2020" }, { "description": "Microsoft. (n.d.). Taking a Snapshot and Viewing Processes. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms686701.aspx" ], "source": "MITRE", "title": "Taking a Snapshot and Viewing Processes" }, "related": [], "uuid": "6e4b1921-99b2-41ce-a7dc-72c05b17c682", "value": "Microsoft Process Snapshot" }, { "description": "Stroud, J. (2021, May 25). Taking TeamTNT's Docker Images Offline. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2021-05-25T00:00:00Z", "refs": [ "https://www.lacework.com/blog/taking-teamtnt-docker-images-offline/" ], "source": "MITRE", "title": "Taking TeamTNT's Docker Images Offline" }, "related": [], "uuid": "5908b04b-dbca-4fd8-bacc-141ef15546a1", "value": "Lacework TeamTNT May 2021" }, { "description": "Kovar, R. (2017, December 11). Tall Tales of Hunting with TLS/SSL Certificates. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "date_published": "2017-12-11T00:00:00Z", "refs": [ "https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html" ], "source": "MITRE", "title": "Tall Tales of Hunting with TLS/SSL Certificates" }, "related": [], "uuid": "2b341021-897e-4e3f-9141-825d3501c498", "value": "Splunk Kovar Certificates 2017" }, { "description": "Dragos. (null). TALONITE. Retrieved February 25, 2021.", "meta": { "date_accessed": "2021-02-25T00:00:00Z", "refs": [ "https://www.dragos.com/threat/talonite/" ], "source": "MITRE", "title": "TALONITE" }, "related": [], "uuid": "f8ef1920-a4ad-4d65-b9de-8357d75f6929", "value": "Dragos TALONITE" }, { "description": "Cadieux, P, et al (2019, April 30). Sodinokibi ransomware exploits WebLogic Server vulnerability. Retrieved August 4, 2020.", "meta": { "date_accessed": "2020-08-04T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html" ], "source": "MITRE", "title": "Talos Sodinokibi April 2019" }, "related": [], "uuid": "fb948877-da2b-4abd-9d57-de9866b7a7c2", "value": "Talos Sodinokibi April 2019" }, { "description": "Palantir. (2018, December 24). Tampering with Windows Event Tracing: Background, Offense, and Defense. Retrieved June 7, 2019.", "meta": { "date_accessed": "2019-06-07T00:00:00Z", "date_published": "2018-12-24T00:00:00Z", "refs": [ "https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63" ], "source": "MITRE", "title": "Tampering with Windows Event Tracing: Background, Offense, and Defense" }, "related": [], "uuid": "cd1a7b9a-183f-4acf-95c8-14d9475d0551", "value": "Medium Event Tracing Tampering 2018" }, { "description": "LOLBAS. (2023, January 30). Tar.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-01-30T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Tar/" ], "source": "Tidal Cyber", "title": "Tar.exe" }, "related": [], "uuid": "e5f54ded-3ec1-49c1-9302-6b9f372d5015", "value": "Tar.exe - LOLBAS Project" }, { "description": "Ashwin Vamshi. (2019, January 24). Targeted Attacks Abusing Google Cloud Platform Open Redirection. Retrieved August 18, 2022.", "meta": { "date_accessed": "2022-08-18T00:00:00Z", "date_published": "2019-01-24T00:00:00Z", "refs": [ "https://www.netskope.com/blog/targeted-attacks-abusing-google-cloud-platform-open-redirection" ], "source": "MITRE", "title": "Targeted Attacks Abusing Google Cloud Platform Open Redirection" }, "related": [], "uuid": "18efeffc-c47b-46ad-8e7b-2eda30a406f0", "value": "Netskope GCP Redirection" }, { "description": "AhnLab. (2018, June 23). Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2018-06-23T00:00:00Z", "refs": [ "http://download.ahnlab.com/global/brochure/%5BAnalysis%5DAndariel_Group.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus" }, "related": [], "uuid": "bbc66e9f-98f9-4e34-b568-2833ea536f2e", "value": "AhnLab Andariel Subgroup of Lazarus June 2018" }, { "description": "Loui, E. Scheuerman, K. et al. (2020, April 16). Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques. Retrieved January 26, 2022.", "meta": { "date_accessed": "2022-01-26T00:00:00Z", "date_published": "2020-04-16T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/targeted-dharma-ransomware-intrusions-exhibit-consistent-techniques/" ], "source": "MITRE", "title": "Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques" }, "related": [], "uuid": "dfd168c0-40da-4402-a123-963eb8e2125a", "value": "dharma_ransomware" }, { "description": "Check Point. (n.d.). Targeted SSL Stripping Attacks Are Real. Retrieved May 24, 2023.", "meta": { "date_accessed": "2023-05-24T00:00:00Z", "refs": [ "https://blog.checkpoint.com/research/targeted-ssl-stripping-attacks-are-real/amp/" ], "source": "MITRE", "title": "Targeted SSL Stripping Attacks Are Real" }, "related": [], "uuid": "714528e8-0f2e-50a3-93c0-c560a34ba973", "value": "Targeted SSL Stripping Attacks Are Real" }, { "description": "Council on Foreign Relations. (2020, November 28). Targeting of companies involved in vaccine development. Retrieved October 30, 2023.", "meta": { "date_accessed": "2023-10-30T00:00:00Z", "date_published": "2020-11-28T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cfr.org/cyber-operations/targeting-companies-involved-vaccine-development" ], "source": "Tidal Cyber", "title": "Targeting of companies involved in vaccine development" }, "related": [], "uuid": "2ec4f877-de9a-44bf-8236-20d7ecd631df", "value": "CFR Vaccine Development Threats" }, { "description": "Microsoft Threat Intelligence Team & Detection and Response Team . (2022, April 12). Tarrask malware uses scheduled tasks for defense evasion. Retrieved June 1, 2022.", "meta": { "date_accessed": "2022-06-01T00:00:00Z", "date_published": "2022-04-12T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/" ], "source": "MITRE", "title": "Tarrask malware uses scheduled tasks for defense evasion" }, "related": [], "uuid": "87682623-d1dd-4ee8-ae68-b08be5113e3e", "value": "Tarrask scheduled task" }, { "description": "Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.", "meta": { "date_accessed": "2015-12-23T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/bb491010.aspx" ], "source": "MITRE", "title": "Tasklist" }, "related": [], "uuid": "2c09561a-02ee-4948-9745-9d6c8eb2881d", "value": "Microsoft Tasklist" }, { "description": "Microsoft. (2018, May 31). Tasks. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/taskschd/tasks" ], "source": "MITRE", "title": "Tasks" }, "related": [], "uuid": "def6601b-67e6-41e5-bcf3-9c701b86fd10", "value": "Microsoft Tasks" }, { "description": "Microsoft. (2005, January 21). Task Scheduler and security. Retrieved June 8, 2016.", "meta": { "date_accessed": "2016-06-08T00:00:00Z", "date_published": "2005-01-21T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc785125.aspx" ], "source": "MITRE", "title": "Task Scheduler and security" }, "related": [], "uuid": "3a6d08ba-d79d-46f7-917d-075a98c59228", "value": "TechNet Task Scheduler Security" }, { "description": "Erika Noerenberg. (2020, June 29). TAU Threat Analysis: Bundlore (macOS) mm-install-macos. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2020-06-29T00:00:00Z", "refs": [ "https://blogs.vmware.com/security/2020/06/tau-threat-analysis-bundlore-macos-mm-install-macos.html" ], "source": "MITRE", "title": "TAU Threat Analysis: Bundlore (macOS) mm-install-macos" }, "related": [], "uuid": "1c62ed57-43f7-40d7-a5c9-46b40a40af0e", "value": "tau bundlore erika noerenberg 2020" }, { "description": "Baskin, B. (2020, July 8). TAU Threat Discovery: Conti Ransomware. Retrieved February 17, 2021.", "meta": { "date_accessed": "2021-02-17T00:00:00Z", "date_published": "2020-07-08T00:00:00Z", "refs": [ "https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/" ], "source": "MITRE", "title": "TAU Threat Discovery: Conti Ransomware" }, "related": [], "uuid": "3c3a6dc0-66f2-492e-8c9c-c0bcca73008e", "value": "CarbonBlack Conti July 2020" }, { "description": "CarbonBlack Threat Analysis Unit. (2019, March 22). TAU Threat Intelligence Notification – LockerGoga Ransomware. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2019-03-22T00:00:00Z", "refs": [ "https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware/" ], "source": "MITRE", "title": "TAU Threat Intelligence Notification – LockerGoga Ransomware" }, "related": [], "uuid": "9970063c-6df7-4638-a247-6b1102289372", "value": "CarbonBlack LockerGoga 2019" }, { "description": "TDL Project. (2016, February 4). TDL (Turla Driver Loader). Retrieved April 22, 2021.", "meta": { "date_accessed": "2021-04-22T00:00:00Z", "date_published": "2016-02-04T00:00:00Z", "refs": [ "https://github.com/hfiref0x/TDL" ], "source": "MITRE", "title": "TDL (Turla Driver Loader)" }, "related": [], "uuid": "ed3534be-06ce-487b-911d-abe2fba70210", "value": "GitHub Turla Driver Loader" }, { "description": "Landry, J. (2016, April 21). Teaching an old RAT new tricks. Retrieved October 4, 2021.", "meta": { "date_accessed": "2021-10-04T00:00:00Z", "date_published": "2016-04-21T00:00:00Z", "refs": [ "https://www.sentinelone.com/blog/teaching-an-old-rat-new-tricks/" ], "source": "MITRE", "title": "Teaching an old RAT new tricks" }, "related": [], "uuid": "20ef3645-fb92-4e13-a5a8-99367869bcba", "value": "S1 Old Rat New Tricks" }, { "description": "LOLBAS. (2022, January 17). Teams.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-01-17T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Teams/" ], "source": "Tidal Cyber", "title": "Teams.exe" }, "related": [], "uuid": "ceee2b13-331f-4019-9c27-af0ce8b25414", "value": "Teams.exe - LOLBAS Project" }, { "description": "Nathaniel Quist. (2021, June 4). TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations. Retrieved February 8, 2022.", "meta": { "date_accessed": "2022-02-08T00:00:00Z", "date_published": "2021-06-04T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/teamtnt-operations-cloud-environments" ], "source": "MITRE", "title": "TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations" }, "related": [], "uuid": "a672b74f-1f04-4d3a-84a6-1dd50e1a9951", "value": "TeamTNT Cloud Enumeration" }, { "description": "Intezer. (2021, September 1). TeamTNT Cryptomining Explosion. Retrieved October 15, 2021.", "meta": { "date_accessed": "2021-10-15T00:00:00Z", "date_published": "2021-09-01T00:00:00Z", "refs": [ "https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf" ], "source": "MITRE", "title": "TeamTNT Cryptomining Explosion" }, "related": [], "uuid": "e0d6208b-a4d6-45f0-bb3a-6c8681630b55", "value": "Intezer TeamTNT Explosion September 2021" }, { "description": "Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved August 4, 2022.", "meta": { "date_accessed": "2022-08-04T00:00:00Z", "date_published": "2022-04-21T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/teamtnt-targeting-aws-alibaba-2/" ], "source": "MITRE", "title": "TeamTNT targeting AWS, Alibaba" }, "related": [], "uuid": "f39b5f92-6e14-4c7f-b79d-7bade722e6d9", "value": "Cisco Talos Intelligence Group" }, { "description": "Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved July 8, 2022.", "meta": { "date_accessed": "2022-07-08T00:00:00Z", "date_published": "2022-04-21T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html" ], "source": "MITRE", "title": "TeamTNT targeting AWS, Alibaba" }, "related": [], "uuid": "acd1b4c5-da28-584e-b892-599180a8dbb0", "value": "Talos TeamTNT" }, { "description": "Cado Security. (2020, August 16). Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2020-08-16T00:00:00Z", "refs": [ "https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/" ], "source": "MITRE", "title": "Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials" }, "related": [], "uuid": "8ccab4fe-155d-44b0-b0f2-941e9f8f87db", "value": "Cado Security TeamTNT Worm August 2020" }, { "description": "AT&T Alien Labs. (2021, September 8). TeamTNT with new campaign aka Chimaera. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "date_published": "2021-09-08T00:00:00Z", "refs": [ "https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera" ], "source": "MITRE", "title": "TeamTNT with new campaign aka Chimaera" }, "related": [], "uuid": "5d9f402f-4ff4-4993-8685-e5656e2f3aff", "value": "ATT TeamTNT Chimaera September 2020" }, { "description": "Patrick Wardle. (2018, February 17). Tearing Apart the Undetected (OSX)Coldroot RAT. Retrieved August 8, 2019.", "meta": { "date_accessed": "2019-08-08T00:00:00Z", "date_published": "2018-02-17T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x2A.html" ], "source": "MITRE", "title": "Tearing Apart the Undetected (OSX)Coldroot RAT" }, "related": [], "uuid": "5ee3a92c-df33-4ecd-b21e-7b9a4f6de227", "value": "OSX Coldroot RAT" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Technical Analysis. Retrieved August 17, 2016.", "meta": { "date_accessed": "2016-08-17T00:00:00Z", "refs": [ "https://securelist.com/files/2016/07/The-ProjectSauron-APT_Technical_Analysis_KL.pdf" ], "source": "MITRE", "title": "Technical Analysis" }, "related": [], "uuid": "1664726e-3a79-4d90-86e0-b2d50e9e0ba2", "value": "Kaspersky ProjectSauron Technical Analysis" }, { "description": "Mundo, A. et al. (2021, February). Technical Analysis of Babuk Ransomware. Retrieved August 11, 2021.", "meta": { "date_accessed": "2021-08-11T00:00:00Z", "date_published": "2021-02-01T00:00:00Z", "refs": [ "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-babuk-ransomware.pdf" ], "source": "MITRE", "title": "Technical Analysis of Babuk Ransomware" }, "related": [], "uuid": "bb23ca19-78bb-4406-90a4-bf82bd467e04", "value": "McAfee Babuk February 2021" }, { "description": "Roccio, T., et al. (2021, April). Technical Analysis of Cuba Ransomware. Retrieved June 18, 2021.", "meta": { "date_accessed": "2021-06-18T00:00:00Z", "date_published": "2021-04-01T00:00:00Z", "refs": [ "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf" ], "source": "MITRE", "title": "Technical Analysis of Cuba Ransomware" }, "related": [], "uuid": "e0e86e08-64ec-48dc-91e6-24fde989cd77", "value": "McAfee Cuba April 2021" }, { "description": "Roccia, T., Seret, T., Fokker, J. (2021, March 16). Technical Analysis of Operation Dianxun. Retrieved April 13, 2021.", "meta": { "date_accessed": "2021-04-13T00:00:00Z", "date_published": "2021-03-16T00:00:00Z", "refs": [ "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf" ], "source": "MITRE", "title": "Technical Analysis of Operation Dianxun" }, "related": [], "uuid": "a40a69d7-7abc-4829-9905-98c156a809fe", "value": "McAfee Dianxun March 2021" }, { "description": "Brett Stone-Gross, Nikolaos Pantazopoulos. (2023, May 24). Technical Analysis of Pikabot. Retrieved January 11, 2024.", "meta": { "date_accessed": "2024-01-11T00:00:00Z", "date_published": "2023-05-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.zscaler.com/blogs/security-research/technical-analysis-pikabot" ], "source": "Tidal Cyber", "title": "Technical Analysis of Pikabot" }, "related": [], "uuid": "ec87676b-bc88-44b5-9e9a-5eb8eb39b4a1", "value": "Zscaler Pikabot May 24 2023" }, { "description": "Crowdstrike. (2022, January 19). Technical Analysis of the WhisperGate Malicious Bootloader. Retrieved March 10, 2022.", "meta": { "date_accessed": "2022-03-10T00:00:00Z", "date_published": "2022-01-19T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/technical-analysis-of-whispergate-malware" ], "source": "MITRE", "title": "Technical Analysis of the WhisperGate Malicious Bootloader" }, "related": [], "uuid": "846bccb4-b177-4c17-8cc5-56769c1d4b60", "value": "Crowdstrike WhisperGate January 2022" }, { "description": "Apple. (2018, April 19). Technical Note TN2459: User-Approved Kernel Extension Loading. Retrieved June 30, 2020.", "meta": { "date_accessed": "2020-06-30T00:00:00Z", "date_published": "2018-04-19T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/technotes/tn2459/_index.html" ], "source": "MITRE", "title": "Technical Note TN2459: User-Approved Kernel Extension Loading" }, "related": [], "uuid": "8cd7676a-bbef-4c31-8288-365837acf65d", "value": "Apple TN2459 Kernel Extensions" }, { "description": "GovCERT. (2016, May 23). Technical Report about the Espionage Case at RUAG. Retrieved November 7, 2018.", "meta": { "date_accessed": "2018-11-07T00:00:00Z", "date_published": "2016-05-23T00:00:00Z", "refs": [ "https://web.archive.org/web/20170718174931/https://www.melani.admin.ch/dam/melani/de/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf" ], "source": "MITRE", "title": "Technical Report about the Espionage Case at RUAG" }, "related": [], "uuid": "2e4a445f-b55c-4800-9d75-9d8fe20abc74", "value": "GovCERT Carbon May 2016" }, { "description": "Falcone, R. (2016, July 20). Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks. Retrieved July 3, 2017.", "meta": { "date_accessed": "2017-07-03T00:00:00Z", "date_published": "2016-07-20T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2016/07/unit42-technical-walkthrough-office-test-persistence-method-used-in-recent-sofacy-attacks/" ], "source": "MITRE", "title": "Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks" }, "related": [], "uuid": "3138f32c-f89c-439c-a8c5-2964c356308d", "value": "Palo Alto Office Test Sofacy" }, { "description": "LOLBAS. (2018, May 25). te.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Te/" ], "source": "Tidal Cyber", "title": "te.exe" }, "related": [], "uuid": "e7329381-319e-4dcc-8187-92882e6f2e12", "value": "te.exe - LOLBAS Project" }, { "description": "Cherepanov, A.. (2017, June 30). TeleBots are back: Supply chain attacks against Ukraine. Retrieved June 11, 2020.", "meta": { "date_accessed": "2020-06-11T00:00:00Z", "date_published": "2017-06-30T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/" ], "source": "MITRE", "title": "TeleBots are back: Supply chain attacks against Ukraine" }, "related": [], "uuid": "eb5c2951-b149-4e40-bc5f-b2630213eb8b", "value": "ESET Telebots June 2017" }, { "description": "Wiltse, B.. (2018, November 7). Template Injection Attacks - Bypassing Security Controls by Living off the Land. Retrieved April 10, 2019.", "meta": { "date_accessed": "2019-04-10T00:00:00Z", "date_published": "2018-11-07T00:00:00Z", "refs": [ "https://www.sans.org/reading-room/whitepapers/testing/template-injection-attacks-bypassing-security-controls-living-land-38780" ], "source": "MITRE", "title": "Template Injection Attacks - Bypassing Security Controls by Living off the Land" }, "related": [], "uuid": "8c010c87-865b-4168-87a7-4a24db413def", "value": "SANS Brian Wiltse Template Injection" }, { "description": "Amazon. (n.d.). Temporary Security Credentials. Retrieved October 18, 2019.", "meta": { "date_accessed": "2019-10-18T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" ], "source": "MITRE", "title": "Temporary Security Credentials" }, "related": [], "uuid": "d3740d23-1561-47c4-a6e5-df1b6277839e", "value": "Amazon AWS Temporary Security Credentials" }, { "description": "Hosseini, A. (2017, July 18). Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques. Retrieved December 7, 2017.", "meta": { "date_accessed": "2017-12-07T00:00:00Z", "date_published": "2017-07-18T00:00:00Z", "refs": [ "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process" ], "source": "MITRE", "title": "Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques" }, "related": [], "uuid": "02c9100d-27eb-4f2f-b302-adf890055546", "value": "Elastic Process Injection July 2017" }, { "description": "LOLBAS. (2023, August 21). TestWindowRemoteAgent.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-08-21T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Testwindowremoteagent/" ], "source": "Tidal Cyber", "title": "TestWindowRemoteAgent.exe" }, "related": [], "uuid": "0cc891bc-692c-4a52-9985-39ddb434294d", "value": "TestWindowRemoteAgent.exe - LOLBAS Project" }, { "description": "Sygnia Incident Response Team. (2022, January 5). TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION. Retrieved February 9, 2023.", "meta": { "date_accessed": "2023-02-09T00:00:00Z", "date_published": "2022-01-05T00:00:00Z", "refs": [ "https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf?__hstc=147695848.3e8f1a482c8f8d4531507747318e660b.1680005306711.1680005306711.1680005306711.1&__hssc=147695848.1.1680005306711&__hsfp=3000179024&hsCtaTracking=189ec409-ae2d-4909-8bf1-62dcdd694372%7Cca91d317-8f10-4a38-9f80-367f551ad64d" ], "source": "MITRE", "title": "TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION" }, "related": [], "uuid": "932897a6-0fa4-5be3-bf0b-20d6ddad238e", "value": "Sygnia Elephant Beetle Jan 2022" }, { "description": "Krebs, B. (2018, November 13). That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards. Retrieved September 20, 2019.", "meta": { "date_accessed": "2019-09-20T00:00:00Z", "date_published": "2018-11-13T00:00:00Z", "refs": [ "https://krebsonsecurity.com/2018/11/that-domain-you-forgot-to-renew-yeah-its-now-stealing-credit-cards/" ], "source": "MITRE", "title": "That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards" }, "related": [], "uuid": "30ab5d35-db9b-401f-89cb-73f2c7fea060", "value": "Domain_Steal_CC" }, { "description": "Kali. (2014, February 18). THC-Hydra. Retrieved November 2, 2017.", "meta": { "date_accessed": "2017-11-02T00:00:00Z", "date_published": "2014-02-18T00:00:00Z", "refs": [ "https://tools.kali.org/password-attacks/hydra" ], "source": "MITRE", "title": "THC-Hydra" }, "related": [], "uuid": "d8c93272-00f8-4dc4-b4cd-03246fc0fc23", "value": "Kali Hydra" }, { "description": "Tinaztepe, E. (n.d.). The Adventures of a Keystroke: An in-depth look into keyloggers on Windows. Retrieved April 27, 2016.", "meta": { "date_accessed": "2016-04-27T00:00:00Z", "refs": [ "http://opensecuritytraining.info/Keylogging_files/The%20Adventures%20of%20a%20Keystroke.pdf" ], "source": "MITRE", "title": "The Adventures of a Keystroke: An in-depth look into keyloggers on Windows" }, "related": [], "uuid": "f29ed400-2986-4b2c-9b8a-7dde37562d22", "value": "Adventures of a Keystroke" }, { "description": "ThreatConnect Research Team. (2015, February 27). The Anthem Hack: All Roads Lead to China. Retrieved January 26, 2016.", "meta": { "date_accessed": "2016-01-26T00:00:00Z", "date_published": "2015-02-27T00:00:00Z", "refs": [ "https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/" ], "source": "MITRE, Tidal Cyber", "title": "The Anthem Hack: All Roads Lead to China" }, "related": [], "uuid": "61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec", "value": "ThreatConnect Anthem" }, { "description": "Mavis, N. (2020, September 21). The Art and Science of Detecting Cobalt Strike. Retrieved April 6, 2021.", "meta": { "date_accessed": "2021-04-06T00:00:00Z", "date_published": "2020-09-21T00:00:00Z", "refs": [ "https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" ], "source": "MITRE", "title": "The Art and Science of Detecting Cobalt Strike" }, "related": [], "uuid": "60a5ee63-3d98-466a-8037-4a1edfcdef8c", "value": "Talos Cobalt Strike September 2020" }, { "description": "Patrick Wardle. (2022, January 1). The Art of Mac Malware Volume 0x1:Analysis. Retrieved April 19, 2022.", "meta": { "date_accessed": "2022-04-19T00:00:00Z", "date_published": "2022-01-01T00:00:00Z", "refs": [ "https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf" ], "source": "MITRE", "title": "The Art of Mac Malware Volume 0x1:Analysis" }, "related": [], "uuid": "3684bacb-24cb-4467-b463-d0d3f5075c5c", "value": "wardle chp2 persistence" }, { "description": "Patrick Wardle. (2020, August 5). The Art of Mac Malware Volume 0x1: Analysis. Retrieved March 19, 2021.", "meta": { "date_accessed": "2021-03-19T00:00:00Z", "date_published": "2020-08-05T00:00:00Z", "refs": [ "https://taomm.org/vol1/pdfs.html" ], "source": "MITRE", "title": "The Art of Mac Malware Volume 0x1: Analysis" }, "related": [], "uuid": "53d0279e-4f30-4bbe-a9c7-90e36cd81570", "value": "wardle artofmalware volume1" }, { "description": "Ligh, M.H. et al.. (2014, July). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2014-07-01T00:00:00Z", "source": "MITRE", "title": "The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory" }, "related": [], "uuid": "054404b7-48a6-4578-9828-9f1e8e21d2df", "value": "ArtOfMemoryForensics" }, { "description": "Unified Compliance Framework. (2016, December 20). The audit system must be configured to audit the loading and unloading of dynamic kernel modules.. Retrieved September 28, 2021.", "meta": { "date_accessed": "2021-09-28T00:00:00Z", "date_published": "2016-12-20T00:00:00Z", "refs": [ "https://www.stigviewer.com/stig/oracle_linux_5/2016-12-20/finding/V-22383" ], "source": "MITRE", "title": "The audit system must be configured to audit the loading and unloading of dynamic kernel modules." }, "related": [], "uuid": "44c10623-557f-445d-8b88-6006af13c54d", "value": "STIG Audit Kernel Modules" }, { "description": "Erlich, C. (2020, April 3). The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable. Retrieved May 26, 2020.", "meta": { "date_accessed": "2020-05-26T00:00:00Z", "date_published": "2020-04-03T00:00:00Z", "refs": [ "https://medium.com/@chenerlich/the-avast-abuser-metamorfo-banking-malware-hides-by-abusing-avast-executable-ac9b8b392767" ], "source": "MITRE", "title": "The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable" }, "related": [], "uuid": "356defac-b976-41c1-aac8-5d6ff0c80e28", "value": "Medium Metamorfo Apr 2020" }, { "description": "Slowik, J. (2021, October). THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE. Retrieved December 6, 2021.", "meta": { "date_accessed": "2021-12-06T00:00:00Z", "date_published": "2021-10-01T00:00:00Z", "refs": [ "https://vblocalhost.com/uploads/VB2021-Slowik.pdf" ], "source": "MITRE", "title": "THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE" }, "related": [], "uuid": "06b6cbe3-8e35-4594-b36f-76b503c11520", "value": "Gigamon Berserk Bear October 2021" }, { "description": "Shulmin, A. . (2015, April 9). The Banking Trojan Emotet: Detailed Analysis. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2015-04-09T00:00:00Z", "refs": [ "https://securelist.com/the-banking-trojan-emotet-detailed-analysis/69560/" ], "source": "MITRE", "title": "The Banking Trojan Emotet: Detailed Analysis" }, "related": [], "uuid": "4824dfdf-8dbb-4b98-afcc-4a703c31fbda", "value": "Kaspersky Emotet Jan 2019" }, { "description": "DiMaggio, J.. (2015, August 6). The Black Vine cyberespionage group. Retrieved January 26, 2016.", "meta": { "date_accessed": "2016-01-26T00:00:00Z", "date_published": "2015-08-06T00:00:00Z", "refs": [ "https://web.archive.org/web/20170823094836/http:/www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf" ], "source": "MITRE, Tidal Cyber", "title": "The Black Vine cyberespionage group" }, "related": [], "uuid": "0b7745ce-04c0-41d9-a440-df9084a45d09", "value": "Symantec Black Vine" }, { "description": "Priego, A. (2021, July). THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK. Retrieved July 16, 2021.", "meta": { "date_accessed": "2021-07-16T00:00:00Z", "date_published": "2021-07-01T00:00:00Z", "refs": [ "https://gibnc.group-ib.com/s/Group-IB_GrimAgent_analysis#pdfviewer" ], "source": "MITRE", "title": "THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK" }, "related": [], "uuid": "6b0dd676-3ea5-4b56-a27b-b1685787de02", "value": "Group IB GrimAgent July 2021" }, { "description": "RSA. (2017, November 21). THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT. Retrieved July 29, 2020.", "meta": { "date_accessed": "2020-07-29T00:00:00Z", "date_published": "2017-11-21T00:00:00Z", "refs": [ "https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf" ], "source": "MITRE", "title": "THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT" }, "related": [], "uuid": "eb947d49-26f4-4104-8296-1552a273c9c3", "value": "RSA Carbanak November 2017" }, { "description": "Özarslan, S. (2018, December 21). The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2018-12-21T00:00:00Z", "refs": [ "https://www.picussecurity.com/blog/the-christmas-card-you-never-wanted-a-new-wave-of-emotet-is-back-to-wreak-havoc.html" ], "source": "MITRE", "title": "The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc" }, "related": [], "uuid": "d7594fb4-e544-491b-a406-228a5c7884a9", "value": "Picus Emotet Dec 2018" }, { "description": "Salem, A. (2022, April 27). The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection. Retrieved September 2, 2022.", "meta": { "date_accessed": "2022-09-02T00:00:00Z", "date_published": "2022-04-27T00:00:00Z", "refs": [ "https://elis531989.medium.com/the-chronicles-of-bumblebee-the-hook-the-bee-and-the-trickbot-connection-686379311056" ], "source": "MITRE", "title": "The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection" }, "related": [], "uuid": "5f6752a7-50a9-4202-b69b-c5f9d24b86de", "value": "Medium Ali Salem Bumblebee April 2022" }, { "description": "Microsoft. (n.d.). The COM Elevation Moniker. Retrieved July 26, 2016.", "meta": { "date_accessed": "2016-07-26T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/ms679687.aspx" ], "source": "MITRE", "title": "The COM Elevation Moniker" }, "related": [], "uuid": "898df7c7-4f19-40cb-a216-7b0f6c6155b3", "value": "MSDN COM Elevation" }, { "description": "Microsoft. (n.d.). The Component Object Model. Retrieved August 18, 2016.", "meta": { "date_accessed": "2016-08-18T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/ms694363.aspx" ], "source": "MITRE", "title": "The Component Object Model" }, "related": [], "uuid": "e1bb3872-7748-4e64-818f-6187a20d59f0", "value": "Microsoft Component Object Model" }, { "description": "Burton, K. (n.d.). The Conficker Worm. Retrieved February 18, 2021.", "meta": { "date_accessed": "2021-02-18T00:00:00Z", "refs": [ "https://web.archive.org/web/20200125132645/https://www.sans.org/security-resources/malwarefaq/conficker-worm" ], "source": "MITRE", "title": "The Conficker Worm" }, "related": [], "uuid": "2dca2274-5f25-475a-b87d-97f3e3a525de", "value": "SANS Conficker" }, { "description": "Wueest, C.. (2014, October 21). The continued rise of DDoS attacks. Retrieved April 24, 2019.", "meta": { "date_accessed": "2019-04-24T00:00:00Z", "date_published": "2014-10-21T00:00:00Z", "refs": [ "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-continued-rise-of-ddos-attacks.pdf" ], "source": "MITRE", "title": "The continued rise of DDoS attacks" }, "related": [], "uuid": "878e0382-4191-4bca-8adc-c379b0d57ba8", "value": "Symantec DDoS October 2014" }, { "description": "The BlackBerry Research and Intelligence Team. (2020, November 12). The CostaRicto Campaign: Cyber-Espionage Outsourced. Retrieved May 24, 2021.", "meta": { "date_accessed": "2021-05-24T00:00:00Z", "date_published": "2020-11-12T00:00:00Z", "refs": [ "https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced" ], "source": "MITRE", "title": "The CostaRicto Campaign: Cyber-Espionage Outsourced" }, "related": [], "uuid": "93a23447-641c-4ee2-9fbd-64b2adea8a5f", "value": "BlackBerry CostaRicto November 2020" }, { "description": "Counter Threat Unit Research Team. (2017, July 27). The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets. Retrieved February 26, 2018.", "meta": { "date_accessed": "2018-02-26T00:00:00Z", "date_published": "2017-07-27T00:00:00Z", "refs": [ "https://www.secureworks.com/research/the-curious-case-of-mia-ash" ], "source": "MITRE", "title": "The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets" }, "related": [], "uuid": "754c9276-ef05-4d05-956f-75866090aa78", "value": "SecureWorks Mia Ash July 2017" }, { "description": "Grunzweig, J. (2013, December 9). The Curious Case of the Malicious IIS Module. Retrieved June 3, 2021.", "meta": { "date_accessed": "2021-06-03T00:00:00Z", "date_published": "2013-12-09T00:00:00Z", "refs": [ "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-curious-case-of-the-malicious-iis-module/" ], "source": "MITRE", "title": "The Curious Case of the Malicious IIS Module" }, "related": [], "uuid": "cbb79c3c-1e2c-42ac-8183-9566ccde0cd6", "value": "Trustwave IIS Module 2013" }, { "description": "CloudSploit. (2019, June 8). The Danger of Unused AWS Regions. Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "date_published": "2019-06-08T00:00:00Z", "refs": [ "https://blog.cloudsploit.com/the-danger-of-unused-aws-regions-af0bf1b878fc" ], "source": "MITRE", "title": "The Danger of Unused AWS Regions" }, "related": [], "uuid": "7c237b73-233f-4fe3-b4a6-ce523fd82853", "value": "CloudSploit - Unused AWS Regions" }, { "description": "Dormann, W. (2019, September 4). The Dangers of VHD and VHDX Files. Retrieved March 16, 2021.", "meta": { "date_accessed": "2021-03-16T00:00:00Z", "date_published": "2019-09-04T00:00:00Z", "refs": [ "https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html" ], "source": "MITRE", "title": "The Dangers of VHD and VHDX Files" }, "related": [], "uuid": "e58b4e78-d858-4b28-8d06-2fb467b26337", "value": "Dormann Dangers of VHD 2019" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (2014, November). The Darkhotel APT A Story of Unusual Hospitality. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-11-01T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf" ], "source": "MITRE, Tidal Cyber", "title": "The Darkhotel APT A Story of Unusual Hospitality" }, "related": [], "uuid": "3247c03a-a57c-4945-9b85-72a70719e1cd", "value": "Kaspersky Darkhotel" }, { "description": "Dumont, R., M.Léveillé, M., Porcher, H. (2018, December 1). THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors. Retrieved July 16, 2020.", "meta": { "date_accessed": "2020-07-16T00:00:00Z", "date_published": "2018-12-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf" ], "source": "MITRE", "title": "THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors" }, "related": [], "uuid": "0e25bf8b-3c9e-4661-a9fd-79b2ad3b8dd2", "value": "ESET ForSSHe December 2018" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2016, July 8). The Dropping Elephant – aggressive cyber-espionage in the Asian region. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2016-07-08T00:00:00Z", "refs": [ "https://securelist.com/the-dropping-elephant-actor/75328/" ], "source": "MITRE", "title": "The Dropping Elephant – aggressive cyber-espionage in the Asian region" }, "related": [], "uuid": "2efa655f-ebd3-459b-9fd7-712d3f4ba1f8", "value": "Securelist Dropping Elephant" }, { "description": "F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.", "meta": { "date_accessed": "2015-12-10T00:00:00Z", "date_published": "2015-09-17T00:00:00Z", "refs": [ "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf" ], "source": "MITRE", "title": "The Dukes: 7 years of Russian cyberespionage" }, "related": [], "uuid": "cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27", "value": "F-Secure The Dukes" }, { "description": "Kaspersky Lab. (2015, June 11). The Duqu 2.0. Retrieved April 21, 2017.", "meta": { "date_accessed": "2017-04-21T00:00:00Z", "date_published": "2015-06-11T00:00:00Z", "refs": [ "https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf" ], "source": "MITRE", "title": "The Duqu 2.0" }, "related": [], "uuid": "b4d6db03-1587-4af3-87ff-51542ef7c87b", "value": "Kaspersky Duqu 2.0" }, { "description": "O'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.", "meta": { "date_accessed": "2018-02-15T00:00:00Z", "date_published": "2012-09-06T00:00:00Z", "refs": [ "https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf" ], "source": "MITRE", "title": "The Elderwood Project" }, "related": [], "uuid": "5e908748-d260-42f1-a599-ac38b4e22559", "value": "Symantec Elderwood Sept 2012" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2014, August 06). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros. Retrieved November 7, 2018.", "meta": { "date_accessed": "2018-11-07T00:00:00Z", "date_published": "2014-08-06T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08080105/KL_Epic_Turla_Technical_Appendix_20140806.pdf" ], "source": "MITRE", "title": "The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros" }, "related": [], "uuid": "52577f34-0aa6-4765-9f6b-dd7397183223", "value": "Kaspersky Turla Aug 2014" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.", "meta": { "date_accessed": "2014-12-11T00:00:00Z", "date_published": "2014-08-07T00:00:00Z", "refs": [ "https://securelist.com/the-epic-turla-operation/65545/" ], "source": "MITRE, Tidal Cyber", "title": "The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos" }, "related": [], "uuid": "535e9f1a-f89e-4766-a290-c5b8100968f8", "value": "Kaspersky Turla" }, { "description": "Winters, R. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016.", "meta": { "date_accessed": "2016-01-22T00:00:00Z", "date_published": "2015-12-20T00:00:00Z", "refs": [ "https://web.archive.org/web/20151226205946/https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html" ], "source": "MITRE, Tidal Cyber", "title": "The EPS Awakens - Part 2" }, "related": [], "uuid": "7fd58ef5-a0b7-40b6-8771-ca5e87740965", "value": "FireEye EPS Awakens Part 2" }, { "description": "Symantec. (2018, July 18). The Evolution of Emotet: From Banking Trojan to Threat Distributor. Retrieved March 25, 2019.", "meta": { "date_accessed": "2019-03-25T00:00:00Z", "date_published": "2018-07-18T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor" ], "source": "MITRE", "title": "The Evolution of Emotet: From Banking Trojan to Threat Distributor" }, "related": [], "uuid": "b94b5be4-1c77-48e1-875e-0cff0023fbd9", "value": "Symantec Emotet Jul 2018" }, { "description": "Christensen, L.. (2015, December 28). The Evolution of Offensive PowerShell Invocation. Retrieved December 8, 2018.", "meta": { "date_accessed": "2018-12-08T00:00:00Z", "date_published": "2015-12-28T00:00:00Z", "refs": [ "https://web.archive.org/web/20190508170150/https://silentbreaksecurity.com/powershell-jobs-without-powershell-exe/" ], "source": "MITRE", "title": "The Evolution of Offensive PowerShell Invocation" }, "related": [], "uuid": "8eec1af3-c65e-4522-8087-73122ac6c281", "value": "SilentBreak Offensive PS Dec 2015" }, { "description": "Meyers, Adam. (2021, July 6). The Evolution of PINCHY SPIDER from GandCrab to REvil. Retrieved March 28, 2023.", "meta": { "date_accessed": "2023-03-28T00:00:00Z", "date_published": "2021-07-06T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/" ], "source": "MITRE", "title": "The Evolution of PINCHY SPIDER from GandCrab to REvil" }, "related": [], "uuid": "7578541b-1ae3-58d0-a8b9-120bd6cd96f5", "value": "CrowdStrike Evolution of Pinchy Spider July 2021" }, { "description": "Selena Larson, Daniel Blackford, Garrett G. (2021, June 16). The First Step: Initial Access Leads to Ransomware. Retrieved January 24, 2024.", "meta": { "date_accessed": "2024-01-24T00:00:00Z", "date_published": "2021-06-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware" ], "source": "Tidal Cyber", "title": "The First Step: Initial Access Leads to Ransomware" }, "related": [], "uuid": "3b0631ae-f589-4b7c-a00a-04dcd5f3a77b", "value": "Proofpoint Ransomware Initial Access June 2021" }, { "description": "Gostev, A. (2012, May 28). The Flame: Questions and Answers. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2012-05-28T00:00:00Z", "refs": [ "https://securelist.com/the-flame-questions-and-answers-51/34344/" ], "source": "MITRE", "title": "The Flame: Questions and Answers" }, "related": [], "uuid": "6db8f76d-fe38-43b1-ad85-ad372da9c09d", "value": "Kaspersky Flame" }, { "description": "Grunzweig, J. and Wilhoit, K. (2018, November 29). The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia. Retrieved June 2, 2020.", "meta": { "date_accessed": "2020-06-02T00:00:00Z", "date_published": "2018-11-29T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/" ], "source": "MITRE", "title": "The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia" }, "related": [], "uuid": "6986a64a-5fe6-4697-b70b-79cccaf3d730", "value": "Unit 42 CARROTBAT November 2018" }, { "description": "Kasza, A. and Reichel, D. (2017, February 27). The Gamaredon Group Toolset Evolution. Retrieved March 1, 2017.", "meta": { "date_accessed": "2017-03-01T00:00:00Z", "date_published": "2017-02-27T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/" ], "source": "MITRE, Tidal Cyber", "title": "The Gamaredon Group Toolset Evolution" }, "related": [], "uuid": "3f9a6343-1db3-4696-99ed-f22c6eabee71", "value": "Palo Alto Gamaredon Feb 2017" }, { "description": "GNU. (2010, February 5). The GNU Accounting Utilities. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2010-02-05T00:00:00Z", "refs": [ "https://www.gnu.org/software/acct/" ], "source": "MITRE", "title": "The GNU Accounting Utilities" }, "related": [], "uuid": "ef3edd44-b8d1-4d7d-a0d8-0e75aa441eac", "value": "GNU Acct" }, { "description": "glibc developer community. (2020, February 1). The GNU C Library (glibc). Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "date_published": "2020-02-01T00:00:00Z", "refs": [ "https://www.gnu.org/software/libc/" ], "source": "MITRE", "title": "The GNU C Library (glibc)" }, "related": [], "uuid": "75a6a1bf-a5a7-419d-b290-6662aeddb7eb", "value": "GLIBC" }, { "description": "Trustwave SpiderLabs. (2020, June 25). The Golden Tax Department and Emergence of GoldenSpy Malware. Retrieved July 23, 2020.", "meta": { "date_accessed": "2020-07-23T00:00:00Z", "date_published": "2020-06-25T00:00:00Z", "refs": [ "https://www.trustwave.com/en-us/resources/library/documents/the-golden-tax-department-and-the-emergence-of-goldenspy-malware/" ], "source": "MITRE", "title": "The Golden Tax Department and Emergence of GoldenSpy Malware" }, "related": [], "uuid": "2a27a2ea-2815-4d97-88c0-47a6e04e84f8", "value": "Trustwave GoldenSpy June 2020" }, { "description": "Raggi, M. et al. (2022, March 7). The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates. Retrieved March 16, 2022.", "meta": { "date_accessed": "2022-03-16T00:00:00Z", "date_published": "2022-03-07T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european" ], "source": "MITRE", "title": "The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates" }, "related": [], "uuid": "5731d7e4-dd19-4d08-b493-7b1a467599d3", "value": "Proofpoint TA416 Europe March 2022" }, { "description": "Falcone, R., et al. (2018, August 02). The Gorgon Group: Slithering Between Nation State and Cybercrime. Retrieved August 7, 2018.", "meta": { "date_accessed": "2018-08-07T00:00:00Z", "date_published": "2018-08-02T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/" ], "source": "MITRE, Tidal Cyber", "title": "The Gorgon Group: Slithering Between Nation State and Cybercrime" }, "related": [], "uuid": "d0605185-3f8d-4846-a718-15572714e15b", "value": "Unit 42 Gorgon Group Aug 2018" }, { "description": "Roland Dela Paz. (2003, January 3). The HeartBeat APT Campaign. Retrieved October 17, 2021.", "meta": { "date_accessed": "2021-10-17T00:00:00Z", "date_published": "2003-01-03T00:00:00Z", "refs": [ "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf?" ], "source": "MITRE", "title": "The HeartBeat APT Campaign" }, "related": [], "uuid": "f42a36c2-1ca5-49ff-a7ec-7de90379a6d5", "value": "Trend Micro HeartBeat Campaign January 2013" }, { "description": "Glyer, C., Kazanciyan, R. (2012, August 20). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1). Retrieved June 6, 2016.", "meta": { "date_accessed": "2016-06-06T00:00:00Z", "date_published": "2012-08-20T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-1.html" ], "source": "MITRE", "title": "The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1)" }, "related": [], "uuid": "65d751cb-fdd2-4a45-81db-8a5a11bbee62", "value": "FireEye Hikit Rootkit" }, { "description": "Glyer, C., Kazanciyan, R. (2012, August 22). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2). Retrieved May 4, 2020.", "meta": { "date_accessed": "2020-05-04T00:00:00Z", "date_published": "2012-08-22T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-2.html" ], "source": "MITRE", "title": "The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2)" }, "related": [], "uuid": "48448972-a5ed-4371-b930-b51dcb174b82", "value": "FireEye HIKIT Rootkit Part 2" }, { "description": "Proofpoint. (n.d.). The Human Factor 2023: Analyzing the cyber attack chain. Retrieved July 20, 2023.", "meta": { "date_accessed": "2023-07-20T00:00:00Z", "refs": [ "https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-human-factor-report.pdf" ], "source": "MITRE", "title": "The Human Factor 2023: Analyzing the cyber attack chain" }, "related": [], "uuid": "143e191f-9175-557b-8fe1-41dbe04867a6", "value": "Proofpoint Human Factor" }, { "description": "Wilson, B. (2016, April 18). The Importance of KB2871997 and KB2928120 for Credential Protection. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2016-04-18T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/askpfeplat/2016/04/18/the-importance-of-kb2871997-and-kb2928120-for-credential-protection/" ], "source": "MITRE", "title": "The Importance of KB2871997 and KB2928120 for Credential Protection" }, "related": [], "uuid": "88367099-df19-4044-8c9b-2db4c9f418c4", "value": "TechNet Blogs Credential Protection" }, { "description": "U.S. Department of Homeland Security. (2016, August 30). The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations. Retrieved July 29, 2022.", "meta": { "date_accessed": "2022-07-29T00:00:00Z", "date_published": "2016-08-30T00:00:00Z", "refs": [ "https://cyber.dhs.gov/assets/report/ar-16-20173.pdf" ], "source": "MITRE", "title": "The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations" }, "related": [], "uuid": "f1d16045-d365-43d2-bc08-65ba1ddbe0fd", "value": "dhs_threat_to_net_devices" }, { "description": "Parys, B. (2017, February 11). The KeyBoys are back in town. Retrieved June 13, 2019.", "meta": { "date_accessed": "2019-06-13T00:00:00Z", "date_published": "2017-02-11T00:00:00Z", "refs": [ "https://web.archive.org/web/20211129064701/https://www.pwc.co.uk/issues/cyber-security-services/research/the-keyboys-are-back-in-town.html" ], "source": "MITRE", "title": "The KeyBoys are back in town" }, "related": [], "uuid": "9ac6737b-c8a2-416f-bbc3-8c5556ad4833", "value": "PWC KeyBoys Feb 2017" }, { "description": "Tarakanov , D.. (2013, September 11). The “Kimsuky” Operation: A North Korean APT?. Retrieved August 13, 2019.", "meta": { "date_accessed": "2019-08-13T00:00:00Z", "date_published": "2013-09-11T00:00:00Z", "refs": [ "https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/" ], "source": "MITRE", "title": "The “Kimsuky” Operation: A North Korean APT?" }, "related": [], "uuid": "f26771b0-2101-4fed-ac82-1bd9683dd7da", "value": "Securelist Kimsuky Sept 2013" }, { "description": "ClearSky Research Team. (2019, October 1). The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods. Retrieved April 21, 2021.", "meta": { "date_accessed": "2021-04-21T00:00:00Z", "date_published": "2019-10-01T00:00:00Z", "refs": [ "https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2-1.pdf" ], "source": "MITRE", "title": "The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods" }, "related": [], "uuid": "f5114978-2528-4199-a586-0158c5f8a138", "value": "ClearSky Kittens Back 2 Oct 2019" }, { "description": "ClearSky Research Team. (2020, August 1). The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp. Retrieved April 21, 2021.", "meta": { "date_accessed": "2021-04-21T00:00:00Z", "date_published": "2020-08-01T00:00:00Z", "refs": [ "https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf" ], "source": "MITRE, Tidal Cyber", "title": "The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp" }, "related": [], "uuid": "a10c6a53-79bb-4454-b444-cfb9136ecd36", "value": "ClearSky Kittens Back 3 August 2020" }, { "description": "The Kubernetes Authors. (n.d.). The Kubernetes API. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "refs": [ "https://kubernetes.io/docs/concepts/overview/kubernetes-api/" ], "source": "MITRE", "title": "The Kubernetes API" }, "related": [], "uuid": "5bdd1b82-9e5c-4db0-9764-240e37a1cc99", "value": "Kubernetes API" }, { "description": "Zanni, A. (n.d.). The LaZagne Project !!!. Retrieved December 14, 2018.", "meta": { "date_accessed": "2018-12-14T00:00:00Z", "refs": [ "https://github.com/AlessandroZ/LaZagne" ], "source": "MITRE", "title": "The LaZagne Project !!!" }, "related": [], "uuid": "9347b507-3a41-405d-87f9-d4fc2bfc48e5", "value": "GitHub LaZagne Dec 2018" }, { "description": "SecureWorks. (2013). The Lifecycle of Peer-to-Peer (Gameover) ZeuS. Retrieved August 19, 2015.", "meta": { "date_accessed": "2015-08-19T00:00:00Z", "date_published": "2013-01-01T00:00:00Z", "refs": [ "http://www.secureworks.com/cyber-threat-intelligence/threats/The_Lifecycle_of_Peer_to_Peer_Gameover_ZeuS/" ], "source": "MITRE", "title": "The Lifecycle of Peer-to-Peer (Gameover) ZeuS" }, "related": [], "uuid": "773d1d91-a93c-4bb3-928b-4c3f82f2c889", "value": "Dell P2P ZeuS" }, { "description": "Linux Kernel Organization, Inc. (n.d.). The Linux Kernel API. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "refs": [ "https://www.kernel.org/doc/html/v4.12/core-api/kernel-api.html" ], "source": "MITRE", "title": "The Linux Kernel API" }, "related": [], "uuid": "0a30d54e-187a-43e0-9725-3c80aa1c7619", "value": "Linux Kernel API" }, { "description": "Pomerantz, O., Salzman, P.. (2003, April 4). The Linux Kernel Module Programming Guide. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2003-04-04T00:00:00Z", "refs": [ "https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf" ], "source": "MITRE", "title": "The Linux Kernel Module Programming Guide" }, "related": [], "uuid": "70f31f19-e0b3-40b1-b8dd-6667557bb334", "value": "Linux Kernel Programming" }, { "description": "Villeneuve, N., Sancho, D. (2011). THE “LURID” DOWNLOADER. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2011-01-01T00:00:00Z", "refs": [ "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf" ], "source": "MITRE", "title": "THE “LURID” DOWNLOADER" }, "related": [], "uuid": "ed5a2ec0-8328-40db-9f58-7eaac4ad39a0", "value": "Villeneuve 2011" }, { "description": "Microsoft Defender Threat Intelligence. (2022, June 13). The many lives of BlackCat ransomware. Retrieved December 20, 2022.", "meta": { "date_accessed": "2022-12-20T00:00:00Z", "date_published": "2022-06-13T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/" ], "source": "MITRE", "title": "The many lives of BlackCat ransomware" }, "related": [], "uuid": "55be1ca7-fdb7-5d76-a9c8-5f44a0d00b0e", "value": "Microsoft BlackCat Jun 2022" }, { "description": "Maynor, D., Nikolic, A., Olney, M., and Younan, Y. (2017, July 5). The MeDoc Connection. Retrieved March 26, 2019.", "meta": { "date_accessed": "2019-03-26T00:00:00Z", "date_published": "2017-07-05T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2017/07/the-medoc-connection.html" ], "source": "MITRE", "title": "The MeDoc Connection" }, "related": [], "uuid": "a055d7a2-a356-4f0e-9a66-7f7b3ac7e74a", "value": "Talos Nyetya MEDoc 2017" }, { "description": "Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016.", "meta": { "date_accessed": "2016-12-12T00:00:00Z", "date_published": "2016-08-24T00:00:00Z", "refs": [ "https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/" ], "source": "MITRE", "title": "The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender" }, "related": [], "uuid": "d248e284-37d3-4425-a29e-5a0c814ae803", "value": "PegasusCitizenLab" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2013, February 27). The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor. Retrieved April 5, 2017.", "meta": { "date_accessed": "2017-04-05T00:00:00Z", "date_published": "2013-02-27T00:00:00Z", "refs": [ "https://cdn.securelist.com/files/2014/07/themysteryofthepdf0-dayassemblermicrobackdoor.pdf" ], "source": "MITRE", "title": "The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor" }, "related": [], "uuid": "def2a635-d322-4c27-9167-2642bf8f153c", "value": "Securelist MiniDuke Feb 2013" }, { "description": "Schroeder, W. (2017, January 10). The Most Dangerous User Right You (Probably) Have Never Heard Of. Retrieved March 5, 2019.", "meta": { "date_accessed": "2019-03-05T00:00:00Z", "date_published": "2017-01-10T00:00:00Z", "refs": [ "http://www.harmj0y.net/blog/activedirectory/the-most-dangerous-user-right-you-probably-have-never-heard-of/" ], "source": "MITRE", "title": "The Most Dangerous User Right You (Probably) Have Never Heard Of" }, "related": [], "uuid": "e8f7df08-1a62-41d9-b8a4-ff39a2160294", "value": "Harmj0y SeEnableDelegationPrivilege Right" }, { "description": "Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019.", "meta": { "date_accessed": "2019-04-10T00:00:00Z", "date_published": "2015-05-01T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf" ], "source": "MITRE", "title": "The MsnMM Campaigns: The Earliest Naikon APT Campaigns" }, "related": [], "uuid": "09302b4f-7f71-4289-92f6-076c685f0810", "value": "Baumgartner Naikon 2015" }, { "description": "Ehrlich, A., et al. (2022, September). THE MYSTERY OF METADOR | AN UNATTRIBUTED THREAT HIDING IN TELCOS, ISPS, AND UNIVERSITIES. Retrieved January 23, 2023.", "meta": { "date_accessed": "2023-01-23T00:00:00Z", "date_published": "2022-09-01T00:00:00Z", "refs": [ "https://assets.sentinelone.com/sentinellabs22/metador#page=1" ], "source": "MITRE", "title": "THE MYSTERY OF METADOR | AN UNATTRIBUTED THREAT HIDING IN TELCOS, ISPS, AND UNIVERSITIES" }, "related": [], "uuid": "137474b7-638a-56d7-9ce2-ab906f207175", "value": "SentinelLabs Metador Sept 2022" }, { "description": "Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.", "meta": { "date_accessed": "2015-01-14T00:00:00Z", "date_published": "2015-05-14T00:00:00Z", "refs": [ "https://securelist.com/the-naikon-apt/69953/" ], "source": "MITRE", "title": "The Naikon APT" }, "related": [], "uuid": "5163576f-0b2c-49ba-8f34-b7efe3f3f6db", "value": "Baumgartner Golovkin Naikon 2015" }, { "description": "Patel, K. (2018, March 02). The NanoCore RAT Has Resurfaced From the Sewers. Retrieved November 9, 2018.", "meta": { "date_accessed": "2018-11-09T00:00:00Z", "date_published": "2018-03-02T00:00:00Z", "refs": [ "https://cofense.com/nanocore-rat-resurfaced-sewers/" ], "source": "MITRE", "title": "The NanoCore RAT Has Resurfaced From the Sewers" }, "related": [], "uuid": "de31ba54-5634-48c5-aa57-c6b0dbb53870", "value": "Cofense NanoCore Mar 2018" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (n.d.). The NetTraveler (aka ‘Travnet’). Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "refs": [ "http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf" ], "source": "MITRE", "title": "The NetTraveler (aka ‘Travnet’)" }, "related": [], "uuid": "a7d4b322-3710-436f-bd51-e5c258073dba", "value": "Kaspersky NetTraveler" }, { "description": "Erye Hernandez and Danny Tsechansky. (2017, June 22). The New and Improved macOS Backdoor from OceanLotus. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "date_published": "2017-06-22T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-new-improved-macos-backdoor-oceanlotus/" ], "source": "MITRE", "title": "The New and Improved macOS Backdoor from OceanLotus" }, "related": [], "uuid": "fcaf57f1-6696-54a5-a78c-255c8f6ac235", "value": "Unit42 OceanLotus 2017" }, { "description": "CyberArk Labs. (2023, April 13). The (Not so) Secret War on Discord. Retrieved July 20, 2023.", "meta": { "date_accessed": "2023-07-20T00:00:00Z", "date_published": "2023-04-13T00:00:00Z", "refs": [ "https://www.cyberark.com/resources/threat-research-blog/the-not-so-secret-war-on-discord" ], "source": "MITRE", "title": "The (Not so) Secret War on Discord" }, "related": [], "uuid": "4b3cd2c0-fd0b-5583-8746-648229fc5f9d", "value": "CyberArk Labs Discord" }, { "description": "Quinn, J. (2019, March 25). The odd case of a Gh0stRAT variant. Retrieved July 15, 2020.", "meta": { "date_accessed": "2020-07-15T00:00:00Z", "date_published": "2019-03-25T00:00:00Z", "refs": [ "https://cybersecurity.att.com/blogs/labs-research/the-odd-case-of-a-gh0strat-variant" ], "source": "MITRE", "title": "The odd case of a Gh0stRAT variant" }, "related": [], "uuid": "88d7bf25-985a-4b5e-92d6-ec4fa47a314f", "value": "Gh0stRAT ATT March 2019" }, { "description": "Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.", "meta": { "date_accessed": "2017-05-03T00:00:00Z", "date_published": "2016-05-26T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/" ], "source": "MITRE, Tidal Cyber", "title": "The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor" }, "related": [], "uuid": "53836b95-a30a-4e95-8e19-e2bb2f18c738", "value": "Palo Alto OilRig May 2016" }, { "description": "UCF. (n.d.). The password for the krbtgt account on a domain must be reset at least every 180 days. Retrieved November 5, 2020.", "meta": { "date_accessed": "2020-11-05T00:00:00Z", "refs": [ "https://www.stigviewer.com/stig/windows_server_2016/2019-12-12/finding/V-91779" ], "source": "MITRE", "title": "The password for the krbtgt account on a domain must be reset at least every 180 days" }, "related": [], "uuid": "a42fc58f-e7a7-46de-a2f4-25fa8498b3b3", "value": "STIG krbtgt reset" }, { "description": "Haq, T., Moran, N., Scott, M., & Vashisht, S. O. (2014, September 10). The Path to Mass-Producing Cyber Attacks [Blog]. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2014-09-10T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html" ], "source": "MITRE, Tidal Cyber", "title": "The Path to Mass-Producing Cyber Attacks [Blog]" }, "related": [], "uuid": "4e10228d-d9da-4ba4-bca7-d3bbdce42e0d", "value": "Haq 2014" }, { "description": "Baumgartner, K. and Raiu, C. (2014, December 8). The ‘Penquin’ Turla. Retrieved March 11, 2021.", "meta": { "date_accessed": "2021-03-11T00:00:00Z", "date_published": "2014-12-08T00:00:00Z", "refs": [ "https://securelist.com/the-penquin-turla-2/67962/" ], "source": "MITRE", "title": "The ‘Penquin’ Turla" }, "related": [], "uuid": "957edb5c-b893-4968-9603-1a6b8577f3aa", "value": "Kaspersky Turla Penquin December 2014" }, { "description": "FireEye Labs. (2014, May 20). The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity. Retrieved November 4, 2014.", "meta": { "date_accessed": "2014-11-04T00:00:00Z", "date_published": "2014-05-20T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2014/05/the-pla-and-the-800am-500pm-work-day-fireeye-confirms-dojs-findings-on-apt1-intrusion-activity.html" ], "source": "MITRE", "title": "The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity" }, "related": [], "uuid": "b8b72a8e-87a1-4ce7-94df-ed938f9eb61c", "value": "FireEye PLA" }, { "description": "Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Retrieved August 17, 2016.", "meta": { "date_accessed": "2016-08-17T00:00:00Z", "date_published": "2016-08-09T00:00:00Z", "refs": [ "https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf" ], "source": "MITRE", "title": "The ProjectSauron APT" }, "related": [], "uuid": "6840c1d6-89dc-4138-99e8-fbd2a45f2a1c", "value": "Kaspersky ProjectSauron Full Report" }, { "description": "Robert McMillan. (2012, March 3). The Pwn Plug is a little white box that can hack your network. Retrieved March 30, 2018.", "meta": { "date_accessed": "2018-03-30T00:00:00Z", "date_published": "2012-03-03T00:00:00Z", "refs": [ "https://arstechnica.com/information-technology/2012/03/the-pwn-plug-is-a-little-white-box-that-can-hack-your-network/" ], "source": "MITRE", "title": "The Pwn Plug is a little white box that can hack your network" }, "related": [], "uuid": "6b57e883-75a1-4a71-accc-2d18148b9c3d", "value": "McMillan Pwn March 2012" }, { "description": "Ballenthin, W., Tomczak, J.. (2015). The Real Shim Shary. Retrieved May 4, 2020.", "meta": { "date_accessed": "2020-05-04T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf" ], "source": "MITRE", "title": "The Real Shim Shary" }, "related": [], "uuid": "658c8dd6-1a6a-40f0-a7b5-286fd4b1985d", "value": "FireEye Application Shimming" }, { "description": "Kaspersky Lab's Global Research and Analysis Team. (2014, November 24). THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS. Retrieved December 1, 2014.", "meta": { "date_accessed": "2014-12-01T00:00:00Z", "date_published": "2014-11-24T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070305/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf" ], "source": "MITRE", "title": "THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, "related": [], "uuid": "1b521b76-5b8f-4bd9-b312-7c795fc97898", "value": "Kaspersky Regin" }, { "description": "T. Richardson, J. Levine, RealVNC Ltd.. (2011, March). The Remote Framebuffer Protocol. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2011-03-01T00:00:00Z", "refs": [ "https://datatracker.ietf.org/doc/html/rfc6143#section-7.2.2" ], "source": "MITRE", "title": "The Remote Framebuffer Protocol" }, "related": [], "uuid": "4c75a00d-aa90-4260-ab7a-2addc17d1728", "value": "The Remote Framebuffer Protocol" }, { "description": "Jérôme Segura. (2019, December 4). There's an app for that: web skimmers found on PaaS Heroku. Retrieved August 18, 2022.", "meta": { "date_accessed": "2022-08-18T00:00:00Z", "date_published": "2019-12-04T00:00:00Z", "refs": [ "https://www.malwarebytes.com/blog/news/2019/12/theres-an-app-for-that-web-skimmers-found-on-paas-heroku" ], "source": "MITRE", "title": "There's an app for that: web skimmers found on PaaS Heroku" }, "related": [], "uuid": "4656cc2c-aff3-4416-b18d-995876d37e06", "value": "Malwarebytes Heroku Skimmers" }, { "description": "Howard Oakley. (2020, October 24). There's more to files than data: Extended Attributes. Retrieved October 12, 2021.", "meta": { "date_accessed": "2021-10-12T00:00:00Z", "date_published": "2020-10-24T00:00:00Z", "refs": [ "https://eclecticlight.co/2020/10/24/theres-more-to-files-than-data-extended-attributes/" ], "source": "MITRE", "title": "There's more to files than data: Extended Attributes" }, "related": [], "uuid": "e62d67ed-48d0-4141-aacc-92e165d66f16", "value": "ELC Extended Attributes" }, { "description": "Devon Kerr. (2015). There's Something About WMI. Retrieved May 4, 2020.", "meta": { "date_accessed": "2020-05-04T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf" ], "source": "MITRE", "title": "There's Something About WMI" }, "related": [], "uuid": "a9333ef5-5637-4a4c-9aaf-fdc9daf8b860", "value": "FireEye WMI SANS 2015" }, { "description": "Daman, R. (2020, February 4). The return of the spoof part 2: Command line spoofing. Retrieved November 19, 2021.", "meta": { "date_accessed": "2021-11-19T00:00:00Z", "date_published": "2020-02-04T00:00:00Z", "refs": [ "https://blog.nviso.eu/2020/02/04/the-return-of-the-spoof-part-2-command-line-spoofing/" ], "source": "MITRE", "title": "The return of the spoof part 2: Command line spoofing" }, "related": [], "uuid": "a3fa92ed-763c-4082-8220-cab82d70fad4", "value": "Nviso Spoof Command Line 2020" }, { "description": "Singh, S. Singh, A. (2020, June 11). The Return on the Higaisa APT. Retrieved March 2, 2021.", "meta": { "date_accessed": "2021-03-02T00:00:00Z", "date_published": "2020-06-11T00:00:00Z", "refs": [ "https://www.zscaler.com/blogs/security-research/return-higaisa-apt" ], "source": "MITRE", "title": "The Return on the Higaisa APT" }, "related": [], "uuid": "26d7ee2c-d4f7-441a-9073-49c9049b017e", "value": "Zscaler Higaisa 2020" }, { "description": "Check Point Research. (2023, August 8). The Rhysida Ransomware: Activity Analysis and Ties to Vice Society. Retrieved August 11, 2023.", "meta": { "date_accessed": "2023-08-11T00:00:00Z", "date_published": "2023-08-08T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/" ], "source": "Tidal Cyber", "title": "The Rhysida Ransomware: Activity Analysis and Ties to Vice Society" }, "related": [], "uuid": "0d01416f-4888-4b68-be47-a3245549cec5", "value": "Check Point Research Rhysida August 08 2023" }, { "description": "The DigiTrust Group. (2017, January 12). The Rise of Agent Tesla. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2017-01-12T00:00:00Z", "refs": [ "https://www.digitrustgroup.com/agent-tesla-keylogger/" ], "source": "MITRE", "title": "The Rise of Agent Tesla" }, "related": [], "uuid": "dbae7e21-20d4-454c-88db-43e2a195808e", "value": "DigiTrust Agent Tesla Jan 2017" }, { "description": "Morrow, D. (2021, April 15). The rise of QakBot. Retrieved September 27, 2021.", "meta": { "date_accessed": "2021-09-27T00:00:00Z", "date_published": "2021-04-15T00:00:00Z", "refs": [ "https://cybersecurity.att.com/blogs/labs-research/the-rise-of-qakbot" ], "source": "MITRE", "title": "The rise of QakBot" }, "related": [], "uuid": "c7b0b3f3-e9ea-4159-acd1-f6d92ed41828", "value": "ATT QakBot April 2021" }, { "description": "Cherepanov, A.. (2016, December 13). The rise of TeleBots: Analyzing disruptive KillDisk attacks. Retrieved June 10, 2020.", "meta": { "date_accessed": "2020-06-10T00:00:00Z", "date_published": "2016-12-13T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/" ], "source": "MITRE", "title": "The rise of TeleBots: Analyzing disruptive KillDisk attacks" }, "related": [], "uuid": "34e6e415-099a-4f29-aad0-fc0331a733a4", "value": "ESET Telebots Dec 2016" }, { "description": "Dormann, W. (2015, March 13). The Risks of SSL Inspection. Retrieved April 5, 2016.", "meta": { "date_accessed": "2016-04-05T00:00:00Z", "date_published": "2015-03-13T00:00:00Z", "refs": [ "https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html" ], "source": "MITRE", "title": "The Risks of SSL Inspection" }, "related": [], "uuid": "3fafc00e-b808-486e-81bc-c08b6a410133", "value": "SEI SSL Inspection Risks" }, { "description": "Rootkit Hunter Project. (2018, February 20). The Rootkit Hunter project. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2018-02-20T00:00:00Z", "refs": [ "http://rkhunter.sourceforge.net" ], "source": "MITRE", "title": "The Rootkit Hunter project" }, "related": [], "uuid": "e52cf1aa-3d14-40ce-a1d4-e9de672261ef", "value": "SourceForge rkhunter" }, { "description": "Campbell, C. (2014). The Secret Life of Krbtgt. Retrieved December 4, 2014.", "meta": { "date_accessed": "2014-12-04T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "http://defcon.org/images/defcon-22/dc-22-presentations/Campbell/DEFCON-22-Christopher-Campbell-The-Secret-Life-of-Krbtgt.pdf" ], "source": "MITRE", "title": "The Secret Life of Krbtgt" }, "related": [], "uuid": "8bef22ff-f2fc-4e1a-b4d2-d746a120f6c6", "value": "Campbell 2014" }, { "description": "Proofpoint Staff. (2015, December 15). The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK. Retrieved October 16, 2020.", "meta": { "date_accessed": "2020-10-16T00:00:00Z", "date_published": "2015-12-15T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows" ], "source": "MITRE", "title": "The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK" }, "related": [], "uuid": "4653a9a5-95f1-4b02-9bf0-8f1b8cd6c059", "value": "Proofpoint Domain Shadowing" }, { "description": "Symantec. (2012, August 16). The Shamoon Attacks. Retrieved March 14, 2019.", "meta": { "date_accessed": "2019-03-14T00:00:00Z", "date_published": "2012-08-16T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/shamoon-attacks" ], "source": "MITRE", "title": "The Shamoon Attacks" }, "related": [], "uuid": "ac634e99-d951-402b-bb1c-e575753dfda8", "value": "Symantec Shamoon 2012" }, { "description": "Baumgartner, K.. (2015, June 17). The Spring Dragon APT. Retrieved February 15, 2016.", "meta": { "date_accessed": "2016-02-15T00:00:00Z", "date_published": "2015-06-17T00:00:00Z", "refs": [ "https://securelist.com/the-spring-dragon-apt/70726/" ], "source": "MITRE", "title": "The Spring Dragon APT" }, "related": [], "uuid": "2cc38587-a18e-47e9-a8bb-e3498e4737f5", "value": "Spring Dragon Jun 2015" }, { "description": "Itkin, E. and Cohen, I. (2021, February 22). The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day. Retrieved March 24, 2021.", "meta": { "date_accessed": "2021-03-24T00:00:00Z", "date_published": "2021-02-22T00:00:00Z", "refs": [ "https://research.checkpoint.com/2021/the-story-of-jian/" ], "source": "MITRE", "title": "The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day" }, "related": [], "uuid": "84ac99ef-106f-44e9-97f0-3eda90570932", "value": "Check Point APT31 February 2021" }, { "description": "UCF. (n.d.). The system must require username and password to elevate a running application.. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "refs": [ "https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000077" ], "source": "MITRE", "title": "The system must require username and password to elevate a running application." }, "related": [], "uuid": "7b895692-d401-4d74-ab3f-e6f8e432877a", "value": "UCF STIG Elevation Account Enumeration" }, { "description": "Trend Micro. (2012). The Taidoor Campaign. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "date_published": "2012-01-01T00:00:00Z", "refs": [ "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf" ], "source": "MITRE", "title": "The Taidoor Campaign" }, "related": [], "uuid": "3d703dfa-97c5-498f-a712-cb4995119297", "value": "TrendMicro Taidoor" }, { "description": "Nelson, M. (2018, June 11). The Tale of SettingContent-ms Files. Retrieved April 18, 2019.", "meta": { "date_accessed": "2019-04-18T00:00:00Z", "date_published": "2018-06-11T00:00:00Z", "refs": [ "https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39" ], "source": "MITRE", "title": "The Tale of SettingContent-ms Files" }, "related": [], "uuid": "88ffa36e-c1d8-4e40-86c9-bdefad9a6c95", "value": "SpectorOPs SettingContent-ms Jun 2018" }, { "description": "GReAT. (2020, July 14). The Tetrade: Brazilian banking malware goes global. Retrieved November 9, 2020.", "meta": { "date_accessed": "2020-11-09T00:00:00Z", "date_published": "2020-07-14T00:00:00Z", "refs": [ "https://securelist.com/the-tetrade-brazilian-banking-malware/97779/" ], "source": "MITRE", "title": "The Tetrade: Brazilian banking malware goes global" }, "related": [], "uuid": "ccc34875-93f3-40ed-a9ee-f31b86708507", "value": "Securelist Brazilian Banking Malware July 2020" }, { "description": "Symantec Security Response. (2010, January 18). The Trojan.Hydraq Incident. Retrieved February 20, 2018.", "meta": { "date_accessed": "2018-02-20T00:00:00Z", "date_published": "2010-01-18T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/trojanhydraq-incident" ], "source": "MITRE", "title": "The Trojan.Hydraq Incident" }, "related": [], "uuid": "10bed842-400f-4276-972d-5fca794ea778", "value": "Symantec Trojan.Hydraq Jan 2010" }, { "description": "Fidelis Cybersecurity. (2016, February 29). The Turbo Campaign, Featuring Derusbi for 64-bit Linux. Retrieved March 2, 2016.", "meta": { "date_accessed": "2016-03-02T00:00:00Z", "date_published": "2016-02-29T00:00:00Z", "refs": [ "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2016/2016.02.29.Turbo_Campaign_Derusbi/TA_Fidelis_Turbo_1602_0.pdf" ], "source": "MITRE", "title": "The Turbo Campaign, Featuring Derusbi for 64-bit Linux" }, "related": [], "uuid": "f19877f1-3e0f-4c68-b6c9-ef5b0bd470ed", "value": "Fidelis Turbo" }, { "description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.", "meta": { "date_accessed": "2020-06-18T00:00:00Z", "date_published": "2020-02-20T00:00:00Z", "refs": [ "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html" ], "source": "MITRE", "title": "The United States Condemns Russian Cyber Attack Against the Country of Georgia" }, "related": [], "uuid": "fefa7321-cd60-4c7e-a9d5-c723d88013f2", "value": "USDOJ Sandworm Feb 2020" }, { "description": "Mikhail, K. (2014, October 16). The Ventir Trojan: assemble your MacOS spy. Retrieved April 6, 2018.", "meta": { "date_accessed": "2018-04-06T00:00:00Z", "date_published": "2014-10-16T00:00:00Z", "refs": [ "https://securelist.com/the-ventir-trojan-assemble-your-macos-spy/67267/" ], "source": "MITRE", "title": "The Ventir Trojan: assemble your MacOS spy" }, "related": [], "uuid": "5e4e82c0-16b6-43bc-a70d-6b8d55aaef52", "value": "Securelist Ventir" }, { "description": "Symantec. (2015, January 26). The Waterbug attack group. Retrieved April 10, 2015.", "meta": { "date_accessed": "2015-04-10T00:00:00Z", "date_published": "2015-01-26T00:00:00Z", "refs": [ "https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1" ], "source": "MITRE", "title": "The Waterbug attack group" }, "related": [], "uuid": "ec02f951-17b8-44cb-945a-e5c313555124", "value": "Symantec Waterbug" }, { "description": "Tim Hill. (2014, February 2). The Windows NT Command Shell. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "date_published": "2014-02-02T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions//cc723564(v=technet.10)?redirectedfrom=MSDN#XSLTsection127121120120" ], "source": "MITRE", "title": "The Windows NT Command Shell" }, "related": [], "uuid": "aee1e76c-8ff2-4ff0-83e3-edcb76f34d19", "value": "Windows NT Command Shell" }, { "description": "Arntz, P. (2016, March 30). The Windows Vault . Retrieved November 23, 2020.", "meta": { "date_accessed": "2020-11-23T00:00:00Z", "date_published": "2016-03-30T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/101/2016/01/the-windows-vaults/" ], "source": "MITRE", "title": "The Windows Vault" }, "related": [], "uuid": "f09fdc31-38ca-411d-8478-683b08a68535", "value": "Malwarebytes The Windows Vault" }, { "description": "Microsoft. (2007, August 15). The World of JScript, JavaScript, ECMAScript …. Retrieved June 23, 2020.", "meta": { "date_accessed": "2020-06-23T00:00:00Z", "date_published": "2007-08-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/archive/blogs/gauravseth/the-world-of-jscript-javascript-ecmascript" ], "source": "MITRE", "title": "The World of JScript, JavaScript, ECMAScript …" }, "related": [], "uuid": "e3c97d0f-150e-4fe3-a4ce-fc146a2fa718", "value": "Microsoft JScript 2007" }, { "description": "Mollema, D. (2019, March 4). The worst of both worlds: Combining NTLM Relaying and Kerberos delegation . Retrieved August 15, 2022.", "meta": { "date_accessed": "2022-08-15T00:00:00Z", "date_published": "2019-03-04T00:00:00Z", "refs": [ "https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/" ], "source": "MITRE", "title": "The worst of both worlds: Combining NTLM Relaying and Kerberos delegation" }, "related": [], "uuid": "08f44086-2387-4254-a0b6-3b9be2b6ee30", "value": "ntlm_relaying_kerberos_del" }, { "description": "Mac Threat Response, Mobile Research Team. (2020, August 13). The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "date_published": "2020-08-13T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf" ], "source": "MITRE", "title": "The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits" }, "related": [], "uuid": "0194bb11-8b97-4d61-8ddb-824077edc7db", "value": "trendmicro xcsset xcode project 2020" }, { "description": "Sean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearney, Anand Aijan, Sivagnanam Gn, Suraj Mundalik. (2020, October 14). They’re back: inside a new Ryuk ransomware attack. Retrieved October 14, 2020.", "meta": { "date_accessed": "2020-10-14T00:00:00Z", "date_published": "2020-10-14T00:00:00Z", "refs": [ "https://news.sophos.com/en-us/2020/10/14/inside-a-new-ryuk-ransomware-attack/" ], "source": "MITRE", "title": "They’re back: inside a new Ryuk ransomware attack" }, "related": [], "uuid": "bfc6f6fe-b504-4b99-a7c0-1efba08ac14e", "value": "Sophos New Ryuk Attack October 2020" }, { "description": "Rivner, U., Schwartz, E. (2012). They’re Inside… Now What?. Retrieved November 25, 2016.", "meta": { "date_accessed": "2016-11-25T00:00:00Z", "date_published": "2012-01-01T00:00:00Z", "refs": [ "https://www.rsaconference.com/writable/presentations/file_upload/ht-209_rivner_schwartz.pdf" ], "source": "MITRE", "title": "They’re Inside… Now What?" }, "related": [], "uuid": "8330ab88-9c73-4332-97d6-c1fb95b1a155", "value": "RSA EU12 They're Inside" }, { "description": "Thibault Van Geluwe De Berlaere. (2022, November 8). They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming. Retrieved November 9, 2022.", "meta": { "date_accessed": "2022-11-09T00:00:00Z", "date_published": "2022-11-08T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming" ], "source": "MITRE", "title": "They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming" }, "related": [], "uuid": "691fb596-07b6-5c13-9cec-e28530ffde12", "value": "APT29 Deep Look at Credential Roaming" }, { "description": "Steve Ranger. (2020, February 27). Ransomware victims thought their backups were safe. They were wrong. Retrieved March 21, 2023.", "meta": { "date_accessed": "2023-03-21T00:00:00Z", "refs": [ "https://www.zdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrong/" ], "source": "MITRE", "title": "They were wrong" }, "related": [], "uuid": "301da9c8-60de-58f0-989f-6b504e3457a3", "value": "ZDNet Ransomware Backups 2020" }, { "description": "Microsoft Defender Research Team. (2018, December 3). Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers. Retrieved April 15, 2019.", "meta": { "date_accessed": "2019-04-15T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/" ], "source": "MITRE", "title": "think tanks, non-profits, public sector by unidentified attackers" }, "related": [], "uuid": "896c88f9-8765-4b60-b679-667b338757e3", "value": "Microsoft Unidentified Dec 2018" }, { "description": "Zack Whittaker. (2019, August 12). This hacker’s iPhone charging cable can hijack your computer. Retrieved May 25, 2022.", "meta": { "date_accessed": "2022-05-25T00:00:00Z", "date_published": "2019-08-12T00:00:00Z", "refs": [ "https://techcrunch.com/2019/08/12/iphone-charging-cable-hack-computer-def-con/" ], "source": "MITRE", "title": "This hacker’s iPhone charging cable can hijack your computer" }, "related": [], "uuid": "b8bb0bc5-e131-47b5-8c42-48cd3dc25250", "value": "iPhone Charging Cable Hack" }, { "description": "Gyler, C.,Perez D.,Jones, S.,Miller, S.. (2021, February 25). This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved February 17, 2022.", "meta": { "date_accessed": "2022-02-17T00:00:00Z", "date_published": "2021-02-25T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/apt41-initiates-global-intrusion-campaign-using-multiple-exploits" ], "source": "MITRE", "title": "This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits" }, "related": [], "uuid": "9b75a38e-e5c7-43c8-a7fb-c7f212e00497", "value": "Mandiant APT41 Global Intrusion" }, { "description": "Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020.", "meta": { "date_accessed": "2020-04-28T00:00:00Z", "date_published": "2020-03-01T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html" ], "source": "MITRE", "title": "This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits" }, "related": [], "uuid": "e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d", "value": "FireEye APT41 March 2020" }, { "description": "Merriman, K. and Trouerbach, P. (2022, April 28). This isn't Optimus Prime's Bumblebee but it's Still Transforming. Retrieved August 22, 2022.", "meta": { "date_accessed": "2022-08-22T00:00:00Z", "date_published": "2022-04-28T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming" ], "source": "MITRE", "title": "This isn't Optimus Prime's Bumblebee but it's Still Transforming" }, "related": [], "uuid": "765b0ce9-7305-4b35-b5be-2f6f42339646", "value": "Proofpoint Bumblebee April 2022" }, { "description": "Itamar Turner-Trauring. (2017, April 18). “This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-04-18T00:00:00Z", "refs": [ "https://www.datawire.io/code-injection-on-linux-and-macos/" ], "source": "MITRE", "title": "“This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD" }, "related": [], "uuid": "82d41fd8-495d-41b6-b908-6ada5764c94d", "value": "Code Injection on Linux and macOS" }, { "description": "Kizhakkinan, D., et al. (2016, May 11). Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks. Retrieved February 12, 2018.", "meta": { "date_accessed": "2018-02-12T00:00:00Z", "date_published": "2016-05-11T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html" ], "source": "MITRE", "title": "Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks" }, "related": [], "uuid": "2079101c-d988-430a-9082-d25c475b2af5", "value": "FireEye Fin8 May 2016" }, { "description": "Proofpoint Threat Insight Team. (2019, September 5). Threat Actor Profile: TA407, the Silent Librarian. Retrieved February 3, 2021.", "meta": { "date_accessed": "2021-02-03T00:00:00Z", "date_published": "2019-09-05T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian" ], "source": "MITRE", "title": "Threat Actor Profile: TA407, the Silent Librarian" }, "related": [], "uuid": "e787e9af-f496-442a-8b36-16056ff8bfc1", "value": "Proofpoint TA407 September 2019" }, { "description": "Proofpoint Staff. (2017, September 27). Threat Actor Profile: TA505, From Dridex to GlobeImposter. Retrieved May 28, 2019.", "meta": { "date_accessed": "2019-05-28T00:00:00Z", "date_published": "2017-09-27T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter" ], "source": "MITRE, Tidal Cyber", "title": "Threat Actor Profile: TA505, From Dridex to GlobeImposter" }, "related": [], "uuid": "c1fff36f-802b-4436-abce-7f2787c148db", "value": "Proofpoint TA505 Sep 2017" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, July 20). Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. Retrieved July 24, 2023.", "meta": { "date_accessed": "2023-07-24T00:00:00Z", "date_published": "2023-07-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a" ], "source": "Tidal Cyber", "title": "Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells" }, "related": [], "uuid": "021c4caa-7a7a-4e49-9c5c-6eec176bf923", "value": "U.S. CISA CVE-2023-3519 Exploits" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, August 1). Threat Actors Exploiting Ivanti EPMM Vulnerabilities. Retrieved August 3, 2023.", "meta": { "date_accessed": "2023-08-03T00:00:00Z", "date_published": "2023-08-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a" ], "source": "Tidal Cyber", "title": "Threat Actors Exploiting Ivanti EPMM Vulnerabilities" }, "related": [], "uuid": "62305b8a-76c8-49ec-82dc-6756643ccf7a", "value": "U.S. CISA CVE-2023-35078 Exploits" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2024, February 29). Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways. Retrieved March 1, 2024.", "meta": { "date_accessed": "2024-03-01T00:00:00Z", "date_published": "2024-02-29T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b" ], "source": "Tidal Cyber", "title": "Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways" }, "related": [], "uuid": "a501b21d-916d-454e-b5a0-c3d3bdb4e45c", "value": "U.S. CISA Ivanti Exploits February 2024" }, { "description": "Atlas Cybersecurity. (2021, April 19). Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2021-04-19T00:00:00Z", "refs": [ "https://atlas-cybersecurity.com/cyber-threats/threat-actors-use-search-engine-optimization-tactics-to-redirect-traffic-and-install-malware/" ], "source": "MITRE", "title": "Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware" }, "related": [], "uuid": "26d7134e-7b93-4aa1-a859-03cf964ca1b5", "value": "Atlas SEO" }, { "description": "Salem, E. (2019, April 25). Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware. Retrieved May 28, 2019.", "meta": { "date_accessed": "2019-05-28T00:00:00Z", "date_published": "2019-04-25T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware" ], "source": "MITRE", "title": "Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware" }, "related": [], "uuid": "076f2b95-97d2-4d50-bb9b-6199c161e5c6", "value": "Cybereason TA505 April 2019" }, { "description": "Malhotra, A. (2022, March 15). Threat Advisory: CaddyWiper. Retrieved March 23, 2022.", "meta": { "date_accessed": "2022-03-23T00:00:00Z", "date_published": "2022-03-15T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html" ], "source": "MITRE", "title": "Threat Advisory: CaddyWiper" }, "related": [], "uuid": "88fc1f96-2d55-4c92-a929-234248490c30", "value": "Cisco CaddyWiper March 2022" }, { "description": "Nolen, R. et al.. (2016, April 28). Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land”. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2016-04-28T00:00:00Z", "refs": [ "https://www.carbonblack.com/2016/04/28/threat-advisory-squiblydoo-continues-trend-of-attackers-using-native-os-tools-to-live-off-the-land/" ], "source": "MITRE", "title": "Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land”" }, "related": [], "uuid": "b23fc191-cc84-49c8-9eb0-09db7e23b24d", "value": "Carbon Black Squiblydoo Apr 2016" }, { "description": "Assaf Morag. (2020, July 15). Threat Alert: Attackers Building Malicious Images on Your Hosts. Retrieved March 29, 2021.", "meta": { "date_accessed": "2021-03-29T00:00:00Z", "date_published": "2020-07-15T00:00:00Z", "refs": [ "https://blog.aquasec.com/malicious-container-image-docker-container-host" ], "source": "MITRE", "title": "Threat Alert: Attackers Building Malicious Images on Your Hosts" }, "related": [], "uuid": "efd64f41-13cc-4b2b-864c-4d2352cdadcd", "value": "Aqua Build Images on Hosts" }, { "description": "Singer, G. (2020, April 3). Threat Alert: Kinsing Malware Attacks Targeting Container Environments. Retrieved April 1, 2021.", "meta": { "date_accessed": "2021-04-01T00:00:00Z", "date_published": "2020-04-03T00:00:00Z", "refs": [ "https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability" ], "source": "MITRE", "title": "Threat Alert: Kinsing Malware Attacks Targeting Container Environments" }, "related": [], "uuid": "67dd04dd-c0e0-49e6-9341-4e445d660641", "value": "Aqua Kinsing April 2020" }, { "description": "Elsad, A. (2022, August 25). Threat Assessment: Black Basta Ransomware. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2022-08-25T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware" ], "source": "MITRE", "title": "Threat Assessment: Black Basta Ransomware" }, "related": [], "uuid": "fc9ee531-3680-549b-86e0-a10a70c3ec67", "value": "Palo Alto Networks Black Basta August 2022" }, { "description": "Santos, D. (2021, April 13). Threat Assessment: Clop Ransomware. Retrieved July 30, 2021.", "meta": { "date_accessed": "2021-07-30T00:00:00Z", "date_published": "2021-04-13T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/clop-ransomware/" ], "source": "MITRE", "title": "Threat Assessment: Clop Ransomware" }, "related": [], "uuid": "ce48d631-757c-480b-8572-b7d9f4d738c6", "value": "Unit42 Clop April 2021" }, { "description": "Hinchliffe, A. Santos, D. (2020, June 26). Threat Assessment: EKANS Ransomware. Retrieved February 9, 2021.", "meta": { "date_accessed": "2021-02-09T00:00:00Z", "date_published": "2020-06-26T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/threat-assessment-ekans-ransomware/" ], "source": "MITRE", "title": "Threat Assessment: EKANS Ransomware" }, "related": [], "uuid": "dcdd4e48-3c3d-4008-a6f6-390f896f147b", "value": "Palo Alto Unit 42 EKANS" }, { "description": "UNIT 42. (2022, March 24). Threat Brief: Lapsus$ Group. Retrieved May 17, 2022.", "meta": { "date_accessed": "2022-05-17T00:00:00Z", "date_published": "2022-03-24T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/lapsus-group/" ], "source": "MITRE", "title": "Threat Brief: Lapsus$ Group" }, "related": [], "uuid": "50f4c1ed-b046-405a-963d-a113324355a3", "value": "UNIT 42 LAPSUS Mar 2022" }, { "description": "Falcone, R. et al.. (2022, January 20). Threat Brief: Ongoing Russia and Ukraine Cyber Conflict. Retrieved March 10, 2022.", "meta": { "date_accessed": "2022-03-10T00:00:00Z", "date_published": "2022-01-20T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/#whispergate-malware-family" ], "source": "MITRE", "title": "Threat Brief: Ongoing Russia and Ukraine Cyber Conflict" }, "related": [], "uuid": "3daa8c9e-da17-4eda-aa0d-df97c5de8f64", "value": "Unit 42 WhisperGate January 2022" }, { "description": "Unit 42. (2019, February 7). Threat Brief: Understanding Domain Generation Algorithms (DGA). Retrieved February 19, 2019.", "meta": { "date_accessed": "2019-02-19T00:00:00Z", "date_published": "2019-02-07T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-generation-algorithms-dga/" ], "source": "MITRE", "title": "Threat Brief: Understanding Domain Generation Algorithms (DGA)" }, "related": [], "uuid": "5e1db76a-0a3e-42ce-a66c-f914fb1a3471", "value": "Unit 42 DGA Feb 2019" }, { "description": "Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.", "meta": { "date_accessed": "2018-08-18T00:00:00Z", "date_published": "2015-08-05T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage" ], "source": "MITRE, Tidal Cyber", "title": "Threat Group-3390 Targets Organizations for Cyberespionage" }, "related": [], "uuid": "dfd2d832-a6c5-40e7-a554-5a92f05bebae", "value": "Dell TG-3390" }, { "description": "SecureWorks Counter Threat Unit Threat Intelligence. (2016, June 16). Threat Group-4127 Targets Hillary Clinton Presidential Campaign. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2016-06-16T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign" ], "source": "MITRE", "title": "Threat Group-4127 Targets Hillary Clinton Presidential Campaign" }, "related": [], "uuid": "5f401c82-4e16-43a1-b234-48918fe7df9f", "value": "SecureWorks TG-4127" }, { "description": "Sherstobitoff, R., Rea, M. (2017, November 7). Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack. Retrieved November 21, 2017.", "meta": { "date_accessed": "2017-11-21T00:00:00Z", "date_published": "2017-11-07T00:00:00Z", "refs": [ "https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/" ], "source": "MITRE", "title": "Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack" }, "related": [], "uuid": "8670f4ee-7491-4c37-9832-99d6f8f54ba8", "value": "McAfee APT28 DDE1 Nov 2017" }, { "description": "Gahlot, A. (n.d.). Threat Hunting for Avaddon Ransomware. Retrieved August 19, 2021.", "meta": { "date_accessed": "2021-08-19T00:00:00Z", "refs": [ "https://awakesecurity.com/blog/threat-hunting-for-avaddon-ransomware/" ], "source": "MITRE", "title": "Threat Hunting for Avaddon Ransomware" }, "related": [], "uuid": "c113cde7-5dd5-45e9-af16-3ab6ed0b1728", "value": "Awake Security Avaddon" }, { "description": "Gary Golomb and Tory Kei. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "refs": [ "https://awakesecurity.com/blog/threat-hunting-series-detecting-command-control-in-the-cloud/" ], "source": "MITRE", "title": "Threat Hunting Series: Detecting Command & Control in the Cloud" }, "related": [], "uuid": "fa3762ce-3e60-4991-b464-12601d2a6912", "value": "Awake Security C2 Cloud" }, { "description": "Gary Golomb. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved July 8, 2022.", "meta": { "date_accessed": "2022-07-08T00:00:00Z", "refs": [ "https://awakesecurity.com/blog/threat-hunting-series-detecting-command-control-in-the-cloud/" ], "source": "MITRE", "title": "Threat Hunting Series: Detecting Command & Control in the Cloud" }, "related": [], "uuid": "b12e0288-48cd-46ec-8305-0f4d050782f2", "value": "Detecting Command & Control in the Cloud" }, { "description": "Weizman, Y. (2020, April 2). Threat Matrix for Kubernetes. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "date_published": "2020-04-02T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/" ], "source": "MITRE", "title": "Threat Matrix for Kubernetes" }, "related": [], "uuid": "43fab719-e348-4902-8df3-8807765b95f0", "value": "Threat Matrix for Kubernetes" }, { "description": "SecureWorks. (n.d.). Threat Profile - BRONZE MOHAWK. Retrieved August 24, 2021.", "meta": { "date_accessed": "2021-08-24T00:00:00Z", "refs": [ "https://www.secureworks.com/research/threat-profiles/bronze-mohawk" ], "source": "MITRE", "title": "Threat Profile - BRONZE MOHAWK" }, "related": [], "uuid": "b741fe9a-4b08-44b9-b6e7-5988eee486a3", "value": "SecureWorks BRONZE MOHAWK n.d." }, { "description": "ESET. (2022, February). THREAT REPORT T3 2021. Retrieved February 10, 2022.", "meta": { "date_accessed": "2022-02-10T00:00:00Z", "date_published": "2022-02-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2022/02/eset_threat_report_t32021.pdf" ], "source": "MITRE", "title": "THREAT REPORT T3 2021" }, "related": [], "uuid": "34a23b22-2d39-47cc-a1e9-47f7f490dcbd", "value": "ESET T3 Threat Report 2021" }, { "description": "Kasuya, M. (2020, January 8). Threat Spotlight: Amadey Bot Targets Non-Russian Users. Retrieved July 14, 2022.", "meta": { "date_accessed": "2022-07-14T00:00:00Z", "date_published": "2020-01-08T00:00:00Z", "refs": [ "https://blogs.blackberry.com/en/2020/01/threat-spotlight-amadey-bot" ], "source": "MITRE", "title": "Threat Spotlight: Amadey Bot Targets Non-Russian Users" }, "related": [], "uuid": "21b7a7c7-55a2-4235-ba11-d34ba68d1bf5", "value": "BlackBerry Amadey 2020" }, { "description": "Nick Biasini. (2015, March 3). Threat Spotlight: Angler Lurking in the Domain Shadows. Retrieved March 6, 2017.", "meta": { "date_accessed": "2017-03-06T00:00:00Z", "date_published": "2015-03-03T00:00:00Z", "refs": [ "https://blogs.cisco.com/security/talos/angler-domain-shadowing" ], "source": "MITRE", "title": "Threat Spotlight: Angler Lurking in the Domain Shadows" }, "related": [], "uuid": "0b10d7d4-9c18-4fd8-933a-b46e41d618ab", "value": "CiscoAngler" }, { "description": "Edmund Brumaghin. (2022, November 9). Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns. Retrieved March 8, 2023.", "meta": { "date_accessed": "2023-03-08T00:00:00Z", "date_published": "2022-11-09T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/ipfs-abuse/" ], "source": "MITRE", "title": "Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns" }, "related": [], "uuid": "dc98c7ce-0a3f-5f35-9885-6c1c73e5858d", "value": "Talos IPFS 2022" }, { "description": "Esler, J., Lee, M., and Williams, C. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.", "meta": { "date_accessed": "2016-01-14T00:00:00Z", "date_published": "2014-10-14T00:00:00Z", "refs": [ "http://blogs.cisco.com/security/talos/threat-spotlight-group-72" ], "source": "MITRE", "title": "Threat Spotlight: Group 72" }, "related": [], "uuid": "b9201737-ef72-46d4-8e86-89fee5b98aa8", "value": "Cisco Group 72" }, { "description": "Allievi, A., et al. (2014, October 28). Threat Spotlight: Group 72, Opening the ZxShell. Retrieved September 24, 2019.", "meta": { "date_accessed": "2019-09-24T00:00:00Z", "date_published": "2014-10-28T00:00:00Z", "refs": [ "https://blogs.cisco.com/security/talos/opening-zxshell" ], "source": "MITRE", "title": "Threat Spotlight: Group 72, Opening the ZxShell" }, "related": [], "uuid": "41c20013-71b3-4957-98f0-fb919014c93e", "value": "Talos ZxShell Oct 2014" }, { "description": "Infinitum IT. (n.d.). Threat Spotlight: Lockbit Black 3.0 Ransomware. Retrieved May 19, 2023.", "meta": { "date_accessed": "2023-05-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://raw.githubusercontent.com/whichbuffer/Lockbit-Black-3.0/main/Threat%20Spotlight%20Lockbit%20Black%203.0%20Ransomware.pdf" ], "source": "Tidal Cyber", "title": "Threat Spotlight: Lockbit Black 3.0 Ransomware" }, "related": [], "uuid": "8bee2689-dfd8-45b2-b8dd-e87ab3ade0ec", "value": "Infinitum IT LockBit 3.0" }, { "description": "The BlackBerry Research & Intelligence Team. (2021, June 10). Threat Thursday: SystemBC – a RAT in the Pipeline. Retrieved September 21, 2023.", "meta": { "date_accessed": "2023-09-21T00:00:00Z", "date_published": "2021-06-10T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://blogs.blackberry.com/en/2021/06/threat-thursday-systembc-a-rat-in-the-pipeline" ], "source": "Tidal Cyber", "title": "Threat Thursday: SystemBC – a RAT in the Pipeline" }, "related": [], "uuid": "08186ff9-6ca5-4c09-b5e7-b883eb15fdba", "value": "BlackBerry SystemBC June 10 2021" }, { "description": "Department of Justice. (2021, February 17). Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe. Retrieved June 9, 2021.", "meta": { "date_accessed": "2021-06-09T00:00:00Z", "date_published": "2021-02-17T00:00:00Z", "refs": [ "https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and" ], "source": "MITRE", "title": "Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe" }, "related": [], "uuid": "d702653f-a9da-4a36-8f84-97caeb445266", "value": "DOJ North Korea Indictment Feb 2021" }, { "description": "Security Response Attack Investigation Team. (2018, June 19). Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies. Retrieved July 10, 2018.", "meta": { "date_accessed": "2018-07-10T00:00:00Z", "date_published": "2018-06-19T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets" ], "source": "MITRE, Tidal Cyber", "title": "Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies" }, "related": [], "uuid": "482a6946-b663-4789-a31f-83fb2132118d", "value": "Symantec Thrip June 2018" }, { "description": "Andonov, D., et al. (2015, December 7). Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record. Retrieved May 13, 2016.", "meta": { "date_accessed": "2016-05-13T00:00:00Z", "date_published": "2015-12-07T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html" ], "source": "MITRE", "title": "Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record" }, "related": [], "uuid": "585827a8-1f03-439d-b66e-ad5290117c1b", "value": "FireEye Bootkits" }, { "description": "Luke Paine. (2020, March 11). Through the Looking Glass — Part 1. Retrieved March 17, 2022.", "meta": { "date_accessed": "2022-03-17T00:00:00Z", "date_published": "2020-03-11T00:00:00Z", "refs": [ "https://posts.specterops.io/through-the-looking-glass-part-1-f539ae308512" ], "source": "MITRE", "title": "Through the Looking Glass — Part 1" }, "related": [], "uuid": "6ab2cfa1-230f-498e-8049-fcdd2f7296dd", "value": "SpecterOps AWS Traffic Mirroring" }, { "description": "Michael Ossmann. (2011, February 17). Throwing Star LAN Tap. Retrieved March 30, 2018.", "meta": { "date_accessed": "2018-03-30T00:00:00Z", "date_published": "2011-02-17T00:00:00Z", "refs": [ "https://ossmann.blogspot.com/2011/02/throwing-star-lan-tap.html" ], "source": "MITRE", "title": "Throwing Star LAN Tap" }, "related": [], "uuid": "1be27354-1326-4568-b26a-d0034acecba2", "value": "Ossmann Star Feb 2011" }, { "description": "DiMaggio, J. (2016, April 28). Tick cyberespionage group zeros in on Japan. Retrieved July 16, 2018.", "meta": { "date_accessed": "2018-07-16T00:00:00Z", "date_published": "2016-04-28T00:00:00Z", "refs": [ "https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan" ], "source": "MITRE", "title": "Tick cyberespionage group zeros in on Japan" }, "related": [], "uuid": "3e29cacc-2c05-4f35-8dd1-948f8aee6713", "value": "Symantec Tick Apr 2016" }, { "description": "TightVNC Software. (n.d.). TightVNC Software. Retrieved July 10, 2023.", "meta": { "date_accessed": "2023-07-10T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.tightvnc.com/" ], "source": "Tidal Cyber", "title": "TightVNC Software" }, "related": [], "uuid": "e1725230-4f6c-47c5-8e30-90dfb01a75d7", "value": "TightVNC Software Project Page" }, { "description": "Malicious History. (2020, September 17). Time Bombs: Malware With Delayed Execution. Retrieved April 22, 2021.", "meta": { "date_accessed": "2021-04-22T00:00:00Z", "date_published": "2020-09-17T00:00:00Z", "refs": [ "https://any.run/cybersecurity-blog/time-bombs-malware-with-delayed-execution/" ], "source": "MITRE", "title": "Time Bombs: Malware With Delayed Execution" }, "related": [], "uuid": "cd369bf9-80a8-426f-a0aa-c9745b40696c", "value": "AnyRun TimeBomb" }, { "description": "Microsoft. (n.d.). Time Provider. Retrieved March 26, 2018.", "meta": { "date_accessed": "2018-03-26T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx" ], "source": "MITRE", "title": "Time Provider" }, "related": [], "uuid": "cf7c1db8-6282-4ccd-9609-5a012faf70d6", "value": "Microsoft TimeProvider" }, { "description": "Cisco Talos. (2021, September 21). TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines. Retrieved December 2, 2021.", "meta": { "date_accessed": "2021-12-02T00:00:00Z", "date_published": "2021-09-21T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2021/09/tinyturla.html" ], "source": "MITRE", "title": "TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines" }, "related": [], "uuid": "94cdbd73-a31a-4ec3-aa36-de3ea077c1c7", "value": "Talos TinyTurla September 2021" }, { "description": "netbiosX. (2017, April 3). Token Manipulation. Retrieved April 21, 2017.", "meta": { "date_accessed": "2017-04-21T00:00:00Z", "date_published": "2017-04-03T00:00:00Z", "refs": [ "https://pentestlab.blog/2017/04/03/token-manipulation/" ], "source": "MITRE", "title": "Token Manipulation" }, "related": [], "uuid": "243deb44-4d47-4c41-bd5d-262c4319cce5", "value": "Pentestlab Token Manipulation" }, { "description": "Ralph Langner. (2013, November). To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve. Retrieved December 7, 2020.", "meta": { "date_accessed": "2020-12-07T00:00:00Z", "date_published": "2013-11-01T00:00:00Z", "refs": [ "https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf" ], "source": "MITRE", "title": "To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve" }, "related": [], "uuid": "76b99581-e94d-4e51-8110-80557474048e", "value": "Langer Stuxnet" }, { "description": "Daniel Lughi, Jaromir Horejsi. (2020, October 2). Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure. Retrieved October 17, 2021.", "meta": { "date_accessed": "2021-10-17T00:00:00Z", "date_published": "2020-10-02T00:00:00Z", "refs": [ "https://vb2020.vblocalhost.com/uploads/VB2020-06.pdf" ], "source": "MITRE", "title": "Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure" }, "related": [], "uuid": "140e6b01-6b98-4f82-9455-0c84b3856b86", "value": "TrendMicro Tonto Team October 2020" }, { "description": "Rascagneres, P. (2015, May). Tools used by the Uroburos actors. Retrieved August 18, 2016.", "meta": { "date_accessed": "2016-08-18T00:00:00Z", "date_published": "2015-05-01T00:00:00Z", "refs": [ "https://docplayer.net/101655589-Tools-used-by-the-uroburos-actors.html" ], "source": "MITRE", "title": "Tools used by the Uroburos actors" }, "related": [], "uuid": "99e2709e-a32a-4fbf-a20a-ffcdd8befdc8", "value": "NorthSec 2015 GData Uroburos Tools" }, { "description": "Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "date_published": "2004-01-01T00:00:00Z", "refs": [ "http://www.dtic.mil/dtic/tr/fulltext/u2/a465464.pdf" ], "source": "MITRE", "title": "Tor: The Second-Generation Onion Router" }, "related": [], "uuid": "ffb6a26d-2da9-4cce-bb2d-5280e9cc16b4", "value": "Dingledine Tor The Second-Generation Onion Router" }, { "description": "Erickson, J., McWhirt, M., Palombo, D. (2017, May 3). To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence. Retrieved July 18, 2017.", "meta": { "date_accessed": "2017-07-18T00:00:00Z", "date_published": "2017-05-03T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html" ], "source": "MITRE", "title": "To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence" }, "related": [], "uuid": "25d8bac0-9187-45db-ad96-c7bce20cef00", "value": "FireEye FIN7 Shim Databases" }, { "description": "LOLBAS. (n.d.). Tracker.exe. Retrieved July 31, 2019.", "meta": { "date_accessed": "2019-07-31T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Tracker/" ], "source": "MITRE", "title": "Tracker.exe" }, "related": [], "uuid": "f0e368f1-3347-41ef-91fb-995c3cb07707", "value": "LOLBAS Tracker" }, { "description": "BushidoToken. (2023, August 16). Tracking Adversaries: Scattered Spider, the BlackCat affiliate. Retrieved September 14, 2023.", "meta": { "date_accessed": "2023-09-14T00:00:00Z", "date_published": "2023-08-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://blog.bushidotoken.net/2023/08/tracking-adversaries-scattered-spider.html" ], "source": "Tidal Cyber", "title": "Tracking Adversaries: Scattered Spider, the BlackCat affiliate" }, "related": [], "uuid": "621a8320-0e3c-444f-b82a-7fd4fdf9fb67", "value": "BushidoToken Scattered Spider August 16 2023" }, { "description": "Payne, J. (2015, November 26). Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts. Retrieved February 1, 2016.", "meta": { "date_accessed": "2016-02-01T00:00:00Z", "date_published": "2015-11-26T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/archive/blogs/jepayne/tracking-lateral-movement-part-one-special-groups-and-specific-service-accounts" ], "source": "MITRE", "title": "Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts" }, "related": [], "uuid": "5d5ca6a4-5e2f-4679-9040-b68d524778ff", "value": "Lateral Movement Payne" }, { "description": "Ray, V. and Hayashi, K. (2019, February 1). Tracking OceanLotus’ new Downloader, KerrDown. Retrieved October 1, 2021.", "meta": { "date_accessed": "2021-10-01T00:00:00Z", "date_published": "2019-02-01T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/" ], "source": "MITRE", "title": "Tracking OceanLotus’ new Downloader, KerrDown" }, "related": [], "uuid": "bff5dbfe-d080-46c1-82b7-272e03d2aa8c", "value": "Unit 42 KerrDown February 2019" }, { "description": "Fiser, D. Oliveira, A. (n.d.). Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group. Retrieved September 22, 2021.", "meta": { "date_accessed": "2021-09-22T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf" ], "source": "MITRE", "title": "Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group" }, "related": [], "uuid": "d6b52135-6bb2-4e37-8f94-1e1d6354bdfd", "value": "Trend Micro TeamTNT" }, { "description": "Karim, T. (2018, August). TRAILS OF WINDSHIFT. Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "date_published": "2018-08-01T00:00:00Z", "refs": [ "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554718868.pdf" ], "source": "MITRE", "title": "TRAILS OF WINDSHIFT" }, "related": [], "uuid": "97eac0f2-d528-4f7c-8425-7531eae4fc39", "value": "SANS Windshift August 2018" }, { "description": "Microsoft. (n.d.). Transactional NTFS (TxF). Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/bb968806.aspx" ], "source": "MITRE", "title": "Transactional NTFS (TxF)" }, "related": [], "uuid": "f7f2eecc-19e6-4d93-8a53-91afea2f242e", "value": "Microsoft TxF" }, { "description": "Justin Schoenfeld, Aaron Didier. (2021, May 4). Transferring leverage in a ransomware attack. Retrieved July 14, 2022.", "meta": { "date_accessed": "2022-07-14T00:00:00Z", "date_published": "2021-05-04T00:00:00Z", "refs": [ "https://redcanary.com/blog/rclone-mega-extortion/" ], "source": "MITRE", "title": "Transferring leverage in a ransomware attack" }, "related": [], "uuid": "9b492a2f-1326-4733-9c0e-a9454bf7fabb", "value": "Rclone-mega-extortion_05_2021" }, { "description": "Microsoft. (2018, May 31). Translating to JScript. Retrieved June 23, 2020.", "meta": { "date_accessed": "2020-06-23T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/win32/com/translating-to-jscript" ], "source": "MITRE", "title": "Translating to JScript" }, "related": [], "uuid": "99e48516-f918-477c-b85e-4ad894cc031f", "value": "JScrip May 2018" }, { "description": "Malhotra, A., McKay, K. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal . Retrieved July 29, 2022.", "meta": { "date_accessed": "2022-07-29T00:00:00Z", "date_published": "2021-05-13T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html" ], "source": "MITRE", "title": "Transparent Tribe APT expands its Windows malware arsenal" }, "related": [], "uuid": "be1e3092-1981-457b-ae76-b55b057e1d73", "value": "tt_obliqueRAT" }, { "description": "Malhotra, A. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal. Retrieved September 2, 2021.", "meta": { "date_accessed": "2021-09-02T00:00:00Z", "date_published": "2021-05-13T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html" ], "source": "MITRE, Tidal Cyber", "title": "Transparent Tribe APT expands its Windows malware arsenal" }, "related": [], "uuid": "5d58c285-bc7d-4a8a-a96a-ac7118c1089d", "value": "Talos Transparent Tribe May 2021" }, { "description": "N. Baisini. (2022, July 13). Transparent Tribe begins targeting education sector in latest campaign. Retrieved September 22, 2022.", "meta": { "date_accessed": "2022-09-22T00:00:00Z", "date_published": "2022-07-13T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html" ], "source": "MITRE", "title": "Transparent Tribe begins targeting education sector in latest campaign" }, "related": [], "uuid": "acb10fb6-608f-44d3-9faf-7e577b0e2786", "value": "Cisco Talos Transparent Tribe Education Campaign July 2022" }, { "description": "Malhotra, A., Thattil, J. et al. (2022, March 29). Transparent Tribe campaign uses new bespoke malware to target Indian government officials . Retrieved September 6, 2022.", "meta": { "date_accessed": "2022-09-06T00:00:00Z", "date_published": "2022-03-29T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html" ], "source": "MITRE", "title": "Transparent Tribe campaign uses new bespoke malware to target Indian government officials" }, "related": [], "uuid": "9bdda422-dbf7-4b70-a7b1-9e3ad658c239", "value": "tt_httrack_fake_domains" }, { "description": "Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved April 1, 2021.", "meta": { "date_accessed": "2021-04-01T00:00:00Z", "date_published": "2020-08-20T00:00:00Z", "refs": [ "https://securelist.com/transparent-tribe-part-1/98127/" ], "source": "MITRE", "title": "Transparent Tribe: Evolution analysis, part 1" }, "related": [], "uuid": "0db470b1-ab22-4b67-a858-472e4de7c6f0", "value": "Securelist Trasparent Tribe 2020" }, { "description": "Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved September 2, 2021.", "meta": { "date_accessed": "2021-09-02T00:00:00Z", "date_published": "2020-08-20T00:00:00Z", "refs": [ "https://securelist.com/transparent-tribe-part-1/98127/" ], "source": "MITRE, Tidal Cyber", "title": "Transparent Tribe: Evolution analysis, part 1" }, "related": [], "uuid": "42c7faa2-f664-4e4a-9d23-93c88a09da5b", "value": "Kaspersky Transparent Tribe August 2020" }, { "description": "Microsoft. (2016, June 1). Transport agents. Retrieved June 24, 2019.", "meta": { "date_accessed": "2019-06-24T00:00:00Z", "date_published": "2016-06-01T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/exchange/transport-agents-exchange-2013-help" ], "source": "MITRE", "title": "Transport agents" }, "related": [], "uuid": "16ae3e7e-5f0d-4ca9-8453-be960b2111b6", "value": "Microsoft TransportAgent Jun 2016" }, { "description": "ss64. (n.d.). trap. Retrieved May 21, 2019.", "meta": { "date_accessed": "2019-05-21T00:00:00Z", "refs": [ "https://ss64.com/bash/trap.html" ], "source": "MITRE", "title": "trap" }, "related": [], "uuid": "143462e1-b7e8-4e18-9cb1-6f4f3969e891", "value": "Trap Manual" }, { "description": "TONY LAMBERT. (2022, June 7). Trapping the Netwire RAT on Linux. Retrieved September 28, 2023.", "meta": { "date_accessed": "2023-09-28T00:00:00Z", "date_published": "2022-06-07T00:00:00Z", "refs": [ "https://redcanary.com/blog/netwire-remote-access-trojan-on-linux/" ], "source": "MITRE", "title": "Trapping the Netwire RAT on Linux" }, "related": [], "uuid": "6d4c6c52-38ae-52f5-b438-edeceed446a5", "value": "Red Canary Netwire Linux 2022" }, { "description": "Cyberciti. (2016, March 29). Trap statement. Retrieved May 21, 2019.", "meta": { "date_accessed": "2019-05-21T00:00:00Z", "date_published": "2016-03-29T00:00:00Z", "refs": [ "https://bash.cyberciti.biz/guide/Trap_statement" ], "source": "MITRE", "title": "Trap statement" }, "related": [], "uuid": "24cf5471-f327-4407-b32f-055537f3495e", "value": "Cyberciti Trap Statements" }, { "description": "Dept. of Treasury. (2020, September 17). Treasury Sanctions Cyber Actors Backed by Iranian Intelligence. Retrieved December 10, 2020.", "meta": { "date_accessed": "2020-12-10T00:00:00Z", "date_published": "2020-09-17T00:00:00Z", "refs": [ "https://home.treasury.gov/news/press-releases/sm1127" ], "source": "MITRE", "title": "Treasury Sanctions Cyber Actors Backed by Iranian Intelligence" }, "related": [], "uuid": "0c8ff80a-6b1d-4212-aa40-99aeef04ce05", "value": "Dept. of Treasury Iran Sanctions September 2020" }, { "description": "U.S. Department of Treasury. (2019, December 5). Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware. Retrieved September 15, 2021.", "meta": { "date_accessed": "2021-09-15T00:00:00Z", "date_published": "2019-12-05T00:00:00Z", "refs": [ "https://home.treasury.gov/news/press-releases/sm845" ], "source": "MITRE", "title": "Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware" }, "related": [], "uuid": "074a52c4-26d9-4083-9349-c14e2639c1bc", "value": "Treasury EvilCorp Dec 2019" }, { "description": "US Treasury . (2019, September 13). Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2019-09-13T00:00:00Z", "refs": [ "https://home.treasury.gov/news/press-releases/sm774" ], "source": "MITRE", "title": "Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups" }, "related": [], "uuid": "54977bb2-2929-41d7-bdea-06d39dc76174", "value": "Treasury North Korean Cyber Groups September 2019" }, { "description": "Wolfram, J. et al. (2022, April 28). Trello From the Other Side: Tracking APT29 Phishing Campaigns. Retrieved August 3, 2022.", "meta": { "date_accessed": "2022-08-03T00:00:00Z", "date_published": "2022-04-28T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns" ], "source": "MITRE", "title": "Trello From the Other Side: Tracking APT29 Phishing Campaigns" }, "related": [], "uuid": "5590bb5c-d9d1-480c-bb69-1944c1cf2431", "value": "Mandiant APT29 Trello" }, { "description": "Jagpal, N., et al. (2015, August). Trends and Lessons from Three Years Fighting Malicious Extensions. Retrieved November 17, 2017.", "meta": { "date_accessed": "2017-11-17T00:00:00Z", "date_published": "2015-08-01T00:00:00Z", "refs": [ "https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43824.pdf" ], "source": "MITRE", "title": "Trends and Lessons from Three Years Fighting Malicious Extensions" }, "related": [], "uuid": "f34fcf1f-370e-4b6e-9cc4-7ee4075faf6e", "value": "Malicious Chrome Extension Numbers" }, { "description": "tria.ge. (n.d.). Triage 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://tria.ge/230726-q34mlacc72" ], "source": "Tidal Cyber", "title": "Triage 23893f035f8564dfea5030b9fdd54120d96072bb" }, "related": [], "uuid": "3c4857e0-0318-435f-9459-bd57d83e84fe", "value": "Triage 23893f035f8564dfea5030b9fdd54120d96072bb" }, { "description": "tria.ge. (n.d.). Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7. Retrieved October 20, 2023.", "meta": { "date_accessed": "2023-10-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://tria.ge/231004-q6y7aaeb22" ], "source": "Tidal Cyber", "title": "Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7" }, "related": [], "uuid": "fd9800c3-c556-4804-a4ea-f31c2b198dcf", "value": "Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7" }, { "description": "ExaTrack. (2022, May 11). Tricephalic Hellkeeper: a tale of a passive backdoor. Retrieved October 18, 2022.", "meta": { "date_accessed": "2022-10-18T00:00:00Z", "date_published": "2022-05-11T00:00:00Z", "refs": [ "https://exatrack.com/public/Tricephalic_Hellkeeper.pdf" ], "source": "MITRE", "title": "Tricephalic Hellkeeper: a tale of a passive backdoor" }, "related": [], "uuid": "84ffd130-97b9-4bbf-bc3e-42accdf248ce", "value": "exatrack bpf filters passive backdoors" }, { "description": "Umawing, J. (2019, September 3). TrickBot adds new trick to its arsenal: tampering with trusted texts. Retrieved June 15, 2020.", "meta": { "date_accessed": "2020-06-15T00:00:00Z", "date_published": "2019-09-03T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/trojans/2019/09/trickbot-adds-new-trick-to-its-arsenal-tampering-with-trusted-texts/" ], "source": "MITRE", "title": "TrickBot adds new trick to its arsenal: tampering with trusted texts" }, "related": [], "uuid": "4d6d258f-a57f-4cfd-880a-1ecd98e26d9f", "value": "Malwarebytes TrickBot Sep 2019" }, { "description": "Llimos, N., Pascual, C.. (2019, February 12). Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire. Retrieved March 12, 2019.", "meta": { "date_accessed": "2019-03-12T00:00:00Z", "date_published": "2019-02-12T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire/" ], "source": "MITRE", "title": "Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire" }, "related": [], "uuid": "c402888a-ccd1-4cbc-856c-ff0bdcb8b30b", "value": "TrendMicro Trickbot Feb 2019" }, { "description": "Eclypsium, Advanced Intelligence. (2020, December 1). TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT. Retrieved March 15, 2021.", "meta": { "date_accessed": "2021-03-15T00:00:00Z", "date_published": "2020-12-01T00:00:00Z", "refs": [ "https://eclypsium.com/wp-content/uploads/2020/12/TrickBot-Now-Offers-TrickBoot-Persist-Brick-Profit.pdf" ], "source": "MITRE", "title": "TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT" }, "related": [], "uuid": "ad72e27f-ae4f-425a-a4ef-c76a20382691", "value": "Eclypsium Trickboot December 2020" }, { "description": "Villadsen, O., et al. (2021, October 13). Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds. Retrieved June 15, 2023.", "meta": { "date_accessed": "2023-06-15T00:00:00Z", "date_published": "2021-10-13T00:00:00Z", "refs": [ "https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/" ], "source": "MITRE", "title": "Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds" }, "related": [], "uuid": "d796e773-7335-549f-a79b-a2961f85a8ec", "value": "IBM X-Force ITG23 Oct 2021" }, { "description": "Anthony, N., Pascual, C.. (2018, November 1). Trickbot Shows Off New Trick: Password Grabber Module. Retrieved November 16, 2018.", "meta": { "date_accessed": "2018-11-16T00:00:00Z", "date_published": "2018-11-01T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-shows-off-new-trick-password-grabber-module/" ], "source": "MITRE", "title": "Trickbot Shows Off New Trick: Password Grabber Module" }, "related": [], "uuid": "5504d906-579e-4b1c-8864-d811b67a25f8", "value": "Trend Micro Trickbot Nov 2018" }, { "description": "Joe Security. (2020, July 13). TrickBot's new API-Hammering explained. Retrieved September 30, 2021.", "meta": { "date_accessed": "2021-09-30T00:00:00Z", "date_published": "2020-07-13T00:00:00Z", "refs": [ "https://www.joesecurity.org/blog/498839998833561473" ], "source": "MITRE", "title": "TrickBot's new API-Hammering explained" }, "related": [], "uuid": "f5441718-3c0d-4b26-863c-24df1130b090", "value": "Joe Sec Trickbot" }, { "description": "Bacurio Jr., F. and Salvio, J. (2018, April 9). Trickbot’s New Reconnaissance Plugin. Retrieved February 14, 2019.", "meta": { "date_accessed": "2019-02-14T00:00:00Z", "date_published": "2018-04-09T00:00:00Z", "refs": [ "https://www.fortinet.com/blog/threat-research/trickbot-s-new-reconnaissance-plugin.html" ], "source": "MITRE", "title": "Trickbot’s New Reconnaissance Plugin" }, "related": [], "uuid": "a5dc1702-1930-463a-a581-74cc13e66ba5", "value": "Fortinet TrickBot" }, { "description": "Ionut Illascu. (2021, July 14). Trickbot updates its VNC module for high-value targets. Retrieved September 10, 2021.", "meta": { "date_accessed": "2021-09-10T00:00:00Z", "date_published": "2021-07-14T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/trickbot-updates-its-vnc-module-for-high-value-targets/" ], "source": "MITRE", "title": "Trickbot updates its VNC module for high-value targets" }, "related": [], "uuid": "0484ddd0-5402-4300-99d4-4504591dddc0", "value": "Trickbot VNC module July 2021" }, { "description": "Reaves, J. (2016, October 15). TrickBot: We Missed you, Dyre. Retrieved August 2, 2018.", "meta": { "date_accessed": "2018-08-02T00:00:00Z", "date_published": "2016-10-15T00:00:00Z", "refs": [ "https://www.fidelissecurity.com/threatgeek/2016/10/trickbot-we-missed-you-dyre" ], "source": "MITRE", "title": "TrickBot: We Missed you, Dyre" }, "related": [], "uuid": "839c02d1-58ec-4e25-a981-0276dbb1acc8", "value": "Fidelis TrickBot Oct 2016" }, { "description": "Holland, A. (2019, March 7). Tricks and COMfoolery: How Ursnif Evades Detection. Retrieved June 10, 2019.", "meta": { "date_accessed": "2019-06-10T00:00:00Z", "date_published": "2019-03-07T00:00:00Z", "refs": [ "https://www.bromium.com/how-ursnif-evades-detection/" ], "source": "MITRE", "title": "Tricks and COMfoolery: How Ursnif Evades Detection" }, "related": [], "uuid": "04028685-b2e0-4faf-8c9d-36d1b07f09fc", "value": "Bromium Ursnif Mar 2017" }, { "description": "Keshet, L. (2016, November 09). Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations. Retrieved August 2, 2018.", "meta": { "date_accessed": "2018-08-02T00:00:00Z", "date_published": "2016-11-09T00:00:00Z", "refs": [ "https://securityintelligence.com/tricks-of-the-trade-a-deeper-look-into-trickbots-machinations/" ], "source": "MITRE", "title": "Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations" }, "related": [], "uuid": "092aec63-aea0-4bc9-9c05-add89b4233ff", "value": "IBM TrickBot Nov 2016" }, { "description": "Babon, P. (2020, September 3). Tricky 'Forms' of Phishing. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "date_published": "2020-09-03T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/20/i/tricky-forms-of-phishing.html" ], "source": "MITRE", "title": "Tricky 'Forms' of Phishing" }, "related": [], "uuid": "621f1c52-5f34-4293-a507-b58c4084a19b", "value": "TrendMictro Phishing" }, { "description": "Metcalf, S. (2018, May 6). Trimarc Research: Detecting Password Spraying with Security Event Auditing. Retrieved January 16, 2019.", "meta": { "date_accessed": "2019-01-16T00:00:00Z", "date_published": "2018-05-06T00:00:00Z", "refs": [ "https://www.trimarcsecurity.com/single-post/2018/05/06/Trimarc-Research-Detecting-Password-Spraying-with-Security-Event-Auditing" ], "source": "MITRE", "title": "Trimarc Research: Detecting Password Spraying with Security Event Auditing" }, "related": [], "uuid": "aadbd0a8-00f2-404b-8d02-6d36292726da", "value": "Trimarc Detecting Password Spraying" }, { "description": "Dragos. (2017, December 13). TRISIS Malware Analysis of Safety System Targeted Malware. Retrieved January 6, 2021.", "meta": { "date_accessed": "2021-01-06T00:00:00Z", "date_published": "2017-12-13T00:00:00Z", "refs": [ "https://www.dragos.com/wp-content/uploads/TRISIS-01.pdf" ], "source": "MITRE", "title": "TRISIS Malware Analysis of Safety System Targeted Malware" }, "related": [], "uuid": "7659f7bc-2059-4a4d-a12c-17ccd99b737a", "value": "Dragos TRISIS" }, { "description": "Miller, S, et al. (2019, April 10). TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2019-04-10T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html" ], "source": "MITRE", "title": "TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping" }, "related": [], "uuid": "49c97b85-ca22-400a-9dc4-6290cc117f04", "value": "FireEye TRITON 2019" }, { "description": "Miller, S., et al. (2019, April 10). TRITON Appendix C. Retrieved April 29, 2019.", "meta": { "date_accessed": "2019-04-29T00:00:00Z", "date_published": "2019-04-10T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/blog/files/TRITON_Appendix_C.html" ], "source": "MITRE", "title": "TRITON Appendix C" }, "related": [], "uuid": "491783dc-7a6b-42a6-b923-c4439117e7e4", "value": "FireEye TEMP.Veles JSON April 2019" }, { "description": "FireEye Intelligence . (2018, October 23). TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "date_published": "2018-10-23T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html" ], "source": "MITRE", "title": "TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers" }, "related": [], "uuid": "e41151fa-ea11-43ca-9689-c65aae63a8d2", "value": "FireEye TEMP.Veles 2018" }, { "description": "Miller-Osborn, J. and Grunzweig, J.. (2017, March 30). Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations. Retrieved March 30, 2017.", "meta": { "date_accessed": "2017-03-30T00:00:00Z", "date_published": "2017-03-30T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/" ], "source": "MITRE", "title": "Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations" }, "related": [], "uuid": "4f3d7a08-2cf5-49ed-8bcd-6df180f3d194", "value": "Palo Alto MoonWind March 2017" }, { "description": "CyberESI. (2011). TROJAN.GTALK. Retrieved June 29, 2015.", "meta": { "date_accessed": "2015-06-29T00:00:00Z", "date_published": "2011-01-01T00:00:00Z", "refs": [ "http://www.cyberengineeringservices.com/2011/12/15/trojan-gtalk/" ], "source": "MITRE", "title": "TROJAN.GTALK" }, "related": [], "uuid": "7952f365-1284-4461-8bc3-d8e20e38e1ba", "value": "CyberESI GTALK" }, { "description": "Lelli, A. (2010, January 11). Trojan.Hydraq. Retrieved February 20, 2018.", "meta": { "date_accessed": "2018-02-20T00:00:00Z", "date_published": "2010-01-11T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2010-011114-1830-99" ], "source": "MITRE", "title": "Trojan.Hydraq" }, "related": [], "uuid": "2f99e508-6d0c-4590-8156-cdcadeef8ed9", "value": "Symantec Hydraq Jan 2010" }, { "description": "Moench, B. and Aboud, E. (2016, August 23). Trojan.Kwampirs. Retrieved May 10, 2018.", "meta": { "date_accessed": "2018-05-10T00:00:00Z", "date_published": "2016-08-23T00:00:00Z", "refs": [ "https://www.symantec.com/security-center/writeup/2016-081923-2700-99" ], "source": "MITRE", "title": "Trojan.Kwampirs" }, "related": [], "uuid": "d6fb6b97-042c-4a66-a2ba-31c13f96a144", "value": "Symantec Security Center Trojan.Kwampirs" }, { "description": "Neville, A. (2012, June 15). Trojan.Naid. Retrieved February 22, 2018.", "meta": { "date_accessed": "2018-02-22T00:00:00Z", "date_published": "2012-06-15T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2012-061518-4639-99" ], "source": "MITRE", "title": "Trojan.Naid" }, "related": [], "uuid": "dc3c16b3-e06b-4b56-b6bd-b98a0b39df3b", "value": "Symantec Naid June 2012" }, { "description": "Mullaney, C. & Honda, H. (2012, May 4). Trojan.Pasam. Retrieved February 22, 2018.", "meta": { "date_accessed": "2018-02-22T00:00:00Z", "date_published": "2012-05-04T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2012-050412-4128-99" ], "source": "MITRE", "title": "Trojan.Pasam" }, "related": [], "uuid": "c8135017-43c5-4bde-946e-141684c29b7a", "value": "Symantec Pasam May 2012" }, { "description": "Microsoft. (2017, September 15). TrojanSpy:Win32/Ursnif.gen!I. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2017-09-15T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif.gen!I&threatId=-2147336918" ], "source": "MITRE", "title": "TrojanSpy:Win32/Ursnif.gen!I" }, "related": [], "uuid": "2b0c16e3-9ea0-455e-ae01-18d9b388fea6", "value": "Microsoft TrojanSpy:Win32/Ursnif.gen!I Sept 2017" }, { "description": "Symantec. (2008, June 28). Trojan.Ushedix. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2008-06-28T00:00:00Z", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2008-062807-2501-99&tabid=2" ], "source": "MITRE", "title": "Trojan.Ushedix" }, "related": [], "uuid": "9df2b407-df20-403b-ba1b-a681b9c74c7e", "value": "Symantec Ushedix June 2008" }, { "description": "Yagi, J. (2014, August 24). Trojan.Volgmer. Retrieved July 16, 2018.", "meta": { "date_accessed": "2018-07-16T00:00:00Z", "date_published": "2014-08-24T00:00:00Z", "refs": [ "https://web.archive.org/web/20181126143456/https://www.symantec.com/security-center/writeup/2014-081811-3237-99?tabid=2" ], "source": "MITRE", "title": "Trojan.Volgmer" }, "related": [], "uuid": "8f5ba106-267a-4f9e-9498-04e27f509c5e", "value": "Symantec Volgmer Aug 2014" }, { "description": "Kazem, M. (2019, November 25). Trojan:W32/Lokibot. Retrieved May 15, 2020.", "meta": { "date_accessed": "2020-05-15T00:00:00Z", "date_published": "2019-11-25T00:00:00Z", "refs": [ "https://www.f-secure.com/v-descs/trojan_w32_lokibot.shtml" ], "source": "MITRE", "title": "Trojan:W32/Lokibot" }, "related": [], "uuid": "e4ed8915-8f1e-47a0-ad99-075c66fa9cd3", "value": "FSecure Lokibot November 2019" }, { "description": "Pornasdoro, A. (2017, October 12). Trojan:Win32/Totbrick. Retrieved September 14, 2018.", "meta": { "date_accessed": "2018-09-14T00:00:00Z", "date_published": "2017-10-12T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Totbrick" ], "source": "MITRE", "title": "Trojan:Win32/Totbrick" }, "related": [], "uuid": "3abe861b-0e3b-458a-98cf-38450058b4a5", "value": "Microsoft Totbrick Oct 2017" }, { "description": "Ciubotariu, M. (2014, January 23). Trojan.Zeroaccess.C Hidden in NTFS EA. Retrieved December 2, 2014.", "meta": { "date_accessed": "2014-12-02T00:00:00Z", "date_published": "2014-01-23T00:00:00Z", "refs": [ "http://www.symantec.com/connect/blogs/trojanzeroaccessc-hidden-ntfs-ea" ], "source": "MITRE", "title": "Trojan.Zeroaccess.C Hidden in NTFS EA" }, "related": [], "uuid": "8a4583fe-cf73-47ba-a4ea-3e5ef1eb51b6", "value": "Ciubotariu 2014" }, { "description": "Sioting, S. (2012, October 8). TROJ_FAKEAV.GZD. Retrieved August 8, 2018.", "meta": { "date_accessed": "2018-08-08T00:00:00Z", "date_published": "2012-10-08T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_fakeav.gzd" ], "source": "MITRE", "title": "TROJ_FAKEAV.GZD" }, "related": [], "uuid": "5d9e974f-07f8-48e4-96b6-632ecb31465d", "value": "TrendMicro TROJ-FAKEAV OCT 2012" }, { "description": "Trend Micro. (2012, October 9). TROJ_ZEGOST. Retrieved September 2, 2021.", "meta": { "date_accessed": "2021-09-02T00:00:00Z", "date_published": "2012-10-09T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_zegost" ], "source": "MITRE", "title": "TROJ_ZEGOST" }, "related": [], "uuid": "c3790ad6-704a-4076-8729-61b5df9d7983", "value": "troj_zegost" }, { "description": "Chen, J.. (2020, May 12). Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments. Retrieved May 20, 2020.", "meta": { "date_accessed": "2020-05-20T00:00:00Z", "date_published": "2020-05-12T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments" }, "related": [], "uuid": "4fbc1df0-f174-4461-817d-0baf6e947ba1", "value": "TrendMicro Tropic Trooper May 2020" }, { "description": "Horejsi, J., et al. (2018, March 14). Tropic Trooper’s New Strategy. Retrieved November 9, 2018.", "meta": { "date_accessed": "2018-11-09T00:00:00Z", "date_published": "2018-03-14T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/" ], "source": "MITRE, Tidal Cyber", "title": "Tropic Trooper’s New Strategy" }, "related": [], "uuid": "5d69d122-13bc-45c4-95ab-68283a21b699", "value": "TrendMicro Tropic Trooper Mar 2018" }, { "description": "Ray, V. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved November 9, 2018.", "meta": { "date_accessed": "2018-11-09T00:00:00Z", "date_published": "2016-11-22T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/" ], "source": "MITRE", "title": "Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy" }, "related": [], "uuid": "cad84e3d-9506-44f8-bdd9-d090e6ce9b06", "value": "Unit 42 Tropic Trooper Nov 2016" }, { "description": "Ray, V., et al. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved December 18, 2020.", "meta": { "date_accessed": "2020-12-18T00:00:00Z", "date_published": "2016-11-22T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/" ], "source": "MITRE", "title": "Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy" }, "related": [], "uuid": "47524b17-1acd-44b1-8de5-168369fa9455", "value": "paloalto Tropic Trooper 2016" }, { "description": "Dylan Ayrey. (2016, December 31). truffleHog. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "date_published": "2016-12-31T00:00:00Z", "refs": [ "https://github.com/dxa4481/truffleHog" ], "source": "MITRE", "title": "truffleHog" }, "related": [], "uuid": "324a563f-55ee-49e9-9fc7-2b8e35f36875", "value": "GitHub truffleHog" }, { "description": "Trusted Computing Group. (2008, April 29). Trusted Platform Module (TPM) Summary. Retrieved June 8, 2016.", "meta": { "date_accessed": "2016-06-08T00:00:00Z", "date_published": "2008-04-29T00:00:00Z", "refs": [ "http://www.trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_04292008.pdf" ], "source": "MITRE", "title": "Trusted Platform Module (TPM) Summary" }, "related": [], "uuid": "51a2a2fd-7828-449d-aab5-dbcf5d37f020", "value": "TCG Trusted Platform Module" }, { "description": "Microsoft. (2009, October 7). Trust Technologies. Retrieved February 14, 2019.", "meta": { "date_accessed": "2019-02-14T00:00:00Z", "date_published": "2009-10-07T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759554(v=ws.10)" ], "source": "MITRE", "title": "Trust Technologies" }, "related": [], "uuid": "e6bfc6a8-9eea-4c65-9c2b-04749da72a92", "value": "Microsoft Trusts" }, { "description": "Adam Boileau. (2005, August 5). Trust Transience: Post Intrusion SSH Hijacking. Retrieved December 19, 2017.", "meta": { "date_accessed": "2017-12-19T00:00:00Z", "date_published": "2005-08-05T00:00:00Z", "refs": [ "https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-boileau.pdf" ], "source": "MITRE", "title": "Trust Transience: Post Intrusion SSH Hijacking" }, "related": [], "uuid": "64f94126-de4c-4204-8409-d26804f32cff", "value": "SSHjack Blackhat" }, { "description": "Antazo, F. (2016, October 31). TSPY_TRICKLOAD.N. Retrieved September 14, 2018.", "meta": { "date_accessed": "2018-09-14T00:00:00Z", "date_published": "2016-10-31T00:00:00Z", "refs": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_trickload.n" ], "source": "MITRE", "title": "TSPY_TRICKLOAD.N" }, "related": [], "uuid": "d6419764-f203-4089-8b38-860c442238e7", "value": "Trend Micro Totbrick Oct 2016" }, { "description": "LOLBAS. (2020, May 12). Ttdinject.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-05-12T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Ttdinject/" ], "source": "Tidal Cyber", "title": "Ttdinject.exe" }, "related": [], "uuid": "3146c9c9-9836-4ce5-afe6-ef8f7b4a7b9d", "value": "Ttdinject.exe - LOLBAS Project" }, { "description": "Tu, L. Ma, Y. Ye, G. (2020, October 1). Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities. Retrieved October 28, 2021.", "meta": { "date_accessed": "2021-10-28T00:00:00Z", "date_published": "2020-10-01T00:00:00Z", "refs": [ "https://blog.netlab.360.com/ttint-an-iot-remote-control-trojan-spread-through-2-0-day-vulnerabilities/" ], "source": "MITRE", "title": "Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities" }, "related": [], "uuid": "f3e60cae-3225-4800-bc15-cb46ff715061", "value": "ttint_rat" }, { "description": "LOLBAS. (2019, November 5). Tttracer.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-11-05T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Tttracer/" ], "source": "Tidal Cyber", "title": "Tttracer.exe" }, "related": [], "uuid": "7c88a77e-034e-4847-8bd7-1be3a684a158", "value": "Tttracer.exe - LOLBAS Project" }, { "description": "Belcher, P.. (2016, July 28). Tunnel of Gov: DNC Hack and the Russian XTunnel. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2016-07-28T00:00:00Z", "refs": [ "https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/" ], "source": "MITRE", "title": "Tunnel of Gov: DNC Hack and the Russian XTunnel" }, "related": [], "uuid": "43773784-92b8-4722-806c-4b1fc4278bb0", "value": "Invincea XTunnel" }, { "description": "Fidelis Threat Research Team. (2016, May 2). Turbo Twist: Two 64-bit Derusbi Strains Converge. Retrieved August 16, 2018.", "meta": { "date_accessed": "2018-08-16T00:00:00Z", "date_published": "2016-05-02T00:00:00Z", "refs": [ "https://www.fidelissecurity.com/threatgeek/threat-intelligence/turbo-twist-two-64-bit-derusbi-strains-converge" ], "source": "MITRE", "title": "Turbo Twist: Two 64-bit Derusbi Strains Converge" }, "related": [], "uuid": "a386b614-a808-42cf-be23-658f71b31560", "value": "ThreatGeek Derusbi Converge" }, { "description": "Hawley, S. et al. (2023, February 2). Turla: A Galaxy of Opportunity. Retrieved May 15, 2023.", "meta": { "date_accessed": "2023-05-15T00:00:00Z", "date_published": "2023-02-02T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/turla-galaxy-opportunity" ], "source": "MITRE", "title": "Turla: A Galaxy of Opportunity" }, "related": [], "uuid": "d8f43a52-a59e-5567-8259-821b1b6bde43", "value": "Mandiant Suspected Turla Campaign February 2023" }, { "description": "Faou, M. (2020, December 2). Turla Crutch: Keeping the “back door” open. Retrieved December 4, 2020.", "meta": { "date_accessed": "2020-12-04T00:00:00Z", "date_published": "2020-12-02T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/" ], "source": "MITRE", "title": "Turla Crutch: Keeping the “back door” open" }, "related": [], "uuid": "8b2f40f5-7dca-4edf-8314-a8f5bc4831b8", "value": "ESET Crutch December 2020" }, { "description": "Faou, M. (2019, May). Turla LightNeuron: One email away from remote code execution. Retrieved June 24, 2019.", "meta": { "date_accessed": "2019-06-24T00:00:00Z", "date_published": "2019-05-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf" ], "source": "MITRE", "title": "Turla LightNeuron: One email away from remote code execution" }, "related": [], "uuid": "679aa333-572c-44ba-b94a-606f168d1ed2", "value": "ESET LightNeuron May 2019" }, { "description": "ESET Research. (2018, May 22). Turla Mosquito: A shift towards more generic tools. Retrieved July 3, 2018.", "meta": { "date_accessed": "2018-07-03T00:00:00Z", "date_published": "2018-05-22T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/" ], "source": "MITRE", "title": "Turla Mosquito: A shift towards more generic tools" }, "related": [], "uuid": "d683b8a2-7f90-4ae3-b763-c25fd701dbf6", "value": "ESET Turla Mosquito May 2018" }, { "description": "ESET. (2018, August). Turla Outlook Backdoor: Analysis of an unusual Turla backdoor. Retrieved March 11, 2019.", "meta": { "date_accessed": "2019-03-11T00:00:00Z", "date_published": "2018-08-01T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf" ], "source": "MITRE", "title": "Turla Outlook Backdoor: Analysis of an unusual Turla backdoor" }, "related": [], "uuid": "e725fb9d-65b9-4e3f-9930-13c2c74b7fa4", "value": "ESET Turla August 2018" }, { "description": "Accenture. (2020, October). Turla uses HyperStack, Carbon, and Kazuar to compromise government entity. Retrieved December 2, 2020.", "meta": { "date_accessed": "2020-12-02T00:00:00Z", "date_published": "2020-10-01T00:00:00Z", "refs": [ "https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity" ], "source": "MITRE", "title": "Turla uses HyperStack, Carbon, and Kazuar to compromise government entity" }, "related": [], "uuid": "680f2a0b-f69d-48bd-93ed-20ee2f79e3f7", "value": "Accenture HyperStack October 2020" }, { "description": "Google. (n.d.). Turn Gmail delegation on or off. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "refs": [ "https://support.google.com/a/answer/7223765?hl=en" ], "source": "MITRE", "title": "Turn Gmail delegation on or off" }, "related": [], "uuid": "dfd28a01-56ba-4c0c-9742-d8b1db49df06", "value": "Gmail Delegation" }, { "description": "Chris Moberly. (2020, February 12). Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2020-02-12T00:00:00Z", "refs": [ "https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/" ], "source": "MITRE", "title": "Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments" }, "related": [], "uuid": "3dc4b69c-8cae-4489-8df2-5f55419fb3b1", "value": "Google Cloud Privilege Escalation" }, { "description": "Microsoft. (2020, May 19). Tutorial: SSH in Windows Terminal. Retrieved July 26, 2021.", "meta": { "date_accessed": "2021-07-26T00:00:00Z", "date_published": "2020-05-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/terminal/tutorials/ssh" ], "source": "MITRE", "title": "Tutorial: SSH in Windows Terminal" }, "related": [], "uuid": "3006af23-b802-400f-841d-7eea7d748d28", "value": "SSH in Windows" }, { "description": "Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.", "meta": { "date_accessed": "2017-11-27T00:00:00Z", "date_published": "2016-12-14T00:00:00Z", "refs": [ "https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/" ], "source": "MITRE, Tidal Cyber", "title": "Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe" }, "related": [], "uuid": "87c9f8e4-f8d1-4f19-86ca-6fd18a33890b", "value": "Microsoft NEODYMIUM Dec 2016" }, { "description": "Ackroyd, R. (2023, March 24). Twitter. Retrieved March 24, 2023.", "meta": { "date_accessed": "2023-03-24T00:00:00Z", "date_published": "2023-03-24T00:00:00Z", "refs": [ "https://twitter.com/rfackroyd/status/1639136000755765254" ], "source": "MITRE", "title": "Twitter" }, "related": [], "uuid": "7d701a8e-6816-5112-ac16-b36e71d7c5db", "value": "Twitter Richard WMIC" }, { "description": "Carr, N.. (2017, April 6). Retrieved June 29, 2017.", "meta": { "date_accessed": "2017-06-29T00:00:00Z", "refs": [ "https://twitter.com/ItsReallyNick/status/850105140589633536" ], "source": "MITRE", "title": "Twitter Nick Carr APT10" }, "related": [], "uuid": "0f133f2c-3b02-4b3b-a960-ef6a7862cf8f", "value": "Twitter Nick Carr APT10" }, { "description": "Adam Kozy. (2018, August 30). Two Birds, One Stone Panda. Retrieved August 24, 2021.", "meta": { "date_accessed": "2021-08-24T00:00:00Z", "date_published": "2018-08-30T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/two-birds-one-stone-panda/" ], "source": "MITRE", "title": "Two Birds, One Stone Panda" }, "related": [], "uuid": "42fe94f5-bc4c-4b0b-9c35-0bc32cbc5d79", "value": "Crowdstrike KRYPTONITE PANDA August 2018" }, { "description": "Douglas Bonderud. (2018, September 17). Two New Monero Malware Attacks Target Windows and Android Users. Retrieved June 5, 2023.", "meta": { "date_accessed": "2023-06-05T00:00:00Z", "date_published": "2018-09-17T00:00:00Z", "refs": [ "https://securityintelligence.com/news/two-new-monero-malware-attacks-target-windows-and-android-users/" ], "source": "MITRE", "title": "Two New Monero Malware Attacks Target Windows and Android Users" }, "related": [], "uuid": "a797397b-2af7-58b9-b66a-5ded260659f0", "value": "Two New Monero Malware Attacks Target Windows and Android Users" }, { "description": "Hacquebord, F.. (2017, April 25). Two Years of Pawn Storm: Examining an Increasingly Relevant Threat. Retrieved May 3, 2017.", "meta": { "date_accessed": "2017-05-03T00:00:00Z", "date_published": "2017-04-25T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf" ], "source": "MITRE", "title": "Two Years of Pawn Storm: Examining an Increasingly Relevant Threat" }, "related": [], "uuid": "d92f22a7-7753-47da-a850-00c073b5fd27", "value": "Trend Micro Pawn Storm April 2017" }, { "description": "Almond. (2019, April 30). UAC bypass via elevated .NET applications. Retrieved June 24, 2020.", "meta": { "date_accessed": "2020-06-24T00:00:00Z", "date_published": "2019-04-30T00:00:00Z", "refs": [ "https://offsec.almond.consulting/UAC-bypass-dotnet.html" ], "source": "MITRE", "title": "UAC bypass via elevated .NET applications" }, "related": [], "uuid": "a49c5870-2a48-4cd7-8b4e-e80c5414f565", "value": "Almond COR_PROFILER Apr 2019" }, { "description": "UACME Project. (2016, June 16). UACMe. Retrieved July 26, 2016.", "meta": { "date_accessed": "2016-07-26T00:00:00Z", "date_published": "2016-06-16T00:00:00Z", "refs": [ "https://github.com/hfiref0x/UACME" ], "source": "MITRE", "title": "UACMe" }, "related": [], "uuid": "7006d59d-3b61-4030-a680-5dac52133722", "value": "Github UACMe" }, { "description": "Wang, J. (2018, October 17). Ubiquitous SEO Poisoning URLs. Retrieved September 30, 2022.", "meta": { "date_accessed": "2022-09-30T00:00:00Z", "date_published": "2018-10-17T00:00:00Z", "refs": [ "https://www.zscaler.com/blogs/security-research/ubiquitous-seo-poisoning-urls-0" ], "source": "MITRE", "title": "Ubiquitous SEO Poisoning URLs" }, "related": [], "uuid": "f117cfa5-1bad-43ae-9eaa-3b9123061f93", "value": "ZScaler SEO" }, { "description": "Hayashi, K. (2017, November 28). UBoatRAT Navigates East Asia. Retrieved January 12, 2018.", "meta": { "date_accessed": "2018-01-12T00:00:00Z", "date_published": "2017-11-28T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/" ], "source": "MITRE", "title": "UBoatRAT Navigates East Asia" }, "related": [], "uuid": "235a1129-2f35-4861-90b8-1f761d89b0f9", "value": "PaloAlto UBoatRAT Nov 2017" }, { "description": "UK NCSC. (2021, April 15). UK and US call out Russia for SolarWinds compromise. Retrieved April 16, 2021.", "meta": { "date_accessed": "2021-04-16T00:00:00Z", "date_published": "2021-04-15T00:00:00Z", "refs": [ "https://www.ncsc.gov.uk/news/uk-and-us-call-out-russia-for-solarwinds-compromise" ], "source": "MITRE", "title": "UK and US call out Russia for SolarWinds compromise" }, "related": [], "uuid": "f49e6780-8caa-4c3c-8d68-47a2cc4319a1", "value": "UK NSCS Russia SolarWinds April 2021" }, { "description": "UK Gov. (2021, April 15). UK and US expose global campaign of malign activity by Russian intelligence services . Retrieved April 16, 2021.", "meta": { "date_accessed": "2021-04-16T00:00:00Z", "date_published": "2021-04-15T00:00:00Z", "refs": [ "https://www.gov.uk/government/news/russia-uk-and-us-expose-global-campaigns-of-malign-activity-by-russian-intelligence-services" ], "source": "MITRE", "title": "UK and US expose global campaign of malign activity by Russian intelligence services" }, "related": [], "uuid": "7fe5a605-c33e-4d3d-b787-2d1f649bee53", "value": "UK Gov Malign RIS Activity April 2021" }, { "description": "UK Gov. (2021, April 15). UK exposes Russian involvement in SolarWinds cyber compromise . Retrieved April 16, 2021.", "meta": { "date_accessed": "2021-04-16T00:00:00Z", "date_published": "2021-04-15T00:00:00Z", "refs": [ "https://www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise" ], "source": "MITRE", "title": "UK exposes Russian involvement in SolarWinds cyber compromise" }, "related": [], "uuid": "ffbd83d7-9d4f-42b9-adc0-eb144045aef2", "value": "UK Gov UK Exposes Russia SolarWinds April 2021" }, { "description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.", "meta": { "date_accessed": "2020-11-30T00:00:00Z", "date_published": "2020-10-19T00:00:00Z", "refs": [ "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games" ], "source": "MITRE", "title": "UK exposes series of Russian cyber attacks against Olympic and Paralympic Games" }, "related": [], "uuid": "93053f1b-917c-4573-ba20-99fcaa16a2dd", "value": "UK NCSC Olympic Attacks October 2020" }, { "description": "Biasini, N. et al.. (2022, January 21). Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation. Retrieved March 14, 2022.", "meta": { "date_accessed": "2022-03-14T00:00:00Z", "date_published": "2022-01-21T00:00:00Z", "refs": [ "https://blog.talosintelligence.com/2022/01/ukraine-campaign-delivers-defacement.html" ], "source": "MITRE", "title": "Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation" }, "related": [], "uuid": "db17cc3d-9cd3-4faa-9de9-3b8fbec909c3", "value": "Cisco Ukraine Wipers January 2022" }, { "description": "Symantec Threat Hunter Team. (2022, February 24). Ukraine: Disk-wiping Attacks Precede Russian Invasion. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2022-02-24T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia" ], "source": "MITRE", "title": "Ukraine: Disk-wiping Attacks Precede Russian Invasion" }, "related": [], "uuid": "3ed4cd00-3387-4b80-bda8-0a190dc6353c", "value": "Symantec Ukraine Wipers February 2022" }, { "description": "Toulas, B. (2018, November 4). Ukraine links members of Gamaredon hacker group to Russian FSB. Retrieved April 15, 2022.", "meta": { "date_accessed": "2022-04-15T00:00:00Z", "date_published": "2018-11-04T00:00:00Z", "refs": [ "https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/" ], "source": "MITRE", "title": "Ukraine links members of Gamaredon hacker group to Russian FSB" }, "related": [], "uuid": "c565b025-df74-40a9-9535-b630ca06f777", "value": "Bleepingcomputer Gamardeon FSB November 2021" }, { "description": "Dani, M. (2022, March 1). Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware. Retrieved March 25, 2022.", "meta": { "date_accessed": "2022-03-25T00:00:00Z", "date_published": "2022-03-01T00:00:00Z", "refs": [ "https://blog.qualys.com/vulnerabilities-threat-research/2022/03/01/ukrainian-targets-hit-by-hermeticwiper-new-datawiper-malware" ], "source": "MITRE", "title": "Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware" }, "related": [], "uuid": "2b25969b-2f0b-4204-9277-596e80c4e626", "value": "Qualys Hermetic Wiper March 2022" }, { "description": "Moe, O. (2018, March 1). Ultimate AppLocker Bypass List. Retrieved April 10, 2018.", "meta": { "date_accessed": "2018-04-10T00:00:00Z", "date_published": "2018-03-01T00:00:00Z", "refs": [ "https://github.com/api0cradle/UltimateAppLockerByPassList" ], "source": "MITRE", "title": "Ultimate AppLocker Bypass List" }, "related": [], "uuid": "a2fa7fb8-ddba-44cf-878f-448fb2aa6149", "value": "GitHub Ultimate AppLocker Bypass List" }, { "description": "UCF. (n.d.). Unauthorized accounts must not have the Create symbolic links user right.. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "refs": [ "https://www.stigviewer.com/stig/windows_server_2008_r2_member_server/2015-06-25/finding/V-26482" ], "source": "MITRE", "title": "Unauthorized accounts must not have the Create symbolic links user right." }, "related": [], "uuid": "93716db0-6f88-425c-af00-ed2e941214d3", "value": "UCF STIG Symbolic Links" }, { "description": "McLellan, T. and Moore, J. et al. (2021, April 29). UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat. Retrieved June 2, 2021.", "meta": { "date_accessed": "2021-06-02T00:00:00Z", "date_published": "2021-04-29T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html" ], "source": "MITRE", "title": "UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat" }, "related": [], "uuid": "832aeb46-b248-43e8-9157-a2f56bcd1806", "value": "FireEye FiveHands April 2021" }, { "description": "Mandiant. (2022, May 2). UNC3524: Eye Spy on Your Email. Retrieved August 17, 2023.", "meta": { "date_accessed": "2023-08-17T00:00:00Z", "date_published": "2022-05-02T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/unc3524-eye-spy-email" ], "source": "MITRE", "title": "UNC3524: Eye Spy on Your Email" }, "related": [], "uuid": "452ca091-42b1-5bef-8a01-921c1f46bbee", "value": "Mandiant APT29 Eye Spy Email Nov 22" }, { "description": "Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.", "meta": { "date_accessed": "2021-11-12T00:00:00Z", "date_published": "2020-02-01T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Uncovering DRBControl" }, "related": [], "uuid": "4dfbf26d-023b-41dd-82c8-12fe18cb10e6", "value": "Trend Micro DRBControl February 2020" }, { "description": "Checkpoint Research. (2021, November 15). Uncovering MosesStaff techniques: Ideology over Money. Retrieved August 11, 2022.", "meta": { "date_accessed": "2022-08-11T00:00:00Z", "date_published": "2021-11-15T00:00:00Z", "refs": [ "https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/" ], "source": "MITRE", "title": "Uncovering MosesStaff techniques: Ideology over Money" }, "related": [], "uuid": "d6da2849-cff0-408a-9f09-81a33fc88a56", "value": "Checkpoint MosesStaff Nov 2021" }, { "description": "Benjamin Cane. (2013, September 16). Understanding a little more about /etc/profile and /etc/bashrc. Retrieved February 25, 2021.", "meta": { "date_accessed": "2021-02-25T00:00:00Z", "date_published": "2013-09-16T00:00:00Z", "refs": [ "https://bencane.com/2013/09/16/understanding-a-little-more-about-etcprofile-and-etcbashrc/" ], "source": "MITRE", "title": "Understanding a little more about /etc/profile and /etc/bashrc" }, "related": [], "uuid": "503a4cd6-5cfe-4cce-b363-0cf3c8bc9feb", "value": "bencane blog bashrc" }, { "description": "Juniper. (2020, September 23). Understanding and Using Dynamic ARP Inspection (DAI). Retrieved October 15, 2020.", "meta": { "date_accessed": "2020-10-15T00:00:00Z", "date_published": "2020-09-23T00:00:00Z", "refs": [ "https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/understanding-and-using-dai.html" ], "source": "MITRE", "title": "Understanding and Using Dynamic ARP Inspection (DAI)" }, "related": [], "uuid": "f63b099d-a316-42a1-b1ce-17f11d0f3d2e", "value": "Juniper DAI 2020" }, { "description": "Google Cloud. (2022, March 31). Understanding policies. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2022-03-31T00:00:00Z", "refs": [ "https://cloud.google.com/iam/docs/policies" ], "source": "MITRE", "title": "Understanding policies" }, "related": [], "uuid": "b23a0df2-923d-4a5d-a40c-3ae218a0be94", "value": "Google Cloud IAM Policies" }, { "description": "Juniper. (n.d.). Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches. Retrieved October 19, 2020.", "meta": { "date_accessed": "2020-10-19T00:00:00Z", "refs": [ "https://www.juniper.net/documentation/en_US/junos/topics/concept/port-mirroring-ex-series.html" ], "source": "MITRE", "title": "Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches" }, "related": [], "uuid": "a6f62986-0b62-4316-b762-021f1bb14903", "value": "Juniper Traffic Mirroring" }, { "description": "Cybersecurity and Infrastructure Security Agency. (2023, June 14). Understanding Ransomware Threat Actors: LockBit. Retrieved June 30, 2023.", "meta": { "date_accessed": "2023-06-30T00:00:00Z", "date_published": "2023-06-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a" ], "source": "Tidal Cyber", "title": "Understanding Ransomware Threat Actors: LockBit" }, "related": [], "uuid": "9c03b801-2ebe-4c7b-aa29-1b7a3625964a", "value": "U.S. CISA Understanding LockBit June 2023" }, { "description": "Auth0 Inc.. (n.d.). Understanding Refresh Tokens. Retrieved December 16, 2021.", "meta": { "date_accessed": "2021-12-16T00:00:00Z", "refs": [ "https://auth0.com/learn/refresh-tokens/" ], "source": "MITRE", "title": "Understanding Refresh Tokens" }, "related": [], "uuid": "84eb3d8a-f6b1-4bb5-9411-2c8da29b5946", "value": "Auth0 Understanding Refresh Tokens" }, { "description": "baeldung. (2022, April 8). Understanding the Linux /proc/id/maps File. Retrieved March 31, 2023.", "meta": { "date_accessed": "2023-03-31T00:00:00Z", "date_published": "2022-04-08T00:00:00Z", "refs": [ "https://www.baeldung.com/linux/proc-id-maps" ], "source": "MITRE", "title": "Understanding the Linux /proc/id/maps File" }, "related": [], "uuid": "b70d04e4-c5f9-5cb2-b896-9bd64e97369e", "value": "baeldung Linux proc map 2022" }, { "description": "Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020.", "meta": { "date_accessed": "2020-10-28T00:00:00Z", "date_published": "2020-10-28T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html" ], "source": "MITRE", "title": "Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser" }, "related": [], "uuid": "59162ffd-cb95-4757-bb1e-0c2a4ad5c083", "value": "FireEye KEGTAP SINGLEMALT October 2020" }, { "description": "Wikipedia. (2017, July 10). Unified Extensible Firmware Interface. Retrieved July 11, 2017.", "meta": { "date_accessed": "2017-07-11T00:00:00Z", "date_published": "2017-07-10T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface" ], "source": "MITRE", "title": "Unified Extensible Firmware Interface" }, "related": [], "uuid": "681c6a57-76db-410b-82d6-4e614bcdb6e0", "value": "Wikipedia UEFI" }, { "description": "Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.", "meta": { "date_accessed": "2015-11-04T00:00:00Z", "date_published": "2015-04-01T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/" ], "source": "MITRE", "title": "Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets" }, "related": [], "uuid": "82c1ed0d-a41d-4212-a3ae-a1d661bede2d", "value": "New DragonOK" }, { "description": "Unit 42. (2017, December 15). Unit 42 Playbook Viewer. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-12-15T00:00:00Z", "refs": [ "https://pan-unit42.github.io/playbook_viewer/" ], "source": "MITRE, Tidal Cyber", "title": "Unit 42 Playbook Viewer" }, "related": [], "uuid": "9923f9ff-a7b8-4058-8213-3c83c54c10a6", "value": "Unit 42 Playbook Dec 2017" }, { "description": "Grunzweig, J.. (2015, July 14). Unit 42 Technical Analysis: Seaduke. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2015-07-14T00:00:00Z", "refs": [ "http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/" ], "source": "MITRE", "title": "Unit 42 Technical Analysis: Seaduke" }, "related": [], "uuid": "735d38da-9214-4141-86af-11eefa5c4d04", "value": "Unit 42 SeaDuke 2015" }, { "description": "Juan Tapiador. (2022, April 11). UNIX daemonization and the double fork. Retrieved September 29, 2023.", "meta": { "date_accessed": "2023-09-29T00:00:00Z", "date_published": "2022-04-11T00:00:00Z", "refs": [ "https://0xjet.github.io/3OHA/2022/04/11/post.html" ], "source": "MITRE", "title": "UNIX daemonization and the double fork" }, "related": [], "uuid": "521b79fe-bb7b-52fd-a899-b73e254027a5", "value": "3OHA double-fork 2022" }, { "description": "Flashpoint. (2023, June 20). Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations. Retrieved October 10, 2023.", "meta": { "date_accessed": "2023-10-10T00:00:00Z", "date_published": "2023-06-20T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://flashpoint.io/blog/anonymous-sudan-ddos-timeline/" ], "source": "Tidal Cyber", "title": "Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations" }, "related": [], "uuid": "2e7060d2-f7bc-457e-a2e6-12897d503ea6", "value": "Flashpoint Anonymous Sudan Timeline" }, { "description": "Dr. Nestori Syynimaa. (2020, July 13). Unnoticed sidekick: Getting access to cloud as an on-prem admin. Retrieved September 28, 2022.", "meta": { "date_accessed": "2022-09-28T00:00:00Z", "date_published": "2020-07-13T00:00:00Z", "refs": [ "https://o365blog.com/post/on-prem_admin/" ], "source": "MITRE", "title": "Unnoticed sidekick: Getting access to cloud as an on-prem admin" }, "related": [], "uuid": "7a6a7ecd-b9c7-4371-9924-34733597556c", "value": "AADInternals Azure AD On-Prem to Cloud" }, { "description": "Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.", "meta": { "date_accessed": "2015-12-23T00:00:00Z", "date_published": "2015-11-13T00:00:00Z", "refs": [ "https://adsecurity.org/?page_id=1821" ], "source": "MITRE", "title": "Unofficial Guide to Mimikatz & Command Reference" }, "related": [], "uuid": "b251ed65-a145-4053-9dc2-bf0dad83d76c", "value": "Adsecurity Mimikatz Guide" }, { "description": "GREAT. (2017, April 11). Unraveling the Lamberts Toolkit. Retrieved March 21, 2022.", "meta": { "date_accessed": "2022-03-21T00:00:00Z", "date_published": "2017-04-11T00:00:00Z", "refs": [ "https://securelist.com/unraveling-the-lamberts-toolkit/77990/" ], "source": "MITRE", "title": "Unraveling the Lamberts Toolkit" }, "related": [], "uuid": "2be23bfb-c6fb-455e-ae88-2ae910ccef60", "value": "Kaspersky Lamberts Toolkit April 2017" }, { "description": "John, E. and Carvey, H. (2019, May 30). Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER. Retrieved May 12, 2020.", "meta": { "date_accessed": "2020-05-12T00:00:00Z", "date_published": "2019-05-30T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/" ], "source": "MITRE", "title": "Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER" }, "related": [], "uuid": "103f2b78-81ed-4096-a67a-dedaffd67e9b", "value": "CrowdStrike Grim Spider May 2019" }, { "description": "LOLBAS. (2021, December 6). Unregmp2.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-12-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Unregmp2/" ], "source": "Tidal Cyber", "title": "Unregmp2.exe" }, "related": [], "uuid": "9ad11187-bf91-4205-98c7-c7b981e4ab6f", "value": "Unregmp2.exe - LOLBAS Project" }, { "description": "Lunghi, D., et al. (2017, December). Untangling the Patchwork Cyberespionage Group. Retrieved July 10, 2018.", "meta": { "date_accessed": "2018-07-10T00:00:00Z", "date_published": "2017-12-01T00:00:00Z", "refs": [ "https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf" ], "source": "MITRE", "title": "Untangling the Patchwork Cyberespionage Group" }, "related": [], "uuid": "15465b26-99e1-4956-8c81-cda3388169b8", "value": "TrendMicro Patchwork Dec 2017" }, { "description": "Kaspersky Labs. (2014, February 11). Unveiling “Careto” - The Masked APT. Retrieved July 5, 2017.", "meta": { "date_accessed": "2017-07-05T00:00:00Z", "date_published": "2014-02-11T00:00:00Z", "refs": [ "https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/unveilingthemask_v1.0.pdf" ], "source": "MITRE", "title": "Unveiling “Careto” - The Masked APT" }, "related": [], "uuid": "547f1a4a-7e4a-461d-8c19-f4775cd60ac0", "value": "Kaspersky Careto" }, { "description": "Cymmetria. (2016). Unveiling Patchwork - The Copy-Paste APT. Retrieved August 3, 2016.", "meta": { "date_accessed": "2016-08-03T00:00:00Z", "date_published": "2016-01-01T00:00:00Z", "refs": [ "https://web.archive.org/web/20180825085952/https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf" ], "source": "MITRE, Tidal Cyber", "title": "Unveiling Patchwork - The Copy-Paste APT" }, "related": [], "uuid": "d4e43b2c-a858-4285-984f-f59db5c657bd", "value": "Cymmetria Patchwork" }, { "description": "Rapid7. (2013, August 26). Upcoming G20 Summit Fuels Espionage Operations. Retrieved March 6, 2017.", "meta": { "date_accessed": "2017-03-06T00:00:00Z", "date_published": "2013-08-26T00:00:00Z", "refs": [ "https://blog.rapid7.com/2013/08/26/upcoming-g20-summit-fuels-espionage-operations/" ], "source": "MITRE", "title": "Upcoming G20 Summit Fuels Espionage Operations" }, "related": [], "uuid": "2235ff2a-07b8-4198-b91d-e50739e274f4", "value": "Rapid7G20Espionage" }, { "description": "Hinchliffe, A. and Falcone, R. (2020, May 11). Updated BackConfig Malware Targeting Government and Military Organizations in South Asia. Retrieved June 17, 2020.", "meta": { "date_accessed": "2020-06-17T00:00:00Z", "date_published": "2020-05-11T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/" ], "source": "MITRE", "title": "Updated BackConfig Malware Targeting Government and Military Organizations in South Asia" }, "related": [], "uuid": "f26629db-c641-4b6b-abbf-b55b9cc91cf1", "value": "Unit 42 BackConfig May 2020" }, { "description": "Secureworks. (2019, July 24). Updated Karagany Malware Targets Energy Sector. Retrieved August 12, 2020.", "meta": { "date_accessed": "2020-08-12T00:00:00Z", "date_published": "2019-07-24T00:00:00Z", "refs": [ "https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector" ], "source": "MITRE", "title": "Updated Karagany Malware Targets Energy Sector" }, "related": [], "uuid": "61c05edf-24aa-4399-8cdf-01d27f6595a1", "value": "Secureworks Karagany July 2019" }, { "description": "LOLBAS. (2019, June 26). Update.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-06-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Update/" ], "source": "Tidal Cyber", "title": "Update.exe" }, "related": [], "uuid": "2c85d5e5-2cb2-4af7-8c33-8aaac3360706", "value": "Update.exe - LOLBAS Project" }, { "description": "Microsoft. (2020, September 14). Update or repair the settings of a federated domain in Office 365, Azure, or Intune. Retrieved December 30, 2020.", "meta": { "date_accessed": "2020-12-30T00:00:00Z", "date_published": "2020-09-14T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-office-365" ], "source": "MITRE", "title": "Update or repair the settings of a federated domain in Office 365, Azure, or Intune" }, "related": [], "uuid": "1db3856e-d581-42e6-8038-44b0a2a2b435", "value": "Microsoft - Update or Repair Federated domain" }, { "description": "Gabrielle Joyce Mabutas, Luis Magisa, Steven Du. (2020, July 17). Updates on Quickly-Evolving ThiefQuest macOS Malware. Retrieved April 26, 2021.", "meta": { "date_accessed": "2021-04-26T00:00:00Z", "date_published": "2020-07-17T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/20/g/updates-on-quickly-evolving-thiefquest-macos-malware.html" ], "source": "MITRE", "title": "Updates on Quickly-Evolving ThiefQuest macOS Malware" }, "related": [], "uuid": "880c1b9e-55a1-404c-9754-1fc2ee30a72b", "value": "Trendmicro Evolving ThiefQuest 2020" }, { "description": "AWS. (n.d.). update-trail. Retrieved August 4, 2023.", "meta": { "date_accessed": "2023-08-04T00:00:00Z", "refs": [ "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudtrail/update-trail.html" ], "source": "MITRE", "title": "update-trail" }, "related": [], "uuid": "a94e1e4a-2963-5563-a8a6-ab9f64a86476", "value": "AWS Update Trail" }, { "description": "Falcone, R., Wartell, R.. (2015, July 27). UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2015-07-27T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/" ], "source": "MITRE", "title": "UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload" }, "related": [], "uuid": "42d35b93-2866-46d8-b8ff-675df05db9db", "value": "Unit 42 Pirpi July 2015" }, { "description": "PaperCut. (2023, March 8). URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut. Retrieved August 3, 2023.", "meta": { "date_accessed": "2023-08-03T00:00:00Z", "date_published": "2023-03-08T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#product-status-and-next-steps" ], "source": "Tidal Cyber", "title": "URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut" }, "related": [], "uuid": "d6e71b45-fc91-40f4-8201-2186994ae42a", "value": "PaperCut MF/NG vulnerability bulletin" }, { "description": "LOLBAS. (2018, May 25). Url.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Url/" ], "source": "Tidal Cyber", "title": "Url.dll" }, "related": [], "uuid": "0c88fb72-6be5-4a01-af1c-553650779253", "value": "Url.dll - LOLBAS Project" }, { "description": "NJCCIC. (2016, September 27). Ursnif. Retrieved June 4, 2019.", "meta": { "date_accessed": "2019-06-04T00:00:00Z", "date_published": "2016-09-27T00:00:00Z", "refs": [ "https://www.cyber.nj.gov/threat-profiles/trojan-variants/ursnif" ], "source": "MITRE", "title": "Ursnif" }, "related": [], "uuid": "d57a2efe-8c98-491e-aecd-e051241a1779", "value": "NJCCIC Ursnif Sept 2016" }, { "description": "Caragay, R. (2015, March 26). URSNIF: The Multifaceted Malware. Retrieved June 5, 2019.", "meta": { "date_accessed": "2019-06-05T00:00:00Z", "date_published": "2015-03-26T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-the-multifaceted-malware/?_ga=2.165628854.808042651.1508120821-744063452.1505819992" ], "source": "MITRE", "title": "URSNIF: The Multifaceted Malware" }, "related": [], "uuid": "d02287df-9d93-4cbe-8e59-8f4ef3debc65", "value": "TrendMicro Ursnif Mar 2015" }, { "description": "US Coast Guard Cyber Command. (2022, August 17). US Coast Guard Cyber Command Maritime Cyber Alert 03-22. Retrieved October 9, 2023.", "meta": { "date_accessed": "2023-10-09T00:00:00Z", "date_published": "2022-08-17T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.dco.uscg.mil/Portals/9/Maritime%20Cyber%20Alert%2003-22%20KILLNET%20TLP%20WHITE.pdf" ], "source": "Tidal Cyber", "title": "US Coast Guard Cyber Command Maritime Cyber Alert 03-22" }, "related": [], "uuid": "2d2a6f76-9531-4b35-b247-ae5da8663a92", "value": "US Coast Guard Killnet August 17 2022" }, { "description": "USCYBERCOM. (2020, October 1). USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA. Retrieved November 16, 2020.", "meta": { "date_accessed": "2020-11-16T00:00:00Z", "date_published": "2020-10-01T00:00:00Z", "refs": [ "https://twitter.com/CNMF_CyberAlert/status/1311743710997159953" ], "source": "MITRE", "title": "USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA" }, "related": [], "uuid": "600de668-f128-4368-8667-24ed9a9db47a", "value": "USCYBERCOM SLOTHFULMEDIA October 2020" }, { "description": "Microsoft. (2021, July 2). Use attack surface reduction rules to prevent malware infection. Retrieved June 24, 2021.", "meta": { "date_accessed": "2021-06-24T00:00:00Z", "date_published": "2021-07-02T00:00:00Z", "refs": [ "https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction" ], "source": "MITRE", "title": "Use attack surface reduction rules to prevent malware infection" }, "related": [], "uuid": "4499df4a-53c2-4f17-ac90-b99272f5f522", "value": "win10_asr" }, { "description": "Microsoft. (2022, August 26). Use Azure AD access reviews to manage users excluded from Conditional Access policies. Retrieved August 30, 2022.", "meta": { "date_accessed": "2022-08-30T00:00:00Z", "date_published": "2022-08-26T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/governance/conditional-access-exclusion" ], "source": "MITRE", "title": "Use Azure AD access reviews to manage users excluded from Conditional Access policies" }, "related": [], "uuid": "8cfb45ec-b660-4a3a-9175-af4ea01ef473", "value": "Azure AD Conditional Access Exclusions" }, { "description": "Docker. (n.d.). Use Bind Mounts. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "refs": [ "https://docs.docker.com/storage/bind-mounts/" ], "source": "MITRE", "title": "Use Bind Mounts" }, "related": [], "uuid": "b298b3d1-30c1-4894-b1de-be11812cde6b", "value": "Docker Bind Mounts" }, { "description": "Chrome Enterprise and Education Help. (n.d.). Use Chrome Browser with Roaming User Profiles. Retrieved March 28, 2023.", "meta": { "date_accessed": "2023-03-28T00:00:00Z", "refs": [ "https://support.google.com/chrome/a/answer/7349337" ], "source": "MITRE", "title": "Use Chrome Browser with Roaming User Profiles" }, "related": [], "uuid": "cf0bb77d-c7f7-515b-9217-ba9120cdddec", "value": "Chrome Roaming Profiles" }, { "description": "Gallagher, S. (2018, July 27). How they did it (and will likely try again): GRU hackers vs. US elections. Retrieved September 13, 2018.", "meta": { "date_accessed": "2018-09-13T00:00:00Z", "refs": [ "https://arstechnica.com/information-technology/2018/07/from-bitly-to-x-agent-how-gru-hackers-targeted-the-2016-presidential-election/" ], "source": "MITRE", "title": "US elections" }, "related": [], "uuid": "a1192cb3-4536-4900-93c7-a127ca06c690", "value": "Ars Technica GRU indictment Jul 2018" }, { "description": "Apple. (n.d.). Use MDM to enable Remote Management in macOS. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "refs": [ "https://support.apple.com/en-us/HT209161" ], "source": "MITRE", "title": "Use MDM to enable Remote Management in macOS" }, "related": [], "uuid": "e5f59848-7014-487d-9bae-bed81af1b72b", "value": "Remote Management MDM macOS" }, { "description": "Shulmin, A., Yunakovsky, S. (2017, April 28). Use of DNS Tunneling for C&C Communications. Retrieved November 5, 2018.", "meta": { "date_accessed": "2018-11-05T00:00:00Z", "date_published": "2017-04-28T00:00:00Z", "refs": [ "https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/" ], "source": "MITRE", "title": "Use of DNS Tunneling for C&C Communications" }, "related": [], "uuid": "07855a81-1b72-4361-917e-a413b0124eca", "value": "Securelist Denis April 2017" }, { "description": "Microsoft. (n.d.). User Account Control. Retrieved January 18, 2018.", "meta": { "date_accessed": "2018-01-18T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/dn742497.aspx" ], "source": "MITRE", "title": "User Account Control" }, "related": [], "uuid": "2eb2fb2f-0b43-4c8c-a69f-3f76a8fd90f3", "value": "Microsoft UAC" }, { "description": "Russinovich, M. (2009, July). User Account Control: Inside Windows 7 User Account Control. Retrieved July 26, 2016.", "meta": { "date_accessed": "2016-07-26T00:00:00Z", "date_published": "2009-07-01T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-US/magazine/2009.07.uac.aspx" ], "source": "MITRE", "title": "User Account Control: Inside Windows 7 User Account Control" }, "related": [], "uuid": "dea47af6-677a-4625-8664-adf0e6839c9f", "value": "TechNet Inside UAC" }, { "description": "Pikeralpha. (2017, August 29). User Approved Kernel Extension Loading…. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "date_published": "2017-08-29T00:00:00Z", "refs": [ "https://pikeralpha.wordpress.com/2017/08/29/user-approved-kernel-extension-loading/" ], "source": "MITRE", "title": "User Approved Kernel Extension Loading…" }, "related": [], "uuid": "7700928b-2d27-470c-a2d9-e5c5f9a43af3", "value": "User Approved Kernel Extension Pike’s" }, { "description": "Tigzy. (2014, October 15). Userland Rootkits: Part 1, IAT hooks. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2014-10-15T00:00:00Z", "refs": [ "https://www.adlice.com/userland-rootkits-part-1-iat-hooks/" ], "source": "MITRE", "title": "Userland Rootkits: Part 1, IAT hooks" }, "related": [], "uuid": "9a0e7054-9239-43cd-8e5f-aac8b665be72", "value": "Adlice Software IAT Hooks Oct 2014" }, { "description": "Cisco. (2023, March 6). username - Cisco IOS Security Command Reference: Commands S to Z. Retrieved July 13, 2022.", "meta": { "date_accessed": "2022-07-13T00:00:00Z", "date_published": "2023-03-06T00:00:00Z", "refs": [ "https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-t2.html#wp1047035630" ], "source": "MITRE", "title": "username - Cisco IOS Security Command Reference: Commands S to Z" }, "related": [], "uuid": "8e7b99d7-ad94-5802-a1ee-6334842e7e0b", "value": "cisco_username_cmd" }, { "description": "Holland, J. (2016, January 25). User password policies on non AD machines. Retrieved April 5, 2018.", "meta": { "date_accessed": "2018-04-05T00:00:00Z", "date_published": "2016-01-25T00:00:00Z", "refs": [ "https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines" ], "source": "MITRE", "title": "User password policies on non AD machines" }, "related": [], "uuid": "aa3846fd-a307-4be5-a487-9aa2688d5816", "value": "Jamf User Password Policies" }, { "description": "Apple. (n.d.). Use rules to manage emails you receive in Mail on Mac. Retrieved June 14, 2021.", "meta": { "date_accessed": "2021-06-14T00:00:00Z", "refs": [ "https://support.apple.com/guide/mail/use-rules-to-manage-emails-you-receive-mlhlp1017/mac" ], "source": "MITRE", "title": "Use rules to manage emails you receive in Mail on Mac" }, "related": [], "uuid": "f83283aa-3aaf-4ebd-8503-0d84c2c627c4", "value": "MacOS Email Rules" }, { "description": "Apple. (n.d.). Use the kickstart command-line utility in Apple Remote Desktop. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "refs": [ "https://support.apple.com/en-us/HT201710" ], "source": "MITRE", "title": "Use the kickstart command-line utility in Apple Remote Desktop" }, "related": [], "uuid": "f26542dd-aa61-4d2a-a05a-8f9674b49f82", "value": "Kickstart Apple Remote Desktop commands" }, { "description": "Hardy, T. & Hall, J. (2018, February 15). Use Windows Event Forwarding to help with intrusion detection. Retrieved August 7, 2018.", "meta": { "date_accessed": "2018-08-07T00:00:00Z", "date_published": "2018-02-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection" ], "source": "MITRE", "title": "Use Windows Event Forwarding to help with intrusion detection" }, "related": [], "uuid": "4e7c36b9-415f-41f1-980e-251d92994eb4", "value": "Microsoft Windows Event Forwarding FEB 2018" }, { "description": "Apple. (2020, January 28). Use zsh as the default shell on your Mac. Retrieved June 12, 2020.", "meta": { "date_accessed": "2020-06-12T00:00:00Z", "date_published": "2020-01-28T00:00:00Z", "refs": [ "https://support.apple.com/HT208050" ], "source": "MITRE", "title": "Use zsh as the default shell on your Mac" }, "related": [], "uuid": "5374ad8e-96a2-4d19-b2cf-28232fa97b52", "value": "Apple ZShell" }, { "description": "Kuberenets. (n.d.). Using ABAC Authorization. Retrieved July 14, 2023.", "meta": { "date_accessed": "2023-07-14T00:00:00Z", "refs": [ "https://kubernetes.io/docs/reference/access-authn-authz/abac/" ], "source": "MITRE", "title": "Using ABAC Authorization" }, "related": [], "uuid": "7f960599-a3d6-53bb-91ff-f0e6117a30ed", "value": "Kuberentes ABAC" }, { "description": "Kasza, A. (2015, February 18). Using Algorithms to Brute Force Algorithms. Retrieved February 18, 2019.", "meta": { "date_accessed": "2019-02-18T00:00:00Z", "date_published": "2015-02-18T00:00:00Z", "refs": [ "https://umbrella.cisco.com/blog/2015/02/18/at-high-noon-algorithms-do-battle/" ], "source": "MITRE", "title": "Using Algorithms to Brute Force Algorithms" }, "related": [], "uuid": "d0eacad8-a6ff-4282-8fbc-d7984ad03b56", "value": "Cisco Umbrella DGA Brute Force" }, { "description": "Graeber, M. (2016, September 8). Using Device Guard to Mitigate Against Device Guard Bypasses. Retrieved September 13, 2016.", "meta": { "date_accessed": "2016-09-13T00:00:00Z", "date_published": "2016-09-08T00:00:00Z", "refs": [ "http://www.exploit-monday.com/2016/09/using-device-guard-to-mitigate-against.html" ], "source": "MITRE", "title": "Using Device Guard to Mitigate Against Device Guard Bypasses" }, "related": [], "uuid": "8130e5e1-376f-4945-957a-aaf8684b361b", "value": "Exploit Monday Mitigate Device Guard Bypases" }, { "description": "Microsoft. (n.d.). Using DsAddSidHistory. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/ms677982.aspx" ], "source": "MITRE", "title": "Using DsAddSidHistory" }, "related": [], "uuid": "11c44e1e-28d8-4d45-8539-6586466a5b3c", "value": "Microsoft DsAddSidHistory" }, { "description": "Microsoft 365 Defender Team. (2020, December 28). Using Microsoft 365 Defender to protect against Solorigate. Retrieved January 7, 2021.", "meta": { "date_accessed": "2021-01-07T00:00:00Z", "date_published": "2020-12-28T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-protection-against-solorigate/" ], "source": "MITRE", "title": "Using Microsoft 365 Defender to protect against Solorigate" }, "related": [], "uuid": "449cf112-535b-44af-9001-55123b342779", "value": "Microsoft 365 Defender Solorigate" }, { "description": "Microsoft. (n.d.). Using Netsh. Retrieved February 13, 2017.", "meta": { "date_accessed": "2017-02-13T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/bb490939.aspx" ], "source": "MITRE", "title": "Using Netsh" }, "related": [], "uuid": "58112a3a-06bd-4a46-8a09-4dba5f42a04f", "value": "TechNet Netsh" }, { "description": "Demaske, M. (2016, September 23). USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST. Retrieved April 8, 2017.", "meta": { "date_accessed": "2017-04-08T00:00:00Z", "date_published": "2016-09-23T00:00:00Z", "refs": [ "https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html" ], "source": "MITRE", "title": "USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST" }, "related": [], "uuid": "663b3fd6-0dd6-45c8-afba-dc0ea6d331b5", "value": "Demaske Netsh Persistence" }, { "description": "Parisi, T., et al. (2017, July). Using Outlook Forms for Lateral Movement and Persistence. Retrieved February 5, 2019.", "meta": { "date_accessed": "2019-02-05T00:00:00Z", "date_published": "2017-07-01T00:00:00Z", "refs": [ "https://malware.news/t/using-outlook-forms-for-lateral-movement-and-persistence/13746" ], "source": "MITRE", "title": "Using Outlook Forms for Lateral Movement and Persistence" }, "related": [], "uuid": "ad412d39-c0c5-4119-9193-0ba1309edb3f", "value": "CrowdStrike Outlook Forms" }, { "description": "Red Hat. (n.d.). CHAPTER 2. USING PLUGGABLE AUTHENTICATION MODULES (PAM). Retrieved June 25, 2020.", "meta": { "date_accessed": "2020-06-25T00:00:00Z", "refs": [ "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pluggable_authentication_modules" ], "source": "MITRE", "title": "USING PLUGGABLE AUTHENTICATION MODULES (PAM)" }, "related": [], "uuid": "3dc88605-64c8-495a-9e3b-e5686fd2eb03", "value": "Red Hat PAM" }, { "description": "Eric Saraga. (2022, February 2). Using Power Automate for Covert Data Exfiltration in Microsoft 365. Retrieved May 27, 2022.", "meta": { "date_accessed": "2022-05-27T00:00:00Z", "date_published": "2022-02-02T00:00:00Z", "refs": [ "https://www.varonis.com/blog/power-automate-data-exfiltration" ], "source": "MITRE", "title": "Using Power Automate for Covert Data Exfiltration in Microsoft 365" }, "related": [], "uuid": "16436468-1daf-433d-bb3b-f842119594b4", "value": "Varonis Power Automate Data Exfiltration" }, { "description": "Microsoft. (2012, November 29). Using security policies to restrict NTLM traffic. Retrieved December 4, 2017.", "meta": { "date_accessed": "2017-12-04T00:00:00Z", "date_published": "2012-11-29T00:00:00Z", "refs": [ "https://technet.microsoft.com/library/jj865668.aspx" ], "source": "MITRE", "title": "Using security policies to restrict NTLM traffic" }, "related": [], "uuid": "5861ed76-fedd-4ff9-8242-308c7206e4cb", "value": "Microsoft Disable NTLM Nov 2012" }, { "description": "Microsoft. (2008, September 10). Using SMB Packet Signing. Retrieved February 7, 2019.", "meta": { "date_accessed": "2019-02-07T00:00:00Z", "date_published": "2008-09-10T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/system-center/operations-manager-2005/cc180803(v=technet.10)" ], "source": "MITRE", "title": "Using SMB Packet Signing" }, "related": [], "uuid": "32a30a3f-3ed1-4def-86b1-f40bbffa1cc5", "value": "Microsoft SMB Packet Signing" }, { "description": "Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.", "meta": { "date_accessed": "2016-04-07T00:00:00Z", "date_published": "2012-06-27T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/ee791851.aspx" ], "source": "MITRE", "title": "Using Software Restriction Policies and AppLocker Policies" }, "related": [], "uuid": "84e1c53f-e858-4106-9c14-1b536d5b56f9", "value": "TechNet Applocker vs SRP" }, { "description": "Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.", "meta": { "date_accessed": "2016-04-07T00:00:00Z", "date_published": "2012-06-27T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN" ], "source": "MITRE", "title": "Using Software Restriction Policies and AppLocker Policies" }, "related": [], "uuid": "774e6598-0926-4adb-890f-00824de07ae0", "value": "Microsoft Using Software Restriction" }, { "description": "Jan Schaumann. (2015, November 5). Using the OS X Keychain to store and retrieve passwords. Retrieved March 31, 2022.", "meta": { "date_accessed": "2022-03-31T00:00:00Z", "date_published": "2015-11-05T00:00:00Z", "refs": [ "https://www.netmeister.org/blog/keychain-passwords.html" ], "source": "MITRE", "title": "Using the OS X Keychain to store and retrieve passwords" }, "related": [], "uuid": "d0ac448a-7299-4ddc-8730-be72fb840ccb", "value": "OSX Keychain Schaumann" }, { "description": "Preet Bharara, US Attorney. (2016, March 24). Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "refs": [ "https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged" ], "source": "MITRE", "title": "USNYAG IranianBotnet March 2016" }, "related": [], "uuid": "69ee73c1-359f-4584-a6e7-75119d24bbf5", "value": "USNYAG IranianBotnet March 2016" }, { "description": "LOLBAS. (2021, September 26). UtilityFunctions.ps1. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/UtilityFunctions/" ], "source": "Tidal Cyber", "title": "UtilityFunctions.ps1" }, "related": [], "uuid": "8f15755b-2e32-420e-8463-497e3f8d8cfd", "value": "UtilityFunctions.ps1 - LOLBAS Project" }, { "description": "Vander Stoep, J. (2016, April 5). [v3] selinux: restrict kernel module loadinglogin register. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2016-04-05T00:00:00Z", "refs": [ "https://patchwork.kernel.org/patch/8754821/" ], "source": "MITRE", "title": "[v3] selinux: restrict kernel module loadinglogin register" }, "related": [], "uuid": "a7c3fc64-9b79-4324-8177-0061208d018c", "value": "Kernel.org Restrict Kernel Module" }, { "description": "Reaves, J. and Platt, J. (2020, June). Valak Malware and the Connection to Gozi Loader ConfCrew. Retrieved August 31, 2020.", "meta": { "date_accessed": "2020-08-31T00:00:00Z", "date_published": "2020-06-01T00:00:00Z", "refs": [ "https://assets.sentinelone.com/labs/sentinel-one-valak-i" ], "source": "MITRE", "title": "Valak Malware and the Connection to Gozi Loader ConfCrew" }, "related": [], "uuid": "92b8ff34-05ef-4139-a6bd-56eb8af9d5e9", "value": "SentinelOne Valak June 2020" }, { "description": "Salem, E. et al. (2020, May 28). VALAK: MORE THAN MEETS THE EYE . Retrieved June 19, 2020.", "meta": { "date_accessed": "2020-06-19T00:00:00Z", "date_published": "2020-05-28T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/valak-more-than-meets-the-eye" ], "source": "MITRE", "title": "VALAK: MORE THAN MEETS THE EYE" }, "related": [], "uuid": "235d1cf1-2413-4620-96cf-083d348410c2", "value": "Cybereason Valak May 2020" }, { "description": "Sayre, K., Ogden, H., Roberts, C. (2018, October 10). VBA Stomping — Advanced Maldoc Techniques. Retrieved September 17, 2020.", "meta": { "date_accessed": "2020-09-17T00:00:00Z", "date_published": "2018-10-10T00:00:00Z", "refs": [ "https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278" ], "source": "MITRE", "title": "VBA Stomping — Advanced Maldoc Techniques" }, "related": [], "uuid": "d1c88a57-85f4-4a35-a7fa-35e8c7fcd943", "value": "Walmart Roberts Oct 2018" }, { "description": "LOLBAS. (2020, February 27). vbc.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-02-27T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Vbc/" ], "source": "Tidal Cyber", "title": "vbc.exe" }, "related": [], "uuid": "25eb4048-ee6d-44ca-a70b-37605028bd3c", "value": "vbc.exe - LOLBAS Project" }, { "description": "Veil Framework. (n.d.). Retrieved December 4, 2014.", "meta": { "date_accessed": "2014-12-04T00:00:00Z", "refs": [ "https://www.veil-framework.com/framework/" ], "source": "MITRE", "title": "Veil_Ref" }, "related": [], "uuid": "722755a8-305f-4e37-8278-afb360836bec", "value": "Veil_Ref" }, { "description": "LOLBAS. (n.d.). Verclsid.exe. Retrieved August 10, 2020.", "meta": { "date_accessed": "2020-08-10T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Verclsid/" ], "source": "MITRE", "title": "Verclsid.exe" }, "related": [], "uuid": "63ac9e95-aad8-4735-9e63-f45d8c499030", "value": "LOLBAS Verclsid" }, { "description": "verclsid-exe. (2019, December 17). verclsid.exe File Information - What is it & How to Block . Retrieved August 10, 2020.", "meta": { "date_accessed": "2020-08-10T00:00:00Z", "date_published": "2019-12-17T00:00:00Z", "refs": [ "https://www.winosbite.com/verclsid-exe/" ], "source": "MITRE", "title": "verclsid.exe File Information - What is it & How to Block" }, "related": [], "uuid": "5d5fa25b-64a9-4fdb-87c5-1a69a7d2f874", "value": "WinOSBite verclsid.exe" }, { "description": "Lancaster, T., Cortes, J. (2018, January 29). VERMIN: Quasar RAT and Custom Malware Used In Ukraine. Retrieved July 5, 2018.", "meta": { "date_accessed": "2018-07-05T00:00:00Z", "date_published": "2018-01-29T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/" ], "source": "MITRE", "title": "VERMIN: Quasar RAT and Custom Malware Used In Ukraine" }, "related": [], "uuid": "0d6db249-9368-495e-9f1f-c7f10041f5ff", "value": "Unit 42 VERMIN Jan 2018" }, { "description": "JR Gumarin. (2022, December 6). Vice Society: Profiling a Persistent Threat to the Education Sector. Retrieved November 14, 2023.", "meta": { "date_accessed": "2023-11-14T00:00:00Z", "date_published": "2022-12-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/" ], "source": "Tidal Cyber", "title": "Vice Society: Profiling a Persistent Threat to the Education Sector" }, "related": [], "uuid": "6abf7387-0857-4938-b36e-1374a66d4ed8", "value": "Unit 42 Vice Society December 6 2022" }, { "description": "Minerva Labs. (2021, September 23). Vidar Stealer Evasion Arsenal. Retrieved November 16, 2023.", "meta": { "date_accessed": "2023-11-16T00:00:00Z", "date_published": "2021-09-23T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://web.archive.org/web/20221201005558/https://minerva-labs.com/blog/vidar-stealer-evasion-arsenal/" ], "source": "Tidal Cyber", "title": "Vidar Stealer Evasion Arsenal" }, "related": [], "uuid": "ce9714d3-7f7c-4068-bcc8-0f0eeaf0dc0b", "value": "Minerva Labs Vidar Stealer Evasion" }, { "description": "Amnesty International. (2021, February 24). Vietnamese activists targeted by notorious hacking group. Retrieved March 1, 2021.", "meta": { "date_accessed": "2021-03-01T00:00:00Z", "date_published": "2021-02-24T00:00:00Z", "refs": [ "https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf" ], "source": "MITRE", "title": "Vietnamese activists targeted by notorious hacking group" }, "related": [], "uuid": "a54a2f68-8406-43ab-8758-07edd49dfb83", "value": "Amnesty Intl. Ocean Lotus February 2021" }, { "description": "Henderson, S., et al. (2020, April 22). Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage. Retrieved April 28, 2020.", "meta": { "date_accessed": "2020-04-28T00:00:00Z", "date_published": "2020-04-22T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html" ], "source": "MITRE", "title": "Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage" }, "related": [], "uuid": "347ad5a1-d0b1-4f2b-9abd-eff96d05987d", "value": "FireEye APT32 April 2020" }, { "description": "Slack Help Center. (n.d.). View Access Logs for your workspace. Retrieved April 10, 2023.", "meta": { "date_accessed": "2023-04-10T00:00:00Z", "refs": [ "https://slack.com/help/articles/360002084807-View-Access-Logs-for-your-workspace" ], "source": "MITRE", "title": "View Access Logs for your workspace" }, "related": [], "uuid": "b179d0d4-e115-59f1-86a7-7dcfc253e16f", "value": "Slack Help Center Access Logs" }, { "description": "Microsoft. (n.d.). View Azure activity logs. Retrieved June 17, 2020.", "meta": { "date_accessed": "2020-06-17T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs" ], "source": "MITRE", "title": "View Azure activity logs" }, "related": [], "uuid": "19b55c10-f4fd-49c2-b267-0d3d8e9acdd7", "value": "Azure Activity Logs" }, { "description": "Mueller, R. (2018, July 13). Indictment - United States of America vs. VIKTOR BORISOVICH NETYKSHO, et al. Retrieved September 13, 2018.", "meta": { "date_accessed": "2018-09-13T00:00:00Z", "refs": [ "https://www.justice.gov/file/1080281/download" ], "source": "MITRE", "title": "VIKTOR BORISOVICH NETYKSHO, et al" }, "related": [], "uuid": "d65f371b-19d0-49de-b92b-94a2bea1d988", "value": "DOJ GRU Indictment Jul 2018" }, { "description": "Hutchins, M. (2014, November 28). Virtual File Systems for Beginners. Retrieved June 22, 2020.", "meta": { "date_accessed": "2020-06-22T00:00:00Z", "date_published": "2014-11-28T00:00:00Z", "refs": [ "https://www.malwaretech.com/2014/11/virtual-file-systems-for-beginners.html" ], "source": "MITRE", "title": "Virtual File Systems for Beginners" }, "related": [], "uuid": "c06af73d-5ed0-46a0-a5a9-161035075884", "value": "MalwareTech VFS Nov 2014" }, { "description": "Goodin, D. (2017, March 17). Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated. Retrieved March 12, 2018.", "meta": { "date_accessed": "2018-03-12T00:00:00Z", "date_published": "2017-03-17T00:00:00Z", "refs": [ "https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/" ], "source": "MITRE", "title": "Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated" }, "related": [], "uuid": "e75f2d0f-f63e-48c7-a0c3-8f00f371624e", "value": "Ars Technica Pwn2Own 2017 VM Escape" }, { "description": "Google. (n.d.). Virtual machine instances. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://cloud.google.com/compute/docs/instances" ], "source": "MITRE", "title": "Virtual machine instances" }, "related": [], "uuid": "2b7ec610-5654-4c94-b5df-9cf5670eec33", "value": "Google VM" }, { "description": "Microsoft. (2019, March 1). Virtual Machines - Get. Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "date_published": "2019-03-01T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get" ], "source": "MITRE", "title": "Virtual Machines - Get" }, "related": [], "uuid": "f565c237-07c5-4e9e-9879-513627517109", "value": "Microsoft Virutal Machine API" }, { "description": "Microsoft. (n.d.). Virtual Machines - Update. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/update" ], "source": "MITRE", "title": "Virtual Machines - Update" }, "related": [], "uuid": "299f231f-70d1-4c1a-818f-8a01cf65382c", "value": "Azure Update Virtual Machines" }, { "description": "Microsoft. (2022, February 9). Virtual network TAP. Retrieved March 17, 2022.", "meta": { "date_accessed": "2022-03-17T00:00:00Z", "date_published": "2022-02-09T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview" ], "source": "MITRE", "title": "Virtual network TAP" }, "related": [], "uuid": "3f106d7e-f101-4adb-bbd1-d8c04a347f85", "value": "Azure Virtual Network TAP" }, { "description": "Google. (2019, September 23). Virtual Private Cloud (VPC) network overview. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "date_published": "2019-09-23T00:00:00Z", "refs": [ "https://cloud.google.com/vpc/docs/vpc" ], "source": "MITRE", "title": "Virtual Private Cloud (VPC) network overview" }, "related": [], "uuid": "9ebe53cf-657f-475d-85e4-9e30f4af1e7d", "value": "Google VPC Overview" }, { "description": "Adair, S. (2015, October 7). Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence. Retrieved March 20, 2017.", "meta": { "date_accessed": "2017-03-20T00:00:00Z", "date_published": "2015-10-07T00:00:00Z", "refs": [ "https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/" ], "source": "MITRE", "title": "Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence" }, "related": [], "uuid": "b299f8e7-01da-4d59-9657-ef93cf284cc0", "value": "Volexity Virtual Private Keylogging" }, { "description": "VirusTotal. (2023, July 11). VirusTotal Behavior def.exe. Retrieved July 11, 2023.", "meta": { "date_accessed": "2023-07-11T00:00:00Z", "date_published": "2023-07-11T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.virustotal.com/gui/file/7b15f570a23a5c5ce8ff942da60834a9d0549ea3ea9f34f900a09331325df893/behavior" ], "source": "Tidal Cyber", "title": "VirusTotal Behavior def.exe" }, "related": [], "uuid": "3502c98d-b61d-42fa-b23e-7128a4042c03", "value": "VirusTotal Behavior def.exe" }, { "description": "VirusTotal. (n.d.). VirusTotal FAQ. Retrieved May 23, 2019.", "meta": { "date_accessed": "2019-05-23T00:00:00Z", "refs": [ "https://www.virustotal.com/en/faq/" ], "source": "MITRE", "title": "VirusTotal FAQ" }, "related": [], "uuid": "5cd965f6-c4af-40aa-8f08-620cf5f1242a", "value": "VirusTotal FAQ" }, { "description": "Visa. (2015, March). Visa Security Alert: \"RawPOS\" Malware Targeting Lodging Merchants. Retrieved October 6, 2017.", "meta": { "date_accessed": "2017-10-06T00:00:00Z", "date_published": "2015-03-01T00:00:00Z", "refs": [ "https://usa.visa.com/dam/VCOM/download/merchants/alert-rawpos.pdf" ], "source": "MITRE", "title": "Visa Security Alert: \"RawPOS\" Malware Targeting Lodging Merchants" }, "related": [], "uuid": "a2371f44-0a88-4d68-bbe7-7e79f13f78c2", "value": "Visa RawPOS March 2015" }, { "description": "Boutin, J. and Faou, M. (2018). Visiting the snake nest. Retrieved May 7, 2019.", "meta": { "date_accessed": "2019-05-07T00:00:00Z", "date_published": "2018-01-01T00:00:00Z", "refs": [ "https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Visiting-The-Snake-Nest.pdf" ], "source": "MITRE", "title": "Visiting the snake nest" }, "related": [], "uuid": "b69d7c73-40c2-4cb2-b9ad-088ef61e2f7f", "value": "ESET Recon Snake Nest" }, { "description": "Microsoft. (n.d.). Visual Basic documentation. Retrieved June 23, 2020.", "meta": { "date_accessed": "2020-06-23T00:00:00Z", "refs": [ "https://docs.microsoft.com/dotnet/visual-basic/" ], "source": "MITRE", "title": "Visual Basic documentation" }, "related": [], "uuid": "b23a1a5d-48dd-4346-bf8d-390624214081", "value": "VB Microsoft" }, { "description": "Wikipedia. (n.d.). Visual Basic for Applications. Retrieved August 13, 2020.", "meta": { "date_accessed": "2020-08-13T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Visual_Basic_for_Applications" ], "source": "MITRE", "title": "Visual Basic for Applications" }, "related": [], "uuid": "70818420-c3ec-46c3-9e97-d8f989f2e3db", "value": "Wikipedia VBA" }, { "description": ".NET Team. (2020, March 11). Visual Basic support planned for .NET 5.0. Retrieved June 23, 2020.", "meta": { "date_accessed": "2020-06-23T00:00:00Z", "date_published": "2020-03-11T00:00:00Z", "refs": [ "https://devblogs.microsoft.com/vbteam/visual-basic-support-planned-for-net-5-0/" ], "source": "MITRE", "title": "Visual Basic support planned for .NET 5.0" }, "related": [], "uuid": "da6d1b56-8e59-4125-b318-48a40a1c8e94", "value": "VB .NET Mar 2020" }, { "description": "LOLBAS. (2021, September 26). VisualUiaVerifyNative.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/VisualUiaVerifyNative/" ], "source": "Tidal Cyber", "title": "VisualUiaVerifyNative.exe" }, "related": [], "uuid": "b17be296-15ad-468f-8157-8cb4093b2e97", "value": "VisualUiaVerifyNative.exe - LOLBAS Project" }, { "description": "Knight, S.. (2020, April 16). VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus. Retrieved May 1, 2020.", "meta": { "date_accessed": "2020-05-01T00:00:00Z", "date_published": "2020-04-16T00:00:00Z", "refs": [ "https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-lazarus/" ], "source": "MITRE", "title": "VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus" }, "related": [], "uuid": "43bcb35b-56e1-47a8-9c74-f7543a25b2a6", "value": "Carbon Black HotCroissant April 2020" }, { "description": "Offensive Security. (n.d.). VNC Authentication. Retrieved October 6, 2021.", "meta": { "date_accessed": "2021-10-06T00:00:00Z", "refs": [ "https://www.offensive-security.com/metasploit-unleashed/vnc-authentication/" ], "source": "MITRE", "title": "VNC Authentication" }, "related": [], "uuid": "90a5ab3c-c2a8-4b02-9bd7-628672907737", "value": "Offensive Security VNC Authentication Check" }, { "description": "Threat Intelligence and Research. (2015, March 30). VOLATILE CEDAR. Retrieved February 8, 2021.", "meta": { "date_accessed": "2021-02-08T00:00:00Z", "date_published": "2015-03-30T00:00:00Z", "refs": [ "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf" ], "source": "MITRE, Tidal Cyber", "title": "VOLATILE CEDAR" }, "related": [], "uuid": "a26344a2-63ca-422e-8cf9-0cf22a5bee72", "value": "CheckPoint Volatile Cedar March 2015" }, { "description": "Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Retrieved July 27, 2023.", "meta": { "date_accessed": "2023-07-27T00:00:00Z", "date_published": "2023-05-24T00:00:00Z", "refs": [ "https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/" ], "source": "MITRE", "title": "Volt Typhoon targets US critical infrastructure with living-off-the-land techniques" }, "related": [], "uuid": "8b74f0b7-9719-598c-b3ee-61d734393e6f", "value": "Microsoft Volt Typhoon May 2023" }, { "description": "LOLBAS. (2023, July 12). VSDiagnostics.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-07-12T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/VSDiagnostics/" ], "source": "Tidal Cyber", "title": "VSDiagnostics.exe" }, "related": [], "uuid": "b4658fc0-af16-45b1-8403-a9676760a36a", "value": "VSDiagnostics.exe - LOLBAS Project" }, { "description": "LOLBAS. (2023, September 6). Vshadow.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-09-06T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Vshadow/" ], "source": "Tidal Cyber", "title": "Vshadow.exe" }, "related": [], "uuid": "ae3b1e26-d7d7-4049-b4a7-80cd2b149b7c", "value": "Vshadow.exe - LOLBAS Project" }, { "description": "LOLBAS. (2021, September 24). VSIISExeLauncher.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-24T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/VSIISExeLauncher/" ], "source": "Tidal Cyber", "title": "VSIISExeLauncher.exe" }, "related": [], "uuid": "e2fda344-77b8-4650-a7da-1e422db6d3a1", "value": "VSIISExeLauncher.exe - LOLBAS Project" }, { "description": "LOLBAS. (2018, May 25). vsjitdebugger.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Vsjitdebugger/" ], "source": "Tidal Cyber", "title": "vsjitdebugger.exe" }, "related": [], "uuid": "94a880fa-70b0-46c3-997e-b22dc9180134", "value": "vsjitdebugger.exe - LOLBAS Project" }, { "description": "LOLBAS. (2022, November 1). vsls-agent.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-11-01T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/vsls-agent/" ], "source": "Tidal Cyber", "title": "vsls-agent.exe" }, "related": [], "uuid": "325eab54-bcdd-4a12-ab41-aaf06a0405e9", "value": "vsls-agent.exe - LOLBAS Project" }, { "description": "LOLBAS. (2023, September 8). vstest.console.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2023-09-08T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/vstest.console/" ], "source": "Tidal Cyber", "title": "vstest.console.exe" }, "related": [], "uuid": "70c168a0-9ddf-408d-ba29-885c0c5c936a", "value": "vstest.console.exe - LOLBAS Project" }, { "description": "Kanthak, S.. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.", "meta": { "date_accessed": "2017-02-03T00:00:00Z", "date_published": "2016-07-20T00:00:00Z", "refs": [ "https://skanthak.homepage.t-online.de/sentinel.html" ], "source": "MITRE", "title": "Vulnerability and Exploit Detector" }, "related": [], "uuid": "d63d6e14-8fe7-4893-a42f-3752eaec8770", "value": "Vulnerability and Exploit Detector" }, { "description": "Kanthak, S. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.", "meta": { "date_accessed": "2017-02-03T00:00:00Z", "date_published": "2016-07-20T00:00:00Z", "refs": [ "https://skanthak.homepage.t-online.de/sentinel.html" ], "source": "MITRE", "title": "Vulnerability and Exploit Detector" }, "related": [], "uuid": "94f99326-1512-47ca-8c99-9b382e4d0261", "value": "Kanthak Sentinel" }, { "description": "Microsoft. (2014, November 18). Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780). Retrieved December 23, 2015.", "meta": { "date_accessed": "2015-12-23T00:00:00Z", "date_published": "2014-11-18T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/security/ms14-068.aspx" ], "source": "MITRE", "title": "Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)" }, "related": [], "uuid": "db78c095-b7b2-4422-8473-49d4a1129b76", "value": "Technet MS14-068" }, { "description": "vxunderground. (2021, June 30). VX-API. Retrieved April 1, 2022.", "meta": { "date_accessed": "2022-04-01T00:00:00Z", "date_published": "2021-06-30T00:00:00Z", "refs": [ "https://github.com/vxunderground/VX-API/tree/main/Anti%20Debug" ], "source": "MITRE", "title": "VX-API" }, "related": [], "uuid": "8c7fe2a2-64a1-4680-a4e6-f6eefe00407a", "value": "vxunderground debug" }, { "description": "Symantec Security Response. (2011, November). W32.Duqu: The precursor to the next Stuxnet. Retrieved September 17, 2015.", "meta": { "date_accessed": "2015-09-17T00:00:00Z", "date_published": "2011-11-01T00:00:00Z", "refs": [ "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf" ], "source": "MITRE", "title": "W32.Duqu: The precursor to the next Stuxnet" }, "related": [], "uuid": "8660411a-6b9c-46c2-8f5f-049ec60c7d40", "value": "Symantec W32.Duqu" }, { "description": "Nicolas Falliere, Liam O. Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier. Retrieved December 7, 2020.", "meta": { "date_accessed": "2020-12-07T00:00:00Z", "date_published": "2011-02-01T00:00:00Z", "refs": [ "https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf" ], "source": "MITRE", "title": "W32.Stuxnet Dossier" }, "related": [], "uuid": "ef65ab18-fd84-4098-8805-df0268fc3a38", "value": "Symantec W.32 Stuxnet Dossier" }, { "description": "Symantec. (2009, March 22). W32.Tidserv.G. Retrieved January 14, 2022.", "meta": { "date_accessed": "2022-01-14T00:00:00Z", "date_published": "2009-03-22T00:00:00Z", "refs": [ "https://web.archive.org/web/20150923175837/http://www.symantec.com/security_response/writeup.jsp?docid=2009-032211-2952-99&tabid=2" ], "source": "MITRE", "title": "W32.Tidserv.G" }, "related": [], "uuid": "9d4ac51b-d870-43e8-bc6f-d7159343b00c", "value": "w32.tidserv.g" }, { "description": "Lundgren, S. (2017, October 28). w32time. Retrieved March 26, 2018.", "meta": { "date_accessed": "2018-03-26T00:00:00Z", "date_published": "2017-10-28T00:00:00Z", "refs": [ "https://github.com/scottlundgren/w32time" ], "source": "MITRE", "title": "w32time" }, "related": [], "uuid": "a248fd87-c3c1-4de7-a9af-0436a10f71aa", "value": "Github W32Time Oct 2017" }, { "description": "Yamamura, M. (2002, April 25). W95.CIH. Retrieved April 12, 2019.", "meta": { "date_accessed": "2019-04-12T00:00:00Z", "date_published": "2002-04-25T00:00:00Z", "refs": [ "https://web.archive.org/web/20190508170055/https://www.symantec.com/security-center/writeup/2000-122010-2655-99" ], "source": "MITRE", "title": "W95.CIH" }, "related": [], "uuid": "a35cab17-634d-4a7a-a42c-4a4280e8785d", "value": "Symantec Chernobyl W95.CIH" }, { "description": "LOLBAS. (2018, May 25). Wab.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Wab/" ], "source": "Tidal Cyber", "title": "Wab.exe" }, "related": [], "uuid": "c432556e-c7f9-4e36-af7e-d7bea6f51e95", "value": "Wab.exe - LOLBAS Project" }, { "description": "Perry, David. (2020, August 11). WakeOnLAN (WOL). Retrieved February 17, 2021.", "meta": { "date_accessed": "2021-02-17T00:00:00Z", "date_published": "2020-08-11T00:00:00Z", "refs": [ "https://gitlab.com/wireshark/wireshark/-/wikis/WakeOnLAN" ], "source": "MITRE", "title": "WakeOnLAN (WOL)" }, "related": [], "uuid": "120e3b14-f08b-40e0-9d20-4ddda6b8cc06", "value": "GitLab WakeOnLAN" }, { "description": "Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.", "meta": { "date_accessed": "2019-03-15T00:00:00Z", "date_published": "2017-05-23T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html" ], "source": "MITRE", "title": "WannaCry Malware Profile" }, "related": [], "uuid": "34b15fe1-c550-4150-87bc-ac9662547247", "value": "FireEye WannaCry 2017" }, { "description": "Bundesamt fur Verfassungsschutz. (2024, February 17). Warning of North Korean cyber threats targeting the Defense Sector. Retrieved February 26, 2024.", "meta": { "date_accessed": "2024-02-26T00:00:00Z", "date_published": "2024-02-17T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2024-02-19-joint-cyber-security-advisory-englisch.pdf?__blob=publicationFile&v=2" ], "source": "Tidal Cyber", "title": "Warning of North Korean cyber threats targeting the Defense Sector" }, "related": [], "uuid": "cc76be15-6d9d-40b2-b7f3-196bb0a7106a", "value": "BfV North Korea February 17 2024" }, { "description": "Oliveira, A., Fiser, D. (2020, September 10). War of Linux Cryptocurrency Miners: A Battle for Resources. Retrieved April 6, 2021.", "meta": { "date_accessed": "2021-04-06T00:00:00Z", "date_published": "2020-09-10T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/20/i/war-of-linux-cryptocurrency-miners-a-battle-for-resources.html" ], "source": "MITRE", "title": "War of Linux Cryptocurrency Miners: A Battle for Resources" }, "related": [], "uuid": "1ba47efe-35f8-4d52-95c7-65cdc829c8e5", "value": "Trend Micro War of Crypto Miners" }, { "description": "Harakhavik, Y. (2020, February 3). Warzone: Behind the enemy lines. Retrieved December 17, 2021.", "meta": { "date_accessed": "2021-12-17T00:00:00Z", "date_published": "2020-02-03T00:00:00Z", "refs": [ "https://research.checkpoint.com/2020/warzone-behind-the-enemy-lines/" ], "source": "MITRE", "title": "Warzone: Behind the enemy lines" }, "related": [], "uuid": "c214c36e-2bc7-4b98-a74e-529aae99f9cf", "value": "Check Point Warzone Feb 2020" }, { "description": "Mohanta, A. (2020, November 25). Warzone RAT comes with UAC bypass technique. Retrieved April 7, 2022.", "meta": { "date_accessed": "2022-04-07T00:00:00Z", "date_published": "2020-11-25T00:00:00Z", "refs": [ "https://www.uptycs.com/blog/warzone-rat-comes-with-uac-bypass-technique" ], "source": "MITRE", "title": "Warzone RAT comes with UAC bypass technique" }, "related": [], "uuid": "1324b314-a4d9-43e7-81d6-70b6917fe527", "value": "Uptycs Warzone UAC Bypass November 2020" }, { "description": "Dragos. (n.d.). WASSONITE. Retrieved January 20, 2021.", "meta": { "date_accessed": "2021-01-20T00:00:00Z", "refs": [ "https://www.dragos.com/threat/wassonite/" ], "source": "MITRE", "title": "WASSONITE" }, "related": [], "uuid": "39e6ab06-9f9f-4292-9034-b2f56064164d", "value": "Dragos WASSONITE" }, { "description": "Antenucci, S., Pantazopoulos, N., Sandee, M. (2020, June 23). WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group. Retrieved September 14, 2021.", "meta": { "date_accessed": "2021-09-14T00:00:00Z", "date_published": "2020-06-23T00:00:00Z", "refs": [ "https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/" ], "source": "MITRE", "title": "WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group" }, "related": [], "uuid": "1520f2e5-2689-428f-9ee4-05e153a52381", "value": "NCC Group WastedLocker June 2020" }, { "description": "Walter, J.. (2020, July 23). WastedLocker Ransomware: Abusing ADS and NTFS File Attributes. Retrieved September 14, 2021.", "meta": { "date_accessed": "2021-09-14T00:00:00Z", "date_published": "2020-07-23T00:00:00Z", "refs": [ "https://www.sentinelone.com/labs/wastedlocker-ransomware-abusing-ads-and-ntfs-file-attributes/" ], "source": "MITRE", "title": "WastedLocker Ransomware: Abusing ADS and NTFS File Attributes" }, "related": [], "uuid": "5ed4eb07-cc90-46bc-8527-0bb59e1eefe1", "value": "Sentinel Labs WastedLocker July 2020" }, { "description": "Fishbein, N., Kajiloti, M.. (2020, July 28). Watch Your Containers: Doki Infecting Docker Servers in the Cloud. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "date_published": "2020-07-28T00:00:00Z", "refs": [ "https://www.intezer.com/blog/cloud-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/" ], "source": "MITRE", "title": "Watch Your Containers: Doki Infecting Docker Servers in the Cloud" }, "related": [], "uuid": "688b2582-6602-44e1-aaac-3a4b8e168b04", "value": "Intezer Doki July 20" }, { "description": "Su, V. et al. (2019, December 11). Waterbear Returns, Uses API Hooking to Evade Security. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2019-12-11T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/19/l/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection.html" ], "source": "MITRE", "title": "Waterbear Returns, Uses API Hooking to Evade Security" }, "related": [], "uuid": "bf320133-3823-4232-b7d2-d07da9bbccc2", "value": "Trend Micro Waterbear December 2019" }, { "description": "Symantec DeepSight Adversary Intelligence Team. (2019, June 20). Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments. Retrieved July 8, 2019.", "meta": { "date_accessed": "2019-07-08T00:00:00Z", "date_published": "2019-06-20T00:00:00Z", "refs": [ "https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments" ], "source": "MITRE", "title": "Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments" }, "related": [], "uuid": "ddd5c2c9-7126-4b89-b415-dc651a2ccc0e", "value": "Symantec Waterbug Jun 2019" }, { "description": "M.Léveillé, M., Cherepanov, A.. (2022, January 25). Watering hole deploys new macOS malware, DazzleSpy, in Asia. Retrieved May 6, 2022.", "meta": { "date_accessed": "2022-05-06T00:00:00Z", "date_published": "2022-01-25T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/" ], "source": "MITRE", "title": "Watering hole deploys new macOS malware, DazzleSpy, in Asia" }, "related": [], "uuid": "212012ac-9084-490f-8dd2-5cc9ac6e6de1", "value": "ESET DazzleSpy Jan 2022" }, { "description": "Microsoft. (2017, October 16). wbadmin delete catalog. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin-delete-catalog" ], "source": "MITRE", "title": "wbadmin delete catalog" }, "related": [], "uuid": "6adfba35-3bf1-4915-813e-40c4a843ae34", "value": "win_wbadmin_delete_catalog" }, { "description": "Counter Threat Unit Research Team. (2017, May 18). WCry Ransomware Analysis. Retrieved March 26, 2019.", "meta": { "date_accessed": "2019-03-26T00:00:00Z", "date_published": "2017-05-18T00:00:00Z", "refs": [ "https://www.secureworks.com/research/wcry-ransomware-analysis" ], "source": "MITRE", "title": "WCry Ransomware Analysis" }, "related": [], "uuid": "522b2a19-1d15-48f8-8801-c64d3abd945a", "value": "SecureWorks WannaCry Analysis" }, { "description": "Nick Aleks. (2015, November 7). Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers. Retrieved March 30, 2018.", "meta": { "date_accessed": "2018-03-30T00:00:00Z", "date_published": "2015-11-07T00:00:00Z", "refs": [ "https://www.youtube.com/watch?v=lDvf4ScWbcQ" ], "source": "MITRE", "title": "Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers" }, "related": [], "uuid": "fd22c941-b0dc-4420-b363-2f5777981041", "value": "Aleks Weapons Nov 2015" }, { "description": "NIST Information Technology Laboratory. (n.d.). web bug. Retrieved March 22, 2023.", "meta": { "date_accessed": "2023-03-22T00:00:00Z", "refs": [ "https://csrc.nist.gov/glossary/term/web_bug" ], "source": "MITRE", "title": "web bug" }, "related": [], "uuid": "b4362602-faf0-5b28-a147-b3153da1903f", "value": "NIST Web Bug" }, { "description": "Stevens, D. (2017, November 13). WebDAV Traffic To Malicious Sites. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "date_published": "2017-11-13T00:00:00Z", "refs": [ "https://blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/" ], "source": "MITRE", "title": "WebDAV Traffic To Malicious Sites" }, "related": [], "uuid": "b521efe2-5c1c-48c5-a2a9-95da2367f537", "value": "Didier Stevens WebDAV Traffic" }, { "description": "Jossef Harush Kadouri. (2022, March 7). Webhook Party — Malicious packages caught exfiltrating data via legit webhook services. Retrieved July 20, 2023.", "meta": { "date_accessed": "2023-07-20T00:00:00Z", "date_published": "2022-03-07T00:00:00Z", "refs": [ "https://medium.com/checkmarx-security/webhook-party-malicious-packages-caught-exfiltrating-data-via-legit-webhook-services-6e046b07d191" ], "source": "MITRE", "title": "Webhook Party — Malicious packages caught exfiltrating data via legit webhook services" }, "related": [], "uuid": "f68f1151-839e-5ae7-bab1-aa2b4c0d11ec", "value": "Checkmarx Webhooks" }, { "description": "Push Security. (2023, July 31). Webhooks. Retrieved August 4, 2023.", "meta": { "date_accessed": "2023-08-04T00:00:00Z", "date_published": "2023-07-31T00:00:00Z", "refs": [ "https://github.com/pushsecurity/saas-attacks/blob/main/techniques/webhooks/description.md" ], "source": "MITRE", "title": "Webhooks" }, "related": [], "uuid": "519693e2-71c9-55d2-98fd-be451837582a", "value": "Push Security SaaS Attacks Repository Webhooks" }, { "description": "Acunetix. (n.d.). Web Server Security and Database Server Security. Retrieved July 26, 2018.", "meta": { "date_accessed": "2018-07-26T00:00:00Z", "refs": [ "https://www.acunetix.com/websitesecurity/webserver-security/" ], "source": "MITRE", "title": "Web Server Security and Database Server Security" }, "related": [], "uuid": "cedbdeb8-6669-4c5c-a8aa-d37576aaa1ba", "value": "acunetix Server Secuirty" }, { "description": "Microsoft. (2017, June 23). Well-known security identifiers in Windows operating systems. Retrieved November 30, 2017.", "meta": { "date_accessed": "2017-11-30T00:00:00Z", "date_published": "2017-06-23T00:00:00Z", "refs": [ "https://support.microsoft.com/help/243330/well-known-security-identifiers-in-windows-operating-systems" ], "source": "MITRE", "title": "Well-known security identifiers in Windows operating systems" }, "related": [], "uuid": "14b344ed-bde6-4755-b59a-595edb23a210", "value": "Microsoft Well Known SIDs Jun 2017" }, { "description": "PWC. (2020, August 17). WellMess malware: analysis of its Command and Control (C2) server. Retrieved September 29, 2020.", "meta": { "date_accessed": "2020-09-29T00:00:00Z", "date_published": "2020-08-17T00:00:00Z", "refs": [ "https://www.pwc.co.uk/issues/cyber-security-services/insights/wellmess-analysis-command-control.html" ], "source": "MITRE", "title": "WellMess malware: analysis of its Command and Control (C2) server" }, "related": [], "uuid": "3afca6f1-680a-46ae-8cea-10b6b870d5e7", "value": "PWC WellMess C2 August 2020" }, { "description": "Doaty, J., Garrett, P.. (2018, September 10). We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "date_published": "2018-09-10T00:00:00Z", "refs": [ "https://cofense.com/seeing-resurgence-demonic-astaroth-wmic-trojan/" ], "source": "MITRE", "title": "We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan" }, "related": [], "uuid": "d316c581-646d-48e7-956e-34e2f957c67d", "value": "Cofense Astaroth Sept 2018" }, { "description": "Microsoft. (n.d.). wevtutil. Retrieved September 14, 2021.", "meta": { "date_accessed": "2021-09-14T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil" ], "source": "MITRE", "title": "wevtutil" }, "related": [], "uuid": "25511dde-9e13-4e03-8ae4-2495e9f5eb5e", "value": "Wevtutil Microsoft Documentation" }, { "description": "Plett, C. et al.. (2017, October 16). wevtutil. Retrieved July 2, 2018.", "meta": { "date_accessed": "2018-07-02T00:00:00Z", "date_published": "2017-10-16T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil" ], "source": "MITRE", "title": "wevtutil" }, "related": [], "uuid": "8896d802-96c6-4546-8a82-c1f7f2d71ea1", "value": "Microsoft wevtutil Oct 2017" }, { "description": "LOLBAS. (2021, September 26). Wfc.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-09-26T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Wfc/" ], "source": "Tidal Cyber", "title": "Wfc.exe" }, "related": [], "uuid": "a937012a-01c8-457c-8808-47c1753e8781", "value": "Wfc.exe - LOLBAS Project" }, { "description": "Bart Lenaerts-Bergman. (2023, March 14). WHAT ARE DOWNGRADE ATTACKS?. Retrieved May 24, 2023.", "meta": { "date_accessed": "2023-05-24T00:00:00Z", "date_published": "2023-03-14T00:00:00Z", "refs": [ "https://www.crowdstrike.com/cybersecurity-101/attack-types/downgrade-attacks/" ], "source": "MITRE", "title": "WHAT ARE DOWNGRADE ATTACKS?" }, "related": [], "uuid": "47856c5f-6c4c-5b4c-bbc1-ccb6848d9b74", "value": "Crowdstrike Downgrade" }, { "description": "Chrome. (n.d.). What are Extensions?. Retrieved November 16, 2017.", "meta": { "date_accessed": "2017-11-16T00:00:00Z", "refs": [ "https://developer.chrome.com/extensions" ], "source": "MITRE", "title": "What are Extensions?" }, "related": [], "uuid": "fe00cee9-54d9-4775-86da-b7db73295bf7", "value": "Chrome Extensions Definition" }, { "description": "Stack Exchange - Security. (2012, July 31). What are the methods to find hooked functions and APIs?. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2012-07-31T00:00:00Z", "refs": [ "https://security.stackexchange.com/questions/17904/what-are-the-methods-to-find-hooked-functions-and-apis" ], "source": "MITRE", "title": "What are the methods to find hooked functions and APIs?" }, "related": [], "uuid": "dfa76ff1-df9e-4cdf-aabe-476479cdcf13", "value": "StackExchange Hooks Jul 2012" }, { "description": "Jaron Bradley. (2021, November 14). What does APT Activity Look Like on macOS?. Retrieved January 19, 2022.", "meta": { "date_accessed": "2022-01-19T00:00:00Z", "date_published": "2021-11-14T00:00:00Z", "refs": [ "https://themittenmac.com/what-does-apt-activity-look-like-on-macos/" ], "source": "MITRE", "title": "What does APT Activity Look Like on macOS?" }, "related": [], "uuid": "7ccda957-b38d-4c3f-a8f5-6cecdcb3f584", "value": "macOS APT Activity Bradley" }, { "description": "okta. (n.d.). What Happens If Your JWT Is Stolen?. Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "refs": [ "https://developer.okta.com/blog/2018/06/20/what-happens-if-your-jwt-is-stolen" ], "source": "MITRE", "title": "What Happens If Your JWT Is Stolen?" }, "related": [], "uuid": "61e2fb16-d04b-494c-8bea-fb34e81faa73", "value": "okta" }, { "description": "Norton. (n.d.). What is a botnet?. Retrieved October 4, 2020.", "meta": { "date_accessed": "2020-10-04T00:00:00Z", "refs": [ "https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html" ], "source": "MITRE", "title": "What is a botnet?" }, "related": [], "uuid": "f97427f1-ea16-4e92-a4a2-4d62a800df15", "value": "Norton Botnet" }, { "description": "Microsoft. (2023, April 28). What is a DLL. Retrieved September 7, 2023.", "meta": { "date_accessed": "2023-09-07T00:00:00Z", "date_published": "2023-04-28T00:00:00Z", "refs": [ "https://learn.microsoft.com/troubleshoot/windows-client/deployment/dynamic-link-library" ], "source": "MITRE", "title": "What is a DLL" }, "related": [], "uuid": "f0ae2788-537c-5644-ba1b-d06a612e73c1", "value": "Microsoft DLL" }, { "description": "Cloudflare. (n.d.). What is a DNS amplification attack?. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "refs": [ "https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/" ], "source": "MITRE", "title": "What is a DNS amplification attack?" }, "related": [], "uuid": "734cb2bb-462a-4bdc-9774-6883f99379b9", "value": "Cloudflare DNSamplficationDoS" }, { "description": "Amazon. (n.d.). What Is Amazon VPC?. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html" ], "source": "MITRE", "title": "What Is Amazon VPC?" }, "related": [], "uuid": "7972332d-fbe9-4f14-9511-4298f65f2a86", "value": "Amazon AWS VPC Guide" }, { "description": "Cloudflare. (n.d.). What is an HTTP flood DDoS attack?. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "refs": [ "https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/" ], "source": "MITRE", "title": "What is an HTTP flood DDoS attack?" }, "related": [], "uuid": "1a5934a4-35ce-4f7c-be9c-c1faf4ee0838", "value": "Cloudflare HTTPflood" }, { "description": "Cloudflare. (n.d.). What is a NTP amplificaiton attack?. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "refs": [ "https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/" ], "source": "MITRE", "title": "What is a NTP amplificaiton attack?" }, "related": [], "uuid": "09ce093a-d378-4915-a35f-bf18a278d873", "value": "Cloudflare NTPamplifciationDoS" }, { "description": "Microsoft. (2022, September 9). What is a Primary Refresh Token?. Retrieved February 21, 2023.", "meta": { "date_accessed": "2023-02-21T00:00:00Z", "date_published": "2022-09-09T00:00:00Z", "refs": [ "https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token" ], "source": "MITRE", "title": "What is a Primary Refresh Token?" }, "related": [], "uuid": "d23bf6dc-979b-5f34-86a7-637979a5f20e", "value": "Microsoft Primary Refresh Token" }, { "description": "Justin Schamotta. (2022, October 28). What is a replay attack?. Retrieved September 27, 2023.", "meta": { "date_accessed": "2023-09-27T00:00:00Z", "date_published": "2022-10-28T00:00:00Z", "refs": [ "https://www.comparitech.com/blog/information-security/what-is-a-replay-attack/" ], "source": "MITRE", "title": "What is a replay attack?" }, "related": [], "uuid": "a9f0b569-8f18-579f-bf98-f4f9b93e5524", "value": "Comparitech Replay Attack" }, { "description": "Corero. (n.d.). What is a SYN-ACK Flood Attack?. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "refs": [ "https://www.corero.com/resources/ddos-attack-types/syn-flood-ack.html" ], "source": "MITRE", "title": "What is a SYN-ACK Flood Attack?" }, "related": [], "uuid": "ec41de8a-c673-41bf-b713-4a647b135532", "value": "Corero SYN-ACKflood" }, { "description": "Cloudflare. (n.d.). What is a SYN flood attack?. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "refs": [ "https://www.cloudflare.com/learning/ddos/syn-flood-ddos-attack/" ], "source": "MITRE", "title": "What is a SYN flood attack?" }, "related": [], "uuid": "e292c4fe-ae77-4393-b666-fb6290cb4aa8", "value": "Cloudflare SynFlood" }, { "description": "Microsoft. (n.d.). What is a virtual machine (VM)?. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "refs": [ "https://azure.microsoft.com/en-us/overview/what-is-a-virtual-machine/" ], "source": "MITRE", "title": "What is a virtual machine (VM)?" }, "related": [], "uuid": "9afbd6a5-1c31-4727-8f36-04d4d8e65660", "value": "Amazon VM" }, { "description": "RedHat. (2022, June 1). What is a webhook?. Retrieved July 20, 2023.", "meta": { "date_accessed": "2023-07-20T00:00:00Z", "date_published": "2022-06-01T00:00:00Z", "refs": [ "https://www.redhat.com/en/topics/automation/what-is-a-webhook" ], "source": "MITRE", "title": "What is a webhook?" }, "related": [], "uuid": "37321591-40fd-537e-ba74-71042bc5064e", "value": "RedHat Webhooks" }, { "description": "AWS. (2023, June 2). What is AWS System Manager?. Retrieved June 2, 2023.", "meta": { "date_accessed": "2023-06-02T00:00:00Z", "date_published": "2023-06-02T00:00:00Z", "refs": [ "https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html" ], "source": "MITRE", "title": "What is AWS System Manager?" }, "related": [], "uuid": "a7813928-4351-54c5-a64e-61bd4689e93b", "value": "AWS System Manager" }, { "description": "Annamalai, N., Casey, C., Almeida, M., et. al.. (2019, June 18). What is Azure Virtual Network?. Retrieved October 6, 2019.", "meta": { "date_accessed": "2019-10-06T00:00:00Z", "date_published": "2019-06-18T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview" ], "source": "MITRE", "title": "What is Azure Virtual Network?" }, "related": [], "uuid": "bf7f2e7a-f5ae-4b6e-8c90-fd41a92c4615", "value": "Microsoft Azure Virtual Network Overview" }, { "description": "Bart Lenaerts-Bergmans. (2023, March 10). What is Business Email Compromise?. Retrieved August 8, 2023.", "meta": { "date_accessed": "2023-08-08T00:00:00Z", "date_published": "2023-03-10T00:00:00Z", "refs": [ "https://www.crowdstrike.com/cybersecurity-101/business-email-compromise-bec/" ], "source": "MITRE", "title": "What is Business Email Compromise?" }, "related": [], "uuid": "7e674a8d-e79f-5cb0-8ad2-a7678e647c6f", "value": "CrowdStrike-BEC" }, { "description": "Palo Alto Networks. (n.d.). What Is DNS Tunneling?. Retrieved March 15, 2020.", "meta": { "date_accessed": "2020-03-15T00:00:00Z", "refs": [ "https://www.paloaltonetworks.com/cyberpedia/what-is-dns-tunneling" ], "source": "MITRE", "title": "What Is DNS Tunneling?" }, "related": [], "uuid": "efe1c443-475b-45fc-8d33-5bf3bdf941c5", "value": "PAN DNS Tunneling" }, { "description": "Proofpoint. (n.d.). What Is Email Spoofing?. Retrieved February 24, 2023.", "meta": { "date_accessed": "2023-02-24T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-reference/email-spoofing" ], "source": "MITRE", "title": "What Is Email Spoofing?" }, "related": [], "uuid": "fe9f7542-bbf0-5e34-b3a9-8596cc5aa754", "value": "Proofpoint-spoof" }, { "description": "Reynolds, James. (2016, April 7). What is emond?. Retrieved September 10, 2019.", "meta": { "date_accessed": "2019-09-10T00:00:00Z", "date_published": "2016-04-07T00:00:00Z", "refs": [ "http://www.magnusviri.com/Mac/what-is-emond.html" ], "source": "MITRE", "title": "What is emond?" }, "related": [], "uuid": "373f64a5-a30f-4b6e-b352-d0c6f8b65fdb", "value": "magnusviri emond Apr 2016" }, { "description": "Microsoft. (2018, November 28). What is federation with Azure AD?. Retrieved December 30, 2020.", "meta": { "date_accessed": "2020-12-30T00:00:00Z", "date_published": "2018-11-28T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed" ], "source": "MITRE", "title": "What is federation with Azure AD?" }, "related": [], "uuid": "fedb345f-b5a7-40cd-98c7-6b14bab95ed9", "value": "Microsoft - Azure AD Federation" }, { "description": "grsecurity. (2017, December 12). What is grsecurity?. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "date_published": "2017-12-12T00:00:00Z", "refs": [ "https://grsecurity.net/" ], "source": "MITRE", "title": "What is grsecurity?" }, "related": [], "uuid": "f87c0c95-65bd-4b57-9b7d-1b7936f03c2a", "value": "grsecurity official" }, { "description": "Petersson, J. (2005, August 14). What is linux-gate.so.1?. Retrieved June 16, 2020.", "meta": { "date_accessed": "2020-06-16T00:00:00Z", "date_published": "2005-08-14T00:00:00Z", "refs": [ "https://web.archive.org/web/20051013084246/http://www.trilithium.com/johan/2005/08/linux-gate/" ], "source": "MITRE", "title": "What is linux-gate.so.1?" }, "related": [], "uuid": "ae70f799-ebb6-4ffe-898e-945cb754c1cb", "value": "VDSO Aug 2005" }, { "description": "Microsoft. (2020, September 27). What is Microsoft Management Console?. Retrieved October 5, 2021.", "meta": { "date_accessed": "2021-10-05T00:00:00Z", "date_published": "2020-09-27T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/what-is-microsoft-management-console" ], "source": "MITRE", "title": "What is Microsoft Management Console?" }, "related": [], "uuid": "57e130ab-f981-423e-bafe-51d0d0e1abdf", "value": "what_is_mmc" }, { "description": "Microsoft. (n.d.). What is .NET Framework?. Retrieved March 15, 2020.", "meta": { "date_accessed": "2020-03-15T00:00:00Z", "refs": [ "https://dotnet.microsoft.com/learn/dotnet/what-is-dotnet-framework" ], "source": "MITRE", "title": "What is .NET Framework?" }, "related": [], "uuid": "b4727044-51bb-43b3-afdb-515bb4bb0f7e", "value": "Microsoft NET" }, { "description": "Ciarniello, A. (2019, September 24). What is Pastebin and Why Do Hackers Love It?. Retrieved April 11, 2023.", "meta": { "date_accessed": "2023-04-11T00:00:00Z", "date_published": "2019-09-24T00:00:00Z", "refs": [ "https://web.archive.org/web/20201107203304/https://www.echosec.net/blog/what-is-pastebin-and-why-do-hackers-love-it" ], "source": "MITRE", "title": "What is Pastebin and Why Do Hackers Love It?" }, "related": [], "uuid": "3fc422e5-9a1d-5ac4-8e65-1df13d8a688e", "value": "Pastebin EchoSec" }, { "description": "Microsoft. (n.d.). What is Protected View?. Retrieved November 22, 2017.", "meta": { "date_accessed": "2017-11-22T00:00:00Z", "refs": [ "https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653" ], "source": "MITRE", "title": "What is Protected View?" }, "related": [], "uuid": "5261895f-367f-4c5d-b4df-7ff44bbbe28e", "value": "Microsoft Protected View" }, { "description": "Microsoft. (2003, March 28). What Is RPC?. Retrieved June 12, 2016.", "meta": { "date_accessed": "2016-06-12T00:00:00Z", "date_published": "2003-03-28T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/library/cc787851.aspx" ], "source": "MITRE", "title": "What Is RPC?" }, "related": [], "uuid": "7eaa0fa8-953a-482e-8f6b-02607e928525", "value": "TechNet RPC" }, { "description": "Apple. (2014, April 9). What Is the I/O Kit?. Retrieved September 24, 2021.", "meta": { "date_accessed": "2021-09-24T00:00:00Z", "date_published": "2014-04-09T00:00:00Z", "refs": [ "https://developer.apple.com/library/archive/documentation/DeviceDrivers/Conceptual/IOKitFundamentals/Features/Features.html" ], "source": "MITRE", "title": "What Is the I/O Kit?" }, "related": [], "uuid": "ac90279f-becd-4a96-a08e-8c4c26dba3c0", "value": "IOKit Fundamentals" }, { "description": "baeldung. (2020, August 9). What Is the LD_PRELOAD Trick?. Retrieved March 24, 2021.", "meta": { "date_accessed": "2021-03-24T00:00:00Z", "date_published": "2020-08-09T00:00:00Z", "refs": [ "https://www.baeldung.com/linux/ld_preload-trick-what-is" ], "source": "MITRE", "title": "What Is the LD_PRELOAD Trick?" }, "related": [], "uuid": "6fd6ea96-1cf4-4169-8069-4f29dbc9f217", "value": "Baeldung LD_PRELOAD" }, { "description": "Microsoft. (2011, April 19). What Is VBScript?. Retrieved March 28, 2020.", "meta": { "date_accessed": "2020-03-28T00:00:00Z", "date_published": "2011-04-19T00:00:00Z", "refs": [ "https://docs.microsoft.com/previous-versions//1kw29xwf(v=vs.85)" ], "source": "MITRE", "title": "What Is VBScript?" }, "related": [], "uuid": "5ea8d8c7-8039-4210-967a-a4dcd566bf95", "value": "Microsoft VBScript" }, { "description": "CloudFlare. (n.d.). What is vendor email compromise (VEC)?. Retrieved September 12, 2023.", "meta": { "date_accessed": "2023-09-12T00:00:00Z", "refs": [ "https://www.cloudflare.com/learning/email-security/what-is-vendor-email-compromise/#:~:text=Vendor%20email%20compromise%2C%20also%20referred,steal%20from%20that%20vendor%27s%20customers." ], "source": "MITRE", "title": "What is vendor email compromise (VEC)?" }, "related": [], "uuid": "4fd7c9f7-4731-524a-b332-9cb7f2c025ae", "value": "VEC" }, { "description": "Proofpoint. (n.d.). What Is Vishing?. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "refs": [ "https://www.proofpoint.com/us/threat-reference/vishing" ], "source": "MITRE", "title": "What Is Vishing?" }, "related": [], "uuid": "7a200d34-b4f3-5036-8582-23872ef27eb1", "value": "Proofpoint Vishing" }, { "description": "Alashwali, E. S., Rasmussen, K. (2019, January 26). What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS. Retrieved December 7, 2021.", "meta": { "date_accessed": "2021-12-07T00:00:00Z", "date_published": "2019-01-26T00:00:00Z", "refs": [ "https://arxiv.org/abs/1809.05681" ], "source": "MITRE", "title": "What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS" }, "related": [], "uuid": "4459076e-7c79-4855-9091-5aabd274f586", "value": "taxonomy_downgrade_att_tls" }, { "description": "Harbour, N. (2011, June 3). What the fxsst?. Retrieved November 17, 2020.", "meta": { "date_accessed": "2020-11-17T00:00:00Z", "date_published": "2011-06-03T00:00:00Z", "refs": [ "https://www.fireeye.com/blog/threat-research/2011/06/fxsst.html" ], "source": "MITRE", "title": "What the fxsst?" }, "related": [], "uuid": "06f8f5b2-2ebe-4210-84b6-f86e911a7118", "value": "FireEye fxsst June 2011" }, { "description": "Krebs, B.. (2019, August 19). What We Can Learn from the Capital One Hack. Retrieved March 25, 2020.", "meta": { "date_accessed": "2020-03-25T00:00:00Z", "date_published": "2019-08-19T00:00:00Z", "refs": [ "https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/" ], "source": "MITRE", "title": "What We Can Learn from the Capital One Hack" }, "related": [], "uuid": "7d917231-735c-40d8-806d-7fee60d2f996", "value": "Krebs Capital One August 2019" }, { "description": "Pravs. (2009, May 25). What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that?. Retrieved March 21, 2018.", "meta": { "date_accessed": "2018-03-21T00:00:00Z", "date_published": "2009-05-25T00:00:00Z", "refs": [ "https://www.symantec.com/connect/articles/what-you-need-know-about-alternate-data-streams-windows-your-data-secure-can-you-restore" ], "source": "MITRE", "title": "What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that?" }, "related": [], "uuid": "e2970bef-439d-435d-92e7-8c58abbd270c", "value": "Symantec ADS May 2009" }, { "description": "Galperin, E., Et al.. (2016, August 4). When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists. Retrieved May 23, 2018.", "meta": { "date_accessed": "2018-05-23T00:00:00Z", "date_published": "2016-08-04T00:00:00Z", "refs": [ "https://www.blackhat.com/docs/us-16/materials/us-16-Quintin-When-Governments-Attack-State-Sponsored-Malware-Attacks-Against-Activists-Lawyers-And-Journalists.pdf" ], "source": "MITRE", "title": "When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists" }, "related": [], "uuid": "1debebac-6578-433f-b8c3-d17e704ee501", "value": "BH Manul Aug 2016" }, { "description": "Kent Backman. (2021, May 18). When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar. Retrieved August 18, 2022.", "meta": { "date_accessed": "2022-08-18T00:00:00Z", "date_published": "2021-05-18T00:00:00Z", "refs": [ "https://www.dragos.com/blog/industry-news/a-new-water-watering-hole/" ], "source": "MITRE", "title": "When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar" }, "related": [], "uuid": "8768909c-f511-4067-9a97-6f7dee24f276", "value": "Dragos Heroku Watering Hole" }, { "description": "Cody Thomas. (2019, November 14). When Kirbi walks the Bifrost. Retrieved October 6, 2021.", "meta": { "date_accessed": "2021-10-06T00:00:00Z", "date_published": "2019-11-14T00:00:00Z", "refs": [ "https://posts.specterops.io/when-kirbi-walks-the-bifrost-4c727807744f" ], "source": "MITRE", "title": "When Kirbi walks the Bifrost" }, "related": [], "uuid": "58ecb4e9-25fc-487b-9fed-25c781cc531b", "value": "SpectorOps Bifrost Kerberos macOS 2019" }, { "description": "Harbison, M. and Renals, P. (2022, July 5). When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors. Retrieved February 1, 2023.", "meta": { "date_accessed": "2023-02-01T00:00:00Z", "date_published": "2022-07-05T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/" ], "source": "MITRE", "title": "When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors" }, "related": [], "uuid": "a9ab0444-386b-5baf-84e1-0e6df4a21296", "value": "Palo Alto Brute Ratel July 2022" }, { "description": "Chris Taylor. (2017, October 5). When Phishing Starts from the Inside. Retrieved October 8, 2019.", "meta": { "date_accessed": "2019-10-08T00:00:00Z", "date_published": "2017-10-05T00:00:00Z", "refs": [ "https://blog.trendmicro.com/phishing-starts-inside/" ], "source": "MITRE", "title": "When Phishing Starts from the Inside" }, "related": [], "uuid": "dbdc2009-a468-439b-bd96-e6153b3fb8a1", "value": "Trend Micro When Phishing Starts from the Inside 2017" }, { "description": "Booz Allen Hamilton. (n.d.). When The Lights Went Out. Retrieved October 22, 2019", "meta": { "date_accessed": "2019-10-22T00:00:00Z", "refs": [ "https://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf" ], "source": "MITRE", "title": "When The Lights Went Out" }, "related": [], "uuid": "7f0acd33-602e-5f07-a1ae-a87e3c8f2eb5", "value": "Booz Allen Hamilton" }, { "description": "Microsoft. (n.d.). When to Use Transactional NTFS. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx" ], "source": "MITRE", "title": "When to Use Transactional NTFS" }, "related": [], "uuid": "f315072c-67cb-4166-aa18-8e92e00ef7e8", "value": "Microsoft Where to use TxF" }, { "description": "Tim Wadhwa-Brown. (2018, November). Where 2 worlds collide Bringing Mimikatz et al to UNIX. Retrieved October 13, 2021.", "meta": { "date_accessed": "2021-10-13T00:00:00Z", "date_published": "2018-11-01T00:00:00Z", "refs": [ "https://labs.portcullis.co.uk/download/eu-18-Wadhwa-Brown-Where-2-worlds-collide-Bringing-Mimikatz-et-al-to-UNIX.pdf" ], "source": "MITRE", "title": "Where 2 worlds collide Bringing Mimikatz et al to UNIX" }, "related": [], "uuid": "5ad06565-6694-4c42-81c9-880d66f6d07f", "value": "Brining MimiKatz to Unix" }, { "description": "Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.", "meta": { "date_accessed": "2016-01-25T00:00:00Z", "date_published": "2014-09-02T00:00:00Z", "refs": [ "http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/" ], "source": "MITRE, Tidal Cyber", "title": "Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems" }, "related": [], "uuid": "fcc9b52a-751f-4985-8c32-7aaf411706ad", "value": "Dell Lateral Movement" }, { "description": "Carvey, H.. (2014, September). Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems. Retrieved November 27, 2019.", "meta": { "date_accessed": "2019-11-27T00:00:00Z", "date_published": "2014-09-01T00:00:00Z", "refs": [ "https://www.secureworks.com/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems" ], "source": "MITRE", "title": "Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems" }, "related": [], "uuid": "cd197a24-3671-427f-8ee6-da001ec985c8", "value": "Secureworks - AT.exe Scheduled Task" }, { "description": "Cybereason Nocturnus. (2022, February 15). Cybereason vs. WhisperGate and HermeticWiper. Retrieved March 10, 2022.", "meta": { "date_accessed": "2022-03-10T00:00:00Z", "refs": [ "https://www.cybereason.com/blog/cybereason-vs.-whispergate-wiper" ], "source": "MITRE", "title": "WhisperGate and HermeticWiper" }, "related": [], "uuid": "464d9cac-04c7-4e57-a5d6-604fba90a982", "value": "Cybereason WhisperGate February 2022" }, { "description": "Insikt Group. (2020, January 28). WhisperGate Malware Corrupts Computers in Ukraine. Retrieved March 31, 2023.", "meta": { "date_accessed": "2023-03-31T00:00:00Z", "date_published": "2020-01-28T00:00:00Z", "refs": [ "https://www.recordedfuture.com/whispergate-malware-corrupts-computers-ukraine" ], "source": "MITRE", "title": "WhisperGate Malware Corrupts Computers in Ukraine" }, "related": [], "uuid": "4610e4db-a75b-5fdd-826d-15099d131585", "value": "RecordedFuture WhisperGate Jan 2022" }, { "description": "Symantec. (2019, March 6). Whitefly: Espionage Group has Singapore in Its Sights. Retrieved May 26, 2020.", "meta": { "date_accessed": "2020-05-26T00:00:00Z", "date_published": "2019-03-06T00:00:00Z", "refs": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/whitefly-espionage-singapore" ], "source": "MITRE, Tidal Cyber", "title": "Whitefly: Espionage Group has Singapore in Its Sights" }, "related": [], "uuid": "d0e48356-36d9-4b4c-b621-e3c4404378d2", "value": "Symantec Whitefly March 2019" }, { "description": "Accenture. (2021, November 9). Who are latest targets of cyber group Lyceum?. Retrieved June 16, 2022.", "meta": { "date_accessed": "2022-06-16T00:00:00Z", "date_published": "2021-11-09T00:00:00Z", "refs": [ "https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns" ], "source": "MITRE", "title": "Who are latest targets of cyber group Lyceum?" }, "related": [], "uuid": "127836ce-e459-405d-a75c-32fd5f0ab198", "value": "Accenture Lyceum Targets November 2021" }, { "description": "Brian Krebs. (2017, January 18). Who is Anna-Senpai, the Mirai Worm Author?. Retrieved May 15, 2017.", "meta": { "date_accessed": "2017-05-15T00:00:00Z", "date_published": "2017-01-18T00:00:00Z", "refs": [ "https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/" ], "source": "MITRE", "title": "Who is Anna-Senpai, the Mirai Worm Author?" }, "related": [], "uuid": "028b7582-be46-4642-9e36-b781cac66340", "value": "Krebs-Anna" }, { "description": "CrowdStrike. (2022, March 30). Who is EMBER BEAR?. Retrieved June 9, 2022.", "meta": { "date_accessed": "2022-06-09T00:00:00Z", "date_published": "2022-03-30T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/who-is-ember-bear/" ], "source": "MITRE", "title": "Who is EMBER BEAR?" }, "related": [], "uuid": "0639c340-b495-4d91-8418-3069f3fe0df1", "value": "CrowdStrike Ember Bear Profile March 2022" }, { "description": "NTT America. (n.d.). Whois Lookup. Retrieved October 20, 2020.", "meta": { "date_accessed": "2020-10-20T00:00:00Z", "refs": [ "https://www.whois.net/" ], "source": "MITRE", "title": "Whois Lookup" }, "related": [], "uuid": "fa6cba30-66e9-4a6b-85e8-a8c3773a3efe", "value": "WHOIS" }, { "description": "Meyers, A. (2013, March 29). Whois Numbered Panda. Retrieved January 14, 2016.", "meta": { "date_accessed": "2016-01-14T00:00:00Z", "date_published": "2013-03-29T00:00:00Z", "refs": [ "http://www.crowdstrike.com/blog/whois-numbered-panda/" ], "source": "MITRE, Tidal Cyber", "title": "Whois Numbered Panda" }, "related": [], "uuid": "988dfcfc-0c16-4129-9523-a77539291951", "value": "Meyers Numbered Panda" }, { "description": "Orleans, A. (2020, August 31). Who Is PIONEER KITTEN?. Retrieved December 21, 2020.", "meta": { "date_accessed": "2020-12-21T00:00:00Z", "date_published": "2020-08-31T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/who-is-pioneer-kitten/" ], "source": "MITRE, Tidal Cyber", "title": "Who Is PIONEER KITTEN?" }, "related": [], "uuid": "4fce29cc-ddab-4b96-b295-83c282a87564", "value": "CrowdStrike PIONEER KITTEN August 2020" }, { "description": "Baumgartner, K., Guerrero-Saade, J. (2015, March 4). Who’s Really Spreading through the Bright Star?. Retrieved December 18, 2020.", "meta": { "date_accessed": "2020-12-18T00:00:00Z", "date_published": "2015-03-04T00:00:00Z", "refs": [ "https://securelist.com/whos-really-spreading-through-the-bright-star/68978/" ], "source": "MITRE", "title": "Who’s Really Spreading through the Bright Star?" }, "related": [], "uuid": "59cba16f-91ed-458c-91c9-5b02c03678f5", "value": "SECURELIST Bright Star 2015" }, { "description": "Fiser, D., Oliveira, A.. (2019, December 20). Why a Privileged Container in Docker is a Bad Idea. Retrieved March 30, 2021.", "meta": { "date_accessed": "2021-03-30T00:00:00Z", "date_published": "2019-12-20T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-bad-idea.html" ], "source": "MITRE", "title": "Why a Privileged Container in Docker is a Bad Idea" }, "related": [], "uuid": "92ac290c-4863-4774-b334-848ed72e3627", "value": "Trend Micro Privileged Container" }, { "description": "Mandiant Intelligence. (2023, September 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety. Retrieved November 16, 2023.", "meta": { "date_accessed": "2023-11-16T00:00:00Z", "date_published": "2023-09-14T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware" ], "source": "Tidal Cyber", "title": "Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety" }, "related": [], "uuid": "7420d79f-c6a3-4932-9c2e-c9cc36e2ca35", "value": "Mandiant UNC3944 September 14 2023" }, { "description": "Auth0. (n.d.). Why You Should Always Use Access Tokens to Secure APIs. Retrieved September 12, 2019.", "meta": { "date_accessed": "2019-09-12T00:00:00Z", "refs": [ "https://auth0.com/blog/why-should-use-accesstokens-to-secure-an-api/" ], "source": "MITRE", "title": "Why You Should Always Use Access Tokens to Secure APIs" }, "related": [], "uuid": "8ec52402-7e54-463d-8906-f373e5855018", "value": "Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019" }, { "description": "Ladikov, A. (2015, January 29). Why You Shouldn’t Completely Trust Files Signed with Digital Certificates. Retrieved March 31, 2016.", "meta": { "date_accessed": "2016-03-31T00:00:00Z", "date_published": "2015-01-29T00:00:00Z", "refs": [ "https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/" ], "source": "MITRE", "title": "Why You Shouldn’t Completely Trust Files Signed with Digital Certificates" }, "related": [], "uuid": "3568163b-24b8-42fd-b111-b9d83c34cc4f", "value": "Securelist Digital Certificates" }, { "description": "Matt Dahl. (2019, January 25). Widespread DNS Hijacking Activity Targets Multiple Sectors. Retrieved February 14, 2022.", "meta": { "date_accessed": "2022-02-14T00:00:00Z", "date_published": "2019-01-25T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/" ], "source": "MITRE", "title": "Widespread DNS Hijacking Activity Targets Multiple Sectors" }, "related": [], "uuid": "969ad6de-9415-464d-ba52-2e61e1814a92", "value": "Crowdstrike DNS Hijack 2019" }, { "description": "Geeks for Geeks. (n.d.). Wi-Fi Password of All Connected Networks in Windows/Linux. Retrieved September 8, 2023.", "meta": { "date_accessed": "2023-09-08T00:00:00Z", "refs": [ "https://www.geeksforgeeks.org/wi-fi-password-connected-networks-windowslinux/" ], "source": "MITRE", "title": "Wi-Fi Password of All Connected Networks in Windows/Linux" }, "related": [], "uuid": "7005f62f-0239-56c7-964b-64384e17b8da", "value": "Wi-Fi Password of All Connected Networks in Windows/Linux" }, { "description": "Executable compression. (n.d.). Retrieved December 4, 2014.", "meta": { "date_accessed": "2014-12-04T00:00:00Z", "refs": [ "http://en.wikipedia.org/wiki/Executable_compression" ], "source": "MITRE", "title": "Wikipedia Exe Compression" }, "related": [], "uuid": "13ac05f8-f2a9-4243-8039-aff9ee1d5fc6", "value": "Wikipedia Exe Compression" }, { "description": "Matrosov, A., Rodionov, E., Volkov, D., Harley, D. (2012, March 2). Win32/Carberp When You’re in a Black Hole, Stop Digging. Retrieved July 15, 2020.", "meta": { "date_accessed": "2020-07-15T00:00:00Z", "date_published": "2012-03-02T00:00:00Z", "refs": [ "https://www.eset.com/fileadmin/eset/US/resources/docs/white-papers/white-papers-win-32-carberp.pdf" ], "source": "MITRE", "title": "Win32/Carberp When You’re in a Black Hole, Stop Digging" }, "related": [], "uuid": "806eadfc-f473-4f2b-b03b-8a1f1c0a2d96", "value": "ESET Carberp March 2012" }, { "description": "Anton Cherepanov. (2017, June 12). Win32/Industroyer: A new threat for industrial controls systems. Retrieved December 18, 2020.", "meta": { "date_accessed": "2020-12-18T00:00:00Z", "date_published": "2017-06-12T00:00:00Z", "refs": [ "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf" ], "source": "MITRE", "title": "Win32/Industroyer: A new threat for industrial controls systems" }, "related": [], "uuid": "9197f712-3c53-4746-9722-30e248511611", "value": "ESET Industroyer" }, { "description": "Manuel, J. and Plantado, R.. (2015, August 9). Win32/Kasidet. Retrieved March 24, 2016.", "meta": { "date_accessed": "2016-03-24T00:00:00Z", "date_published": "2015-08-09T00:00:00Z", "refs": [ "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2FKasidet" ], "source": "MITRE", "title": "Win32/Kasidet" }, "related": [], "uuid": "7c34c189-6581-4a56-aead-871400839d1a", "value": "Microsoft Kasidet" }, { "description": "Vachon, F. (2017, October 30). Windigo Still not Windigone: An Ebury Update . Retrieved February 10, 2021.", "meta": { "date_accessed": "2021-02-10T00:00:00Z", "date_published": "2017-10-30T00:00:00Z", "refs": [ "https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/" ], "source": "MITRE", "title": "Windigo Still not Windigone: An Ebury Update" }, "related": [], "uuid": "5257a8ed-1cc8-42f8-86a7-8c0fd0e553a7", "value": "ESET Ebury Oct 2017" }, { "description": "Microsoft. (2015, June 9). Windows 10 to offer application developers new malware defenses. Retrieved February 12, 2018.", "meta": { "date_accessed": "2018-02-12T00:00:00Z", "date_published": "2015-06-09T00:00:00Z", "refs": [ "https://cloudblogs.microsoft.com/microsoftsecure/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses/?source=mmpc" ], "source": "MITRE", "title": "Windows 10 to offer application developers new malware defenses" }, "related": [], "uuid": "d3724d08-f89b-4fb9-a0ea-3a6f929e0b6a", "value": "Microsoft AMSI June 2015" }, { "description": "Davidson, L. (n.d.). Windows 7 UAC whitelist. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "refs": [ "http://www.pretentiousname.com/misc/win7_uac_whitelist2.html" ], "source": "MITRE", "title": "Windows 7 UAC whitelist" }, "related": [], "uuid": "49af01f2-06c5-4b21-9882-901ad828ee28", "value": "Davidson Windows" }, { "description": "spotheplanet. (n.d.). Windows API Hashing in Malware. Retrieved August 22, 2022.", "meta": { "date_accessed": "2022-08-22T00:00:00Z", "refs": [ "https://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware" ], "source": "MITRE", "title": "Windows API Hashing in Malware" }, "related": [], "uuid": "1b8b87d5-1b70-401b-8850-d8afd3b22356", "value": "IRED API Hashing" }, { "description": "Trend Micro. (2019, February 11). Windows App Runs on Mac, Downloads Info Stealer and Adware. Retrieved April 25, 2019.", "meta": { "date_accessed": "2019-04-25T00:00:00Z", "date_published": "2019-02-11T00:00:00Z", "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info-stealer-and-adware/" ], "source": "MITRE", "title": "Windows App Runs on Mac, Downloads Info Stealer and Adware" }, "related": [], "uuid": "dc673650-1a37-4af1-aa03-8f57a064156b", "value": "TrendMicro WindowsAppMac" }, { "description": "Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.", "meta": { "date_accessed": "2016-02-02T00:00:00Z", "date_published": "2016-01-26T00:00:00Z", "refs": [ "https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html" ], "source": "MITRE", "title": "Windows Commands Abused by Attackers" }, "related": [], "uuid": "9d935f7f-bc2a-4d09-a51a-82074ffd7d77", "value": "Windows Commands JPCERT" }, { "description": "Amplia Security. (n.d.). Windows Credentials Editor (WCE) F.A.Q.. Retrieved December 17, 2015.", "meta": { "date_accessed": "2015-12-17T00:00:00Z", "refs": [ "http://www.ampliasecurity.com/research/wcefaq.html" ], "source": "MITRE", "title": "Windows Credentials Editor (WCE) F.A.Q." }, "related": [], "uuid": "790ea33a-7a64-488e-ab90-d82e021e0c06", "value": "Amplia WCE" }, { "description": "Gorzelany, A., Hall, J., Poggemeyer, L.. (2019, January 7). Windows Defender Application Control. Retrieved July 16, 2019.", "meta": { "date_accessed": "2019-07-16T00:00:00Z", "date_published": "2019-01-07T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control" ], "source": "MITRE", "title": "Windows Defender Application Control" }, "related": [], "uuid": "678ef307-d203-4b65-bed4-b844ada7ab83", "value": "Microsoft Windows Defender Application Control" }, { "description": "Florio, E.. (2017, May 4). Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack. Retrieved February 14, 2019.", "meta": { "date_accessed": "2019-02-14T00:00:00Z", "date_published": "2017-05-04T00:00:00Z", "refs": [ "https://www.microsoft.com/security/blog/2017/05/04/windows-defender-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack/" ], "source": "MITRE", "title": "Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack" }, "related": [], "uuid": "567ce633-a061-460b-84af-01dfe3d818c7", "value": "Microsoft Operation Wilysupply" }, { "description": "Eli Collins. (2016, November 25). Windows' Domain Cached Credentials v2. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "date_published": "2016-11-25T00:00:00Z", "refs": [ "https://passlib.readthedocs.io/en/stable/lib/passlib.hash.msdcc2.html" ], "source": "MITRE", "title": "Windows' Domain Cached Credentials v2" }, "related": [], "uuid": "ce40e997-d04b-49a6-8838-13205c54243a", "value": "PassLib mscache" }, { "description": "Forshaw, J. (2018, April 18). Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege. Retrieved May 3, 2018.", "meta": { "date_accessed": "2018-05-03T00:00:00Z", "date_published": "2018-04-18T00:00:00Z", "refs": [ "https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html" ], "source": "MITRE", "title": "Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege" }, "related": [], "uuid": "2c49288b-438d-487a-8e6e-f9d9eda73e2f", "value": "ProjectZero File Write EoP Apr 2018" }, { "description": "JinQuan, MaDongZe, TuXiaoYi, and LiHao. (2021, February 10). Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack. Retrieved June 1, 2022.", "meta": { "date_accessed": "2022-06-01T00:00:00Z", "date_published": "2021-02-10T00:00:00Z", "refs": [ "https://ti.dbappsecurity.com.cn/blog/articles/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/" ], "source": "MITRE", "title": "Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack" }, "related": [], "uuid": "fb98df9a-303d-4658-93da-0dcbd7bf9b1e", "value": "DBAPPSecurity BITTER zero-day Feb 2021" }, { "description": "Eye of Ra. (2017, June 27). Windows Keylogger Part 2: Defense against user-land. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2017-06-27T00:00:00Z", "refs": [ "https://eyeofrablog.wordpress.com/2017/06/27/windows-keylogger-part-2-defense-against-user-land/" ], "source": "MITRE", "title": "Windows Keylogger Part 2: Defense against user-land" }, "related": [], "uuid": "d2d2186c-040f-4045-b161-fc468aa09534", "value": "EyeofRa Detecting Hooking June 2017" }, { "description": "Passcape. (n.d.). Windows LSA secrets. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "refs": [ "https://www.passcape.com/index.php?section=docsys&cmd=details&id=23" ], "source": "MITRE", "title": "Windows LSA secrets" }, "related": [], "uuid": "64b0e13f-de5f-4964-bcfa-bb0f6206383a", "value": "Passcape LSA Secrets" }, { "description": "Lucian Constantin. (2014, January 23). Windows malware tries to infect Android devices connected to PCs. Retrieved May 25, 2022.", "meta": { "date_accessed": "2022-05-25T00:00:00Z", "date_published": "2014-01-23T00:00:00Z", "refs": [ "https://www.computerworld.com/article/2486903/windows-malware-tries-to-infect-android-devices-connected-to-pcs.html" ], "source": "MITRE", "title": "Windows malware tries to infect Android devices connected to PCs" }, "related": [], "uuid": "3733386a-14bd-44a6-8241-a10660ba25d9", "value": "Windows Malware Infecting Android" }, { "description": "Microsoft. (n.d.). Windows Management Instrumentation. Retrieved April 27, 2016.", "meta": { "date_accessed": "2016-04-27T00:00:00Z", "refs": [ "https://msdn.microsoft.com/en-us/library/aa394582.aspx" ], "source": "MITRE", "title": "Windows Management Instrumentation" }, "related": [], "uuid": "210ca539-71f6-4494-91ea-402a3e0e2a10", "value": "MSDN WMI" }, { "description": "Ballenthin, W., et al. (2015). Windows Management Instrumentation (WMI) Offense, Defense, and Forensics. Retrieved March 30, 2016.", "meta": { "date_accessed": "2016-03-30T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf" ], "source": "MITRE", "title": "Windows Management Instrumentation (WMI) Offense, Defense, and Forensics" }, "related": [], "uuid": "135ccd72-2714-4453-9c8f-f5fde31905ee", "value": "FireEye WMI 2015" }, { "description": "Brinkmann, M.. (2017, June 10). Windows .msc files overview. Retrieved September 20, 2021.", "meta": { "date_accessed": "2021-09-20T00:00:00Z", "date_published": "2017-06-10T00:00:00Z", "refs": [ "https://www.ghacks.net/2017/06/10/windows-msc-files-overview/" ], "source": "MITRE", "title": "Windows .msc files overview" }, "related": [], "uuid": "81aa896a-3498-4c37-8882-2b77933b71a8", "value": "win_msc_files_overview" }, { "description": "Hill, T. (n.d.). Windows NT Command Shell. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "refs": [ "http://technet.microsoft.com/en-us/library/cc723564.aspx#XSLTsection127121120120" ], "source": "MITRE", "title": "Windows NT Command Shell" }, "related": [], "uuid": "0e5dfc7e-c908-49b4-a54f-7dcecf332ee8", "value": "Hill NT Shell" }, { "description": "Passcape. (n.d.). Windows Password Recovery - Vault Explorer and Decoder. Retrieved November 24, 2020.", "meta": { "date_accessed": "2020-11-24T00:00:00Z", "refs": [ "https://www.passcape.com/windows_password_recovery_vault_explorer" ], "source": "MITRE", "title": "Windows Password Recovery - Vault Explorer and Decoder" }, "related": [], "uuid": "a8a56a64-8e73-4331-9961-b1f9b6cbb348", "value": "passcape Windows Vault" }, { "description": "Malware Archaeology. (2016, June). WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later. Retrieved June 24, 2016.", "meta": { "date_accessed": "2016-06-24T00:00:00Z", "date_published": "2016-06-01T00:00:00Z", "refs": [ "http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf" ], "source": "MITRE", "title": "WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later" }, "related": [], "uuid": "d7da4285-aeed-42dc-8f55-facbe6daf317", "value": "Malware Archaeology PowerShell Cheat Sheet" }, { "description": "Microsoft. (n.d.). Windows PowerShell Scripting. Retrieved April 28, 2016.", "meta": { "date_accessed": "2016-04-28T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx" ], "source": "MITRE", "title": "Windows PowerShell Scripting" }, "related": [], "uuid": "20ec94d1-4a5c-43f5-bb65-f3ea965d2b6e", "value": "TechNet PowerShell" }, { "description": "absolomb. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.", "meta": { "date_accessed": "2018-08-10T00:00:00Z", "date_published": "2018-01-26T00:00:00Z", "refs": [ "https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/" ], "source": "MITRE", "title": "Windows Privilege Escalation Guide" }, "related": [], "uuid": "185154f2-5f2e-48bf-b609-991e9d6a037b", "value": "Windows Privilege Escalation Guide" }, { "description": "McFarland, R. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.", "meta": { "date_accessed": "2018-08-10T00:00:00Z", "date_published": "2018-01-26T00:00:00Z", "refs": [ "https://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/" ], "source": "MITRE", "title": "Windows Privilege Escalation Guide" }, "related": [], "uuid": "c52945dc-eb20-4e69-8f8e-a262f33c244c", "value": "SploitSpren Windows Priv Jan 2018" }, { "description": "HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.", "meta": { "date_accessed": "2018-08-10T00:00:00Z", "date_published": "2018-04-23T00:00:00Z", "refs": [ "https://securityboulevard.com/2018/04/windows-privilege-escalation-unquoted-services/" ], "source": "MITRE", "title": "Windows Privilege Escalation – Unquoted Services" }, "related": [], "uuid": "939c05ae-bb21-4ed2-8fa3-a729f717ee3a", "value": "SecurityBoulevard Unquoted Services APR 2018" }, { "description": "HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.", "meta": { "date_accessed": "2018-08-10T00:00:00Z", "date_published": "2018-04-23T00:00:00Z", "refs": [ "https://securityboulevard.com/2018/04/windows-privilege-escalation-unquoted-services/" ], "source": "MITRE", "title": "Windows Privilege Escalation – Unquoted Services" }, "related": [], "uuid": "30681a0a-a49f-416a-b5bc-621c60f1130a", "value": "Windows Unquoted Services" }, { "description": "odzhan. (2019, May 25). Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy. Retrieved February 4, 2022.", "meta": { "date_accessed": "2022-02-04T00:00:00Z", "date_published": "2019-05-25T00:00:00Z", "refs": [ "https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/" ], "source": "MITRE", "title": "Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy" }, "related": [], "uuid": "01a3fc64-ff07-48f7-b0d9-5728012761c7", "value": "Windows Process Injection KernelCallbackTable" }, { "description": "odzhan. (2019, April 25). Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline. Retrieved November 15, 2021.", "meta": { "date_accessed": "2021-11-15T00:00:00Z", "date_published": "2019-04-25T00:00:00Z", "refs": [ "https://modexp.wordpress.com/2019/04/25/seven-window-injection-methods/" ], "source": "MITRE", "title": "Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline" }, "related": [], "uuid": "1bf45166-bfce-450e-87d1-b1e3b19fdb62", "value": "Modexp Windows Process Injection" }, { "description": "Wikipedia. (n.d.). Windows Registry. Retrieved February 2, 2015.", "meta": { "date_accessed": "2015-02-02T00:00:00Z", "refs": [ "https://en.wikipedia.org/wiki/Windows_Registry" ], "source": "MITRE", "title": "Windows Registry" }, "related": [], "uuid": "656f0ffd-33e0-40ef-bdf7-70758f855f18", "value": "Wikipedia Windows Registry" }, { "description": "Langendorf, S. (2013, September 24). Windows Registry Persistence, Part 2: The Run Keys and Search-Order. Retrieved April 11, 2018.", "meta": { "date_accessed": "2018-04-11T00:00:00Z", "date_published": "2013-09-24T00:00:00Z", "refs": [ "https://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order" ], "source": "MITRE", "title": "Windows Registry Persistence, Part 2: The Run Keys and Search-Order" }, "related": [], "uuid": "9e9c745f-19fd-4218-b8dc-85df804ecb70", "value": "Cylance Reg Persistence Sept 2013" }, { "description": "Microsoft. (n.d.). Windows Remote Management. Retrieved November 12, 2014.", "meta": { "date_accessed": "2014-11-12T00:00:00Z", "refs": [ "http://msdn.microsoft.com/en-us/library/aa384426" ], "source": "MITRE", "title": "Windows Remote Management" }, "related": [], "uuid": "ddbe110c-88f1-4774-bcb9-cd18b6218fc4", "value": "Microsoft WinRM" }, { "description": "Symantec. (n.d.). Windows Rootkit Overview. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "refs": [ "https://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf" ], "source": "MITRE", "title": "Windows Rootkit Overview" }, "related": [], "uuid": "5b8d9094-dabf-4c29-a95b-b90dbcf07382", "value": "Symantec Windows Rootkits" }, { "description": "Clément Labro. (2020, November 12). Windows RpcEptMapper Service Insecure Registry Permissions EoP. Retrieved August 25, 2021.", "meta": { "date_accessed": "2021-08-25T00:00:00Z", "date_published": "2020-11-12T00:00:00Z", "refs": [ "https://itm4n.github.io/windows-registry-rpceptmapper-eop/" ], "source": "MITRE", "title": "Windows RpcEptMapper Service Insecure Registry Permissions EoP" }, "related": [], "uuid": "d18717ae-7fe4-40f9-aff2-b35120d31dc8", "value": "insecure_reg_perms" }, { "description": "Microsoft. (2017, January 18). Windows Script Interfaces. Retrieved June 23, 2020.", "meta": { "date_accessed": "2020-06-23T00:00:00Z", "date_published": "2017-01-18T00:00:00Z", "refs": [ "https://docs.microsoft.com/scripting/winscript/windows-script-interfaces" ], "source": "MITRE", "title": "Windows Script Interfaces" }, "related": [], "uuid": "9e7cd4da-da18-4d20-809a-19abb4352807", "value": "Microsoft Windows Scripts" }, { "description": "Franklin Smith, R. (n.d.). Windows Security Log Event ID 4670. Retrieved November 4, 2019.", "meta": { "date_accessed": "2019-11-04T00:00:00Z", "refs": [ "https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4670" ], "source": "MITRE", "title": "Windows Security Log Event ID 4670" }, "related": [], "uuid": "23a50cd5-ac76-4dbe-8937-0fe8aec8cbf6", "value": "Microsoft Security Event 4670" }, { "description": "Franklin Smith. (n.d.). Windows Security Log Events. Retrieved February 21, 2020.", "meta": { "date_accessed": "2020-02-21T00:00:00Z", "refs": [ "https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/" ], "source": "MITRE", "title": "Windows Security Log Events" }, "related": [], "uuid": "53464503-6e6f-45d8-a208-1820678deeac", "value": "Windows Log Events" }, { "description": "Naceri, A. (2021, November 7). Windows Server 2019 file overwrite bug. Retrieved April 7, 2022.", "meta": { "date_accessed": "2022-04-07T00:00:00Z", "date_published": "2021-11-07T00:00:00Z", "refs": [ "https://web.archive.org/web/20211107115646/https://twitter.com/klinix5/status/1457316029114327040" ], "source": "MITRE", "title": "Windows Server 2019 file overwrite bug" }, "related": [], "uuid": "158d971e-2f96-5200-8a87-d3887de30ff0", "value": "winser19_file_overwrite_bug_twitter" }, { "description": "Daniel Prizmant. (2020, July 15). Windows Server Containers Are Open, and Here's How You Can Break Out. Retrieved October 1, 2021.", "meta": { "date_accessed": "2021-10-01T00:00:00Z", "date_published": "2020-07-15T00:00:00Z", "refs": [ "https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/" ], "source": "MITRE", "title": "Windows Server Containers Are Open, and Here's How You Can Break Out" }, "related": [], "uuid": "9a801256-5852-433e-95bd-768f9b70b9fe", "value": "Windows Server Containers Are Open" }, { "description": "Microsoft. (2007, October 24). Windows Sysinternals - AppCertDlls. Retrieved December 18, 2017.", "meta": { "date_accessed": "2017-12-18T00:00:00Z", "date_published": "2007-10-24T00:00:00Z", "refs": [ "https://forum.sysinternals.com/appcertdlls_topic12546.html" ], "source": "MITRE", "title": "Windows Sysinternals - AppCertDlls" }, "related": [], "uuid": "68e006df-9fb6-4890-9952-7bad38b16dee", "value": "Sysinternals AppCertDlls Oct 2007" }, { "description": "Russinovich, M. (2014, May 2). Windows Sysinternals PsExec v2.11. Retrieved May 13, 2015.", "meta": { "date_accessed": "2015-05-13T00:00:00Z", "date_published": "2014-05-02T00:00:00Z", "refs": [ "https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx" ], "source": "MITRE", "title": "Windows Sysinternals PsExec v2.11" }, "related": [], "uuid": "72d27aca-62c5-4e96-9977-c41951aaa888", "value": "Russinovich Sysinternals" }, { "description": "Microsoft. (2018, February 17). Windows System Services Fundamentals. Retrieved March 28, 2022.", "meta": { "date_accessed": "2022-03-28T00:00:00Z", "date_published": "2018-02-17T00:00:00Z", "refs": [ "https://social.technet.microsoft.com/wiki/contents/articles/12229.windows-system-services-fundamentals.aspx" ], "source": "MITRE", "title": "Windows System Services Fundamentals" }, "related": [], "uuid": "25d54a16-59a0-497d-a4a5-021420da8f1c", "value": "Microsoft System Services Fundamentals" }, { "description": "Mathers, B. (2016, September 30). Windows Time Service Tools and Settings. Retrieved November 25, 2016.", "meta": { "date_accessed": "2016-11-25T00:00:00Z", "date_published": "2016-09-30T00:00:00Z", "refs": [ "https://technet.microsoft.com/windows-server-docs/identity/ad-ds/get-started/windows-time-service/windows-time-service-tools-and-settings" ], "source": "MITRE", "title": "Windows Time Service Tools and Settings" }, "related": [], "uuid": "0d908e07-abc1-40fc-b147-9b9fd483b262", "value": "Technet Windows Time Service" }, { "description": "Mathers, B. (2017, May 31). Windows Time Service Tools and Settings. Retrieved March 26, 2018.", "meta": { "date_accessed": "2018-03-26T00:00:00Z", "date_published": "2017-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings" ], "source": "MITRE", "title": "Windows Time Service Tools and Settings" }, "related": [], "uuid": "9e3d8dec-745a-4744-b80c-d65897ebba3c", "value": "Microsoft W32Time May 2017" }, { "description": "Microsoft. (2018, February 1). Windows Time Service (W32Time). Retrieved March 26, 2018.", "meta": { "date_accessed": "2018-03-26T00:00:00Z", "date_published": "2018-02-01T00:00:00Z", "refs": [ "https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-top" ], "source": "MITRE", "title": "Windows Time Service (W32Time)" }, "related": [], "uuid": "991f7a9f-4317-42fa-bc9b-f533fe36b517", "value": "Microsoft W32Time Feb 2018" }, { "description": "Microsoft. (2018, February 9). Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732. Retrieved June 1, 2022.", "meta": { "date_accessed": "2022-06-01T00:00:00Z", "date_published": "2018-02-09T00:00:00Z", "refs": [ "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732" ], "source": "MITRE", "title": "Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732" }, "related": [], "uuid": "7bbf39dd-851d-42dd-8be2-87de83f3abc0", "value": "Microsoft CVE-2021-1732 Feb 2021" }, { "description": "Forensics Wiki. (2021, June 19). Windows XML Event Log (EVTX). Retrieved September 13, 2021.", "meta": { "date_accessed": "2021-09-13T00:00:00Z", "date_published": "2021-06-19T00:00:00Z", "refs": [ "https://forensicswiki.xyz/wiki/index.php?title=Windows_XML_Event_Log_(EVTX)" ], "source": "MITRE", "title": "Windows XML Event Log (EVTX)" }, "related": [], "uuid": "baeaad76-0acf-4921-9d6c-245649b32976", "value": "win_xml_evt_log" }, { "description": "Skalkotos, N. (2013, September 20). WinExe. Retrieved January 22, 2018.", "meta": { "date_accessed": "2018-01-22T00:00:00Z", "date_published": "2013-09-20T00:00:00Z", "refs": [ "https://github.com/skalkoto/winexe/" ], "source": "MITRE", "title": "WinExe" }, "related": [], "uuid": "7003e2d4-83e5-4672-aaa9-53cc4bcb08b5", "value": "Winexe Github Sept 2013" }, { "description": "Microsoft. (n.d.). WinExec function. Retrieved December 5, 2014.", "meta": { "date_accessed": "2014-12-05T00:00:00Z", "refs": [ "http://msdn.microsoft.com/en-us/library/ms687393" ], "source": "MITRE", "title": "WinExec function" }, "related": [], "uuid": "9e1ae9ae-bafc-460a-891e-e75df01c96c4", "value": "Microsoft WinExec" }, { "description": "LOLBAS. (2022, January 3). winget.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-01-03T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Winget/" ], "source": "Tidal Cyber", "title": "winget.exe" }, "related": [], "uuid": "5ef334f3-fe6f-4cc1-b37d-d147180a8b8d", "value": "winget.exe - LOLBAS Project" }, { "description": "Prekas, G. (2011, July 11). Winhook. Retrieved December 12, 2017.", "meta": { "date_accessed": "2017-12-12T00:00:00Z", "date_published": "2011-07-11T00:00:00Z", "refs": [ "https://github.com/prekageo/winhook" ], "source": "MITRE", "title": "Winhook" }, "related": [], "uuid": "9461f70f-bb14-4e40-9136-97f93aa16f33", "value": "PreKageo Winhook Jul 2011" }, { "description": "Novetta Threat Research Group. (2015, April 7). Winnti Analysis. Retrieved February 8, 2017.", "meta": { "date_accessed": "2017-02-08T00:00:00Z", "date_published": "2015-04-07T00:00:00Z", "refs": [ "https://web.archive.org/web/20150412223949/http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf" ], "source": "MITRE", "title": "Winnti Analysis" }, "related": [], "uuid": "cbe8373b-f14b-4890-99fd-35ffd7090dea", "value": "Novetta Winnti April 2015" }, { "description": "Chronicle Blog. (2019, May 15). Winnti: More than just Windows and Gates. Retrieved April 29, 2020.", "meta": { "date_accessed": "2020-04-29T00:00:00Z", "date_published": "2019-05-15T00:00:00Z", "refs": [ "https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a" ], "source": "MITRE", "title": "Winnti: More than just Windows and Gates" }, "related": [], "uuid": "e815e47a-c924-4b03-91e5-d41f2bb74773", "value": "Chronicle Winnti for Linux May 2019" }, { "description": "WinRAR. (n.d.). WinRAR download free and support: WinRAR. Retrieved December 18, 2023.", "meta": { "date_accessed": "2023-12-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.win-rar.com/" ], "source": "Tidal Cyber", "title": "WinRAR download free and support: WinRAR" }, "related": [], "uuid": "ad620d61-108c-4bb0-a897-02764ea9a903", "value": "WinRAR Website" }, { "description": "LOLBAS. (2018, May 25). winrm.vbs. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Scripts/Winrm/" ], "source": "Tidal Cyber", "title": "winrm.vbs" }, "related": [], "uuid": "86107810-8a1d-4c13-80f0-c1624143d057", "value": "winrm.vbs - LOLBAS Project" }, { "description": "Microsoft. (n.d.). WinVerifyTrust function. Retrieved January 31, 2018.", "meta": { "date_accessed": "2018-01-31T00:00:00Z", "refs": [ "https://msdn.microsoft.com/library/windows/desktop/aa388208.aspx" ], "source": "MITRE", "title": "WinVerifyTrust function" }, "related": [], "uuid": "cc14faff-c164-4135-ae36-ba68e1a50024", "value": "Microsoft WinVerifyTrust" }, { "description": "LOLBAS. (2019, July 19). Winword.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-07-19T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Winword/" ], "source": "Tidal Cyber", "title": "Winword.exe" }, "related": [], "uuid": "6d75b154-a51d-4541-8353-22ee1d12ebed", "value": "Winword.exe - LOLBAS Project" }, { "description": "Corel Corporation. (2020). WinZip. Retrieved February 20, 2020.", "meta": { "date_accessed": "2020-02-20T00:00:00Z", "date_published": "2020-01-01T00:00:00Z", "refs": [ "https://www.winzip.com/win/en/" ], "source": "MITRE", "title": "WinZip" }, "related": [], "uuid": "dc047688-2ea3-415c-b516-06542048b049", "value": "WinZip Homepage" }, { "description": "Dell SecureWorks. (2013, March 21). Wiper Malware Analysis Attacking Korean Financial Sector. Retrieved May 13, 2015.", "meta": { "date_accessed": "2015-05-13T00:00:00Z", "date_published": "2013-03-21T00:00:00Z", "refs": [ "http://www.secureworks.com/cyber-threat-intelligence/threats/wiper-malware-analysis-attacking-korean-financial-sector/" ], "source": "MITRE", "title": "Wiper Malware Analysis Attacking Korean Financial Sector" }, "related": [], "uuid": "be6629ef-e7c6-411c-9bd2-34e59062cadd", "value": "Dell Wiper" }, { "description": "Claud Xiao. (n.d.). WireLurker: A New Era in iOS and OS X Malware. Retrieved July 10, 2017.", "meta": { "date_accessed": "2017-07-10T00:00:00Z", "refs": [ "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf" ], "source": "MITRE", "title": "WireLurker: A New Era in iOS and OS X Malware" }, "related": [], "uuid": "fd33f71b-767d-4312-a8c9-5446939bb5ae", "value": "WireLurker" }, { "description": "S2 Grupo. (2019, April 2). WIRTE Group attacking the Middle East. Retrieved May 24, 2019.", "meta": { "date_accessed": "2019-05-24T00:00:00Z", "date_published": "2019-04-02T00:00:00Z", "refs": [ "https://lab52.io/blog/wirte-group-attacking-the-middle-east/" ], "source": "MITRE", "title": "WIRTE Group attacking the Middle East" }, "related": [], "uuid": "884b675e-390c-4f6d-8cb7-5d97d84115e5", "value": "Lab52 WIRTE Apr 2019" }, { "description": "Yamout, M. (2021, November 29). WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019. Retrieved February 1, 2022.", "meta": { "date_accessed": "2022-02-01T00:00:00Z", "date_published": "2021-11-29T00:00:00Z", "refs": [ "https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044" ], "source": "MITRE", "title": "WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019" }, "related": [], "uuid": "143b4694-024d-49a5-be3c-d9ceca7295b2", "value": "Kaspersky WIRTE November 2021" }, { "description": "Gannon, M. (2019, February 11). With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat. Retrieved May 1, 2019.", "meta": { "date_accessed": "2019-05-01T00:00:00Z", "date_published": "2019-02-11T00:00:00Z", "refs": [ "https://cofense.com/upgrades-delivery-support-infrastructure-revenge-rat-malware-bigger-threat/" ], "source": "MITRE", "title": "With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat" }, "related": [], "uuid": "3abfc3eb-7f9d-49e5-8048-4118cde3122e", "value": "Cofense RevengeRAT Feb 2019" }, { "description": "Podlosky, A., Hanel, A. et al. (2020, October 16). WIZARD SPIDER Update: Resilient, Reactive and Resolute. Retrieved June 15, 2021.", "meta": { "date_accessed": "2021-06-15T00:00:00Z", "date_published": "2020-10-16T00:00:00Z", "refs": [ "https://www.crowdstrike.com/blog/wizard-spider-adversary-update/" ], "source": "MITRE, Tidal Cyber", "title": "WIZARD SPIDER Update: Resilient, Reactive and Resolute" }, "related": [], "uuid": "5c8d67ea-63bc-4765-b6f6-49fa5210abe6", "value": "CrowdStrike Wizard Spider October 2020" }, { "description": "LOLBAS. (2022, February 16). Wlrmdr.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-02-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Wlrmdr/" ], "source": "Tidal Cyber", "title": "Wlrmdr.exe" }, "related": [], "uuid": "43bebdc3-3072-4a3d-a0b7-0b23f1119136", "value": "Wlrmdr.exe - LOLBAS Project" }, { "description": "Microsoft. (2018, May 31). WMI Architecture. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-architecture" ], "source": "MITRE", "title": "WMI Architecture" }, "related": [], "uuid": "3778449c-e8b4-4ee5-914b-746053e8ca70", "value": "Microsoft WMI Architecture" }, { "description": "LOLBAS. (n.d.). Wmic.exe. Retrieved July 31, 2019.", "meta": { "date_accessed": "2019-07-31T00:00:00Z", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Wmic/" ], "source": "MITRE", "title": "Wmic.exe" }, "related": [], "uuid": "497e73d4-9f27-4b30-ba09-f152ce866d0f", "value": "LOLBAS Wmic" }, { "description": "Microsoft. (2018, May 31). WMI System Classes. Retrieved September 29, 2021.", "meta": { "date_accessed": "2021-09-29T00:00:00Z", "date_published": "2018-05-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-system-classes" ], "source": "MITRE", "title": "WMI System Classes" }, "related": [], "uuid": "60a5c359-3523-4638-aee2-3e13e0077ba9", "value": "Microsoft WMI System Classes" }, { "description": "MalwareBytes Threat Intelligence Team. (2022, August 3). Woody RAT: A new feature-rich malware spotted in the wild. Retrieved December 6, 2022.", "meta": { "date_accessed": "2022-12-06T00:00:00Z", "date_published": "2022-08-03T00:00:00Z", "refs": [ "https://www.malwarebytes.com/blog/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild" ], "source": "MITRE", "title": "Woody RAT: A new feature-rich malware spotted in the wild" }, "related": [], "uuid": "5c2ecb15-14e9-5bd3-be5f-628fa4e98ee6", "value": "MalwareBytes WoodyRAT Aug 2022" }, { "description": "LOLBAS. (2021, August 16). WorkFolders.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2021-08-16T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/WorkFolders/" ], "source": "Tidal Cyber", "title": "WorkFolders.exe" }, "related": [], "uuid": "42cfa3eb-7a8c-482e-b8d8-78ae5c30b843", "value": "WorkFolders.exe - LOLBAS Project" }, { "description": "Confluence Support. (2021, April 22). Working with Confluence Logs. Retrieved September 23, 2021.", "meta": { "date_accessed": "2021-09-23T00:00:00Z", "date_published": "2021-04-22T00:00:00Z", "refs": [ "https://confluence.atlassian.com/doc/working-with-confluence-logs-108364721.html" ], "source": "MITRE", "title": "Working with Confluence Logs" }, "related": [], "uuid": "f715468d-7d72-4ca4-a828-9fc909ca4f37", "value": "Confluence Logs" }, { "description": "Microsoft. (2006, October). Working with the AppInit_DLLs registry value. Retrieved July 15, 2015.", "meta": { "date_accessed": "2015-07-15T00:00:00Z", "date_published": "2006-10-01T00:00:00Z", "refs": [ "https://support.microsoft.com/en-us/kb/197571" ], "source": "MITRE", "title": "Working with the AppInit_DLLs registry value" }, "related": [], "uuid": "dd3f98d9-0228-45a6-9e7b-1babf911a9ac", "value": "AppInit Registry" }, { "description": "Patrick Wardle. (2019, September 17). Writing a File Monitor with Apple's Endpoint Security Framework. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "date_published": "2019-09-17T00:00:00Z", "refs": [ "https://objective-see.com/blog/blog_0x48.html" ], "source": "MITRE", "title": "Writing a File Monitor with Apple's Endpoint Security Framework" }, "related": [], "uuid": "280ddf42-92d1-4850-9241-96c1ef9c0609", "value": "ESF_filemonitor" }, { "description": "Patrick Wardle. (2015). Writing Bad @$$ Malware for OS X. Retrieved July 10, 2017.", "meta": { "date_accessed": "2017-07-10T00:00:00Z", "date_published": "2015-01-01T00:00:00Z", "refs": [ "https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf" ], "source": "MITRE", "title": "Writing Bad @$$ Malware for OS X" }, "related": [], "uuid": "5628ecd9-48da-4a50-94ba-4b70abe56089", "value": "Writing Bad Malware for OSX" }, { "description": "LOLBAS. (2018, May 25). Wscript.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Wscript/" ], "source": "Tidal Cyber", "title": "Wscript.exe" }, "related": [], "uuid": "6c536675-84dd-44c3-8771-70120b413db7", "value": "Wscript.exe - LOLBAS Project" }, { "description": "Nelson, M. (2017, August 3). WSH INJECTION: A CASE STUDY. Retrieved April 9, 2018.", "meta": { "date_accessed": "2018-04-09T00:00:00Z", "date_published": "2017-08-03T00:00:00Z", "refs": [ "https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/" ], "source": "MITRE", "title": "WSH INJECTION: A CASE STUDY" }, "related": [], "uuid": "8b12e87b-3836-4c79-877b-0a2761b34533", "value": "Enigma0x3 PubPrn Bypass" }, { "description": "LOLBAS. (2019, June 27). Wsl.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-06-27T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/OtherMSBinaries/Wsl/" ], "source": "Tidal Cyber", "title": "Wsl.exe" }, "related": [], "uuid": "c147902a-e8e4-449f-8106-9e268d5367d8", "value": "Wsl.exe - LOLBAS Project" }, { "description": "LOLBAS. (2019, March 18). Wsreset.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2019-03-18T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Wsreset/" ], "source": "Tidal Cyber", "title": "Wsreset.exe" }, "related": [], "uuid": "24b73a27-f2ec-4cfa-a9df-59d4d4c1dd89", "value": "Wsreset.exe - LOLBAS Project" }, { "description": "LOLBAS. (2022, July 27). wt.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2022-07-27T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/wt/" ], "source": "Tidal Cyber", "title": "wt.exe" }, "related": [], "uuid": "bbdd85b0-fdbb-4bd2-b962-a915c23c83c2", "value": "wt.exe - LOLBAS Project" }, { "description": "LOLBAS. (2020, September 23). wuauclt.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2020-09-23T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Wuauclt/" ], "source": "Tidal Cyber", "title": "wuauclt.exe" }, "related": [], "uuid": "09229ea3-ffd8-4d97-9728-f8c683ef6f26", "value": "wuauclt.exe - LOLBAS Project" }, { "description": "Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.", "meta": { "date_accessed": "2017-07-12T00:00:00Z", "date_published": "2017-02-14T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/" ], "source": "MITRE", "title": "XAgentOSX: Sofacy's Xagent macOS Tool" }, "related": [], "uuid": "2dc7a8f1-ccee-46f0-a995-268694f11b02", "value": "XAgentOSX 2017" }, { "description": "Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.", "meta": { "date_accessed": "2017-07-12T00:00:00Z", "date_published": "2017-02-14T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/" ], "source": "MITRE", "title": "XAgentOSX: Sofacy's Xagent macOS Tool" }, "related": [], "uuid": "b4fd246d-9bd1-4bed-a9cb-92233c5c45c4", "value": "XAgentOSX" }, { "description": "Xiao, C. (2018, September 17). Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows. Retrieved November 14, 2018.", "meta": { "date_accessed": "2018-11-14T00:00:00Z", "date_published": "2018-09-17T00:00:00Z", "refs": [ "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/" ], "source": "MITRE", "title": "Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows" }, "related": [], "uuid": "21b890f7-82db-4840-a05e-2155b8ddce8c", "value": "Unit42 Xbash Sept 2018" }, { "description": "Rayaprolu, A.. (2011, April 12). xCmd an Alternative to PsExec. Retrieved August 10, 2016.", "meta": { "date_accessed": "2016-08-10T00:00:00Z", "date_published": "2011-04-12T00:00:00Z", "refs": [ "https://ashwinrayaprolu.wordpress.com/2011/04/12/xcmd-an-alternative-to-psexec/" ], "source": "MITRE", "title": "xCmd an Alternative to PsExec" }, "related": [], "uuid": "430fc6ef-33c5-4cd8-b785-358e4aae5230", "value": "xCmd" }, { "description": "Microsoft. (2023, February 3). xcopy Microsoft. Retrieved July 11, 2023.", "meta": { "date_accessed": "2023-07-11T00:00:00Z", "date_published": "2023-02-03T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/xcopy" ], "source": "Tidal Cyber", "title": "xcopy Microsoft" }, "related": [], "uuid": "05e01751-ebb4-4b09-be89-4e405ab7e7e4", "value": "xcopy Microsoft" }, { "description": "Dragos, Inc.. (n.d.). Xenotime. Retrieved April 16, 2019.", "meta": { "date_accessed": "2019-04-16T00:00:00Z", "refs": [ "https://dragos.com/resource/xenotime/" ], "source": "MITRE", "title": "Xenotime" }, "related": [], "uuid": "b20fe65f-df43-4a59-af3f-43afafba15ab", "value": "Dragos Xenotime 2018" }, { "description": "Catalin Cimpanu. (2018, July 10). ~x file downloaded in public Arch package compromise. Retrieved April 23, 2019.", "meta": { "date_accessed": "2019-04-23T00:00:00Z", "date_published": "2018-07-10T00:00:00Z", "refs": [ "https://gist.github.com/campuscodi/74d0d2e35d8fd9499c76333ce027345a" ], "source": "MITRE", "title": "~x file downloaded in public Arch package compromise" }, "related": [], "uuid": "b2900049-444a-4fe5-af1f-b9cd2cd9491c", "value": "gist Arch package compromise 10JUL2018" }, { "description": "Remillano II, A., et al. (2020, June 20). XORDDoS, Kaiji Variants Target Exposed Docker Servers. Retrieved April 5, 2021.", "meta": { "date_accessed": "2021-04-05T00:00:00Z", "date_published": "2020-06-20T00:00:00Z", "refs": [ "https://www.trendmicro.com/en_us/research/20/f/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers.html" ], "source": "MITRE", "title": "XORDDoS, Kaiji Variants Target Exposed Docker Servers" }, "related": [], "uuid": "05c8909c-749c-4153-9a05-173d5d7a80a9", "value": "Trend Micro Exposed Docker Server" }, { "description": "Microsoft. (2017, March 15). xp_cmdshell (Transact-SQL). Retrieved September 9, 2019.", "meta": { "date_accessed": "2019-09-09T00:00:00Z", "date_published": "2017-03-15T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql?view=sql-server-2017" ], "source": "MITRE", "title": "xp_cmdshell (Transact-SQL)" }, "related": [], "uuid": "1945b8b2-de29-4f7a-8957-cc96fbad3b11", "value": "Microsoft xp_cmdshell 2017" }, { "description": "Wenzel, M. et al. (2017, March 30). XSLT Stylesheet Scripting Using . Retrieved July 3, 2018.", "meta": { "date_accessed": "2018-07-03T00:00:00Z", "date_published": "2017-03-30T00:00:00Z", "refs": [ "https://docs.microsoft.com/dotnet/standard/data/xml/xslt-stylesheet-scripting-using-msxsl-script" ], "source": "MITRE", "title": "XSLT Stylesheet Scripting Using " }, "related": [], "uuid": "7ff47640-2a98-4a55-939a-ab6c8c8d2d09", "value": "Microsoft XSLT Script Mar 2017" }, { "description": "LOLBAS. (2018, May 25). Xwizard.exe. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Binaries/Xwizard/" ], "source": "Tidal Cyber", "title": "Xwizard.exe" }, "related": [], "uuid": "573df5d1-83e7-4437-bdad-604f093b3cfd", "value": "Xwizard.exe - LOLBAS Project" }, { "description": "Linux Kernel Archives. (n.d.). Yama Documentation - ptrace_scope. Retrieved December 20, 2017.", "meta": { "date_accessed": "2017-12-20T00:00:00Z", "refs": [ "https://www.kernel.org/doc/Documentation/security/Yama.txt" ], "source": "MITRE", "title": "Yama Documentation - ptrace_scope" }, "related": [], "uuid": "615d7744-327e-4f14-bce0-a16c352e7486", "value": "Linux kernel Yama" }, { "description": "Douglas Bienstock. (2022, August 18). You Can’t Audit Me: APT29 Continues Targeting Microsoft 365. Retrieved February 23, 2023.", "meta": { "date_accessed": "2023-02-23T00:00:00Z", "date_published": "2022-08-18T00:00:00Z", "refs": [ "https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft" ], "source": "MITRE", "title": "You Can’t Audit Me: APT29 Continues Targeting Microsoft 365" }, "related": [], "uuid": "e141408e-d22b-58e4-884f-0cbff25444da", "value": "Mandiant APT29 Microsoft 365 2022" }, { "description": "Pan, M., Tsai, S. (2014). You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet. Retrieved December 21, 2017.", "meta": { "date_accessed": "2017-12-21T00:00:00Z", "date_published": "2014-01-01T00:00:00Z", "refs": [ "http://www.blackhat.com/docs/asia-14/materials/Tsai/WP-Asia-14-Tsai-You-Cant-See-Me-A-Mac-OS-X-Rootkit-Uses-The-Tricks-You-Havent-Known-Yet.pdf" ], "source": "MITRE", "title": "You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet" }, "related": [], "uuid": "e01a6d46-5b38-42df-bd46-3995d38bb60e", "value": "BlackHat Mac OSX Rootkit" }, { "description": "Kujawa, A. (2018, March 27). You dirty RAT! Part 1: DarkComet. Retrieved November 6, 2018.", "meta": { "date_accessed": "2018-11-06T00:00:00Z", "date_published": "2018-03-27T00:00:00Z", "refs": [ "https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/" ], "source": "MITRE", "title": "You dirty RAT! Part 1: DarkComet" }, "related": [], "uuid": "6a765a99-8d9f-4076-8741-6415a5ab918b", "value": "Malwarebytes DarkComet March 2018" }, { "description": "Caban, D. and Hirani, M. (2018, October 3). You’ve Got Mail! Enterprise Email Compromise. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2018-10-03T00:00:00Z", "refs": [ "https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2018/presentations/cds18-technical-s03-youve-got-mail.pdf" ], "source": "MITRE", "title": "You’ve Got Mail! Enterprise Email Compromise" }, "related": [], "uuid": "0af1795c-9cdd-43fa-8184-73f33d9f5366", "value": "FireEye Mail CDS 2018" }, { "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.", "meta": { "date_accessed": "2020-11-25T00:00:00Z", "refs": [ "https://www.justice.gov/opa/press-release/file/1328521/download" ], "source": "MITRE", "title": "Yuriy Sergeyevich Andrienko et al." }, "related": [], "uuid": "77788d05-30ff-4308-82e6-d123a3c2fd80", "value": "US District Court Indictment GRU Unit 74455 October 2020" }, { "description": "Wyke, J. (2012, April). ZeroAccess. Retrieved July 18, 2016.", "meta": { "date_accessed": "2016-07-18T00:00:00Z", "date_published": "2012-04-01T00:00:00Z", "refs": [ "https://sophosnews.files.wordpress.com/2012/04/zeroaccess2.pdf" ], "source": "MITRE", "title": "ZeroAccess" }, "related": [], "uuid": "41b51767-62f1-45c2-98cb-47c44c975a58", "value": "Sophos ZeroAccess" }, { "description": "Nader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew Mcwhirt, Dan Nutting, Kimberly Goody, Justin Moore, Joe Pisano, Zander Work, Peter Ukhanov, Juraj Sucik, Will Silverstone, Zach Schramm, Greg Blaum, Ollie Styles, Nicholas Bennett, Josh Murchie. (2023, June 2). Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft. Retrieved June 16, 2023.", "meta": { "date_accessed": "2023-06-16T00:00:00Z", "date_published": "2023-06-02T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft" ], "source": "Tidal Cyber", "title": "Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft" }, "related": [], "uuid": "232c7555-0483-4a57-88cb-71a990f7d683", "value": "Mandiant MOVEit Transfer June 2 2023" }, { "description": "Firsh, A.. (2018, February 13). Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks. Retrieved April 22, 2019.", "meta": { "date_accessed": "2019-04-22T00:00:00Z", "date_published": "2018-02-13T00:00:00Z", "refs": [ "https://securelist.com/zero-day-vulnerability-in-telegram/83800/" ], "source": "MITRE", "title": "Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks" }, "related": [], "uuid": "38fbd993-de98-49e9-8437-bc6a1493d6ed", "value": "Kaspersky RTLO Cyber Crime" }, { "description": "United States District Court Southern District of New York (USDC SDNY) . (2018, December 17). United States of America v. Zhu Hua and Zhang Shilong. Retrieved April 17, 2019.", "meta": { "date_accessed": "2019-04-17T00:00:00Z", "refs": [ "https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion" ], "source": "MITRE, Tidal Cyber", "title": "Zhu Hua and Zhang Shilong" }, "related": [], "uuid": "3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2", "value": "DOJ APT10 Dec 2018" }, { "description": "US District Court Southern District of New York. (2018, December 17). United States v. Zhu Hua Indictment. Retrieved December 17, 2020.", "meta": { "date_accessed": "2020-12-17T00:00:00Z", "refs": [ "https://www.justice.gov/opa/page/file/1122671/download" ], "source": "MITRE", "title": "Zhu Hua Indictment" }, "related": [], "uuid": "79ccbc74-b9c4-4dc8-91ae-1d15c4db563b", "value": "District Court of NY APT10 Indictment December 2018" }, { "description": "LOLBAS. (2018, May 25). Zipfldr.dll. Retrieved December 4, 2023.", "meta": { "date_accessed": "2023-12-04T00:00:00Z", "date_published": "2018-05-25T00:00:00Z", "owner": "TidalCyberIan", "refs": [ "https://lolbas-project.github.io/lolbas/Libraries/Zipfldr/" ], "source": "Tidal Cyber", "title": "Zipfldr.dll" }, "related": [], "uuid": "3bee0640-ea48-4164-be57-ac565d8cbea7", "value": "Zipfldr.dll - LOLBAS Project" }, { "description": "madler. (2017). zlib. Retrieved February 20, 2020.", "meta": { "date_accessed": "2020-02-20T00:00:00Z", "date_published": "2017-01-01T00:00:00Z", "refs": [ "https://github.com/madler/zlib" ], "source": "MITRE", "title": "zlib" }, "related": [], "uuid": "982bcacc-afb2-4bbb-9197-f44d765b9e07", "value": "Zlib Github" }, { "description": "Microsoft. (2020, August 31). Zone.Identifier Stream Name. Retrieved February 22, 2021.", "meta": { "date_accessed": "2021-02-22T00:00:00Z", "date_published": "2020-08-31T00:00:00Z", "refs": [ "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/6e3f7352-d11c-4d76-8c39-2516a9df36e8" ], "source": "MITRE", "title": "Zone.Identifier Stream Name" }, "related": [], "uuid": "2efbb7be-3ca1-444a-8584-7ceb08101e74", "value": "Microsoft Zone.Identifier 2020" }, { "description": "Huang, K. (2020, November 23). Zoom into Kinsing. Retrieved April 1, 2021.", "meta": { "date_accessed": "2021-04-01T00:00:00Z", "date_published": "2020-11-23T00:00:00Z", "refs": [ "https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/" ], "source": "MITRE", "title": "Zoom into Kinsing" }, "related": [], "uuid": "4922dbb5-d3fd-4bf2-8af7-3b8889579c31", "value": "Sysdig Kinsing November 2020" } ], "version": 1 }