Tidal References
Tidal References Cluster
Authors
| Authors and/or Contributors |
|---|
| Tidal Cyber |
D3Secutrity CTI Feeds
Banerd, W. (2019, April 30). 10 of the Best Open Source Threat Intelligence Feeds. Retrieved October 20, 2020.
Internal MISP references
UUID 088f2cbd-cce1-477f-9ffb-319477d74b69 which can be used as unique global reference for D3Secutrity CTI Feeds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-04-30T00:00:00Z |
| source | MITRE |
| title | 10 of the Best Open Source Threat Intelligence Feeds |
Linux Logs
Marcel. (2018, April 19). 12 Critical Linux Log Files You Must be Monitoring. Retrieved March 29, 2020.
Internal MISP references
UUID aa25e385-802c-4f04-81bb-bb7d1a7599ec which can be used as unique global reference for Linux Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-29T00:00:00Z |
| date_published | 2018-04-19T00:00:00Z |
| source | MITRE |
| title | 12 Critical Linux Log Files You Must be Monitoring |
Netspi PowerShell Execution Policy Bypass
Sutherland, S. (2014, September 9). 15 Ways to Bypass the PowerShell Execution Policy. Retrieved July 23, 2015.
Internal MISP references
UUID 0ee90db4-f21c-4c68-bd35-aa6c5edd3b4e which can be used as unique global reference for Netspi PowerShell Execution Policy Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-07-23T00:00:00Z |
| date_published | 2014-09-09T00:00:00Z |
| source | MITRE |
| title | 15 Ways to Bypass the PowerShell Execution Policy |
Mandiant-leaks
DANIEL KAPELLMANN ZAFRA, COREY HIDELBRANDT, NATHAN BRUBAKER, KEITH LUNDEN. (2022, January 31). 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information. Retrieved August 18, 2023.
Internal MISP references
UUID aecc3ffb-c524-5ad9-b621-7228f53e27c3 which can be used as unique global reference for Mandiant-leaks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2022-01-31T00:00:00Z |
| source | MITRE |
| title | 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information |
Tilbury Windows Credentials
Chad Tilbury. (2017, August 8). 1Windows Credentials: Attack, Mitigation, Defense. Retrieved February 21, 2020.
Internal MISP references
UUID 2ddae0c9-910c-4c1a-b524-de3a58dbba13 which can be used as unique global reference for Tilbury Windows Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2017-08-08T00:00:00Z |
| source | MITRE |
| title | 1Windows Credentials: Attack, Mitigation, Defense |
CWE top 25
Christey, S., Brown, M., Kirby, D., Martin, B., Paller, A.. (2011, September 13). 2011 CWE/SANS Top 25 Most Dangerous Software Errors. Retrieved April 10, 2019.
Internal MISP references
UUID d8ee8b1f-c18d-48f3-9758-6860cd31c3e3 which can be used as unique global reference for CWE top 25 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-10T00:00:00Z |
| date_published | 2011-09-13T00:00:00Z |
| source | MITRE |
| title | 2011 CWE/SANS Top 25 Most Dangerous Software Errors |
CrowdStrike 2015 Global Threat Report
CrowdStrike Intelligence. (2016). 2015 Global Threat Report. Retrieved April 11, 2018.
Internal MISP references
UUID 50d467da-286b-45f3-8d5a-e9d8632f7bf1 which can be used as unique global reference for CrowdStrike 2015 Global Threat Report in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2016-01-01T00:00:00Z |
| source | MITRE |
| title | 2015 Global Threat Report |
Prolific OSX Malware History
Bit9 + Carbon Black Threat Research Team. (2015). 2015: The Most Prolific Year in History for OS X Malware. Retrieved July 8, 2017.
Internal MISP references
UUID 74b0f1a9-5822-4dcf-9a92-9a6df0b4db1e which can be used as unique global reference for Prolific OSX Malware History in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-08T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | 2015: The Most Prolific Year in History for OS X Malware |
CERN Windigo June 2019
CERN. (2019, June 4). 2019/06/04 Advisory: Windigo attacks. Retrieved February 10, 2021.
Internal MISP references
UUID e9f1289f-a32e-441c-8787-cb32a26216d1 which can be used as unique global reference for CERN Windigo June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-10T00:00:00Z |
| date_published | 2019-06-04T00:00:00Z |
| source | MITRE |
| title | 2019/06/04 Advisory: Windigo attacks |
CrowdStrike GTR 2019
CrowdStrike. (2019, January). 2019 Global Threat Report. Retrieved June 10, 2020.
Internal MISP references
UUID d6aa917e-baee-4379-8e69-a04b9aa5192a which can be used as unique global reference for CrowdStrike GTR 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2019-01-01T00:00:00Z |
| source | MITRE |
| title | 2019 Global Threat Report |
Crowdstrike GTR2020 Mar 2020
Crowdstrike. (2020, March 2). 2020 Global Threat Report. Retrieved December 11, 2020.
Internal MISP references
UUID a2325ace-e5a1-458d-80c1-5037bd7fa727 which can be used as unique global reference for Crowdstrike GTR2020 Mar 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-11T00:00:00Z |
| date_published | 2020-03-02T00:00:00Z |
| source | MITRE |
| title | 2020 Global Threat Report |
RecordedFuture 2021 Ad Infra
Insikt Group. (2022, January 18). 2021 Adversary Infrastructure Report. Retrieved March 25, 2022.
Internal MISP references
UUID d509e6f2-c317-4483-a51e-ad15a78a12c0 which can be used as unique global reference for RecordedFuture 2021 Ad Infra in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-01-18T00:00:00Z |
| source | MITRE |
| title | 2021 Adversary Infrastructure Report |
Red Canary 2021 Threat Detection Report March 2021
Red Canary. (2021, March 31). 2021 Threat Detection Report. Retrieved August 31, 2021.
Internal MISP references
UUID 83b906fc-ac2a-4f49-b87e-31f046e95fb7 which can be used as unique global reference for Red Canary 2021 Threat Detection Report March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-31T00:00:00Z |
| date_published | 2021-03-31T00:00:00Z |
| source | MITRE |
| title | 2021 Threat Detection Report |
ACSC BlackCat Apr 2022
Australian Cyber Security Centre. (2022, April 14). 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat). Retrieved December 20, 2022.
Internal MISP references
UUID 3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d which can be used as unique global reference for ACSC BlackCat Apr 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-12-20T00:00:00Z |
| date_published | 2022-04-14T00:00:00Z |
| source | MITRE |
| title | 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat) |
Internet crime report 2022
IC3. (2022). 2022 Internet Crime Report. Retrieved August 18, 2023.
Internal MISP references
UUID ef30c4eb-3da3-5c7b-a304-188acd2f7ebc which can be used as unique global reference for Internet crime report 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | 2022 Internet Crime Report |
RC PowerShell
Red Canary. (n.d.). 2022 Threat Detection Report: PowerShell. Retrieved March 17, 2023.
Internal MISP references
UUID 0f154aa6-8c9d-5bfc-a3c4-5f3e1420f55f which can be used as unique global reference for RC PowerShell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| source | MITRE |
| title | 2022 Threat Detection Report: PowerShell |
20 macOS Common Tools and Techniques
Phil Stokes. (2021, February 16). 20 Common Tools & Techniques Used by macOS Threat Actors & Malware. Retrieved August 23, 2021.
Internal MISP references
UUID 3ee99ff4-daf4-4776-9d94-f7cf193c2b0c which can be used as unique global reference for 20 macOS Common Tools and Techniques in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-23T00:00:00Z |
| date_published | 2021-02-16T00:00:00Z |
| source | MITRE |
| title | 20 Common Tools & Techniques Used by macOS Threat Actors & Malware |
Microsoft GPP Key
Microsoft. (n.d.). 2.2.1.1.4 Password Encryption. Retrieved April 11, 2018.
Internal MISP references
UUID 24d8847b-d5de-4513-a55f-62c805dfa1dc which can be used as unique global reference for Microsoft GPP Key in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| source | MITRE |
| title | 2.2.1.1.4 Password Encryption |
Microsoft _VBA_PROJECT Stream
Microsoft. (2020, February 19). 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information. Retrieved September 18, 2020.
Internal MISP references
UUID 70c75ee4-4ba4-4124-8001-0fadb49a5ac6 which can be used as unique global reference for Microsoft _VBA_PROJECT Stream in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-18T00:00:00Z |
| date_published | 2020-02-19T00:00:00Z |
| source | MITRE |
| title | 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information |
Microsoft Learn
Microsoft. (2021, April 6). 2.5 ExtraData. Retrieved September 30, 2022.
Internal MISP references
UUID 73ba4e07-cfbd-4b23-b52a-1ebbd7cc0fe4 which can be used as unique global reference for Microsoft Learn in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2021-04-06T00:00:00Z |
| source | MITRE |
| title | 2.5 ExtraData |
Hybrid Analysis Icacls2 May 2018
Hybrid Analysis. (2018, May 30). 2a8efbfadd798f6111340f7c1c956bee.dll. Retrieved August 19, 2018.
Internal MISP references
UUID 5d33fcb4-0f01-4b88-b1ee-dad6dcc867f4 which can be used as unique global reference for Hybrid Analysis Icacls2 May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-19T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | 2a8efbfadd798f6111340f7c1c956bee.dll |
Microsoft Wow6432Node 2018
Microsoft. (2018, May 31). 32-bit and 64-bit Application Data in the Registry. Retrieved August 3, 2020.
Internal MISP references
UUID cbc14af8-f0d9-46c9-ae2c-d93d706ac84e which can be used as unique global reference for Microsoft Wow6432Node 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-03T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | 32-bit and 64-bit Application Data in the Registry |
DOJ-DPRK Heist
Department of Justice. (2021). 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe. Retrieved August 18, 2023.
Internal MISP references
UUID c50d2a5b-1d44-5f18-aaff-4be9f6d3f3ac which can be used as unique global reference for DOJ-DPRK Heist in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe |
ITWorld Hard Disk Health Dec 2014
Pinola, M. (2014, December 14). 3 tools to check your hard drive's health and make sure it's not already dying on you. Retrieved October 2, 2018.
Internal MISP references
UUID e48fab76-7e38-420e-b69b-709f37bde847 which can be used as unique global reference for ITWorld Hard Disk Health Dec 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-02T00:00:00Z |
| date_published | 2014-12-14T00:00:00Z |
| source | MITRE |
| title | 3 tools to check your hard drive's health and make sure it's not already dying on you |
Microsoft 4657 APR 2017
Miroshnikov, A. & Hall, J. (2017, April 18). 4657(S): A registry value was modified. Retrieved August 9, 2018.
Internal MISP references
UUID ee681893-edd6-46c7-bb11-38fc24eef899 which can be used as unique global reference for Microsoft 4657 APR 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-09T00:00:00Z |
| date_published | 2017-04-18T00:00:00Z |
| source | MITRE |
| title | 4657(S): A registry value was modified |
Microsoft 4697 APR 2017
Miroshnikov, A. & Hall, J. (2017, April 18). 4697(S): A service was installed in the system. Retrieved August 7, 2018.
Internal MISP references
UUID 17473dc7-39cd-4c90-85cb-05d4c1364fff which can be used as unique global reference for Microsoft 4697 APR 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-07T00:00:00Z |
| date_published | 2017-04-18T00:00:00Z |
| source | MITRE |
| title | 4697(S): A service was installed in the system |
Microsoft User Creation Event
Lich, B., Miroshnikov, A. (2017, April 5). 4720(S): A user account was created. Retrieved June 30, 2017.
Internal MISP references
UUID 01e2068b-83bc-4479-8fc9-dfaafdbf272b which can be used as unique global reference for Microsoft User Creation Event in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-30T00:00:00Z |
| date_published | 2017-04-05T00:00:00Z |
| source | MITRE |
| title | 4720(S): A user account was created |
Microsoft User Modified Event
Lich, B., Miroshnikov, A. (2017, April 5). 4738(S): A user account was changed. Retrieved June 30, 2017.
Internal MISP references
UUID fb4164f9-1e03-43f1-8143-179c9f08dff2 which can be used as unique global reference for Microsoft User Modified Event in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-30T00:00:00Z |
| date_published | 2017-04-05T00:00:00Z |
| source | MITRE |
| title | 4738(S): A user account was changed |
Microsoft 4768 TGT 2017
Microsoft. (2017, April 19). 4768(S, F): A Kerberos authentication ticket (TGT) was requested. Retrieved August 24, 2020.
Internal MISP references
UUID 19237af4-e535-4059-a8a9-63280cdf4722 which can be used as unique global reference for Microsoft 4768 TGT 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-24T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | 4768(S, F): A Kerberos authentication ticket (TGT) was requested |
HIPAA Journal S3 Breach, 2017
HIPAA Journal. (2017, October 11). 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket. Retrieved October 4, 2019.
Internal MISP references
UUID b0fbf593-4aeb-4167-814b-ed3d4479ded0 which can be used as unique global reference for HIPAA Journal S3 Breach, 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2017-10-11T00:00:00Z |
| source | MITRE |
| title | 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket |
Slack Security Risks
Michael Osakwe. (2020, November 18). 4 SaaS and Slack Security Risks to Consider. Retrieved March 17, 2023.
Internal MISP references
UUID 4332430a-0dec-5942-88ce-21f6d02cc9a9 which can be used as unique global reference for Slack Security Risks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2020-11-18T00:00:00Z |
| source | MITRE |
| title | 4 SaaS and Slack Security Risks to Consider |
PurpleSec Data Loss Prevention
Michael Swanagan. (2020, October 24). 7 Data Loss Prevention Best Practices & Strategies. Retrieved August 30, 2021.
Internal MISP references
UUID b7d786db-c50e-4d1f-947e-205e8eefa2da which can be used as unique global reference for PurpleSec Data Loss Prevention in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-30T00:00:00Z |
| date_published | 2020-10-24T00:00:00Z |
| source | MITRE |
| title | 7 Data Loss Prevention Best Practices & Strategies |
7zip Homepage
I. Pavlov. (2019). 7-Zip. Retrieved February 20, 2020.
Internal MISP references
UUID fc1396d2-1ffd-4fd9-ba60-3f6e0a9dfffb which can be used as unique global reference for 7zip Homepage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-20T00:00:00Z |
| date_published | 2019-01-01T00:00:00Z |
| source | MITRE |
| title | 7-Zip |
MicroFocus 9002 Aug 2016
Petrovsky, O. (2016, August 30). “9002 RAT” -- a second building on the left. Retrieved February 20, 2018.
Internal MISP references
UUID a4d6bdd1-e70c-491b-a569-72708095c809 which can be used as unique global reference for MicroFocus 9002 Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-20T00:00:00Z |
| date_published | 2016-08-30T00:00:00Z |
| source | MITRE |
| title | “9002 RAT” -- a second building on the left |
CISA AA21-200A APT40 July 2021
CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.
Internal MISP references
UUID 3a2dbd8b-54e3-406a-b77c-b6fae5541b6d which can be used as unique global reference for CISA AA21-200A APT40 July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-12T00:00:00Z |
| date_published | 2021-07-19T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department |
AADInternals
Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 1, 2022.
Internal MISP references
UUID d6faadde-690d-44d1-b1aa-0991a5374604 which can be used as unique global reference for AADInternals in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-01T00:00:00Z |
| date_published | 2018-10-25T00:00:00Z |
| source | MITRE |
| title | AADInternals |
AADInternals Documentation
Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 18, 2022.
Internal MISP references
UUID 320231a1-4dbe-4eaa-b14d-48de738ba697 which can be used as unique global reference for AADInternals Documentation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-18T00:00:00Z |
| date_published | 2018-10-25T00:00:00Z |
| source | MITRE |
| title | AADInternals Documentation |
AADInternals Github
Dr. Nestori Syynimaa. (2021, December 13). AADInternals. Retrieved February 1, 2022.
Internal MISP references
UUID 643d3947-c0ec-47c4-bb58-5e546084433c which can be used as unique global reference for AADInternals Github in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-01T00:00:00Z |
| date_published | 2021-12-13T00:00:00Z |
| source | MITRE |
| title | AADInternals Github |
Gigamon BADHATCH Jul 2019
Savelesky, K., et al. (2019, July 23). ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling. Retrieved September 8, 2021.
Internal MISP references
UUID 69a45479-e982-58ee-9e2d-caaf825f0ad4 which can be used as unique global reference for Gigamon BADHATCH Jul 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-08T00:00:00Z |
| date_published | 2019-07-23T00:00:00Z |
| source | MITRE |
| title | ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling |
bad_luck_blackcat
Kaspersky Global Research & Analysis Team (GReAT). (2022). A Bad Luck BlackCat. Retrieved May 5, 2022.
Internal MISP references
UUID 0d1e9635-b7b6-454b-9482-b1fc7d33bfff which can be used as unique global reference for bad_luck_blackcat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-05T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | A Bad Luck BlackCat |
Cybereason Bazar July 2020
Cybereason Nocturnus. (2020, July 16). A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES. Retrieved November 18, 2020.
Internal MISP references
UUID 8819875a-5139-4dae-94c8-e7cc9f847580 which can be used as unique global reference for Cybereason Bazar July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-18T00:00:00Z |
| date_published | 2020-07-16T00:00:00Z |
| source | MITRE |
| title | A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES |
Red Canary Hospital Thwarted Ryuk October 2020
Brian Donohue, Katie Nickels, Paul Michaud, Adina Bodkins, Taylor Chapman, Tony Lambert, Jeff Felling, Kyle Rainey, Mike Haag, Matt Graeber, Aaron Didier.. (2020, October 29). A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak. Retrieved October 30, 2020.
Internal MISP references
UUID ae5d4c47-54c9-4f7b-9357-88036c524217 which can be used as unique global reference for Red Canary Hospital Thwarted Ryuk October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-30T00:00:00Z |
| date_published | 2020-10-29T00:00:00Z |
| source | MITRE |
| title | A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak |
CyberCX Anonymous Sudan June 19 2023
CyberCX Intelligence. (2023, June 19). A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations. Retrieved October 10, 2023.
Internal MISP references
UUID 68ded9b7-3042-44e0-8bf7-cdba2174a3d8 which can be used as unique global reference for CyberCX Anonymous Sudan June 19 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-06-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations |
Netskope Cloud Phishing
Ashwin Vamshi. (2020, August 12). A Big Catch: Cloud Phishing from Google App Engine and Azure App Service. Retrieved August 18, 2022.
Internal MISP references
UUID 25d46bc1-4c05-48d3-95f0-aa3ee1100bf9 which can be used as unique global reference for Netskope Cloud Phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-18T00:00:00Z |
| date_published | 2020-08-12T00:00:00Z |
| source | MITRE |
| title | A Big Catch: Cloud Phishing from Google App Engine and Azure App Service |
Microsoft O365 Admin Roles
Ako-Adjei, K., Dickhaus, M., Baumgartner, P., Faigel, D., et. al.. (2019, October 8). About admin roles. Retrieved October 18, 2019.
Internal MISP references
UUID 8014a0cc-f793-4d9a-a2cc-ef9e9c5a826a which can be used as unique global reference for Microsoft O365 Admin Roles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-18T00:00:00Z |
| date_published | 2019-10-08T00:00:00Z |
| source | MITRE |
| title | About admin roles |
Microsoft Atom Table
Microsoft. (n.d.). About Atom Tables. Retrieved December 8, 2017.
Internal MISP references
UUID a22636c8-8e39-4583-93ef-f0b7f0a218d8 which can be used as unique global reference for Microsoft Atom Table in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-08T00:00:00Z |
| source | MITRE |
| title | About Atom Tables |
Microsoft About BITS
Microsoft. (2019, July 12). About BITS. Retrieved March 16, 2020.
Internal MISP references
UUID 8d6d47d1-a6ea-4673-8ade-ba61bfeef084 which can be used as unique global reference for Microsoft About BITS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-16T00:00:00Z |
| date_published | 2019-07-12T00:00:00Z |
| source | MITRE |
| title | About BITS |
Microsoft About Event Tracing 2018
Microsoft. (2018, May 30). About Event Tracing. Retrieved June 7, 2019.
Internal MISP references
UUID 689d944f-ad66-4908-91fb-bb1ecdafe8d9 which can be used as unique global reference for Microsoft About Event Tracing 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-07T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | About Event Tracing |
Microsoft PowerShell Command History
Microsoft. (2020, May 13). About History. Retrieved September 4, 2020.
Internal MISP references
UUID 6c873fb4-db43-4bad-b5e4-a7d45cbe796f which can be used as unique global reference for Microsoft PowerShell Command History in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-04T00:00:00Z |
| date_published | 2020-05-13T00:00:00Z |
| source | MITRE |
| title | About History |
Microsoft List View Controls
Microsoft. (2021, May 25). About List-View Controls. Retrieved January 4, 2022.
Internal MISP references
UUID 7d6c6ba6-cda6-4f27-bfc8-af5b759305ed which can be used as unique global reference for Microsoft List View Controls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-04T00:00:00Z |
| date_published | 2021-05-25T00:00:00Z |
| source | MITRE |
| title | About List-View Controls |
Microsoft PowerShell Logging
Microsoft. (2020, March 30). about_Logging_Windows. Retrieved September 28, 2021.
Internal MISP references
UUID 81c94686-741d-45d7-90f3-0c7979374e87 which can be used as unique global reference for Microsoft PowerShell Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2020-03-30T00:00:00Z |
| source | MITRE |
| title | about_Logging_Windows |
Apple About Mac Scripting 2016
Apple. (2016, June 13). About Mac Scripting. Retrieved April 14, 2021.
Internal MISP references
UUID d2f32ac1-9b5b-408d-a7ab-d92dd9efe0ed which can be used as unique global reference for Apple About Mac Scripting 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| date_published | 2016-06-13T00:00:00Z |
| source | MITRE |
| title | About Mac Scripting |
PowerShell About 2019
Wheeler, S. et al.. (2019, May 1). About PowerShell.exe. Retrieved October 11, 2019.
Internal MISP references
UUID 2c504602-4f5d-47fc-9780-e1e5041a0b3a which can be used as unique global reference for PowerShell About 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2019-05-01T00:00:00Z |
| source | MITRE |
| title | About PowerShell.exe |
Microsoft PowerShellB64
Microsoft. (2023, February 8). about_PowerShell_exe: EncodedCommand. Retrieved March 17, 2023.
Internal MISP references
UUID 7e50721c-c6d5-5449-8326-529da4cf5465 which can be used as unique global reference for Microsoft PowerShellB64 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2023-02-08T00:00:00Z |
| source | MITRE |
| title | about_PowerShell_exe: EncodedCommand |
Microsoft Profiles
Microsoft. (2021, September 27). about_Profiles. Retrieved February 4, 2022.
Internal MISP references
UUID b25ab0bf-c28b-4747-b075-30bcdfbc0e35 which can be used as unique global reference for Microsoft Profiles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-04T00:00:00Z |
| date_published | 2021-09-27T00:00:00Z |
| source | MITRE |
| title | about_Profiles |
Microsoft About Profiles
Microsoft. (2017, November 29). About Profiles. Retrieved June 14, 2019.
Internal MISP references
UUID 1da63665-7a96-4bc3-9606-a3575b913819 which can be used as unique global reference for Microsoft About Profiles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-14T00:00:00Z |
| date_published | 2017-11-29T00:00:00Z |
| source | MITRE |
| title | About Profiles |
Microsoft Remote Desktop Services
Microsoft. (2019, August 23). About Remote Desktop Services. Retrieved March 28, 2022.
Internal MISP references
UUID a981e013-f839-46e9-9c8a-128c4897f77a which can be used as unique global reference for Microsoft Remote Desktop Services in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-28T00:00:00Z |
| date_published | 2019-08-23T00:00:00Z |
| source | MITRE |
| title | About Remote Desktop Services |
MSDN Clipboard
Microsoft. (n.d.). About the Clipboard. Retrieved March 29, 2016.
Internal MISP references
UUID 2c1b2d58-a5dc-4aee-8bdb-129a81c10408 which can be used as unique global reference for MSDN Clipboard in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-29T00:00:00Z |
| source | MITRE |
| title | About the Clipboard |
Microsoft HTML Help Executable Program
Microsoft. (n.d.). About the HTML Help Executable Program. Retrieved October 3, 2018.
Internal MISP references
UUID 1af226cc-bb93-43c8-972e-367482c5d487 which can be used as unique global reference for Microsoft HTML Help Executable Program in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| source | MITRE |
| title | About the HTML Help Executable Program |
About UEFI
UEFI Forum. (n.d.). About UEFI Forum. Retrieved January 5, 2016.
Internal MISP references
UUID 2e6fe82c-d90f-42b6-8247-397ab8823c7c which can be used as unique global reference for About UEFI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-05T00:00:00Z |
| source | MITRE |
| title | About UEFI Forum |
Microsoft Window Classes
Microsoft. (n.d.). About Window Classes. Retrieved December 16, 2017.
Internal MISP references
UUID cc620fcd-1f4a-4670-84b5-3f12c9b85053 which can be used as unique global reference for Microsoft Window Classes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-16T00:00:00Z |
| source | MITRE |
| title | About Window Classes |
Picus Sodinokibi January 2020
Ozarslan, S. (2020, January 15). A Brief History of Sodinokibi. Retrieved August 5, 2020.
Internal MISP references
UUID 2e9c2206-a04e-4278-9492-830cc9347ff9 which can be used as unique global reference for Picus Sodinokibi January 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-05T00:00:00Z |
| date_published | 2020-01-15T00:00:00Z |
| source | MITRE |
| title | A Brief History of Sodinokibi |
Application Bundle Manipulation Brandon Dalton
Brandon Dalton. (2022, August 9). A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation. Retrieved September 27, 2022.
Internal MISP references
UUID 2a8fd573-6ab0-403b-b813-88d9d3edab36 which can be used as unique global reference for Application Bundle Manipulation Brandon Dalton in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-27T00:00:00Z |
| date_published | 2022-08-09T00:00:00Z |
| source | MITRE |
| title | A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation |
NCC Group Chimera January 2021
Jansen, W . (2021, January 12). Abusing cloud services to fly under the radar. Retrieved January 19, 2021.
Internal MISP references
UUID 70c217c3-83a2-40f2-8f47-b68d8bd4cdf0 which can be used as unique global reference for NCC Group Chimera January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-19T00:00:00Z |
| date_published | 2021-01-12T00:00:00Z |
| source | MITRE |
| title | Abusing cloud services to fly under the radar |
Harmj0y Abusing GPO Permissions
Schroeder, W. (2016, March 17). Abusing GPO Permissions. Retrieved March 5, 2019.
Internal MISP references
UUID 18cc9426-9b51-46fa-9106-99688385ebe4 which can be used as unique global reference for Harmj0y Abusing GPO Permissions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2016-03-17T00:00:00Z |
| source | MITRE |
| title | Abusing GPO Permissions |
Retwin Directory Share Pivot
Routin, D. (2017, November 13). Abusing network shares for efficient lateral movements and privesc (DirSharePivot). Retrieved April 12, 2018.
Internal MISP references
UUID 027c5274-6b61-447a-9058-edb844f112dd which can be used as unique global reference for Retwin Directory Share Pivot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-12T00:00:00Z |
| date_published | 2017-11-13T00:00:00Z |
| source | MITRE |
| title | Abusing network shares for efficient lateral movements and privesc (DirSharePivot) |
BOHOPS Abusing the COM Registry
BOHOPS. (2018, August 18). Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques. Retrieved August 10, 2020.
Internal MISP references
UUID 3b5c0e62-7ac9-42e1-b2dd-8f2e0739b9d7 which can be used as unique global reference for BOHOPS Abusing the COM Registry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-10T00:00:00Z |
| date_published | 2018-08-18T00:00:00Z |
| source | MITRE |
| title | Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques |
abusing_com_reg
bohops. (2018, August 18). ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES. Retrieved September 20, 2021.
Internal MISP references
UUID 7f0f223f-09b1-4f8f-b6f1-1044e2ac7066 which can be used as unique global reference for abusing_com_reg in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2018-08-18T00:00:00Z |
| source | MITRE |
| title | ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES |
Rhino Security Labs AWS VPC Traffic Mirroring
Spencer Gietzen. (2019, September 17). Abusing VPC Traffic Mirroring in AWS. Retrieved March 17, 2022.
Internal MISP references
UUID 09cac813-862c-47c8-a47f-154c5436afbb which can be used as unique global reference for Rhino Security Labs AWS VPC Traffic Mirroring in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-17T00:00:00Z |
| date_published | 2019-09-17T00:00:00Z |
| source | MITRE |
| title | Abusing VPC Traffic Mirroring in AWS |
Narrator Accessibility Abuse
Comi, G. (2019, October 19). Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence. Retrieved April 28, 2020.
Internal MISP references
UUID fc889ba3-79a5-445a-81ea-dfe81c1cc542 which can be used as unique global reference for Narrator Accessibility Abuse in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-28T00:00:00Z |
| date_published | 2019-10-19T00:00:00Z |
| source | MITRE |
| title | Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence |
Intezer ACBackdoor
Sanmillan, I. (2019, November 18). ACBackdoor: Analysis of a New Multiplatform Backdoor. Retrieved October 4, 2021.
Internal MISP references
UUID e6cb833f-cf18-498b-a233-848853423412 which can be used as unique global reference for Intezer ACBackdoor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2019-11-18T00:00:00Z |
| source | MITRE |
| title | ACBackdoor: Analysis of a New Multiplatform Backdoor |
AccCheckConsole.exe - LOLBAS Project
LOLBAS. (2022, January 2). AccCheckConsole.exe. Retrieved December 4, 2023.
Internal MISP references
UUID de5523bd-e735-4751-84e9-a1be1d2980ec which can be used as unique global reference for AccCheckConsole.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AccCheckConsole.exe |
CyberScoop APT28 Nov 2018
Shoorbajee, Z. (2018, November 29). Accenture: Russian hackers using Brexit talks to disguise phishing lures. Retrieved July 16, 2019.
Internal MISP references
UUID ef8f0990-b2da-4538-8b02-7401dc5a4120 which can be used as unique global reference for CyberScoop APT28 Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-16T00:00:00Z |
| date_published | 2018-11-29T00:00:00Z |
| source | MITRE |
| title | Accenture: Russian hackers using Brexit talks to disguise phishing lures |
Microsoft Azure Kubernetes Service Service Accounts
Microsoft Azure. (2023, April 28). Access and identity options for Azure Kubernetes Service (AKS). Retrieved July 14, 2023.
Internal MISP references
UUID bf374b41-b2a3-5c07-bf84-9ea0e1a9e6c5 which can be used as unique global reference for Microsoft Azure Kubernetes Service Service Accounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-14T00:00:00Z |
| date_published | 2023-04-28T00:00:00Z |
| source | MITRE |
| title | Access and identity options for Azure Kubernetes Service (AKS) |
CrowdStrike Access Brokers
CrowdStrike Intelligence Team. (2022, February 23). Access Brokers: Who Are the Targets, and What Are They Worth?. Retrieved March 10, 2023.
Internal MISP references
UUID 0f772693-e09d-5c82-85c2-77f5fee39ef0 which can be used as unique global reference for CrowdStrike Access Brokers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-10T00:00:00Z |
| date_published | 2022-02-23T00:00:00Z |
| source | MITRE |
| title | Access Brokers: Who Are the Targets, and What Are They Worth? |
Microsoft Access Control Lists May 2018
M. Satran, M. Jacobs. (2018, May 30). Access Control Lists. Retrieved February 4, 2020.
Internal MISP references
UUID 2aeda95a-7741-4a74-a5a4-29a9e7a89451 which can be used as unique global reference for Microsoft Access Control Lists May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-04T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Access Control Lists |
Auth0 Access Tokens
Auth0. (n.d.). Access Tokens. Retrieved September 29, 2021.
Internal MISP references
UUID 43e8e178-a0da-44d8-be1b-853307e0d4ae which can be used as unique global reference for Auth0 Access Tokens in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| source | MITRE |
| title | Access Tokens |
BSidesSLC 2020 - LNK Elastic
French, D., Filar, B.. (2020, March 21). A Chain Is No Stronger Than Its Weakest LNK. Retrieved November 30, 2020.
Internal MISP references
UUID 4c2ede51-33f6-4d09-9186-43b023b079c0 which can be used as unique global reference for BSidesSLC 2020 - LNK Elastic in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-30T00:00:00Z |
| date_published | 2020-03-21T00:00:00Z |
| source | MITRE |
| title | A Chain Is No Stronger Than Its Weakest LNK |
Mythic SpecterOps
Thomas, C. (2020, August 13). A Change of Mythic Proportions. Retrieved March 25, 2022.
Internal MISP references
UUID 98d4453e-2e80-422a-ac8c-47f650f46e3c which can be used as unique global reference for Mythic SpecterOps in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2020-08-13T00:00:00Z |
| source | MITRE |
| title | A Change of Mythic Proportions |
FireEye Chinese Espionage October 2019
Nalani Fraser, Kelli Vanderlee. (2019, October 10). Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions. Retrieved October 17, 2021.
Internal MISP references
UUID d37c069c-7fb8-44e1-8377-da97e8bbcf67 which can be used as unique global reference for FireEye Chinese Espionage October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-17T00:00:00Z |
| date_published | 2019-10-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions |
Unit42 AcidBox June 2020
Reichel, D. and Idrizovic, E. (2020, June 17). AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations. Retrieved March 16, 2021.
Internal MISP references
UUID f3f2eca0-fda3-451e-bf13-aacb14668e48 which can be used as unique global reference for Unit42 AcidBox June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-16T00:00:00Z |
| date_published | 2020-06-17T00:00:00Z |
| source | MITRE |
| title | AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations |
acroread package compromised Arch Linux Mail 8JUL2018
Eli Schwartz. (2018, June 8). acroread package compromised. Retrieved April 23, 2019.
Internal MISP references
UUID 99245022-2130-404d-bf7a-095d84a515cd which can be used as unique global reference for acroread package compromised Arch Linux Mail 8JUL2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-06-08T00:00:00Z |
| source | MITRE |
| title | acroread package compromised |
Microsoft Actinium February 2022
Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.
Internal MISP references
UUID 5ab658db-7f71-4213-8146-e22da54160b3 which can be used as unique global reference for Microsoft Actinium February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-18T00:00:00Z |
| date_published | 2022-02-04T00:00:00Z |
| source | MITRE |
| title | ACTINIUM targets Ukrainian organizations |
Wikipedia Active Directory
Wikipedia. (2018, March 10). Active Directory. Retrieved April 11, 2018.
Internal MISP references
UUID 924e1186-57e5-43db-94ab-29afa3fdaa7b which can be used as unique global reference for Wikipedia Active Directory in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-03-10T00:00:00Z |
| source | MITRE |
| title | Active Directory |
Microsoft AD Accounts
Microsoft. (2019, August 23). Active Directory Accounts. Retrieved March 13, 2020.
Internal MISP references
UUID df734659-2441-487a-991d-59064c61b771 which can be used as unique global reference for Microsoft AD Accounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2019-08-23T00:00:00Z |
| source | MITRE |
| title | Active Directory Accounts |
Microsoft AD Admin Tier Model
Microsoft. (2019, February 14). Active Directory administrative tier model. Retrieved February 21, 2020.
Internal MISP references
UUID 3afba81a-3b1d-41ec-938e-24f055698d52 which can be used as unique global reference for Microsoft AD Admin Tier Model in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2019-02-14T00:00:00Z |
| source | MITRE |
| title | Active Directory administrative tier model |
Microsoft AD CS Overview
Microsoft. (2016, August 31). Active Directory Certificate Services Overview. Retrieved August 2, 2022.
Internal MISP references
UUID f1b2526a-1bf6-4954-a9b3-a5e008761ceb which can be used as unique global reference for Microsoft AD CS Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Active Directory Certificate Services Overview |
Microsoft Get-ADUser
Microsoft. (n.d.). Active Directory Cmdlets - Get-ADUser. Retrieved November 30, 2017.
Internal MISP references
UUID b68ac85e-a007-4a72-9185-2877e9184fad which can be used as unique global reference for Microsoft Get-ADUser in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Active Directory Cmdlets - Get-ADUser |
Active Directory Enumeration with LDIFDE
Microsoft. (2023, June 26). Active Directory Enumeration with LDIFDE. Retrieved July 11, 2023.
Internal MISP references
UUID 51e6623a-4448-4244-8c81-4eab102e5926 which can be used as unique global reference for Active Directory Enumeration with LDIFDE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-11T00:00:00Z |
| date_published | 2023-06-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Active Directory Enumeration with LDIFDE |
Microsoft SID-History Attribute
Microsoft. (n.d.). Active Directory Schema - SID-History attribute. Retrieved November 30, 2017.
Internal MISP references
UUID 32150673-5593-4a2c-9872-aaa96a21aa5c which can be used as unique global reference for Microsoft SID-History Attribute in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Active Directory Schema - SID-History attribute |
ActiveMalwareEnergy
Dan Goodin. (2014, June 30). Active malware operation let attackers sabotage US energy industry. Retrieved March 9, 2017.
Internal MISP references
UUID f2ef73c6-5d4c-423e-a3f5-194cba121eb1 which can be used as unique global reference for ActiveMalwareEnergy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-09T00:00:00Z |
| date_published | 2014-06-30T00:00:00Z |
| source | MITRE |
| title | Active malware operation let attackers sabotage US energy industry |
Klein Active Setup 2010
Klein, H. (2010, April 22). Active Setup Explained. Retrieved December 18, 2020.
Internal MISP references
UUID cbdd6290-1dda-48af-a101-fb3db6581276 which can be used as unique global reference for Klein Active Setup 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2010-04-22T00:00:00Z |
| source | MITRE |
| title | Active Setup Explained |
Dark Vortex Brute Ratel C4
Dark Vortex. (n.d.). A Customized Command and Control Center for Red Team and Adversary Simulation. Retrieved February 7, 2023.
Internal MISP references
UUID 47992cb5-df11-56c2-b266-6f58d75f8315 which can be used as unique global reference for Dark Vortex Brute Ratel C4 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-07T00:00:00Z |
| source | MITRE |
| title | A Customized Command and Control Center for Red Team and Adversary Simulation |
ad_blocker_with_miner
Kuzmenko, A.. (2021, March 10). Ad blocker with miner included. Retrieved October 28, 2021.
Internal MISP references
UUID 8e30f71e-80b8-4662-bc95-bf3cf7cfcf40 which can be used as unique global reference for ad_blocker_with_miner in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-28T00:00:00Z |
| date_published | 2021-03-10T00:00:00Z |
| source | MITRE |
| title | Ad blocker with miner included |
Microsoft Support O365 Add Another Admin, October 2019
Microsoft. (n.d.). Add Another Admin. Retrieved October 18, 2019.
Internal MISP references
UUID c31cfc48-289e-42aa-8046-b41261fdeb96 which can be used as unique global reference for Microsoft Support O365 Add Another Admin, October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-18T00:00:00Z |
| source | MITRE |
| title | Add Another Admin |
Amazon AWS IMDS V2
MacCarthaigh, C. (2019, November 19). Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service. Retrieved October 14, 2020.
Internal MISP references
UUID f252eb18-86e9-4ed0-b9da-2c81f12a6e13 which can be used as unique global reference for Amazon AWS IMDS V2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-14T00:00:00Z |
| date_published | 2019-11-19T00:00:00Z |
| source | MITRE |
| title | Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service |
Adding Login Items
Apple. (2016, September 13). Adding Login Items. Retrieved July 11, 2017.
Internal MISP references
UUID 5ab3e243-37a6-46f1-b28f-6846ecdef0ae which can be used as unique global reference for Adding Login Items in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-11T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | Adding Login Items |
MRWLabs Office Persistence Add-ins
Knowles, W. (2017, April 21). Add-In Opportunities for Office Persistence. Retrieved July 3, 2017.
Internal MISP references
UUID a5b6ab63-0e6f-4789-a017-ceab1719ed85 which can be used as unique global reference for MRWLabs Office Persistence Add-ins in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2017-04-21T00:00:00Z |
| source | MITRE |
| title | Add-In Opportunities for Office Persistence |
AddinUtil.exe - LOLBAS Project
LOLBAS. (2023, October 5). AddinUtil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 91af546d-0a56-4c17-b292-6257943a8aba which can be used as unique global reference for AddinUtil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-10-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AddinUtil.exe |
Microsoft - Add-MailboxPermission
Microsoft. (n.d.). Add-Mailbox Permission. Retrieved September 13, 2019.
Internal MISP references
UUID b8d40efb-c78d-47dd-9d83-e5a31af73691 which can be used as unique global reference for Microsoft - Add-MailboxPermission in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-13T00:00:00Z |
| source | MITRE |
| title | Add-Mailbox Permission |
AddMonitor
Microsoft. (n.d.). AddMonitor function. Retrieved November 12, 2014.
Internal MISP references
UUID 8c1a719e-6ca1-4b41-966d-ddb87c849fe0 which can be used as unique global reference for AddMonitor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| source | MITRE |
| title | AddMonitor function |
Microsoft Azure AD Users
Microsoft. (2019, November 11). Add or delete users using Azure Active Directory. Retrieved January 30, 2020.
Internal MISP references
UUID b69468a2-693e-4bd0-8dc1-ccfd7d5630c0 which can be used as unique global reference for Microsoft Azure AD Users in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-30T00:00:00Z |
| date_published | 2019-11-11T00:00:00Z |
| source | MITRE |
| title | Add or delete users using Azure Active Directory |
Microsoft Office Add-ins
Microsoft. (n.d.). Add or remove add-ins. Retrieved July 3, 2017.
Internal MISP references
UUID 99b20e30-76a8-4108-84ae-daf92058b44b which can be used as unique global reference for Microsoft Office Add-ins in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| source | MITRE |
| title | Add or remove add-ins |
Microsoft AddPrintProcessor May 2018
Microsoft. (2018, May 31). AddPrintProcessor function. Retrieved October 5, 2020.
Internal MISP references
UUID 12c7160b-c93c-44cd-b108-68d4823aec8c which can be used as unique global reference for Microsoft AddPrintProcessor May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-05T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | AddPrintProcessor function |
RFC1918
IETF Network Working Group. (1996, February). Address Allocation for Private Internets. Retrieved October 20, 2020.
Internal MISP references
UUID f2cdf62e-cb9b-4a48-99a2-d46e7d9e7a9e which can be used as unique global reference for RFC1918 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 1996-02-01T00:00:00Z |
| source | MITRE |
| title | Address Allocation for Private Internets |
Microsoft Exchange Address Lists
Microsoft. (2020, February 7). Address lists in Exchange Server. Retrieved March 26, 2020.
Internal MISP references
UUID 138ec24a-4361-4ce0-b78e-508c11db397c which can be used as unique global reference for Microsoft Exchange Address Lists in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-26T00:00:00Z |
| date_published | 2020-02-07T00:00:00Z |
| source | MITRE |
| title | Address lists in Exchange Server |
Microsoft AD DS Getting Started
Foulds, I. et al. (2018, August 7). AD DS Getting Started. Retrieved September 23, 2021.
Internal MISP references
UUID 82d01c77-571b-4f33-a286-878f325462ae which can be used as unique global reference for Microsoft AD DS Getting Started in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2018-08-07T00:00:00Z |
| source | MITRE |
| title | AD DS Getting Started |
Akamai DGA Mitigation
Liu, H. and Yuzifovich, Y. (2018, January 9). A Death Match of Domain Generation Algorithms. Retrieved February 18, 2019.
Internal MISP references
UUID 5b14cdf6-261a-4d7e-acb4-74e7fafa9467 which can be used as unique global reference for Akamai DGA Mitigation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2018-01-09T00:00:00Z |
| source | MITRE |
| title | A Death Match of Domain Generation Algorithms |
Keychain Decryption Passware
Yana Gourenko. (n.d.). A Deep Dive into Apple Keychain Decryption. Retrieved April 13, 2022.
Internal MISP references
UUID 6a426ab4-5b0b-46d4-9dfe-e2587f69e111 which can be used as unique global reference for Keychain Decryption Passware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-13T00:00:00Z |
| source | MITRE |
| title | A Deep Dive into Apple Keychain Decryption |
Trend Micro Deep Dive Into Defacement
Marco Balduzzi, Ryan Flores, Lion Gu, Federico Maggi, Vincenzo Ciancaglini, Roel Reyes, Akira Urano. (n.d.). A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks. Retrieved April 19, 2019.
Internal MISP references
UUID 4886418b-3a2e-4f12-b91e-3bb2a8134112 which can be used as unique global reference for Trend Micro Deep Dive Into Defacement in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| source | MITRE |
| title | A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks |
Talos Lokibot Jan 2021
Muhammad, I., Unterbrink, H.. (2021, January 6). A Deep Dive into Lokibot Infection Chain. Retrieved August 31, 2021.
Internal MISP references
UUID 3baba4e6-0cf5-45eb-8abb-6c389743af89 which can be used as unique global reference for Talos Lokibot Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-31T00:00:00Z |
| date_published | 2021-01-06T00:00:00Z |
| source | MITRE |
| title | A Deep Dive into Lokibot Infection Chain |
Malwarebytes Saint Bot April 2021
Hasherezade. (2021, April 6). A deep dive into Saint Bot, a new downloader. Retrieved June 9, 2022.
Internal MISP references
UUID 3a1faa47-7bd3-453f-9b7a-bb17efb8bb3c which can be used as unique global reference for Malwarebytes Saint Bot April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-09T00:00:00Z |
| date_published | 2021-04-06T00:00:00Z |
| source | MITRE |
| title | A deep dive into Saint Bot, a new downloader |
SecurityScorecard CredoMap September 2022
Vlad Pasca. (2022, September 27). A Deep Dive Into the APT28’s stealer called CredoMap. Retrieved December 5, 2023.
Internal MISP references
UUID 3e683efc-4712-4397-8d55-4354ff7ad9f0 which can be used as unique global reference for SecurityScorecard CredoMap September 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-05T00:00:00Z |
| date_published | 2022-09-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | A Deep Dive Into the APT28’s stealer called CredoMap |
Krebs DNS Hijack 2019
Brian Krebs. (2019, February 18). A Deep Dive on the Recent Widespread DNS Hijacking Attacks. Retrieved February 14, 2022.
Internal MISP references
UUID 9bdc618d-ff55-4ac8-8967-6039c6c24cb1 which can be used as unique global reference for Krebs DNS Hijack 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-14T00:00:00Z |
| date_published | 2019-02-18T00:00:00Z |
| source | MITRE |
| title | A Deep Dive on the Recent Widespread DNS Hijacking Attacks |
Reaqta MuddyWater November 2017
Reaqta. (2017, November 22). A dive into MuddyWater APT targeting Middle-East. Retrieved May 18, 2020.
Internal MISP references
UUID ecd28ccf-edb6-478d-a8f1-da630df42127 which can be used as unique global reference for Reaqta MuddyWater November 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-18T00:00:00Z |
| date_published | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | A dive into MuddyWater APT targeting Middle-East |
ESET Turla PowerShell May 2019
Faou, M. and Dumont R.. (2019, May 29). A dive into Turla PowerShell usage. Retrieved June 14, 2019.
Internal MISP references
UUID 68c0f34b-691a-4847-8d49-f18b7f4e5188 which can be used as unique global reference for ESET Turla PowerShell May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-14T00:00:00Z |
| date_published | 2019-05-29T00:00:00Z |
| source | MITRE |
| title | A dive into Turla PowerShell usage |
Kubernetes Admission Controllers
Kubernetes. (n.d.). Admission Controllers Reference. Retrieved March 8, 2023.
Internal MISP references
UUID ea035e41-159b-5f12-96fc-0638eace9fd2 which can be used as unique global reference for Kubernetes Admission Controllers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| source | MITRE |
| title | Admission Controllers Reference |
Krebs Adobe
Brian Krebs. (2013, October 3). Adobe To Announce Source Code, Customer Data Breach. Retrieved May 17, 2021.
Internal MISP references
UUID bc2b0b89-e00d-4beb-bf27-fe81d8c826a4 which can be used as unique global reference for Krebs Adobe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-17T00:00:00Z |
| date_published | 2013-10-03T00:00:00Z |
| source | MITRE |
| title | Adobe To Announce Source Code, Customer Data Breach |
Github AD-Pentest-Script
Twi1ight. (2015, July 11). AD-Pentest-Script - wmiexec.vbs. Retrieved June 29, 2017.
Internal MISP references
UUID 45a5f6c2-b52e-4518-a10e-19797e6fdcc3 which can be used as unique global reference for Github AD-Pentest-Script in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-29T00:00:00Z |
| date_published | 2015-07-11T00:00:00Z |
| source | MITRE |
| title | AD-Pentest-Script - wmiexec.vbs |
adplus.exe - LOLBAS Project
LOLBAS. (2021, September 1). adplus.exe. Retrieved December 4, 2023.
Internal MISP references
UUID d407ca0a-7ace-4dc5-947d-69a1e5a1d459 which can be used as unique global reference for adplus.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | adplus.exe |
Microsoft ADV170021 Dec 2017
Microsoft. (2017, December 12). ADV170021 - Microsoft Office Defense in Depth Update. Retrieved February 3, 2018.
Internal MISP references
UUID ce960e76-848f-440d-9843-54773f7b11cf which can be used as unique global reference for Microsoft ADV170021 Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-03T00:00:00Z |
| date_published | 2017-12-12T00:00:00Z |
| source | MITRE |
| title | ADV170021 - Microsoft Office Defense in Depth Update |
FireEye APT Groups
FireEye. (n.d.). Advanced Persistent Threat Groups. Retrieved August 3, 2018.
Internal MISP references
UUID 5b6b909d-870a-4d14-85ec-6aa14e598740 which can be used as unique global reference for FireEye APT Groups in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-03T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Advanced Persistent Threat Groups |
Mandiant APT Groups List
Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved September 14, 2023.
Internal MISP references
UUID c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97 which can be used as unique global reference for Mandiant APT Groups List in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Advanced Persistent Threats (APTs) |
Advanced_sec_audit_policy_settings
Simpson, D. et al. (2017, April 19). Advanced security audit policy settings. Retrieved September 14, 2021.
Internal MISP references
UUID 9aef57b1-1a2e-4833-815e-887616cc0570 which can be used as unique global reference for Advanced_sec_audit_policy_settings in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | Advanced security audit policy settings |
CrowdStrike Richochet Chollima September 2021
CrowdStrike. (2021, September 30). Adversary Profile - Ricochet Chollima. Retrieved September 30, 2021.
Internal MISP references
UUID 69a23467-c55c-43a3-951d-c208e6ead6f7 which can be used as unique global reference for CrowdStrike Richochet Chollima September 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-30T00:00:00Z |
| date_published | 2021-09-30T00:00:00Z |
| source | MITRE |
| title | Adversary Profile - Ricochet Chollima |
Elastic - Hunting for Persistence Part 1
French, D., Murphy, B. (2020, March 24). Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1). Retrieved December 21, 2020.
Internal MISP references
UUID bd9406d3-c3e3-4737-97a1-a4bc997c88cd which can be used as unique global reference for Elastic - Hunting for Persistence Part 1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| date_published | 2020-03-24T00:00:00Z |
| source | MITRE |
| title | Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1) |
NCSC APT29 July 2020
National Cyber Security Centre. (2020, July 16). Advisory: APT29 targets COVID-19 vaccine development. Retrieved September 29, 2020.
Internal MISP references
UUID 28da86a6-4ca1-4bb4-a401-d4aa469c0034 which can be used as unique global reference for NCSC APT29 July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-29T00:00:00Z |
| date_published | 2020-07-16T00:00:00Z |
| source | MITRE |
| title | Advisory: APT29 targets COVID-19 vaccine development |
Advpack.dll - LOLBAS Project
LOLBAS. (2018, May 25). Advpack.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 837ccb3c-316d-4d96-8a33-b5df40870aba which can be used as unique global reference for Advpack.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Advpack.dll |
Kaspersky Adwind Feb 2016
Kamluk, V. & Gostev, A. (2016, February). Adwind - A Cross-Platform RAT. Retrieved April 23, 2019.
Internal MISP references
UUID 69fd8de4-81bc-4165-b77d-c5fc72cfa699 which can be used as unique global reference for Kaspersky Adwind Feb 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2016-02-01T00:00:00Z |
| source | MITRE |
| title | Adwind - A Cross-Platform RAT |
Bitdefender Trickbot VNC module Whitepaper 2021
Radu Tudorica. (2021, July 12). A Fresh Look at Trickbot’s Ever-Improving VNC Module. Retrieved September 28, 2021.
Internal MISP references
UUID ee2709d7-2b33-48ac-8e90-a2770d469d80 which can be used as unique global reference for Bitdefender Trickbot VNC module Whitepaper 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2021-07-12T00:00:00Z |
| source | MITRE |
| title | A Fresh Look at Trickbot’s Ever-Improving VNC Module |
Mac Backdoors are back
Dan Goodin. (2016, July 6). After hiatus, in-the-wild Mac backdoors are suddenly back. Retrieved July 8, 2017.
Internal MISP references
UUID c37f00dc-ee53-4be1-9046-0a28bdc5649a which can be used as unique global reference for Mac Backdoors are back in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-08T00:00:00Z |
| date_published | 2016-07-06T00:00:00Z |
| source | MITRE |
| title | After hiatus, in-the-wild Mac backdoors are suddenly back |
Kaspersky MSSQL Aug 2019
Plakhov, A., Sitchikhin, D. (2019, August 22). Agent 1433: remote attack on Microsoft SQL Server. Retrieved September 4, 2019.
Internal MISP references
UUID 569a6be3-7a10-4aa4-be26-a62ed562a4ce which can be used as unique global reference for Kaspersky MSSQL Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-04T00:00:00Z |
| date_published | 2019-08-22T00:00:00Z |
| source | MITRE |
| title | Agent 1433: remote attack on Microsoft SQL Server |
Securelist Agent.btz
Gostev, A.. (2014, March 12). Agent.btz: a Source of Inspiration?. Retrieved April 8, 2016.
Internal MISP references
UUID 3b876c56-1d18-49e3-9a96-5cee4af7ab72 which can be used as unique global reference for Securelist Agent.btz in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-08T00:00:00Z |
| date_published | 2014-03-12T00:00:00Z |
| source | MITRE |
| title | Agent.btz: a Source of Inspiration? |
ThreatExpert Agent.btz
Shevchenko, S.. (2008, November 30). Agent.btz - A Threat That Hit Pentagon. Retrieved April 8, 2016.
Internal MISP references
UUID b710c404-b02e-444c-9388-9a5e751971d2 which can be used as unique global reference for ThreatExpert Agent.btz in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-08T00:00:00Z |
| date_published | 2008-11-30T00:00:00Z |
| source | MITRE |
| title | Agent.btz - A Threat That Hit Pentagon |
AgentExecutor.exe - LOLBAS Project
LOLBAS. (2020, July 23). AgentExecutor.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 633d7f25-df9d-4619-9aa9-92d1d9d225d7 which can be used as unique global reference for AgentExecutor.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-07-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AgentExecutor.exe |
SentinelLabs Agent Tesla Aug 2020
Walter, J. (2020, August 10). Agent Tesla | Old RAT Uses New Tricks to Stay on Top. Retrieved December 11, 2020.
Internal MISP references
UUID 5f712e3f-5a9d-4af3-b846-a61dc1d59b3a which can be used as unique global reference for SentinelLabs Agent Tesla Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-11T00:00:00Z |
| date_published | 2020-08-10T00:00:00Z |
| source | MITRE |
| title | Agent Tesla |
ATT Sidewinder January 2021
Hegel, T. (2021, January 13). A Global Perspective of the SideWinder APT. Retrieved January 27, 2021.
Internal MISP references
UUID d6644f88-d727-4f62-897a-bfa18f86380d which can be used as unique global reference for ATT Sidewinder January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-27T00:00:00Z |
| date_published | 2021-01-13T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | A Global Perspective of the SideWinder APT |
Harmj0y Domain Trusts
Schroeder, W. (2017, October 30). A Guide to Attacking Domain Trusts. Retrieved February 14, 2019.
Internal MISP references
UUID 23a9ef6c-9f71-47bb-929f-9a92f24553eb which can be used as unique global reference for Harmj0y Domain Trusts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-14T00:00:00Z |
| date_published | 2017-10-30T00:00:00Z |
| source | MITRE |
| title | A Guide to Attacking Domain Trusts |
airwalk backdoor unix systems
airwalk. (2023, January 1). A guide to backdooring Unix systems. Retrieved May 31, 2023.
Internal MISP references
UUID 3f3bca4a-68fa-5d4a-b86f-36f82345ff36 which can be used as unique global reference for airwalk backdoor unix systems in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-31T00:00:00Z |
| date_published | 2023-01-01T00:00:00Z |
| source | MITRE |
| title | A guide to backdooring Unix systems |
Wired Lockergoga 2019
Greenberg, A. (2019, March 25). A Guide to LockerGoga, the Ransomware Crippling Industrial Firms. Retrieved July 17, 2019.
Internal MISP references
UUID de12f263-f76d-4b63-beb8-b210f7a8310d which can be used as unique global reference for Wired Lockergoga 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-17T00:00:00Z |
| date_published | 2019-03-25T00:00:00Z |
| source | MITRE |
| title | A Guide to LockerGoga, the Ransomware Crippling Industrial Firms |
ZDNET Selling Data
Cimpanu, C. (2020, May 9). A hacker group is selling more than 73 million user records on the dark web. Retrieved October 20, 2020.
Internal MISP references
UUID 61d00ae2-5494-4c6c-8860-6826e701ade8 which can be used as unique global reference for ZDNET Selling Data in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-05-09T00:00:00Z |
| source | MITRE |
| title | A hacker group is selling more than 73 million user records on the dark web |
ESET Zebrocy May 2019
ESET Research. (2019, May 22). A journey to Zebrocy land. Retrieved June 20, 2019.
Internal MISP references
UUID f8b837fb-e46c-4153-8e86-dc4b909b393a which can be used as unique global reference for ESET Zebrocy May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-20T00:00:00Z |
| date_published | 2019-05-22T00:00:00Z |
| source | MITRE |
| title | A journey to Zebrocy land |
Akira Ransomware Analysis August 2023
SEQBOSS. (2023, August 10). AKIRA RANSOMWARE ANALYSIS. Retrieved April 3, 2024.
Internal MISP references
UUID b34d6a98-158e-4fe7-8fcd-79554c07631a which can be used as unique global reference for Akira Ransomware Analysis August 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-03T00:00:00Z |
| date_published | 2023-08-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AKIRA RANSOMWARE ANALYSIS |
Sophos Akira May 9 2023
Paul Jaramillo. (2023, May 9). Akira Ransomware is “bringin’ 1988 back”. Retrieved February 27, 2024.
Internal MISP references
UUID 1343b052-b158-4dad-9ed4-9dbb7bb778dd which can be used as unique global reference for Sophos Akira May 9 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-27T00:00:00Z |
| date_published | 2023-05-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Akira Ransomware is “bringin’ 1988 back” |
Microsoft AKS Azure AD 2023
Microsoft. (2023, February 27). AKS-managed Azure Active Directory integration. Retrieved March 8, 2023.
Internal MISP references
UUID 809db259-3557-5597-9d1a-7c00cc10b89c which can be used as unique global reference for Microsoft AKS Azure AD 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2023-02-27T00:00:00Z |
| source | MITRE |
| title | AKS-managed Azure Active Directory integration |
US-CERT SamSam 2018
US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.
Internal MISP references
UUID b9d14fea-2330-4eed-892c-b4e05a35d273 which can be used as unique global reference for US-CERT SamSam 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-15T00:00:00Z |
| date_published | 2018-12-03T00:00:00Z |
| source | MITRE |
| title | Alert (AA18-337A): SamSam Ransomware |
CISA MSS Sep 2020
CISA. (2020, September 14). Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity. Retrieved October 1, 2020.
Internal MISP references
UUID ffe613e3-b528-42bf-81d5-4d8de38b3457 which can be used as unique global reference for CISA MSS Sep 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-01T00:00:00Z |
| date_published | 2020-09-14T00:00:00Z |
| source | MITRE |
| title | Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity |
CISA Lokibot September 2020
DHS/CISA. (2020, September 22). Alert (AA20-266A) LokiBot Malware . Retrieved September 15, 2021.
Internal MISP references
UUID df979f7b-6de8-4029-ae47-700f29157db0 which can be used as unique global reference for CISA Lokibot September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-15T00:00:00Z |
| date_published | 2020-09-22T00:00:00Z |
| source | MITRE |
| title | Alert (AA20-266A) LokiBot Malware |
CISA_AA21_200B
CISA. (2021, August 20). Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs. Retrieved June 21, 2022.
Internal MISP references
UUID 633c6045-8990-58ae-85f0-00139aa9a091 which can be used as unique global reference for CISA_AA21_200B in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-21T00:00:00Z |
| date_published | 2021-08-20T00:00:00Z |
| source | MITRE |
| title | Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs |
cisa_malware_orgs_ukraine
CISA. (2022, April 28). Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine. Retrieved July 29, 2022.
Internal MISP references
UUID ebe89b36-f87f-4e09-8030-a1328c0b8683 which can be used as unique global reference for cisa_malware_orgs_ukraine in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-29T00:00:00Z |
| date_published | 2022-04-28T00:00:00Z |
| source | MITRE |
| title | Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine |
US-CERT Ransomware 2016
US-CERT. (2016, March 31). Alert (TA16-091A): Ransomware and Recent Variants. Retrieved March 15, 2019.
Internal MISP references
UUID 866484fa-836d-4c5b-bbad-3594ef60599c which can be used as unique global reference for US-CERT Ransomware 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-15T00:00:00Z |
| date_published | 2016-03-31T00:00:00Z |
| source | MITRE |
| title | Alert (TA16-091A): Ransomware and Recent Variants |
US-CERT WannaCry 2017
US-CERT. (2017, May 12). Alert (TA17-132A): Indicators Associated With WannaCry Ransomware. Retrieved March 25, 2019.
Internal MISP references
UUID 349b8e9d-7172-4d01-b150-f0371d038b7e which can be used as unique global reference for US-CERT WannaCry 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2017-05-12T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-132A): Indicators Associated With WannaCry Ransomware |
US-CERT HIDDEN COBRA June 2017
US-CERT. (2017, June 13). Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure. Retrieved July 13, 2017.
Internal MISP references
UUID 8e57cea3-ee37-4507-bb56-7445050ec8ca which can be used as unique global reference for US-CERT HIDDEN COBRA June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-13T00:00:00Z |
| date_published | 2017-06-13T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure |
US-CERT NotPetya 2017
US-CERT. (2017, July 1). Alert (TA17-181A): Petya Ransomware. Retrieved March 15, 2019.
Internal MISP references
UUID 6a009850-834b-4178-9028-2745921b6743 which can be used as unique global reference for US-CERT NotPetya 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-15T00:00:00Z |
| date_published | 2017-07-01T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-181A): Petya Ransomware |
US-CERT APT Energy Oct 2017
US-CERT. (2017, October 20). Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved November 2, 2017.
Internal MISP references
UUID e34ddf0a-a112-4557-ac09-1ff540241a89 which can be used as unique global reference for US-CERT APT Energy Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-02T00:00:00Z |
| date_published | 2017-10-20T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors |
US-CERT FALLCHILL Nov 2017
US-CERT. (2017, November 22). Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL. Retrieved December 7, 2017.
Internal MISP references
UUID 045e03f9-af83-4442-b69e-b80f68e570ac which can be used as unique global reference for US-CERT FALLCHILL Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-07T00:00:00Z |
| date_published | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL |
US-CERT Volgmer Nov 2017
US-CERT. (2017, November 22). Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer. Retrieved December 7, 2017.
Internal MISP references
UUID c48c7ac0-8d55-4b62-9606-a9ce420459b6 which can be used as unique global reference for US-CERT Volgmer Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-07T00:00:00Z |
| date_published | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer |
US-CERT TA18-074A
US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018.
Internal MISP references
UUID 94e87a92-bf80-43e2-a3ab-cd7d4895f2fc which can be used as unique global reference for US-CERT TA18-074A in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-06T00:00:00Z |
| date_published | 2018-03-16T00:00:00Z |
| source | MITRE |
| title | Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors |
US-CERT-TA18-106A
US-CERT. (2018, April 20). Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.
Internal MISP references
UUID 1fe55557-94af-4697-a675-884701f70f2a which can be used as unique global reference for US-CERT-TA18-106A in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2018-04-20T00:00:00Z |
| source | MITRE |
| title | Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices |
US-CERT Emotet Jul 2018
US-CERT. (2018, July 20). Alert (TA18-201A) Emotet Malware. Retrieved March 25, 2019.
Internal MISP references
UUID 0043043a-4741-41c2-a6f2-f88d5caa8b7a which can be used as unique global reference for US-CERT Emotet Jul 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2018-07-20T00:00:00Z |
| source | MITRE |
| title | Alert (TA18-201A) Emotet Malware |
AlKhaser Debug
Noteworthy. (2019, January 6). Al-Khaser. Retrieved April 1, 2022.
Internal MISP references
UUID d9773aaf-e3ec-4ce3-b5c8-1ca3c4751622 which can be used as unique global reference for AlKhaser Debug in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2019-01-06T00:00:00Z |
| source | MITRE |
| title | Al-Khaser |
Fysbis Palo Alto Analysis
Bryan Lee and Rob Downs. (2016, February 12). A Look Into Fysbis: Sofacy’s Linux Backdoor. Retrieved September 10, 2017.
Internal MISP references
UUID 3e527ad6-6b56-473d-8178-e1c3c14f2311 which can be used as unique global reference for Fysbis Palo Alto Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-10T00:00:00Z |
| date_published | 2016-02-12T00:00:00Z |
| source | MITRE |
| title | A Look Into Fysbis: Sofacy’s Linux Backdoor |
Medium KONNI Jan 2020
Karmi, D. (2020, January 4). A Look Into Konni 2019 Campaign. Retrieved April 28, 2020.
Internal MISP references
UUID e117a6ac-eaa2-4494-b4ae-2d9ae52c3251 which can be used as unique global reference for Medium KONNI Jan 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-28T00:00:00Z |
| date_published | 2020-01-04T00:00:00Z |
| source | MITRE |
| title | A Look Into Konni 2019 Campaign |
Unit 42 Palo Alto Ransomware in Public Clouds 2022
Jay Chen. (2022, May 16). A Look Into Public Clouds From the Ransomware Actor's Perspective. Retrieved March 21, 2023.
Internal MISP references
UUID cc6c2b69-ca51-513e-9666-a03be2ea5fcd which can be used as unique global reference for Unit 42 Palo Alto Ransomware in Public Clouds 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-21T00:00:00Z |
| date_published | 2022-05-16T00:00:00Z |
| source | MITRE |
| title | A Look Into Public Clouds From the Ransomware Actor's Perspective |
Cyber Centre ALPHV/BlackCat July 25 2023
Canadian Centre for Cyber Security. (2023, July 25). ALPHV/BlackCat Ransomware Targeting of Canadian Industries. Retrieved September 13, 2023.
Internal MISP references
UUID 610c8f22-1a96-42d2-934d-8467d136eed2 which can be used as unique global reference for Cyber Centre ALPHV/BlackCat July 25 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-13T00:00:00Z |
| date_published | 2023-07-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ALPHV/BlackCat Ransomware Targeting of Canadian Industries |
Mandiant ALPHV Affiliate April 3 2023
Jason Deyalsingh, Nick Smith, Eduardo Mattos, Tyler Mclellan. (2023, April 3). ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access. Retrieved March 5, 2024.
Internal MISP references
UUID b8375832-f6a9-4617-a2ac-d23aacbf2bfe which can be used as unique global reference for Mandiant ALPHV Affiliate April 3 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-05T00:00:00Z |
| date_published | 2023-04-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access |
Microsoft ADS Mar 2014
Marlin, J. (2013, March 24). Alternate Data Streams in NTFS. Retrieved March 21, 2018.
Internal MISP references
UUID eae434ff-97c0-4a82-9f80-215e515befae which can be used as unique global reference for Microsoft ADS Mar 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-21T00:00:00Z |
| date_published | 2013-03-24T00:00:00Z |
| source | MITRE |
| title | Alternate Data Streams in NTFS |
XPNSec PPID Nov 2017
Chester, A. (2017, November 20). Alternative methods of becoming SYSTEM. Retrieved June 4, 2019.
Internal MISP references
UUID 0dbf093e-4b54-4972-b048-2a6411037da4 which can be used as unique global reference for XPNSec PPID Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2017-11-20T00:00:00Z |
| source | MITRE |
| title | Alternative methods of becoming SYSTEM |
Microsoft AlwaysInstallElevated 2018
Microsoft. (2018, May 31). AlwaysInstallElevated. Retrieved December 14, 2020.
Internal MISP references
UUID 19026f4c-ad65-435e-8c0e-a8ccc9895348 which can be used as unique global reference for Microsoft AlwaysInstallElevated 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-14T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | AlwaysInstallElevated |
Amazon Snapshots
Amazon. (n.d.). Amazon EBS snapshots. Retrieved October 13, 2021.
Internal MISP references
UUID 3961a653-b53c-4ba4-9ea6-709e1d1bdb55 which can be used as unique global reference for Amazon Snapshots in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Amazon EBS snapshots |
Amazon AMI
Amazon. (n.d.). Amazon Machine Images (AMI). Retrieved October 13, 2021.
Internal MISP references
UUID bc9ecf45-2a20-47df-a634-064237e5f126 which can be used as unique global reference for Amazon AMI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Amazon Machine Images (AMI) |
Amazon S3
Amazon. (n.d.). Amazon S3. Retrieved October 13, 2021.
Internal MISP references
UUID 7fecbd5d-626f-496a-a72f-5f166c78c204 which can be used as unique global reference for Amazon S3 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Amazon S3 |
Trend Micro S3 Exposed PII, 2017
Trend Micro. (2017, November 6). A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia. Retrieved October 4, 2019.
Internal MISP references
UUID 1ba37b48-1219-4f87-af36-9bdd8d6265ca which can be used as unique global reference for Trend Micro S3 Exposed PII, 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2017-11-06T00:00:00Z |
| source | MITRE |
| title | A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia |
Recorded Future Beacon Certificates
Insikt Group. (2019, June 18). A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers. Retrieved October 16, 2020.
Internal MISP references
UUID 792ca8a7-c9b2-4e7f-8562-e1ccb60a402a which can be used as unique global reference for Recorded Future Beacon Certificates in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| date_published | 2019-06-18T00:00:00Z |
| source | MITRE |
| title | A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers |
Botnet Scan
Dainotti, A. et al. (2012). Analysis of a “/0” Stealth Scan from a Botnet. Retrieved October 20, 2020.
Internal MISP references
UUID ca09941c-fcc8-460b-8b02-d1608a7d3813 which can be used as unique global reference for Botnet Scan in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2012-01-01T00:00:00Z |
| source | MITRE |
| title | Analysis of a “/0” Stealth Scan from a Botnet |
Trend Micro Ngrok September 2020
Borja, A. Camba, A. et al (2020, September 14). Analysis of a Convoluted Attack Chain Involving Ngrok. Retrieved September 15, 2020.
Internal MISP references
UUID e7b57e64-3532-4b98-9fa5-b832e6fcd53a which can be used as unique global reference for Trend Micro Ngrok September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-15T00:00:00Z |
| source | MITRE |
| title | Analysis of a Convoluted Attack Chain Involving Ngrok |
CIRCL PlugX March 2013
Computer Incident Response Center Luxembourg. (2013, March 29). Analysis of a PlugX variant. Retrieved November 5, 2018.
Internal MISP references
UUID 8ab89236-6994-43a3-906c-383e294f65d1 which can be used as unique global reference for CIRCL PlugX March 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2013-03-29T00:00:00Z |
| source | MITRE |
| title | Analysis of a PlugX variant |
Apple Unified Log Analysis Remote Login and Screen Sharing
Sarah Edwards. (2020, April 30). Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins. Retrieved August 19, 2021.
Internal MISP references
UUID a2169171-8e4a-4faa-811c-98b6204a5a57 which can be used as unique global reference for Apple Unified Log Analysis Remote Login and Screen Sharing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-19T00:00:00Z |
| date_published | 2020-04-30T00:00:00Z |
| source | MITRE |
| title | Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins |
Medium S2W WhisperGate January 2022
S2W. (2022, January 18). Analysis of Destructive Malware (WhisperGate) targeting Ukraine. Retrieved March 14, 2022.
Internal MISP references
UUID 06cf7197-244a-431b-a288-4c2bbd431ad5 which can be used as unique global reference for Medium S2W WhisperGate January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-14T00:00:00Z |
| date_published | 2022-01-18T00:00:00Z |
| source | MITRE |
| title | Analysis of Destructive Malware (WhisperGate) targeting Ukraine |
Analysis of FG-IR-22-369
Guillaume Lovet and Alex Kong. (2023, March 9). Analysis of FG-IR-22-369. Retrieved May 15, 2023.
Internal MISP references
UUID f12b141e-6bb2-5563-9665-5756fec2d5e7 which can be used as unique global reference for Analysis of FG-IR-22-369 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-15T00:00:00Z |
| date_published | 2023-03-09T00:00:00Z |
| source | MITRE |
| title | Analysis of FG-IR-22-369 |
Graeber 2014
Graeber, M. (2014, October). Analysis of Malicious Security Support Provider DLLs. Retrieved March 1, 2017.
Internal MISP references
UUID f2f9a6bf-b4d9-461e-b961-0610ea72faf0 which can be used as unique global reference for Graeber 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2014-10-01T00:00:00Z |
| source | MITRE |
| title | Analysis of Malicious Security Support Provider DLLs |
Fortinet Agent Tesla April 2018
Zhang, X. (2018, April 05). Analysis of New Agent Tesla Spyware Variant. Retrieved November 5, 2018.
Internal MISP references
UUID 86a65be7-0f70-4755-b526-a26b92eabaa2 which can be used as unique global reference for Fortinet Agent Tesla April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2018-04-05T00:00:00Z |
| source | MITRE |
| title | Analysis of New Agent Tesla Spyware Variant |
Antiy CERT Ramsay April 2020
Antiy CERT. (2020, April 20). Analysis of Ramsay components of Darkhotel's infiltration and isolation network. Retrieved March 24, 2021.
Internal MISP references
UUID 280636da-fa21-472c-947c-651a628ea2cd which can be used as unique global reference for Antiy CERT Ramsay April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| date_published | 2020-04-20T00:00:00Z |
| source | MITRE |
| title | Analysis of Ramsay components of Darkhotel's infiltration and isolation network |
Storm-0558 techniques for unauthorized email access
Microsoft Threat Intelligence. (2023, July 14). Analysis of Storm-0558 techniques for unauthorized email access. Retrieved September 18, 2023.
Internal MISP references
UUID 74fd79a9-09f7-5149-a457-687a1e2989de which can be used as unique global reference for Storm-0558 techniques for unauthorized email access in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-18T00:00:00Z |
| date_published | 2023-07-14T00:00:00Z |
| source | MITRE |
| title | Analysis of Storm-0558 techniques for unauthorized email access |
ESET Telebots July 2017
Cherepanov, A.. (2017, July 4). Analysis of TeleBots’ cunning backdoor . Retrieved June 11, 2020.
Internal MISP references
UUID 5d62c323-6626-4aad-8bf2-0d988e436f3d which can be used as unique global reference for ESET Telebots July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-11T00:00:00Z |
| date_published | 2017-07-04T00:00:00Z |
| source | MITRE |
| title | Analysis of TeleBots’ cunning backdoor |
EST Kimsuky SmokeScreen April 2019
ESTSecurity. (2019, April 17). Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그]. Retrieved September 29, 2021.
Internal MISP references
UUID 15213a3c-1e9f-47fa-9864-8ef2707c7fb6 which can be used as unique global reference for EST Kimsuky SmokeScreen April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2019-04-17T00:00:00Z |
| source | MITRE |
| title | Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그] |
Ukraine15 - EISAC - 201603
Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems. (2016, March 18). Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case. Retrieved March 27, 2018.
Internal MISP references
UUID 8adc6d36-3aa0-5d7b-8bb3-23f4426be8a6 which can be used as unique global reference for Ukraine15 - EISAC - 201603 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-27T00:00:00Z |
| date_published | 2016-03-18T00:00:00Z |
| source | MITRE |
| title | Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case |
Check Point Havij Analysis
Ganani, M. (2015, May 14). Analysis of the Havij SQL Injection tool. Retrieved March 19, 2018.
Internal MISP references
UUID 2e00a539-acbe-4462-a30f-43da4e8b9c4f which can be used as unique global reference for Check Point Havij Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2015-05-14T00:00:00Z |
| source | MITRE |
| title | Analysis of the Havij SQL Injection tool |
ESET Emotet Dec 2018
Perez, D.. (2018, December 28). Analysis of the latest Emotet propagation campaign. Retrieved April 16, 2019.
Internal MISP references
UUID 3fab9e25-e83e-4c90-ae32-dcd0c30757f8 which can be used as unique global reference for ESET Emotet Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2018-12-28T00:00:00Z |
| source | MITRE |
| title | Analysis of the latest Emotet propagation campaign |
Rewterz Sidewinder COVID-19 June 2020
Rewterz. (2020, June 22). Analysis on Sidewinder APT Group – COVID-19. Retrieved January 29, 2021.
Internal MISP references
UUID cdd779f1-30c2-40be-a500-332920f0e21c which can be used as unique global reference for Rewterz Sidewinder COVID-19 June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-29T00:00:00Z |
| date_published | 2020-06-22T00:00:00Z |
| source | MITRE |
| title | Analysis on Sidewinder APT Group – COVID-19 |
CISA AR18-352A Quasar RAT December 2018
CISA. (2018, December 18). Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool. Retrieved August 1, 2022.
Internal MISP references
UUID a109e42d-604f-4885-ada3-5d6895addc96 which can be used as unique global reference for CISA AR18-352A Quasar RAT December 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-01T00:00:00Z |
| date_published | 2018-12-18T00:00:00Z |
| source | MITRE |
| title | Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool |
CISA AR21-126A FIVEHANDS May 2021
CISA. (2021, May 6). Analysis Report (AR21-126A) FiveHands Ransomware. Retrieved June 7, 2021.
Internal MISP references
UUID f98604dd-2881-4024-8e43-6f5f48c6c9fa which can be used as unique global reference for CISA AR21-126A FIVEHANDS May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-07T00:00:00Z |
| date_published | 2021-05-06T00:00:00Z |
| source | MITRE |
| title | Analysis Report (AR21-126A) FiveHands Ransomware |
JoeSecurity Egregor 2020
Joe Security. (n.d.). Analysis Report fasm.dll. Retrieved January 6, 2021.
Internal MISP references
UUID d403e610-fa83-4c17-842f-223063864009 which can be used as unique global reference for JoeSecurity Egregor 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| source | MITRE |
| title | Analysis Report fasm.dll |
GDATA Zeus Panda June 2017
Ebach, L. (2017, June 22). Analysis Results of Zeus.Variant.Panda. Retrieved November 5, 2018.
Internal MISP references
UUID 2d9a6957-5645-4863-968b-4a3c8736564b which can be used as unique global reference for GDATA Zeus Panda June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE |
| title | Analysis Results of Zeus.Variant.Panda |
jstnk9.github.io June 01 2022
jstnk9.github.io. (2022, June 1). Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage. Retrieved May 7, 2023.
Internal MISP references
UUID 4e7f573d-f8cc-4538-9f8d-b945f037e46f which can be used as unique global reference for jstnk9.github.io June 01 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2022-06-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Analyzing AsyncRAT distributed in Colombia |
Analyzing CS Dec 2020
Maynier, E. (2020, December 20). Analyzing Cobalt Strike for Fun and Profit. Retrieved October 12, 2021.
Internal MISP references
UUID f2cb06bc-66d5-4c60-a2a4-74e5a0c23bee which can be used as unique global reference for Analyzing CS Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2020-12-20T00:00:00Z |
| source | MITRE |
| title | Analyzing Cobalt Strike for Fun and Profit |
Uperesia Malicious Office Documents
Felix. (2016, September). Analyzing Malicious Office Documents. Retrieved April 11, 2018.
Internal MISP references
UUID f6ffb916-ac14-44d1-8566-26bafa06e77b which can be used as unique global reference for Uperesia Malicious Office Documents in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2016-09-01T00:00:00Z |
| source | MITRE |
| title | Analyzing Malicious Office Documents |
Unit42 OilRig Nov 2018
Falcone, R., Wilhoit, K.. (2018, November 16). Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery. Retrieved April 23, 2019.
Internal MISP references
UUID 9bc09d8a-d890-473b-a8cf-ea319fcc3462 which can be used as unique global reference for Unit42 OilRig Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-11-16T00:00:00Z |
| source | MITRE |
| title | Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery |
McAfee GhostSecret
Sherstobitoff, R., Malhotra, A. (2018, April 24). Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide. Retrieved May 16, 2018.
Internal MISP references
UUID d1cd4f5b-253c-4833-8905-49fb58e7c016 which can be used as unique global reference for McAfee GhostSecret in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-16T00:00:00Z |
| date_published | 2018-04-24T00:00:00Z |
| source | MITRE |
| title | Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide |
Microsoft Analyzing Solorigate Dec 2020
MSTIC. (2020, December 18). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers . Retrieved January 5, 2021.
Internal MISP references
UUID 8ad72d46-ba2c-426f-bb0d-eb47723c8e11 which can be used as unique global reference for Microsoft Analyzing Solorigate Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-05T00:00:00Z |
| date_published | 2020-12-18T00:00:00Z |
| source | MITRE |
| title | Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers |
Lastline PlugX Analysis
Vasilenko, R. (2013, December 17). An Analysis of PlugX Malware. Retrieved November 24, 2015.
Internal MISP references
UUID 9f7fa262-cede-4f47-94ca-1534c65c86e2 which can be used as unique global reference for Lastline PlugX Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-11-24T00:00:00Z |
| date_published | 2013-12-17T00:00:00Z |
| source | MITRE |
| title | An Analysis of PlugX Malware |
TrendMicro Sandworm October 2014
Wu, W. (2014, October 14). An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm”. Retrieved June 18, 2020.
Internal MISP references
UUID 84f289ce-c7b9-4f67-b6cc-bd058e5e6bcb which can be used as unique global reference for TrendMicro Sandworm October 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-18T00:00:00Z |
| date_published | 2014-10-14T00:00:00Z |
| source | MITRE |
| title | An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm” |
Dragos Crashoverride 2018
Joe Slowik. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved December 18, 2020.
Internal MISP references
UUID d14442d5-2557-4a92-9a29-b15a20752f56 which can be used as unique global reference for Dragos Crashoverride 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2018-10-12T00:00:00Z |
| source | MITRE |
| title | Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE |
Syscall 2014
Drysdale, D. (2014, July 16). Anatomy of a system call, part 2. Retrieved June 16, 2020.
Internal MISP references
UUID 4e8fe849-ab1a-4c51-b5eb-16fcd10e8bd0 which can be used as unique global reference for Syscall 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-16T00:00:00Z |
| date_published | 2014-07-16T00:00:00Z |
| source | MITRE |
| title | Anatomy of a system call, part 2 |
SCADAfence_ransomware
Shaked, O. (2020, January 20). Anatomy of a Targeted Ransomware Attack. Retrieved June 18, 2022.
Internal MISP references
UUID 24c80db5-37a7-46ee-b232-f3c3ffb10f0a which can be used as unique global reference for SCADAfence_ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-18T00:00:00Z |
| date_published | 2020-01-20T00:00:00Z |
| source | MITRE |
| title | Anatomy of a Targeted Ransomware Attack |
ESET IIS Malware 2021
Hromcová, Z., Cherepanov, A. (2021). Anatomy of Native IIS Malware. Retrieved September 9, 2021.
Internal MISP references
UUID d9c6e55b-39b7-4097-8ab2-8b87421ce2f4 which can be used as unique global reference for ESET IIS Malware 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-09T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | Anatomy of Native IIS Malware |
Medium Anchor DNS July 2020
Grange, W. (2020, July 13). Anchor_dns malware goes cross platform. Retrieved September 10, 2020.
Internal MISP references
UUID de246d53-385f-44be-bf0f-25a76442b835 which can be used as unique global reference for Medium Anchor DNS July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-10T00:00:00Z |
| date_published | 2020-07-13T00:00:00Z |
| source | MITRE |
| title | Anchor_dns malware goes cross platform |
NSA Joint Advisory SVR SolarWinds April 2021
NSA, FBI, DHS. (2021, April 15). Russian SVR Targets U.S. and Allied Networks. Retrieved April 16, 2021.
Internal MISP references
UUID 43d9c469-1d54-454b-ba67-74e7f1de9c10 which can be used as unique global reference for NSA Joint Advisory SVR SolarWinds April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-16T00:00:00Z |
| source | MITRE |
| title | and Allied Networks |
Kaspersky Andariel Ransomware June 2021
Park, S. (2021, June 15). Andariel evolves to target South Korea with ransomware. Retrieved September 29, 2021.
Internal MISP references
UUID f4efbcb5-494c-40e0-8734-5df1b92ec39c which can be used as unique global reference for Kaspersky Andariel Ransomware June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2021-06-15T00:00:00Z |
| source | MITRE |
| title | Andariel evolves to target South Korea with ransomware |
RFC826 ARP
Plummer, D. (1982, November). An Ethernet Address Resolution Protocol. Retrieved October 15, 2020.
Internal MISP references
UUID 8eef2b68-f932-4cba-8646-bff9a7848532 which can be used as unique global reference for RFC826 ARP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| date_published | 1982-11-01T00:00:00Z |
| source | MITRE |
| title | An Ethernet Address Resolution Protocol |
HP SVCReady Jun 2022
Schlapfer, Patrick. (2022, June 6). A New Loader Gets Ready. Retrieved December 13, 2022.
Internal MISP references
UUID 48d5ec83-f1b9-595c-bb9a-d6d5cc513a41 which can be used as unique global reference for HP SVCReady Jun 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-12-13T00:00:00Z |
| date_published | 2022-06-06T00:00:00Z |
| source | MITRE |
| title | A New Loader Gets Ready |
SecureList Fileless
Legezo, D. (2022, May 4). A new secret stash for “fileless” malware. Retrieved March 23, 2023.
Internal MISP references
UUID 03eb080d-0b83-5cbb-9317-c50b35996c9b which can be used as unique global reference for SecureList Fileless in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-23T00:00:00Z |
| date_published | 2022-05-04T00:00:00Z |
| source | MITRE |
| title | A new secret stash for “fileless” malware |
Welivesecurity Ebury SSH
M.Léveillé, M. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved January 8, 2018.
Internal MISP references
UUID 39384c7a-3032-4b45-a5eb-8ebe7de22aa2 which can be used as unique global reference for Welivesecurity Ebury SSH in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-08T00:00:00Z |
| date_published | 2014-02-21T00:00:00Z |
| source | MITRE |
| title | An In-depth Analysis of Linux/Ebury |
ESET Ebury Feb 2014
M.Léveillé, M.. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved April 19, 2019.
Internal MISP references
UUID eb6d4f77-ac63-4cb8-8487-20f9e709334b which can be used as unique global reference for ESET Ebury Feb 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| date_published | 2014-02-21T00:00:00Z |
| source | MITRE |
| title | An In-depth Analysis of Linux/Ebury |
Avertium Black Basta June 2022
Avertium. (2022, June 1). AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE. Retrieved March 7, 2023.
Internal MISP references
UUID 31c2ef62-2852-5418-9d52-2479a3a619d0 which can be used as unique global reference for Avertium Black Basta June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-06-01T00:00:00Z |
| source | MITRE |
| title | AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE |
Myers 2007
Myers, M., and Youndt, S. (2007). An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits. Retrieved November 13, 2014.
Internal MISP references
UUID 689dfe75-9c06-4438-86fa-5fbbb09f0fe7 which can be used as unique global reference for Myers 2007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-13T00:00:00Z |
| date_published | 2007-01-01T00:00:00Z |
| source | MITRE |
| title | An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits |
Linux Services Run Levels
The Linux Foundation. (2006, January 11). An introduction to services, runlevels, and rc.d scripts. Retrieved September 28, 2021.
Internal MISP references
UUID 091aa85d-7d30-4800-9b2d-97f96d257798 which can be used as unique global reference for Linux Services Run Levels in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2006-01-11T00:00:00Z |
| source | MITRE |
| title | An introduction to services, runlevels, and rc.d scripts |
Anomali Pirate Panda April 2020
Moore, S. et al. (2020, April 30). Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center. Retrieved May 19, 2020.
Internal MISP references
UUID f1d28b91-a529-439d-9548-c597baa245d4 which can be used as unique global reference for Anomali Pirate Panda April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-19T00:00:00Z |
| date_published | 2020-04-30T00:00:00Z |
| source | MITRE |
| title | Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center |
AnonGhost Team Profile
ADL. (2015, July 6). AnonGhost Team. Retrieved October 10, 2023.
Internal MISP references
UUID f868f5fa-df66-435f-8b32-d58e4785e46c which can be used as unique global reference for AnonGhost Team Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2015-07-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AnonGhost Team |
AnonHBGary
Bright, P. (2011, February 15). Anonymous speaks: the inside story of the HBGary hack. Retrieved March 9, 2017.
Internal MISP references
UUID 19ab02ea-883f-441c-bebf-4be64855374a which can be used as unique global reference for AnonHBGary in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-09T00:00:00Z |
| date_published | 2011-02-15T00:00:00Z |
| source | MITRE |
| title | Anonymous speaks: the inside story of the HBGary hack |
Fortinet Metamorfo Feb 2020
Zhang, X. (2020, February 4). Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries. Retrieved July 30, 2020.
Internal MISP references
UUID e89e3825-85df-45cf-b309-e449afed0288 which can be used as unique global reference for Fortinet Metamorfo Feb 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-30T00:00:00Z |
| date_published | 2020-02-04T00:00:00Z |
| source | MITRE |
| title | Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries |
MuddyWater TrendMicro June 2018
Villanueva, M., Co, M. (2018, June 14). Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor. Retrieved July 3, 2018.
Internal MISP references
UUID b2c415e4-edbe-47fe-9820-b968114f81f0 which can be used as unique global reference for MuddyWater TrendMicro June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2018-06-14T00:00:00Z |
| source | MITRE |
| title | Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor |
AlienVault Sykipot 2011
Blasco, J. (2011, December 12). Another Sykipot sample likely targeting US federal agencies. Retrieved March 28, 2016.
Internal MISP references
UUID 800363c1-60df-47e7-8ded-c0f4b6e758f4 which can be used as unique global reference for AlienVault Sykipot 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-28T00:00:00Z |
| date_published | 2011-12-12T00:00:00Z |
| source | MITRE |
| title | Another Sykipot sample likely targeting US federal agencies |
RiskIQ Newegg September 2018
Klijnsma, Y. (2018, September 19). Another Victim of the Magecart Assault Emerges: Newegg. Retrieved September 9, 2020.
Internal MISP references
UUID 095a705f-810b-4c4f-90ce-016117a5b4b6 which can be used as unique global reference for RiskIQ Newegg September 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-09T00:00:00Z |
| date_published | 2018-09-19T00:00:00Z |
| source | MITRE |
| title | Another Victim of the Magecart Assault Emerges: Newegg |
Dell WMI Persistence
Dell SecureWorks Counter Threat Unit™ (CTU) Research Team. (2016, March 28). A Novel WMI Persistence Implementation. Retrieved March 30, 2016.
Internal MISP references
UUID a88dd548-ac8f-4297-9e23-de2643294846 which can be used as unique global reference for Dell WMI Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-30T00:00:00Z |
| date_published | 2016-03-28T00:00:00Z |
| source | MITRE |
| title | A Novel WMI Persistence Implementation |
iDefense Rootkit Overview
Chuvakin, A. (2003, February). An Overview of Rootkits. Retrieved April 6, 2018.
Internal MISP references
UUID c1aef861-9e31-42e6-a2eb-5151b056762b which can be used as unique global reference for iDefense Rootkit Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2003-02-01T00:00:00Z |
| source | MITRE |
| title | An Overview of Rootkits |
Mandiant Ukraine Cyber Threats January 2022
Hultquist, J. (2022, January 20). Anticipating Cyber Threats as the Ukraine Crisis Escalates. Retrieved January 24, 2022.
Internal MISP references
UUID 6f53117f-2e94-4981-be61-c3da4b783ce2 which can be used as unique global reference for Mandiant Ukraine Cyber Threats January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-24T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| source | MITRE |
| title | Anticipating Cyber Threats as the Ukraine Crisis Escalates |
Microsoft AMSI
Microsoft. (2019, April 19). Antimalware Scan Interface (AMSI). Retrieved September 28, 2021.
Internal MISP references
UUID 32a4b7b5-8560-4600-aba9-15a6342b4dc3 which can be used as unique global reference for Microsoft AMSI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2019-04-19T00:00:00Z |
| source | MITRE |
| title | Antimalware Scan Interface (AMSI) |
Microsoft Anti Spoofing
Microsoft. (2020, October 13). Anti-spoofing protection in EOP. Retrieved October 19, 2020.
Internal MISP references
UUID b3ac28ac-3f98-40fd-b1da-2461a9e3ffca which can be used as unique global reference for Microsoft Anti Spoofing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2020-10-13T00:00:00Z |
| source | MITRE |
| title | Anti-spoofing protection in EOP |
Fox-It Anunak Feb 2015
Prins, R. (2015, February 16). Anunak (aka Carbanak) Update. Retrieved January 20, 2017.
Internal MISP references
UUID d74a8d0b-887a-40b9-bd43-366764157990 which can be used as unique global reference for Fox-It Anunak Feb 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-01-20T00:00:00Z |
| date_published | 2015-02-16T00:00:00Z |
| source | MITRE |
| title | Anunak (aka Carbanak) Update |
Group-IB Anunak
Group-IB and Fox-IT. (2014, December). Anunak: APT against financial institutions. Retrieved April 20, 2016.
Internal MISP references
UUID fd254ecc-a076-4b9f-97f2-acb73c6a1695 which can be used as unique global reference for Group-IB Anunak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| date_published | 2014-12-01T00:00:00Z |
| source | MITRE |
| title | Anunak: APT against financial institutions |
Google TAG Ukraine Threat Landscape March 2022
Huntley, S. (2022, March 7). An update on the threat landscape. Retrieved March 16, 2022.
Internal MISP references
UUID a6070f95-fbee-472e-a737-a8adbedbb4f8 which can be used as unique global reference for Google TAG Ukraine Threat Landscape March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-16T00:00:00Z |
| date_published | 2022-03-07T00:00:00Z |
| source | MITRE |
| title | An update on the threat landscape |
Zairon Hooking Dec 2006
Felici, M. (2006, December 6). Any application-defined hook procedure on my machine?. Retrieved December 12, 2017.
Internal MISP references
UUID e816127a-04e4-4145-a784-50b1215612f2 which can be used as unique global reference for Zairon Hooking Dec 2006 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2006-12-06T00:00:00Z |
| source | MITRE |
| title | Any application-defined hook procedure on my machine? |
SentinelOne Aoqin Dragon June 2022
Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.
Internal MISP references
UUID b4e792e0-b1fa-4639-98b1-233aaec53594 which can be used as unique global reference for SentinelOne Aoqin Dragon June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| date_published | 2022-06-09T00:00:00Z |
| source | MITRE |
| title | Aoqin Dragon |
Apache Server 2018
Apache. (n.d.). Apache HTTP Server Version 2.4 Documentation - Web Site Content. Retrieved July 27, 2018.
Internal MISP references
UUID 46f62435-bfb3-44b6-8c79-54af584cc35f which can be used as unique global reference for Apache Server 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-27T00:00:00Z |
| source | MITRE |
| title | Apache HTTP Server Version 2.4 Documentation - Web Site Content |
Secureworks BRONZEUNION Feb 2019
Counter Threat Unit Research Team. (2019, February 27). A Peek into BRONZE UNION’s Toolbox. Retrieved September 24, 2019.
Internal MISP references
UUID 691df278-fd7d-4b73-a22c-227bc7641dec which can be used as unique global reference for Secureworks BRONZEUNION Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-24T00:00:00Z |
| date_published | 2019-02-27T00:00:00Z |
| source | MITRE |
| title | A Peek into BRONZE UNION’s Toolbox |
AppArmor official
AppArmor. (2017, October 19). AppArmor Security Project Wiki. Retrieved December 20, 2017.
Internal MISP references
UUID 12df02e3-bbdd-4682-9662-1810402ad918 which can be used as unique global reference for AppArmor official in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-10-19T00:00:00Z |
| source | MITRE |
| title | AppArmor Security Project Wiki |
Mandiant APT1 Appendix
Mandiant. (n.d.). Appendix C (Digital) - The Malware Arsenal. Retrieved July 18, 2016.
Internal MISP references
UUID 1f31c09c-6a93-4142-8333-154138c1d70a which can be used as unique global reference for Mandiant APT1 Appendix in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-18T00:00:00Z |
| source | MITRE |
| title | Appendix C (Digital) - The Malware Arsenal |
AppInit Secure Boot
Microsoft. (n.d.). AppInit DLLs and Secure Boot. Retrieved July 15, 2015.
Internal MISP references
UUID 2b951be3-5105-4665-972f-7809c057fd3f which can be used as unique global reference for AppInit Secure Boot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-07-15T00:00:00Z |
| source | MITRE |
| title | AppInit DLLs and Secure Boot |
AppInstaller.exe - LOLBAS Project
LOLBAS. (2020, December 2). AppInstaller.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9a777e7c-e76c-465c-8b45-67503e715f7e which can be used as unique global reference for AppInstaller.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-12-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | AppInstaller.exe |
objectivesee osx.shlayer apple approved 2020
Patrick Wardle. (2020, August 30). Apple Approved Malware malicious code ...now notarized!? #2020. Retrieved September 13, 2021.
Internal MISP references
UUID a2127d3d-c320-4637-a85c-16e20c2654f6 which can be used as unique global reference for objectivesee osx.shlayer apple approved 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2020-08-30T00:00:00Z |
| source | MITRE |
| title | Apple Approved Malware malicious code ...now notarized!? #2020 |
AppleDocs AuthorizationExecuteWithPrivileges
Apple. (n.d.). Apple Developer Documentation - AuthorizationExecuteWithPrivileges. Retrieved August 8, 2019.
Internal MISP references
UUID 7b8875e8-5b93-4d49-a12b-2683bab2ba6e which can be used as unique global reference for AppleDocs AuthorizationExecuteWithPrivileges in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-08T00:00:00Z |
| source | MITRE |
| title | Apple Developer Documentation - AuthorizationExecuteWithPrivileges |
AppleDocs Scheduling Timed Jobs
Apple. (n.d.). Retrieved July 17, 2017.
Internal MISP references
UUID 66dd8a7d-521f-4610-b478-52d748185ad3 which can be used as unique global reference for AppleDocs Scheduling Timed Jobs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-17T00:00:00Z |
| source | MITRE |
| title | AppleDocs Scheduling Timed Jobs |
CISA AppleJeus Feb 2021
Cybersecurity and Infrastructure Security Agency. (2021, February 21). AppleJeus: Analysis of North Korea’s Cryptocurrency Malware. Retrieved March 1, 2021.
Internal MISP references
UUID 6873e14d-eba4-4e3c-9ccf-cec1d760f0be which can be used as unique global reference for CISA AppleJeus Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-01T00:00:00Z |
| date_published | 2021-02-21T00:00:00Z |
| source | MITRE |
| title | AppleJeus: Analysis of North Korea’s Cryptocurrency Malware |
Apple Remote Desktop Admin Guide 3.3
Apple. (n.d.). Apple Remote Desktop Administrator Guide Version 3.3. Retrieved October 5, 2021.
Internal MISP references
UUID c57c2bba-a398-4e68-b2a7-fddcf0740b61 which can be used as unique global reference for Apple Remote Desktop Admin Guide 3.3 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| source | MITRE |
| title | Apple Remote Desktop Administrator Guide Version 3.3 |
applescript signing
Steven Sande. (2013, December 23). AppleScript and Automator gain new features in OS X Mavericks. Retrieved September 21, 2018.
Internal MISP references
UUID dd76c7ab-c3df-4f34-aaf0-684b56499065 which can be used as unique global reference for applescript signing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-21T00:00:00Z |
| date_published | 2013-12-23T00:00:00Z |
| source | MITRE |
| title | AppleScript and Automator gain new features in OS X Mavericks |
Microsoft Application Lockdown
Corio, C., & Sayana, D. P.. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.
Internal MISP references
UUID 5dab4466-0871-486a-84ad-0e648b2e937d which can be used as unique global reference for Microsoft Application Lockdown in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-18T00:00:00Z |
| date_published | 2008-06-01T00:00:00Z |
| source | MITRE |
| title | Application Lockdown with Software Restriction Policies |
Corio 2008
Corio, C., & Sayana, D. P. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.
Internal MISP references
UUID cae409ca-1c77-45df-88cd-c0998ac724ec which can be used as unique global reference for Corio 2008 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-18T00:00:00Z |
| date_published | 2008-06-01T00:00:00Z |
| source | MITRE |
| title | Application Lockdown with Software Restriction Policies |
SANS Application Whitelisting
Beechey, J.. (2014, November 18). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.
Internal MISP references
UUID a333f45f-1760-443a-9208-f3682ea32f67 which can be used as unique global reference for SANS Application Whitelisting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-18T00:00:00Z |
| date_published | 2014-11-18T00:00:00Z |
| source | MITRE |
| title | Application Whitelisting: Panacea or Propaganda? |
Beechey 2010
Beechey, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.
Internal MISP references
UUID 4994e065-c6e4-4b41-8ae3-d72023135429 which can be used as unique global reference for Beechey 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-18T00:00:00Z |
| date_published | 2010-12-01T00:00:00Z |
| source | MITRE |
| title | Application Whitelisting: Panacea or Propaganda? |
NSA MS AppLocker
NSA Information Assurance Directorate. (2014, August). Application Whitelisting Using Microsoft AppLocker. Retrieved March 31, 2016.
Internal MISP references
UUID 0db5c3ea-5392-4fd3-9f1d-9fa69aba4259 which can be used as unique global reference for NSA MS AppLocker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-31T00:00:00Z |
| date_published | 2014-08-01T00:00:00Z |
| source | MITRE |
| title | Application Whitelisting Using Microsoft AppLocker |
Penetration Testing Lab MSXSL July 2017
netbiosX. (2017, July 6). AppLocker Bypass – MSXSL. Retrieved July 3, 2018.
Internal MISP references
UUID 2f1adf20-a4b8-48c1-861f-0a44271765d7 which can be used as unique global reference for Penetration Testing Lab MSXSL July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2017-07-06T00:00:00Z |
| source | MITRE |
| title | AppLocker Bypass – MSXSL |
Microsoft Requests for Azure AD Roles in Privileged Identity Management
Microsoft. (2023, January 30). Approve or deny requests for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.
Internal MISP references
UUID 1495effe-16a6-5b4e-9b50-1d1f7db48fa7 which can be used as unique global reference for Microsoft Requests for Azure AD Roles in Privileged Identity Management in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2023-01-30T00:00:00Z |
| source | MITRE |
| title | Approve or deny requests for Azure AD roles in Privileged Identity Management |
Apple App Security Overview
Apple Inc. (2021, February 18). App security overview. Retrieved October 12, 2021.
Internal MISP references
UUID 3b1e9a5d-7940-43b5-bc11-3112c0762740 which can be used as unique global reference for Apple App Security Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2021-02-18T00:00:00Z |
| source | MITRE |
| title | App security overview |
Tripwire AppUNBlocker
Smith, T. (2016, October 27). AppUNBlocker: Bypassing AppLocker. Retrieved December 19, 2017.
Internal MISP references
UUID 2afb9a5f-c023-49df-90d1-e0ffb6d192f3 which can be used as unique global reference for Tripwire AppUNBlocker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| date_published | 2016-10-27T00:00:00Z |
| source | MITRE |
| title | AppUNBlocker: Bypassing AppLocker |
Appvlp.exe - LOLBAS Project
LOLBAS. (2018, May 25). Appvlp.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b0afe3e8-9f1d-4295-8811-8dfbe993c337 which can be used as unique global reference for Appvlp.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Appvlp.exe |
BlackHat Atkinson Winchester Token Manipulation
Atkinson, J., Winchester, R. (2017, December 7). A Process is No One: Hunting for Token Manipulation. Retrieved December 21, 2017.
Internal MISP references
UUID 2eaee06d-529d-4fe0-9ca3-c62419f47a90 which can be used as unique global reference for BlackHat Atkinson Winchester Token Manipulation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2017-12-07T00:00:00Z |
| source | MITRE |
| title | A Process is No One: Hunting for Token Manipulation |
FireEye APT10 April 2017
FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.
Internal MISP references
UUID 2d494df8-83e3-45d2-b798-4c3bcf55f675 which can be used as unique global reference for FireEye APT10 April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-29T00:00:00Z |
| date_published | 2017-04-06T00:00:00Z |
| source | MITRE |
| title | APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat |
Securelist APT10 March 2021
GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.
Internal MISP references
UUID 90450a1e-59c3-491f-b842-2cf81023fc9e which can be used as unique global reference for Securelist APT10 March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-17T00:00:00Z |
| date_published | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign |
FireEye APT10 Sept 2018
Matsuda, A., Muhammad I. (2018, September 13). APT10 Targeting Japanese Corporations Using Updated TTPs. Retrieved September 17, 2018.
Internal MISP references
UUID 5f122a27-2137-4016-a482-d04106187594 which can be used as unique global reference for FireEye APT10 Sept 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-17T00:00:00Z |
| date_published | 2018-09-13T00:00:00Z |
| source | MITRE |
| title | APT10 Targeting Japanese Corporations Using Updated TTPs |
NCC Group APT15 Alive and Strong
Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.
Internal MISP references
UUID 02a50445-de06-40ab-9ea4-da5c37e066cd which can be used as unique global reference for NCC Group APT15 Alive and Strong in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-04T00:00:00Z |
| date_published | 2018-03-10T00:00:00Z |
| source | MITRE |
| title | APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS |
Mandiant APT1
Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
Internal MISP references
UUID 865eba93-cf6a-4e41-bc09-de9b0b3c2669 which can be used as unique global reference for Mandiant APT1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-18T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT1 Exposing One of China’s Cyber Espionage Units |
Profero APT27 December 2020
Global Threat Center, Intelligence Team. (2020, December). APT27 Turns to Ransomware. Retrieved November 12, 2021.
Internal MISP references
UUID 0290ea31-f817-471e-85ae-c3855c63f5c3 which can be used as unique global reference for Profero APT27 December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-12T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | APT27 Turns to Ransomware |
FireEye APT28 January 2017
FireEye iSIGHT Intelligence. (2017, January 11). APT28: At the Center of the Storm. Retrieved January 11, 2017.
Internal MISP references
UUID 61d80b8f-5bdb-41e6-b59a-d2d996392873 which can be used as unique global reference for FireEye APT28 January 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-01-11T00:00:00Z |
| date_published | 2017-01-11T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT28: At the Center of the Storm |
FireEye APT28
FireEye. (2015). APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?. Retrieved August 19, 2015.
Internal MISP references
UUID c423b2b2-25a3-4a8d-b89a-83ab07c0cd20 which can be used as unique global reference for FireEye APT28 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-08-19T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS? |
U.S. CISA APT28 Cisco Routers April 18 2023
Cybersecurity and Infrastructure Security Agency. (2023, April 18). APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers. Retrieved August 23, 2023.
Internal MISP references
UUID c532a6fc-b27f-4240-a071-3eaa866bce89 which can be used as unique global reference for U.S. CISA APT28 Cisco Routers April 18 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-23T00:00:00Z |
| date_published | 2023-04-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers |
Symantec APT28 Oct 2018
Symantec Security Response. (2018, October 04). APT28: New Espionage Operations Target Military and Government Organizations. Retrieved November 14, 2018.
Internal MISP references
UUID 777bc94a-6c21-4f8c-9efa-a1cf52ececc0 which can be used as unique global reference for Symantec APT28 Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-14T00:00:00Z |
| date_published | 2018-10-04T00:00:00Z |
| source | MITRE |
| title | APT28: New Espionage Operations Target Military and Government Organizations |
FireEye APT28 Hospitality Aug 2017
Smith, L. and Read, B.. (2017, August 11). APT28 Targets Hospitality Sector, Presents Threat to Travelers. Retrieved August 17, 2017.
Internal MISP references
UUID 7887dc90-3f05-411a-81ea-b86aa392104b which can be used as unique global reference for FireEye APT28 Hospitality Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-08-17T00:00:00Z |
| date_published | 2017-08-11T00:00:00Z |
| source | MITRE |
| title | APT28 Targets Hospitality Sector, Presents Threat to Travelers |
Bitdefender APT28 Dec 2015
Bitdefender. (2015, December). APT28 Under the Scope. Retrieved February 23, 2017.
Internal MISP references
UUID 3dd67aae-7feb-4b07-a985-ccadc1b16f1d which can be used as unique global reference for Bitdefender APT28 Dec 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-23T00:00:00Z |
| date_published | 2015-12-01T00:00:00Z |
| source | MITRE |
| title | APT28 Under the Scope |
FireEye APT29 Domain Fronting
Dunwoody, M. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved March 27, 2017.
Internal MISP references
UUID 3e013b07-deaf-4387-acd7-2d0565d196a9 which can be used as unique global reference for FireEye APT29 Domain Fronting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-27T00:00:00Z |
| date_published | 2017-03-27T00:00:00Z |
| source | MITRE |
| title | APT29 Domain Fronting With TOR |
FireEye APT29 Domain Fronting With TOR March 2017
Matthew Dunwoody. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved November 20, 2017.
Internal MISP references
UUID 1d919991-bc87-41bf-9e58-edf1b3806bb8 which can be used as unique global reference for FireEye APT29 Domain Fronting With TOR March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-20T00:00:00Z |
| date_published | 2017-03-27T00:00:00Z |
| source | MITRE |
| title | APT29 Domain Fronting With TOR |
FireEye APT30
FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved May 1, 2015.
Internal MISP references
UUID c48d2084-61cf-4e86-8072-01e5d2de8416 which can be used as unique global reference for FireEye APT30 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-05-01T00:00:00Z |
| date_published | 2015-04-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION |
Zscaler APT31 Covid-19 October 2020
Singh, S. and Antil, S. (2020, October 27). APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services. Retrieved March 24, 2021.
Internal MISP references
UUID 1647c9a6-e475-4a9a-a202-0133dbeef9a0 which can be used as unique global reference for Zscaler APT31 Covid-19 October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| date_published | 2020-10-27T00:00:00Z |
| source | MITRE |
| title | APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services |
sentinelone apt32 macOS backdoor 2020
Phil Stokes. (2020, December 2). APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique. Retrieved September 13, 2021.
Internal MISP references
UUID d31dcbe6-06ec-475e-b121-fd25a93c3ef7 which can be used as unique global reference for sentinelone apt32 macOS backdoor 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2020-12-02T00:00:00Z |
| source | MITRE |
| title | APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique |
FireEye APT33 Webinar Sept 2017
Davis, S. and Carr, N. (2017, September 21). APT33: New Insights into Iranian Cyber Espionage Group. Retrieved February 15, 2018.
Internal MISP references
UUID 9b378592-5737-403d-8a07-27077f5b2d61 which can be used as unique global reference for FireEye APT33 Webinar Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-09-21T00:00:00Z |
| source | MITRE |
| title | APT33: New Insights into Iranian Cyber Espionage Group |
FireEye APT34 Webinar Dec 2017
Davis, S. and Caban, D. (2017, December 19). APT34 - New Targeted Attack in the Middle East. Retrieved December 20, 2017.
Internal MISP references
UUID 4eef7032-de14-44a2-a403-82aefdc85c50 which can be used as unique global reference for FireEye APT34 Webinar Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-12-19T00:00:00Z |
| source | MITRE |
| title | APT34 - New Targeted Attack in the Middle East |
DFIR Report APT35 ProxyShell March 2022
DFIR Report. (2022, March 21). APT35 Automates Initial Access Using ProxyShell. Retrieved May 25, 2022.
Internal MISP references
UUID 1837e917-d80b-4632-a1ca-c70d4b712ac7 which can be used as unique global reference for DFIR Report APT35 ProxyShell March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-25T00:00:00Z |
| date_published | 2022-03-21T00:00:00Z |
| source | MITRE |
| title | APT35 Automates Initial Access Using ProxyShell |
Check Point APT35 CharmPower January 2022
Check Point. (2022, January 11). APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit. Retrieved January 24, 2022.
Internal MISP references
UUID 81dce660-93ea-42a4-902f-0c6021d30f59 which can be used as unique global reference for Check Point APT35 CharmPower January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-24T00:00:00Z |
| date_published | 2022-01-11T00:00:00Z |
| source | MITRE |
| title | APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit |
FireEye APT37 Feb 2018
FireEye. (2018, February 20). APT37 (Reaper): The Overlooked North Korean Actor. Retrieved March 1, 2018.
Internal MISP references
UUID 4d575c1a-4ff9-49ce-97cd-f9d0637c2271 which can be used as unique global reference for FireEye APT37 Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-01T00:00:00Z |
| date_published | 2018-02-20T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT37 (Reaper): The Overlooked North Korean Actor |
FireEye APT38 Oct 2018
FireEye. (2018, October 03). APT38: Un-usual Suspects. Retrieved November 6, 2018.
Internal MISP references
UUID 7c916329-af56-4723-820c-ef932a6e3409 which can be used as unique global reference for FireEye APT38 Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-06T00:00:00Z |
| date_published | 2018-10-03T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT38: Un-usual Suspects |
FireEye APT39 Jan 2019
Hawley et al. (2019, January 29). APT39: An Iranian Cyber Espionage Group Focused on Personal Information. Retrieved February 19, 2019.
Internal MISP references
UUID ba366cfc-cc04-41a5-903b-a7bb73136bc3 which can be used as unique global reference for FireEye APT39 Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-19T00:00:00Z |
| date_published | 2019-01-29T00:00:00Z |
| source | MITRE |
| title | APT39: An Iranian Cyber Espionage Group Focused on Personal Information |
APT3 Adversary Emulation Plan
Korban, C, et al. (2017, September). APT3 Adversary Emulation Plan. Retrieved January 16, 2018.
Internal MISP references
UUID 64c01921-c33f-402e-b30d-a2ba26583a24 which can be used as unique global reference for APT3 Adversary Emulation Plan in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-16T00:00:00Z |
| date_published | 2017-09-01T00:00:00Z |
| source | MITRE |
| title | APT3 Adversary Emulation Plan |
evolution of pirpi
Yates, M. (2017, June 18). APT3 Uncovered: The code evolution of Pirpi. Retrieved September 28, 2017.
Internal MISP references
UUID 9c8bd493-bf08-431b-9d53-29eb14a6eef5 which can be used as unique global reference for evolution of pirpi in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-28T00:00:00Z |
| date_published | 2017-06-18T00:00:00Z |
| source | MITRE |
| title | APT3 Uncovered: The code evolution of Pirpi |
FireEye APT40 March 2019
Plan, F., et al. (2019, March 4). APT40: Examining a China-Nexus Espionage Actor. Retrieved March 18, 2019.
Internal MISP references
UUID 8a44368f-3348-4817-aca7-81bfaca5ae6d which can be used as unique global reference for FireEye APT40 March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-18T00:00:00Z |
| date_published | 2019-03-04T00:00:00Z |
| source | MITRE |
| title | APT40: Examining a China-Nexus Espionage Actor |
Mandiant APT42
Mandiant. (n.d.). APT42: Crooked Charms, Cons and Compromise. Retrieved September 16, 2022.
Internal MISP references
UUID 10b3e476-a0c5-41fd-8cb8-5bfb245b118f which can be used as unique global reference for Mandiant APT42 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-16T00:00:00Z |
| source | MITRE |
| title | APT42: Crooked Charms, Cons and Compromise |
QiAnXin APT-C-36 Feb2019
QiAnXin Threat Intelligence Center. (2019, February 18). APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations. Retrieved May 5, 2020.
Internal MISP references
UUID cae075ea-42cb-4695-ac66-9187241393d1 which can be used as unique global reference for QiAnXin APT-C-36 Feb2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-05T00:00:00Z |
| date_published | 2019-02-18T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations |
360 Machete Sep 2020
kate. (2020, September 25). APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign. Retrieved November 20, 2020.
Internal MISP references
UUID 682c843d-1bb8-4f30-9d2e-35e8d41b1976 which can be used as unique global reference for 360 Machete Sep 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-20T00:00:00Z |
| date_published | 2020-09-25T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign |
Cycraft Chimera April 2020
Cycraft. (2020, April 15). APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors. Retrieved August 24, 2020.
Internal MISP references
UUID a5a14a4e-2214-44ab-9067-75429409d744 which can be used as unique global reference for Cycraft Chimera April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-24T00:00:00Z |
| date_published | 2020-04-15T00:00:00Z |
| source | MITRE |
| title | APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors |
CISA IT Service Providers
CISA. (n.d.). APTs Targeting IT Service Provider Customers. Retrieved November 16, 2020.
Internal MISP references
UUID b8bee7f9-155e-4765-9492-01182e4435b7 which can be used as unique global reference for CISA IT Service Providers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-16T00:00:00Z |
| source | MITRE |
| title | APTs Targeting IT Service Provider Customers |
Securelist GCMAN
Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.
Internal MISP references
UUID 1f07f234-50f0-4c1e-942a-a01d3f733161 which can be used as unique global reference for Securelist GCMAN in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| date_published | 2016-02-08T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks |
Proofpoint TA459 April 2017
Axel F. (2017, April 27). APT Targets Financial Analysts with CVE-2017-0199. Retrieved February 15, 2018.
Internal MISP references
UUID dabad6df-1e31-4c16-9217-e079f2493b02 which can be used as unique global reference for Proofpoint TA459 April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-04-27T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | APT Targets Financial Analysts with CVE-2017-0199 |
Securelist APT Trends April 2018
Global Research and Analysis Team . (2018, April 12). APT Trends report Q1 2018. Retrieved January 27, 2021.
Internal MISP references
UUID 587f5195-e696-4a3c-8c85-90b9c002cd11 which can be used as unique global reference for Securelist APT Trends April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-27T00:00:00Z |
| date_published | 2018-04-12T00:00:00Z |
| source | MITRE |
| title | APT Trends report Q1 2018 |
Kaspersky APT Trends Q1 2020
Global Research and Analysis Team. (2020, April 30). APT trends report Q1 2020. Retrieved September 19, 2022.
Internal MISP references
UUID 23c91719-5ebe-4d03-8018-df1809fffd2f which can be used as unique global reference for Kaspersky APT Trends Q1 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-19T00:00:00Z |
| date_published | 2020-04-30T00:00:00Z |
| source | MITRE |
| title | APT trends report Q1 2020 |
Kaspersky APT Trends Q1 April 2021
GReAT . (2021, April 27). APT trends report Q1 2021. Retrieved June 6, 2022.
Internal MISP references
UUID 3fd0ba3b-7919-46d3-a444-50508603956f which can be used as unique global reference for Kaspersky APT Trends Q1 April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-06T00:00:00Z |
| date_published | 2021-04-27T00:00:00Z |
| source | MITRE |
| title | APT trends report Q1 2021 |
Securelist APT Trends Q2 2017
Kaspersky Lab's Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018.
Internal MISP references
UUID fe28042c-d289-463f-9ece-1a75a70b966e which can be used as unique global reference for Securelist APT Trends Q2 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-08-08T00:00:00Z |
| source | MITRE |
| title | APT Trends report Q2 2017 |
Wald0 Guide to GPOs
Robbins, A. (2018, April 2). A Red Teamer’s Guide to GPOs and OUs. Retrieved March 5, 2019.
Internal MISP references
UUID 48bb84ac-56c8-4840-9a11-2cc76213e24e which can be used as unique global reference for Wald0 Guide to GPOs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2018-04-02T00:00:00Z |
| source | MITRE |
| title | A Red Teamer’s Guide to GPOs and OUs |
Lau 2011
Lau, H. (2011, August 8). Are MBR Infections Back in Fashion? (Infographic). Retrieved November 13, 2014.
Internal MISP references
UUID fa809aab-5051-4f9c-8e27-b5989608b03c which can be used as unique global reference for Lau 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-13T00:00:00Z |
| date_published | 2011-08-08T00:00:00Z |
| source | MITRE |
| title | Are MBR Infections Back in Fashion? (Infographic) |
Krebs-Booter
Brian Krebs. (2016, October 27). Are the Days of “Booter” Services Numbered?. Retrieved May 15, 2017.
Internal MISP references
UUID d29a88ae-273b-439e-8808-dc9931f1ff72 which can be used as unique global reference for Krebs-Booter in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-15T00:00:00Z |
| date_published | 2016-10-27T00:00:00Z |
| source | MITRE |
| title | Are the Days of “Booter” Services Numbered? |
RSA Forfiles Aug 2017
Partington, E. (2017, August 14). Are you looking out for forfiles.exe (if you are watching for cmd.exe). Retrieved January 22, 2018.
Internal MISP references
UUID 923d6d3e-6117-43a5-92c6-ea0c131355c2 which can be used as unique global reference for RSA Forfiles Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2017-08-14T00:00:00Z |
| source | MITRE |
| title | Are you looking out for forfiles.exe (if you are watching for cmd.exe) |
FireEye Respond Webinar July 2017
Scavella, T. and Rifki, A. (2017, July 20). Are you Ready to Respond? (Webinar). Retrieved October 4, 2017.
Internal MISP references
UUID e7091d66-7faa-49d6-b16f-be1f79db4471 which can be used as unique global reference for FireEye Respond Webinar July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-04T00:00:00Z |
| date_published | 2017-07-20T00:00:00Z |
| source | MITRE |
| title | Are you Ready to Respond? (Webinar) |
TechNet Arp
Microsoft. (n.d.). Arp. Retrieved April 17, 2016.
Internal MISP references
UUID 7714222e-8046-4884-b460-493d9ef46305 which can be used as unique global reference for TechNet Arp in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-17T00:00:00Z |
| source | MITRE |
| title | Arp |
Cisco ARP Poisoning Mitigation 2016
King, J., Lauerman, K. (2016, January 22). ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique. Retrieved October 15, 2020.
Internal MISP references
UUID 715cd044-f5ef-4cad-8741-308d104f05a5 which can be used as unique global reference for Cisco ARP Poisoning Mitigation 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| date_published | 2016-01-22T00:00:00Z |
| source | MITRE |
| title | ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique |
ASEC Emotet 2017
ASEC. (2017). ASEC REPORT VOL.88. Retrieved April 16, 2019.
Internal MISP references
UUID a02e3bbf-5864-4ccf-8b6f-5f8452395670 which can be used as unique global reference for ASEC Emotet 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | ASEC REPORT VOL.88 |
ASERT Seven Pointed Dagger Aug 2015
ASERT. (2015, August). ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger. Retrieved March 19, 2018.
Internal MISP references
UUID a8f323c7-82bc-46e6-bd6c-0b631abc644a which can be used as unique global reference for ASERT Seven Pointed Dagger Aug 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2015-08-01T00:00:00Z |
| source | MITRE |
| title | ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger |
Securelist Sofacy Feb 2018
Kaspersky Lab's Global Research & Analysis Team. (2018, February 20). A Slice of 2017 Sofacy Activity. Retrieved November 27, 2018.
Internal MISP references
UUID 3a043bba-2451-4765-946b-c1f3bf4aea36 which can be used as unique global reference for Securelist Sofacy Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-27T00:00:00Z |
| date_published | 2018-02-20T00:00:00Z |
| source | MITRE |
| title | A Slice of 2017 Sofacy Activity |
THE FINANCIAL TIMES LTD 2019.
THE FINANCIAL TIMES. (2019, September 2). A sobering day. Retrieved October 8, 2019.
Internal MISP references
UUID 5a01f0b7-86f7-44a1-bf35-46a631402ceb which can be used as unique global reference for THE FINANCIAL TIMES LTD 2019. in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2019-09-02T00:00:00Z |
| source | MITRE |
| title | A sobering day |
Aspnet_Compiler.exe - LOLBAS Project
LOLBAS. (2021, September 26). Aspnet_Compiler.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 15864c56-115e-4163-b816-03bdb9bfd5c5 which can be used as unique global reference for Aspnet_Compiler.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Aspnet_Compiler.exe |
Mandiant UNC2452 APT29 April 2022
Mandiant. (2020, April 27). Assembling the Russian Nesting Doll: UNC2452 Merged into APT29. Retrieved March 26, 2023.
Internal MISP references
UUID 5276508c-6792-56be-b757-e4b495ef6c37 which can be used as unique global reference for Mandiant UNC2452 APT29 April 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-26T00:00:00Z |
| date_published | 2020-04-27T00:00:00Z |
| source | MITRE |
| title | Assembling the Russian Nesting Doll: UNC2452 Merged into APT29 |
Microsoft Assoc Oct 2017
Plett, C. et al.. (2017, October 15). assoc. Retrieved August 7, 2018.
Internal MISP references
UUID 63fb65d7-6423-42de-b868-37fbc2bc133d which can be used as unique global reference for Microsoft Assoc Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-07T00:00:00Z |
| date_published | 2017-10-15T00:00:00Z |
| source | MITRE |
| title | assoc |
Rhino Security Labs Enumerating AWS Roles
Spencer Gietzen. (2018, August 8). Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’. Retrieved April 1, 2022.
Internal MISP references
UUID f403fc54-bdac-415a-9cc0-78803dd84214 which can be used as unique global reference for Rhino Security Labs Enumerating AWS Roles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2018-08-08T00:00:00Z |
| source | MITRE |
| title | Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’ |
Cybereason Astaroth Feb 2019
Salem, E. (2019, February 13). ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA. Retrieved April 17, 2019.
Internal MISP references
UUID eb4dc1f8-c6e7-4d6c-9258-b03a0ae64d2e which can be used as unique global reference for Cybereason Astaroth Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2019-02-13T00:00:00Z |
| source | MITRE |
| title | ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA |
spamhaus-malvertising
Miller, Sarah. (2023, February 2). A surge of malvertising across Google Ads is distributing dangerous malware. Retrieved February 21, 2023.
Internal MISP references
UUID 15a4d429-28c3-52be-aeb8-d94ad2743866 which can be used as unique global reference for spamhaus-malvertising in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2023-02-02T00:00:00Z |
| source | MITRE |
| title | A surge of malvertising across Google Ads is distributing dangerous malware |
Microsoft APC
Microsoft. (n.d.). Asynchronous Procedure Calls. Retrieved December 8, 2017.
Internal MISP references
UUID 37f1ef6c-fc0e-4e47-85ab-20d53caba77e which can be used as unique global reference for Microsoft APC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-08T00:00:00Z |
| source | MITRE |
| title | Asynchronous Procedure Calls |
TechNet At
Microsoft. (n.d.). At. Retrieved April 28, 2016.
Internal MISP references
UUID 31b40c09-d68f-4889-b585-c077bd9cef28 which can be used as unique global reference for TechNet At in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-28T00:00:00Z |
| source | MITRE |
| title | At |
Die.net Linux at Man Page
Thomas Koenig. (n.d.). at(1) - Linux man page. Retrieved December 19, 2017.
Internal MISP references
UUID 4bc1389d-9586-4dfc-a67c-58c6d3f6796a which can be used as unique global reference for Die.net Linux at Man Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| source | MITRE |
| title | at(1) - Linux man page |
Linux at
IEEE/The Open Group. (2017). at(1p) — Linux manual page. Retrieved February 25, 2022.
Internal MISP references
UUID 3e3a84bc-ab6d-460d-8abc-cafae6eaaedd which can be used as unique global reference for Linux at in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-25T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | at(1p) — Linux manual page |
PWC Pirpi Scanbox
Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.
Internal MISP references
UUID 4904261a-a3a9-4c3e-b6a7-079890026ee2 which can be used as unique global reference for PWC Pirpi Scanbox in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-30T00:00:00Z |
| date_published | 2015-07-25T00:00:00Z |
| source | MITRE |
| title | A tale of Pirpi, Scanbox & CVE-2015-3113 |
Atbroker.exe - LOLBAS Project
LOLBAS. (2018, May 25). Atbroker.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b0c21b56-6591-49c3-8e67-328ddb7b436d which can be used as unique global reference for Atbroker.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Atbroker.exe |
ESET Attor Oct 2019
Hromcova, Z. (2019, October). AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM. Retrieved May 6, 2020.
Internal MISP references
UUID fdd57c56-d989-4a6f-8cc5-5b3713605dec which can be used as unique global reference for ESET Attor Oct 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-06T00:00:00Z |
| date_published | 2019-10-01T00:00:00Z |
| source | MITRE |
| title | AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM |
LogRhythm WannaCry
Noerenberg, E., Costis, A., and Quist, N. (2017, May 16). A Technical Analysis of WannaCry Ransomware. Retrieved March 25, 2019.
Internal MISP references
UUID 305d0742-154a-44af-8686-c6d8bd7f8636 which can be used as unique global reference for LogRhythm WannaCry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2017-05-16T00:00:00Z |
| source | MITRE |
| title | A Technical Analysis of WannaCry Ransomware |
Malwarebytes Dyreza November 2015
hasherezade. (2015, November 4). A Technical Look At Dyreza. Retrieved June 15, 2020.
Internal MISP references
UUID 0a5719f2-8a88-44e2-81c5-2d16a39f1f8d which can be used as unique global reference for Malwarebytes Dyreza November 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2015-11-04T00:00:00Z |
| source | MITRE |
| title | A Technical Look At Dyreza |
At.exe - LOLBAS Project
LOLBAS. (2019, September 20). At.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a31e1f5c-9b8d-4af4-875b-5c03d2400c12 which can be used as unique global reference for At.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-09-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | At.exe |
ENSIL AtomBombing Oct 2016
Liberman, T. (2016, October 27). ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS. Retrieved December 8, 2017.
Internal MISP references
UUID 9282dbab-391c-4ffd-ada9-1687413b686b which can be used as unique global reference for ENSIL AtomBombing Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-08T00:00:00Z |
| date_published | 2016-10-27T00:00:00Z |
| source | MITRE |
| title | ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS |
FireEye TRITON 2018
Miller, S. Reese, E. (2018, June 7). A Totally Tubular Treatise on TRITON and TriStation. Retrieved January 6, 2021.
Internal MISP references
UUID bfa5886a-a7f4-40d1-98d0-c3358abcf265 which can be used as unique global reference for FireEye TRITON 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2018-06-07T00:00:00Z |
| source | MITRE |
| title | A Totally Tubular Treatise on TRITON and TriStation |
The DFIR Report Truebot June 12 2023
The DFIR Report. (2023, June 12). A Truly Graceful Wipe Out. Retrieved June 15, 2023.
Internal MISP references
UUID a6311a66-bb36-4cad-a98f-2b0b89aafa3d which can be used as unique global reference for The DFIR Report Truebot June 12 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-15T00:00:00Z |
| date_published | 2023-06-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | A Truly Graceful Wipe Out |
att_def_ps_logging
Hao, M. (2019, February 27). Attack and Defense Around PowerShell Event Logging. Retrieved November 24, 2021.
Internal MISP references
UUID 52212570-b1a6-4249-99d4-3bcf66c27140 which can be used as unique global reference for att_def_ps_logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-24T00:00:00Z |
| date_published | 2019-02-27T00:00:00Z |
| source | MITRE |
| title | Attack and Defense Around PowerShell Event Logging |
Intezer TeamTNT September 2020
Fishbein, N. (2020, September 8). Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks. Retrieved September 22, 2021.
Internal MISP references
UUID 1155a45e-86f4-497a-9a03-43b6dcb25202 which can be used as unique global reference for Intezer TeamTNT September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2020-09-08T00:00:00Z |
| source | MITRE |
| title | Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks |
Metcalf 2015
Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.
Internal MISP references
UUID 1c899028-466c-49b0-8d64-1a954c812508 which can be used as unique global reference for Metcalf 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-02-03T00:00:00Z |
| date_published | 2015-01-19T00:00:00Z |
| source | MITRE |
| title | Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest |
Cisco Blog Legacy Device Attacks
Omar Santos. (2020, October 19). Attackers Continue to Target Legacy Devices. Retrieved October 20, 2020.
Internal MISP references
UUID f7ce5099-7e04-4c0b-8767-e0eec664b18e which can be used as unique global reference for Cisco Blog Legacy Device Attacks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Attackers Continue to Target Legacy Devices |
FireEye TRITON 2017
Johnson, B, et. al. (2017, December 14). Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure. Retrieved January 6, 2021.
Internal MISP references
UUID 597a4d8b-ffb2-4551-86db-b319f5a5b707 which can be used as unique global reference for FireEye TRITON 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2017-12-14T00:00:00Z |
| source | MITRE |
| title | Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure |
GitHub Cloud Service Credentials
Runa A. Sandvik. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved August 9, 2022.
Internal MISP references
UUID d2186b8c-10c9-493b-8e25-7d69fce006e4 which can be used as unique global reference for GitHub Cloud Service Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-09T00:00:00Z |
| date_published | 2014-01-14T00:00:00Z |
| source | MITRE |
| title | Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency |
Forbes GitHub Creds
Sandvik, R. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved October 19, 2020.
Internal MISP references
UUID 303f8801-bdd6-4a0c-a90a-37867898c99c which can be used as unique global reference for Forbes GitHub Creds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2014-01-14T00:00:00Z |
| source | MITRE |
| title | Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency |
Unit 42 Unsecured Docker Daemons
Chen, J.. (2020, January 29). Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed. Retrieved March 31, 2021.
Internal MISP references
UUID efcbbbdd-9af1-46c2-8538-3fd22f2b67d2 which can be used as unique global reference for Unit 42 Unsecured Docker Daemons in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-31T00:00:00Z |
| date_published | 2020-01-29T00:00:00Z |
| source | MITRE |
| title | Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed |
Black Hills Attacking Exchange MailSniper, 2016
Bullock, B.. (2016, October 3). Attacking Exchange with MailSniper. Retrieved October 6, 2019.
Internal MISP references
UUID adedfddc-29b7-4245-aa67-cc590acb7434 which can be used as unique global reference for Black Hills Attacking Exchange MailSniper, 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| date_published | 2016-10-03T00:00:00Z |
| source | MITRE |
| title | Attacking Exchange with MailSniper |
SANS Attacking Kerberos Nov 2014
Medin, T. (2014, November). Attacking Kerberos - Kicking the Guard Dog of Hades. Retrieved March 22, 2018.
Internal MISP references
UUID f20d6bd0-d699-4ee4-8ef6-3c45ec12cd42 which can be used as unique global reference for SANS Attacking Kerberos Nov 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-22T00:00:00Z |
| date_published | 2014-11-01T00:00:00Z |
| source | MITRE |
| title | Attacking Kerberos - Kicking the Guard Dog of Hades |
NetSPI SQL Server CLR
Sutherland, S. (2017, July 13). Attacking SQL Server CLR Assemblies. Retrieved July 8, 2019.
Internal MISP references
UUID 6f3d8c89-9d5d-4754-98d5-44fe3a5dd0d5 which can be used as unique global reference for NetSPI SQL Server CLR in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-08T00:00:00Z |
| date_published | 2017-07-13T00:00:00Z |
| source | MITRE |
| title | Attacking SQL Server CLR Assemblies |
Mandiant FIN5 GrrCON Oct 2016
Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.
Internal MISP references
UUID 2bd39baf-4223-4344-ba93-98aa8453dc11 which can be used as unique global reference for Mandiant FIN5 GrrCON Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-06T00:00:00Z |
| date_published | 2016-10-07T00:00:00Z |
| source | MITRE |
| title | Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years |
Attacking VNC Servers PentestLab
Administrator, Penetration Testing Lab. (2012, October 30). Attacking VNC Servers. Retrieved October 6, 2021.
Internal MISP references
UUID f953ea41-f9ca-4f4e-a46f-ef1d2def1d07 which can be used as unique global reference for Attacking VNC Servers PentestLab in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-06T00:00:00Z |
| date_published | 2012-10-30T00:00:00Z |
| source | MITRE |
| title | Attacking VNC Servers |
Talos Template Injection July 2017
Baird, S. et al.. (2017, July 7). Attack on Critical Infrastructure Leverages Template Injection. Retrieved July 21, 2018.
Internal MISP references
UUID 175ea537-2a94-42c7-a83b-bec8906ee6b9 which can be used as unique global reference for Talos Template Injection July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-21T00:00:00Z |
| date_published | 2017-07-07T00:00:00Z |
| source | MITRE |
| title | Attack on Critical Infrastructure Leverages Template Injection |
Lotus Blossom Dec 2015
Falcone, R. and Miller-Osborn, J.. (2015, December 18). Attack on French Diplomat Linked to Operation Lotus Blossom. Retrieved February 15, 2016.
Internal MISP references
UUID dcbe51a0-6d63-4401-b19e-46cd3c42204c which can be used as unique global reference for Lotus Blossom Dec 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-15T00:00:00Z |
| date_published | 2015-12-18T00:00:00Z |
| source | MITRE |
| title | Attack on French Diplomat Linked to Operation Lotus Blossom |
Symantec Attacks Against Government Sector
Symantec. (2021, June 10). Attacks Against the Government Sector. Retrieved September 28, 2021.
Internal MISP references
UUID f5940cc2-1bbd-4e42-813a-f50867b01035 which can be used as unique global reference for Symantec Attacks Against Government Sector in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2021-06-10T00:00:00Z |
| source | MITRE |
| title | Attacks Against the Government Sector |
Aqua Security Cloud Native Threat Report June 2021
Team Nautilus. (2021, June). Attacks in the Wild on the Container Supply Chain and Infrastructure. Retrieved August 26, 2021.
Internal MISP references
UUID be9652d5-7531-4143-9c44-aefd019b7a32 which can be used as unique global reference for Aqua Security Cloud Native Threat Report June 2021 in MISP communities and other software using the MISP galaxy
External references
- https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-26T00:00:00Z |
| date_published | 2021-06-01T00:00:00Z |
| source | MITRE |
| title | Attacks in the Wild on the Container Supply Chain and Infrastructure |
CERT-FR PYSA April 2020
CERT-FR. (2020, April 1). ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE. Retrieved March 1, 2021.
Internal MISP references
UUID 4e502db6-2e09-4422-9dcc-1e10e701e122 which can be used as unique global reference for CERT-FR PYSA April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-01T00:00:00Z |
| date_published | 2020-04-01T00:00:00Z |
| source | MITRE |
| title | ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE |
InsiderThreat NTFS EA Oct 2017
Sander, J. (2017, October 12). Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks. Retrieved March 21, 2018.
Internal MISP references
UUID 6d270128-0461-43ec-8925-204c7b5aacc9 which can be used as unique global reference for InsiderThreat NTFS EA Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-21T00:00:00Z |
| date_published | 2017-10-12T00:00:00Z |
| source | MITRE |
| title | Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks |
Microsoft ASR Obfuscation
Microsoft. (2023, February 22). Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts. Retrieved March 17, 2023.
Internal MISP references
UUID dec646d4-8b32-5091-b097-abe887aeca96 which can be used as unique global reference for Microsoft ASR Obfuscation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2023-02-22T00:00:00Z |
| source | MITRE |
| title | Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts |
TrendMicro Msiexec Feb 2018
Co, M. and Sison, G. (2018, February 8). Attack Using Windows Installer msiexec.exe leads to LokiBot. Retrieved April 18, 2019.
Internal MISP references
UUID 768c99f3-ee28-47dc-bc33-06d50ac72dea which can be used as unique global reference for TrendMicro Msiexec Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-18T00:00:00Z |
| date_published | 2018-02-08T00:00:00Z |
| source | MITRE |
| title | Attack Using Windows Installer msiexec.exe leads to LokiBot |
GitHub ATTACK Empire
Stepanic, D. (2018, September 2). attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs. Retrieved March 11, 2019.
Internal MISP references
UUID b3d6bb33-2b23-4c0a-b8fa-e002a5c7edfc which can be used as unique global reference for GitHub ATTACK Empire in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-11T00:00:00Z |
| date_published | 2018-09-02T00:00:00Z |
| source | MITRE |
| title | attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs |
lambert systemd 2022
Tony Lambert. (2022, November 13). ATT&CK T1501: Understanding systemd service persistence. Retrieved March 20, 2023.
Internal MISP references
UUID 196f0c77-4c98-57e7-ad79-eb43bdd2c848 which can be used as unique global reference for lambert systemd 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-20T00:00:00Z |
| date_published | 2022-11-13T00:00:00Z |
| source | MITRE |
| title | ATT&CK T1501: Understanding systemd service persistence |
TechNet Credential Theft
Microsoft. (2016, April 15). Attractive Accounts for Credential Theft. Retrieved June 3, 2016.
Internal MISP references
UUID 5c183c97-0ab2-4b75-8dbc-9db92a929ff4 which can be used as unique global reference for TechNet Credential Theft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2016-04-15T00:00:00Z |
| source | MITRE |
| title | Attractive Accounts for Credential Theft |
Audit OSX
Gagliardi, R. (n.d.). Audit in a OS X System. Retrieved September 23, 2021.
Internal MISP references
UUID c5181c95-0a94-4ea0-9940-04a9663d0069 which can be used as unique global reference for Audit OSX in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| source | MITRE |
| title | Audit in a OS X System |
Microsoft Audit Logon Events
Microsoft. (2021, September 6). Audit logon events. Retrieved September 28, 2021.
Internal MISP references
UUID 050d6da7-a78c-489d-8bef-b06d802b55d7 which can be used as unique global reference for Microsoft Audit Logon Events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2021-09-06T00:00:00Z |
| source | MITRE |
| title | Audit logon events |
Cloud Audit Logs
Google. (n.d.). Audit Logs. Retrieved June 1, 2020.
Internal MISP references
UUID 500bdcea-5f49-4949-80fb-5eec1ce5e09e which can be used as unique global reference for Cloud Audit Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-01T00:00:00Z |
| source | MITRE |
| title | Audit Logs |
Microsoft Scheduled Task Events Win10
Microsoft. (2017, May 28). Audit Other Object Access Events. Retrieved June 27, 2019.
Internal MISP references
UUID 79e54b41-69ba-4738-86ef-88c4f540bce3 which can be used as unique global reference for Microsoft Scheduled Task Events Win10 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-27T00:00:00Z |
| date_published | 2017-05-28T00:00:00Z |
| source | MITRE |
| title | Audit Other Object Access Events |
auditpol
Jason Gerend, et al. (2017, October 16). auditpol. Retrieved September 1, 2021.
Internal MISP references
UUID 20d18ecf-d7d3-4433-9a3c-c28be71de4b1 which can be used as unique global reference for auditpol in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-01T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | auditpol |
auditpol.exe_STRONTIC
STRONTIC. (n.d.). auditpol.exe. Retrieved September 9, 2021.
Internal MISP references
UUID c8a305b3-cd17-4415-a740-32787da703cd which can be used as unique global reference for auditpol.exe_STRONTIC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-09T00:00:00Z |
| source | MITRE |
| title | auditpol.exe |
Audit_Policy_Microsoft
Daniel Simpson. (2017, April 19). Audit Policy. Retrieved September 13, 2021.
Internal MISP references
UUID 9ff43f64-7fcb-4aa3-9599-9d00774d8da5 which can be used as unique global reference for Audit_Policy_Microsoft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | Audit Policy |
TechNet Audit Policy
Microsoft. (2016, April 15). Audit Policy Recommendations. Retrieved June 3, 2016.
Internal MISP references
UUID 406cd8ff-e539-4853-85ed-775726155cf1 which can be used as unique global reference for TechNet Audit Policy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2016-04-15T00:00:00Z |
| source | MITRE |
| title | Audit Policy Recommendations |
Microsoft Audit Registry July 2012
Microsoft. (2012, July 2). Audit Registry. Retrieved January 31, 2018.
Internal MISP references
UUID 4e95ad81-cbc4-4f66-ba95-fb781d7d9c3c which can be used as unique global reference for Microsoft Audit Registry July 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| date_published | 2012-07-02T00:00:00Z |
| source | MITRE |
| title | Audit Registry |
Security Affairs Elderwood Sept 2012
Paganini, P. (2012, September 9). Elderwood project, who is behind Op. Aurora and ongoing attacks?. Retrieved February 13, 2018.
Internal MISP references
UUID ebfc56c5-0490-4b91-b49f-548c00a59162 which can be used as unique global reference for Security Affairs Elderwood Sept 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-13T00:00:00Z |
| source | MITRE |
| title | Aurora and ongoing attacks? |
NIST Authentication
NIST. (n.d.). Authentication. Retrieved January 30, 2020.
Internal MISP references
UUID f3cfb9b9-62f4-4066-a2b9-7e6f25bd7a46 which can be used as unique global reference for NIST Authentication in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-30T00:00:00Z |
| source | MITRE |
| title | Authentication |
MSDN Authentication Packages
Microsoft. (n.d.). Authentication Packages. Retrieved March 1, 2017.
Internal MISP references
UUID e9bb8434-9b6d-4301-bfe2-5c83ceabb020 which can be used as unique global reference for MSDN Authentication Packages in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| source | MITRE |
| title | Authentication Packages |
Microsoft Authenticode
Microsoft. (n.d.). Authenticode. Retrieved January 31, 2018.
Internal MISP references
UUID 33efd1a3-ffe9-42b3-ae12-970ed11454bf which can be used as unique global reference for Microsoft Authenticode in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| source | MITRE |
| title | Authenticode |
K8s Authorization Overview
Kubernetes. (n.d.). Authorization Overview. Retrieved June 24, 2021.
Internal MISP references
UUID 120f968a-c81f-4902-9b76-7544577b768d which can be used as unique global reference for K8s Authorization Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-24T00:00:00Z |
| source | MITRE |
| title | Authorization Overview |
SSH Authorized Keys
ssh.com. (n.d.). Authorized_keys File in SSH. Retrieved June 24, 2020.
Internal MISP references
UUID ff100b76-894e-4d7c-9b8d-5f0eedcf59cc which can be used as unique global reference for SSH Authorized Keys in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| source | MITRE |
| title | Authorized_keys File in SSH |
Trend Micro njRAT 2018
Pascual, C. (2018, November 27). AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor. Retrieved June 4, 2019.
Internal MISP references
UUID d8e7b428-84dd-4d96-b3f3-70e7ed7f8271 which can be used as unique global reference for Trend Micro njRAT 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2018-11-27T00:00:00Z |
| source | MITRE |
| title | AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor |
Re-Open windows on Mac
Apple. (2016, December 6). Automatically re-open windows, apps, and documents on your Mac. Retrieved July 11, 2017.
Internal MISP references
UUID ed907f1e-71d6-45db-8ef3-75bec59c238b which can be used as unique global reference for Re-Open windows on Mac in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-11T00:00:00Z |
| date_published | 2016-12-06T00:00:00Z |
| source | MITRE |
| title | Automatically re-open windows, apps, and documents on your Mac |
TechNet Autoruns
Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016.
Internal MISP references
UUID 709f4509-9d69-4033-8aa6-a947496a1703 which can be used as unique global reference for TechNet Autoruns in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-06T00:00:00Z |
| date_published | 2016-01-04T00:00:00Z |
| source | MITRE |
| title | Autoruns for Windows v13.51 |
Autoruns for Windows
Mark Russinovich. (2019, June 28). Autoruns for Windows v13.96. Retrieved March 13, 2020.
Internal MISP references
UUID aaf66ad0-c444-48b5-875f-a0f66b82031c which can be used as unique global reference for Autoruns for Windows in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2019-06-28T00:00:00Z |
| source | MITRE |
| title | Autoruns for Windows v13.96 |
Hornet Security Avaddon June 2020
Security Lab. (2020, June 5). Avaddon: From seeking affiliates to in-the-wild in 2 days. Retrieved August 19, 2021.
Internal MISP references
UUID 41377d56-2e7b-48a8-8561-681e04a65907 which can be used as unique global reference for Hornet Security Avaddon June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-19T00:00:00Z |
| date_published | 2020-06-05T00:00:00Z |
| source | MITRE |
| title | Avaddon: From seeking affiliates to in-the-wild in 2 days |
Arxiv Avaddon Feb 2021
Yuste, J. Pastrana, S. (2021, February 9). Avaddon ransomware: an in-depth analysis and decryption of infected systems. Retrieved August 19, 2021.
Internal MISP references
UUID dbee8e7e-f477-4bd5-8225-84e0e222617e which can be used as unique global reference for Arxiv Avaddon Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-19T00:00:00Z |
| date_published | 2021-02-09T00:00:00Z |
| source | MITRE |
| title | Avaddon ransomware: an in-depth analysis and decryption of infected systems |
CISA Phishing
CISA. (2021, February 1). Avoiding Social Engineering and Phishing Attacks. Retrieved September 8, 2023.
Internal MISP references
UUID 0c98bf66-f43c-5b09-ae43-d10c682f51e7 which can be used as unique global reference for CISA Phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| date_published | 2021-02-01T00:00:00Z |
| source | MITRE |
| title | Avoiding Social Engineering and Phishing Attacks |
Malwarebytes AvosLocker Jul 2021
Hasherezade. (2021, July 23). AvosLocker enters the ransomware scene, asks for partners. Retrieved January 11, 2023.
Internal MISP references
UUID 88dffb14-a7a7-5b36-b269-8283dec0f1a3 which can be used as unique global reference for Malwarebytes AvosLocker Jul 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-11T00:00:00Z |
| date_published | 2021-07-23T00:00:00Z |
| source | MITRE |
| title | AvosLocker enters the ransomware scene, asks for partners |
avoslocker_ransomware
Lakshmanan, R. (2022, May 2). AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection. Retrieved May 17, 2022.
Internal MISP references
UUID ea2756ce-a183-4c80-af11-92374ad045b2 which can be used as unique global reference for avoslocker_ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-17T00:00:00Z |
| date_published | 2022-05-02T00:00:00Z |
| source | MITRE |
| title | AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection |
Cisco Talos Avos Jun 2022
Venere, G. Neal, C. (2022, June 21). Avos ransomware group expands with new attack arsenal. Retrieved January 11, 2023.
Internal MISP references
UUID 1170fdc2-6d8e-5b60-bf9e-ca915790e534 which can be used as unique global reference for Cisco Talos Avos Jun 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-11T00:00:00Z |
| date_published | 2022-06-21T00:00:00Z |
| source | MITRE |
| title | Avos ransomware group expands with new attack arsenal |
Awesome Executable Packing
Alexandre D'Hondt. (n.d.). Awesome Executable Packing. Retrieved March 11, 2022.
Internal MISP references
UUID 565bf600-5657-479b-9678-803e991c88a5 which can be used as unique global reference for Awesome Executable Packing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-11T00:00:00Z |
| source | MITRE |
| title | Awesome Executable Packing |
ESET Kobalos Jan 2021
M.Leveille, M., Sanmillan, I. (2021, January). A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs. Retrieved August 24, 2021.
Internal MISP references
UUID 745e963e-33fd-40d4-a8c6-1a9f321017f4 which can be used as unique global reference for ESET Kobalos Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs |
AWS Root User
Amazon. (n.d.). AWS Account Root User. Retrieved April 5, 2021.
Internal MISP references
UUID 5f315c21-f02f-4c9e-aac6-d648deff3ff9 which can be used as unique global reference for AWS Root User in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-05T00:00:00Z |
| source | MITRE |
| title | AWS Account Root User |
GitHub AWS-ADFS-Credential-Generator
Damian Hickey. (2017, January 28). AWS-ADFS-Credential-Generator. Retrieved December 16, 2020.
Internal MISP references
UUID 340a3a20-0ee1-4fd8-87ab-10ac0d2a50c8 which can be used as unique global reference for GitHub AWS-ADFS-Credential-Generator in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-16T00:00:00Z |
| date_published | 2017-01-28T00:00:00Z |
| source | MITRE |
| title | AWS-ADFS-Credential-Generator |
AWS GetPasswordPolicy
Amazon Web Services. (n.d.). AWS API GetAccountPasswordPolicy. Retrieved June 8, 2021.
Internal MISP references
UUID dd44d565-b9d9-437e-a31a-a52c6a21e3b3 which can be used as unique global reference for AWS GetPasswordPolicy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-08T00:00:00Z |
| source | MITRE |
| title | AWS API GetAccountPasswordPolicy |
AWS Console Sign-in Events
Amazon. (n.d.). AWS Console Sign-in Events. Retrieved October 23, 2019.
Internal MISP references
UUID 72578d0b-f68a-40fa-9a5d-379a66792be8 which can be used as unique global reference for AWS Console Sign-in Events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-23T00:00:00Z |
| source | MITRE |
| title | AWS Console Sign-in Events |
AWS Describe DB Instances
Amazon Web Services. (n.d.). Retrieved May 28, 2021.
Internal MISP references
UUID 85bda17d-7b7c-4d0e-a0d2-2adb5f0a6b82 which can be used as unique global reference for AWS Describe DB Instances in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-28T00:00:00Z |
| source | MITRE |
| title | AWS Describe DB Instances |
AWS Get Bucket ACL
Amazon Web Services. (n.d.). Retrieved May 28, 2021.
Internal MISP references
UUID 1eddbd32-8314-4f95-812a-550904eac2fa which can be used as unique global reference for AWS Get Bucket ACL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-28T00:00:00Z |
| source | MITRE |
| title | AWS Get Bucket ACL |
AWS Get Public Access Block
Amazon Web Services. (n.d.). Retrieved May 28, 2021.
Internal MISP references
UUID f2887980-569a-4bc2-949e-bd8ff266c43c which can be used as unique global reference for AWS Get Public Access Block in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-28T00:00:00Z |
| source | MITRE |
| title | AWS Get Public Access Block |
AWS Head Bucket
Amazon Web Services. (n.d.). AWS HeadBucket. Retrieved February 14, 2022.
Internal MISP references
UUID 1388a78e-9f86-4927-a619-e0fcbac5b7a1 which can be used as unique global reference for AWS Head Bucket in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-14T00:00:00Z |
| source | MITRE |
| title | AWS HeadBucket |
Rhino Security Labs AWS Privilege Escalation
Spencer Gietzen. (n.d.). AWS IAM Privilege Escalation – Methods and Mitigation. Retrieved May 27, 2022.
Internal MISP references
UUID 693e5783-4aa1-40ce-8080-cec01c3e7b59 which can be used as unique global reference for Rhino Security Labs AWS Privilege Escalation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| source | MITRE |
| title | AWS IAM Privilege Escalation – Methods and Mitigation |
AWS Lambda Redirector
Adam Chester. (2020, February 25). AWS Lambda Redirector. Retrieved July 8, 2022.
Internal MISP references
UUID 9ba87a5d-a140-4959-9905-c4a80e684d56 which can be used as unique global reference for AWS Lambda Redirector in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-08T00:00:00Z |
| date_published | 2020-02-25T00:00:00Z |
| source | MITRE |
| title | AWS Lambda Redirector |
Rhino Security Labs AWS S3 Ransomware
Spencer Gietzen. (n.d.). AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense. Retrieved March 21, 2023.
Internal MISP references
UUID 785c6b11-c5f0-5cb4-931b-cf75fcc368a1 which can be used as unique global reference for Rhino Security Labs AWS S3 Ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-21T00:00:00Z |
| source | MITRE |
| title | AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense |
AWS Systems Manager Run Command
AWS. (n.d.). AWS Systems Manager Run Command. Retrieved March 13, 2023.
Internal MISP references
UUID ef66f17b-6a5b-5eb8-83de-943e2bddd114 which can be used as unique global reference for AWS Systems Manager Run Command in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| source | MITRE |
| title | AWS Systems Manager Run Command |
Pylos Xenotime 2019
Slowik, J.. (2019, April 12). A XENOTIME to Remember: Veles in the Wild. Retrieved April 16, 2019.
Internal MISP references
UUID e2f246d8-c75e-4e0f-bba8-869d82be26da which can be used as unique global reference for Pylos Xenotime 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-04-12T00:00:00Z |
| source | MITRE |
| title | A XENOTIME to Remember: Veles in the Wild |
objective-see ay mami 2018
Patrick Wardle. (2018, January 11). Ay MaMi. Retrieved March 19, 2018.
Internal MISP references
UUID 1b1d656c-4fe6-47d1-9ce5-a70c33003507 which can be used as unique global reference for objective-see ay mami 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2018-01-11T00:00:00Z |
| source | MITRE |
| title | Ay MaMi |
Microsoft AZ CLI
Microsoft. (n.d.). az ad user. Retrieved October 6, 2019.
Internal MISP references
UUID cfd94553-272b-466b-becb-3859942bcaa5 which can be used as unique global reference for Microsoft AZ CLI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| source | MITRE |
| title | az ad user |
Intezer Russian APT Dec 2020
Kennedy, J. (2020, December 9). A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy. Retrieved February 22, 2021.
Internal MISP references
UUID 88d8a3b7-d994-4fd2-9aa1-83b79bccda7e which can be used as unique global reference for Intezer Russian APT Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2020-12-09T00:00:00Z |
| source | MITRE |
| title | A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy |
az monitor diagnostic-settings
Microsoft. (n.d.). az monitor diagnostic-settings. Retrieved October 16, 2020.
Internal MISP references
UUID 6ddd92ee-1014-4b7a-953b-18ac396b100e which can be used as unique global reference for az monitor diagnostic-settings in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| source | MITRE |
| title | az monitor diagnostic-settings |
Microsoft Azure AD Security Operations for Devices
Microsoft. (2020, September 16). Azure Active Directory security operations for devices. Retrieved February 21, 2023.
Internal MISP references
UUID eeba5eab-a9d8-55c0-b555-0414f65d2c2d which can be used as unique global reference for Microsoft Azure AD Security Operations for Devices in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2020-09-16T00:00:00Z |
| source | MITRE |
| title | Azure Active Directory security operations for devices |
Microsoft Azure Active Directory security operations guide
Microsoft . (2022, September 16). Azure Active Directory security operations guide. Retrieved February 21, 2023.
Internal MISP references
UUID b75a3f28-a028-50e6-b971-cc85e7d52e0c which can be used as unique global reference for Microsoft Azure Active Directory security operations guide in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-09-16T00:00:00Z |
| source | MITRE |
| title | Azure Active Directory security operations guide |
Azure AD Connect for Read Teamers
Adam Chester. (2019, February 18). Azure AD Connect for Red Teamers. Retrieved September 28, 2022.
Internal MISP references
UUID 0b9946ff-8c1c-4d93-8401-e1e4dd186305 which can be used as unique global reference for Azure AD Connect for Read Teamers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2019-02-18T00:00:00Z |
| source | MITRE |
| title | Azure AD Connect for Red Teamers |
Microsoft - Azure PowerShell
Microsoft. (2014, December 12). Azure/azure-powershell. Retrieved March 24, 2023.
Internal MISP references
UUID 3b17b649-9efa-525f-aa49-cf6c9ad559d7 which can be used as unique global reference for Microsoft - Azure PowerShell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-24T00:00:00Z |
| date_published | 2014-12-12T00:00:00Z |
| source | MITRE |
| title | Azure/azure-powershell |
Azure Blob Storage
Microsoft. (n.d.). Azure Blob Storage. Retrieved October 13, 2021.
Internal MISP references
UUID 7a392b85-872a-4a5a-984c-185a8e8f8a3f which can be used as unique global reference for Azure Blob Storage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Azure Blob Storage |
Microsoft Azure Instance Metadata 2021
Microsoft. (2021, February 21). Azure Instance Metadata Service (Windows). Retrieved April 2, 2021.
Internal MISP references
UUID 66e93b75-0067-4cdb-b695-8f8109ef26e0 which can be used as unique global reference for Microsoft Azure Instance Metadata 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-02T00:00:00Z |
| date_published | 2021-02-21T00:00:00Z |
| source | MITRE |
| title | Azure Instance Metadata Service (Windows) |
Microsoft Azure Policy
Microsoft. (2023, August 30). Azure Policy built-in policy definitions. Retrieved September 5, 2023.
Internal MISP references
UUID 761d102e-768a-5536-a098-0b1819029d33 which can be used as unique global reference for Microsoft Azure Policy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-05T00:00:00Z |
| date_published | 2023-08-30T00:00:00Z |
| source | MITRE |
| title | Azure Policy built-in policy definitions |
SpecterOps Azure Privilege Escalation
Andy Robbins. (2021, October 12). Azure Privilege Escalation via Service Principal Abuse. Retrieved April 1, 2022.
Internal MISP references
UUID 5dba5a6d-465e-4489-bc4d-299a891b62f6 which can be used as unique global reference for SpecterOps Azure Privilege Escalation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2021-10-12T00:00:00Z |
| source | MITRE |
| title | Azure Privilege Escalation via Service Principal Abuse |
Azure Products
Microsoft. (n.d.). Azure products. Retrieved October 13, 2021.
Internal MISP references
UUID 12a72e05-ada4-4f77-8d6e-03024f88cab6 which can be used as unique global reference for Azure Products in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Azure products |
Azure - Resource Manager API
Microsoft. (2019, May 20). Azure Resource Manager. Retrieved June 17, 2020.
Internal MISP references
UUID 223cc020-e88a-4236-9c34-64fe606a1729 which can be used as unique global reference for Azure - Resource Manager API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-17T00:00:00Z |
| date_published | 2019-05-20T00:00:00Z |
| source | MITRE |
| title | Azure Resource Manager |
Mandiant Azure Run Command 2021
Adrien Bataille, Anders Vejlby, Jared Scott Wilson, and Nader Zaveri. (2021, December 14). Azure Run Command for Dummies. Retrieved March 13, 2023.
Internal MISP references
UUID e15d38de-bc15-525b-bd03-27c0edca768d which can be used as unique global reference for Mandiant Azure Run Command 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2021-12-14T00:00:00Z |
| source | MITRE |
| title | Azure Run Command for Dummies |
Microsoft Azure security baseline for Azure Active Directory
Microsoft. (2022, November 14). Azure security baseline for Azure Active Directory. Retrieved February 21, 2023.
Internal MISP references
UUID 2bc66dc9-2ed2-52ad-8ae2-5497be3b0c53 which can be used as unique global reference for Microsoft Azure security baseline for Azure Active Directory in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-11-14T00:00:00Z |
| source | MITRE |
| title | Azure security baseline for Azure Active Directory |
Microsoft - Azure Sentinel ADFSDomainTrustMods
Microsoft. (2020, December). Azure Sentinel Detections. Retrieved December 30, 2020.
Internal MISP references
UUID 34314090-33c2-4276-affa-3d0b527bbcef which can be used as unique global reference for Microsoft - Azure Sentinel ADFSDomainTrustMods in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-30T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | Azure Sentinel Detections |
Azure Serial Console
Microsoft. (2022, October 17). Azure Serial Console. Retrieved June 2, 2023.
Internal MISP references
UUID fd75d136-e818-5233-b2c2-5d8ed033b9e6 which can be used as unique global reference for Azure Serial Console in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-02T00:00:00Z |
| date_published | 2022-10-17T00:00:00Z |
| source | MITRE |
| title | Azure Serial Console |
Microsoft Azure Storage Security, 2019
Amlekar, M., Brooks, C., Claman, L., et. al.. (2019, March 20). Azure Storage security guide. Retrieved October 4, 2019.
Internal MISP references
UUID 95bda448-bb13-4fa6-b663-e48a9d1b866f which can be used as unique global reference for Microsoft Azure Storage Security, 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2019-03-20T00:00:00Z |
| source | MITRE |
| title | Azure Storage security guide |
Azure - Stormspotter
Microsoft. (2020). Azure Stormspotter GitHub. Retrieved June 17, 2020.
Internal MISP references
UUID 42383ed1-9705-4313-8068-28a22a23f50e which can be used as unique global reference for Azure - Stormspotter in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-17T00:00:00Z |
| date_published | 2020-01-01T00:00:00Z |
| source | MITRE |
| title | Azure Stormspotter GitHub |
Medium Babuk February 2021
Sebdraven. (2021, February 8). Babuk is distributed packed. Retrieved August 11, 2021.
Internal MISP references
UUID 58759b1c-8e2c-44fa-8e37-8bf7325c330d which can be used as unique global reference for Medium Babuk February 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-11T00:00:00Z |
| date_published | 2021-02-08T00:00:00Z |
| source | MITRE |
| title | Babuk is distributed packed |
Sogeti CERT ESEC Babuk March 2021
Sogeti. (2021, March). Babuk Ransomware. Retrieved August 11, 2021.
Internal MISP references
UUID e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e which can be used as unique global reference for Sogeti CERT ESEC Babuk March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-11T00:00:00Z |
| date_published | 2021-03-01T00:00:00Z |
| source | MITRE |
| title | Babuk Ransomware |
Unit42 BabyShark Apr 2019
Lim, M.. (2019, April 26). BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat . Retrieved October 7, 2019.
Internal MISP references
UUID c020569d-9c85-45fa-9f0b-97be5bdbab08 which can be used as unique global reference for Unit42 BabyShark Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-07T00:00:00Z |
| date_published | 2019-04-26T00:00:00Z |
| source | MITRE |
| title | BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat |
Symantec Briba May 2012
Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.
Internal MISP references
UUID bcf0f82b-1b26-4c0c-905e-0dd8b88d0903 which can be used as unique global reference for Symantec Briba May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-21T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Briba |
TrendMicro Squiblydoo Aug 2017
Bermejo, L., Giagone, R., Wu, R., and Yarochkin, F. (2017, August 7). Backdoor-carrying Emails Set Sights on Russian-speaking Businesses. Retrieved March 7, 2019.
Internal MISP references
UUID efeb475c-2a7c-4ab6-814d-3ee7866fa322 which can be used as unique global reference for TrendMicro Squiblydoo Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-07T00:00:00Z |
| date_published | 2017-08-07T00:00:00Z |
| source | MITRE |
| title | Backdoor-carrying Emails Set Sights on Russian-speaking Businesses |
Symantec Darkmoon Aug 2005
Hayashi, K. (2005, August 18). Backdoor.Darkmoon. Retrieved February 23, 2018.
Internal MISP references
UUID 7088234d-a6fc-49ad-b4fd-2fe8ca333c1d which can be used as unique global reference for Symantec Darkmoon Aug 2005 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-23T00:00:00Z |
| date_published | 2005-08-18T00:00:00Z |
| source | MITRE |
| title | Backdoor.Darkmoon |
ESET BackdoorDiplomacy Jun 2021
Adam Burgher. (2021, June 10). BackdoorDiplomacy: Upgrading from Quarian to Turian. Retrieved September 1, 2021
Internal MISP references
UUID 127d4b10-8d61-4bdf-b5b9-7d86bbc065b6 which can be used as unique global reference for ESET BackdoorDiplomacy Jun 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-01T00:00:00Z |
| date_published | 2021-06-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BackdoorDiplomacy: Upgrading from Quarian to Turian |
Backdooring an AWS account
Daniel Grzelak. (2016, July 9). Backdooring an AWS account. Retrieved May 27, 2022.
Internal MISP references
UUID 2c867527-1584-44f7-b5e5-8ca54ea79619 which can be used as unique global reference for Backdooring an AWS account in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2016-07-09T00:00:00Z |
| source | MITRE |
| title | Backdooring an AWS account |
Symantec Linfo May 2012
Zhou, R. (2012, May 15). Backdoor.Linfo. Retrieved February 23, 2018.
Internal MISP references
UUID e6b88cd4-a58e-4139-b266-48d0f5957407 which can be used as unique global reference for Symantec Linfo May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-23T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Linfo |
Symantec Backdoor.Mivast
Stama, D.. (2015, February 6). Backdoor.Mivast. Retrieved February 15, 2016.
Internal MISP references
UUID 800780e3-7d00-4cfc-8458-74fe17da2f71 which can be used as unique global reference for Symantec Backdoor.Mivast in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-15T00:00:00Z |
| date_published | 2015-02-06T00:00:00Z |
| source | MITRE |
| title | Backdoor.Mivast |
Symantec Nerex May 2012
Ladley, F. (2012, May 15). Backdoor.Nerex. Retrieved February 23, 2018.
Internal MISP references
UUID 1613fd6b-4d62-464b-9cda-6f7d3f0192e1 which can be used as unique global reference for Symantec Nerex May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-23T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Nerex |
Symantec Backdoor.Nidiran
Sponchioni, R.. (2016, March 11). Backdoor.Nidiran. Retrieved August 3, 2016.
Internal MISP references
UUID 01852772-c333-47a3-9e3f-e234a87f0b9b which can be used as unique global reference for Symantec Backdoor.Nidiran in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-03-11T00:00:00Z |
| source | MITRE |
| title | Backdoor.Nidiran |
Symantec Remsec IOCs
Symantec Security Response. (2016, August 8). Backdoor.Remsec indicators of compromise. Retrieved August 17, 2016.
Internal MISP references
UUID b00bf616-96e6-42c9-a56c-380047ad5acb which can be used as unique global reference for Symantec Remsec IOCs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-17T00:00:00Z |
| date_published | 2016-08-08T00:00:00Z |
| source | MITRE |
| title | Backdoor.Remsec indicators of compromise |
Symantec Ristol May 2012
Ladley, F. (2012, May 15). Backdoor.Ritsol. Retrieved February 23, 2018.
Internal MISP references
UUID 1c8b1762-8abd-479b-b78c-43d8c7be7c27 which can be used as unique global reference for Symantec Ristol May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-23T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Ritsol |
Symantec Vasport May 2012
Zhou, R. (2012, May 15). Backdoor.Vasport. Retrieved February 22, 2018.
Internal MISP references
UUID 2dc7d7fb-3d13-4647-b15b-5e501946d606 which can be used as unique global reference for Symantec Vasport May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-22T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Vasport |
FSecure Hupigon
FSecure. (n.d.). Backdoor - W32/Hupigon.EMV - Threat Description. Retrieved December 18, 2017.
Internal MISP references
UUID 08ceb57f-065e-45e9-98e9-d58a92caa755 which can be used as unique global reference for FSecure Hupigon in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| source | MITRE |
| title | Backdoor - W32/Hupigon.EMV - Threat Description |
Symantec Wiarp May 2012
Zhou, R. (2012, May 15). Backdoor.Wiarp. Retrieved February 22, 2018.
Internal MISP references
UUID 78285833-4b0d-4077-86d2-f34b010a5862 which can be used as unique global reference for Symantec Wiarp May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-22T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Backdoor.Wiarp |
Microsoft Lamin Sept 2017
Microsoft. (2009, May 17). Backdoor:Win32/Lamin.A. Retrieved September 6, 2018.
Internal MISP references
UUID 84b8b159-6e85-4329-8903-aca156f4ed84 which can be used as unique global reference for Microsoft Lamin Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-06T00:00:00Z |
| date_published | 2009-05-17T00:00:00Z |
| source | MITRE |
| title | Backdoor:Win32/Lamin.A |
Microsoft PoisonIvy 2017
McCormack, M. (2017, September 15). Backdoor:Win32/Poisonivy.E. Retrieved December 21, 2020.
Internal MISP references
UUID fc97a89c-c912-4b0c-b151-916695dbbca4 which can be used as unique global reference for Microsoft PoisonIvy 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| date_published | 2017-09-15T00:00:00Z |
| source | MITRE |
| title | Backdoor:Win32/Poisonivy.E |
Microsoft Win Defender Truvasys Sep 2017
Microsoft. (2017, September 15). Backdoor:Win32/Truvasys.A!dha. Retrieved November 30, 2017.
Internal MISP references
UUID 3c8ba6ef-8edc-44bf-9abe-655ba0f45912 which can be used as unique global reference for Microsoft Win Defender Truvasys Sep 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| date_published | 2017-09-15T00:00:00Z |
| source | MITRE |
| title | Backdoor:Win32/Truvasys.A!dha |
Microsoft Wingbird Nov 2017
Microsoft. (2017, November 9). Backdoor:Win32/Wingbird.A!dha. Retrieved November 27, 2017.
Internal MISP references
UUID 6c7e2b89-8f3a-443c-9b72-12934b9dc364 which can be used as unique global reference for Microsoft Wingbird Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| date_published | 2017-11-09T00:00:00Z |
| source | MITRE |
| title | Backdoor:Win32/Wingbird.A!dha |
Microsoft BITS
Microsoft. (n.d.). Background Intelligent Transfer Service. Retrieved January 12, 2018.
Internal MISP references
UUID 3d925a69-35f3-4337-8e1e-275de4c1783e which can be used as unique global reference for Microsoft BITS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| source | MITRE |
| title | Background Intelligent Transfer Service |
NCC Group Research Blog August 19 2022
NCC Group Research Blog. (2022, August 19). Back in Black: Unlocking a LockBit 3.0 Ransomware Attack. Retrieved May 7, 2023.
Internal MISP references
UUID 8c1fbe98-5fc1-4e67-9b96-b740ffc9b1ae which can be used as unique global reference for NCC Group Research Blog August 19 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-07T00:00:00Z |
| date_published | 2022-08-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Back in Black: Unlocking a LockBit 3.0 Ransomware Attack |
Tech Republic - Restore AWS Snapshots
Hardiman, N.. (2012, March 20). Backing up and restoring snapshots on Amazon EC2 machines. Retrieved October 8, 2019.
Internal MISP references
UUID bfe848a3-c855-4bca-a6ea-44804d48c7eb which can be used as unique global reference for Tech Republic - Restore AWS Snapshots in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2012-03-20T00:00:00Z |
| source | MITRE |
| title | Backing up and restoring snapshots on Amazon EC2 machines |
Secureworks COBALT DICKENS August 2018
Counter Threat Unit Research Team. (2018, August 24). Back to School: COBALT DICKENS Targets Universities. Retrieved February 3, 2021.
Internal MISP references
UUID addbb46b-b2b5-4844-b4be-f6294cf51caa which can be used as unique global reference for Secureworks COBALT DICKENS August 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-03T00:00:00Z |
| date_published | 2018-08-24T00:00:00Z |
| source | MITRE |
| title | Back to School: COBALT DICKENS Targets Universities |
Cybereason Kimsuky November 2020
Dahan, A. et al. (2020, November 2). Back to the Future: Inside the Kimsuky KGH Spyware Suite. Retrieved November 6, 2020.
Internal MISP references
UUID ecc2f5ad-b2a8-470b-b919-cb184d12d00f which can be used as unique global reference for Cybereason Kimsuky November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-06T00:00:00Z |
| date_published | 2020-11-02T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Back to the Future: Inside the Kimsuky KGH Spyware Suite |
Proofpoint TA453 March 2021
Miller, J. et al. (2021, March 30). BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns. Retrieved May 4, 2021.
Internal MISP references
UUID 5ba4217c-813b-4cc5-b694-3a4dcad776e4 which can be used as unique global reference for Proofpoint TA453 March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-04T00:00:00Z |
| date_published | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns |
Unit 42 BadPatch Oct 2017
Bar, T., Conant, S. (2017, October 20). BadPatch. Retrieved November 13, 2018.
Internal MISP references
UUID 9c294bf7-24ba-408a-90b8-5b9885838e1b which can be used as unique global reference for Unit 42 BadPatch Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2017-10-20T00:00:00Z |
| source | MITRE |
| title | BadPatch |
ESET Bad Rabbit
M.Léveille, M-E.. (2017, October 24). Bad Rabbit: Not‑Petya is back with improved ransomware. Retrieved January 28, 2021.
Internal MISP references
UUID a9664f01-78f0-4461-a757-12f54ec99a56 which can be used as unique global reference for ESET Bad Rabbit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-28T00:00:00Z |
| date_published | 2017-10-24T00:00:00Z |
| source | MITRE |
| title | Bad Rabbit: Not‑Petya is back with improved ransomware |
Secure List Bad Rabbit
Mamedov, O. Sinitsyn, F. Ivanov, A.. (2017, October 24). Bad Rabbit ransomware. Retrieved January 28, 2021.
Internal MISP references
UUID f4cec03a-ea94-4874-9bea-16189e967ff9 which can be used as unique global reference for Secure List Bad Rabbit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-28T00:00:00Z |
| date_published | 2017-10-24T00:00:00Z |
| source | MITRE |
| title | Bad Rabbit ransomware |
BlackBerry Bahamut
The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.
Internal MISP references
UUID 872c377b-724b-454c-8432-e38062a7c331 which can be used as unique global reference for BlackBerry Bahamut in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-08T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps |
BaltimoreSun RobbinHood May 2019
Duncan, I., Campbell, C. (2019, May 7). Baltimore city government computer network hit by ransomware attack. Retrieved July 29, 2019.
Internal MISP references
UUID f578de81-ea6b-49d0-9a0a-111e07249cd8 which can be used as unique global reference for BaltimoreSun RobbinHood May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-29T00:00:00Z |
| date_published | 2019-05-07T00:00:00Z |
| source | MITRE |
| title | Baltimore city government computer network hit by ransomware attack |
CheckPoint Bandook Nov 2020
Check Point. (2020, November 26). Bandook: Signed & Delivered. Retrieved May 31, 2021.
Internal MISP references
UUID 352652a9-86c9-42e1-8ee0-968180c6a51e which can be used as unique global reference for CheckPoint Bandook Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-31T00:00:00Z |
| date_published | 2020-11-26T00:00:00Z |
| source | MITRE |
| title | Bandook: Signed & Delivered |
Banker Google Chrome Extension Steals Creds
Marinho, R. (n.d.). (Banker(GoogleChromeExtension)).targeting. Retrieved November 18, 2017.
Internal MISP references
UUID 93f37adc-d060-4b35-9a4d-62d2ad61cdf3 which can be used as unique global reference for Banker Google Chrome Extension Steals Creds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-18T00:00:00Z |
| source | MITRE |
| title | (Banker(GoogleChromeExtension)).targeting |
Unit42 Banking Trojans Hooking 2022
Or Chechik. (2022, October 31). Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure. Retrieved September 27, 2023.
Internal MISP references
UUID 411c3df4-08e6-518a-953d-19988b663dc4 which can be used as unique global reference for Unit42 Banking Trojans Hooking 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2022-10-31T00:00:00Z |
| source | MITRE |
| title | Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure |
Linux manual bash invocation
ArchWiki. (2021, January 19). Bash. Retrieved February 25, 2021.
Internal MISP references
UUID 06185cbd-6635-46c7-9783-67bd8742b66f which can be used as unique global reference for Linux manual bash invocation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-25T00:00:00Z |
| date_published | 2021-01-19T00:00:00Z |
| source | MITRE |
| title | Bash |
DieNet Bash
die.net. (n.d.). bash(1) - Linux man page. Retrieved June 12, 2020.
Internal MISP references
UUID c5b362ce-6bae-46f7-b047-e3a0b2bf2580 which can be used as unique global reference for DieNet Bash in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-12T00:00:00Z |
| source | MITRE |
| title | bash(1) - Linux man page |
Bash.exe - LOLBAS Project
LOLBAS. (2018, May 25). Bash.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7d3efbc7-6abf-4f3f-aec8-686100bb90ad which can be used as unique global reference for Bash.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bash.exe |
Bashfuscator Command Obfuscators
LeFevre, A. (n.d.). Bashfuscator Command Obfuscators. Retrieved March 17, 2023.
Internal MISP references
UUID c0256889-3ff0-59de-b0d1-39a947a4c89d which can be used as unique global reference for Bashfuscator Command Obfuscators in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| source | MITRE |
| title | Bashfuscator Command Obfuscators |
Microsoft Basic TxF Concepts
Microsoft. (n.d.). Basic TxF Concepts. Retrieved December 20, 2017.
Internal MISP references
UUID 72798536-a7e3-43e2-84e3-b5b8b54f0bca which can be used as unique global reference for Microsoft Basic TxF Concepts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| source | MITRE |
| title | Basic TxF Concepts |
BATLOADER: The Evasive Downloader Malware
Bethany Hardin, Lavine Oluoch, Tatiana Vollbrecht. (2022, November 14). BATLOADER: The Evasive Downloader Malware. Retrieved June 5, 2023.
Internal MISP references
UUID 53e12ade-99ed-51ee-b5c8-32180f144658 which can be used as unique global reference for BATLOADER: The Evasive Downloader Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-05T00:00:00Z |
| date_published | 2022-11-14T00:00:00Z |
| source | MITRE |
| title | BATLOADER: The Evasive Downloader Malware |
Palo Alto Networks BBSRAT
Lee, B. Grunzweig, J. (2015, December 22). BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger. Retrieved August 19, 2016.
Internal MISP references
UUID 8c5d61ba-24c5-4f6c-a208-e0a5d23ebb49 which can be used as unique global reference for Palo Alto Networks BBSRAT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-19T00:00:00Z |
| date_published | 2015-12-22T00:00:00Z |
| source | MITRE |
| title | BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger |
Microsoft bcdedit 2021
Microsoft. (2021, May 27). bcdedit. Retrieved June 23, 2021.
Internal MISP references
UUID 40dedfcb-f666-4f2d-a518-5cd4ae2e273c which can be used as unique global reference for Microsoft bcdedit 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-23T00:00:00Z |
| date_published | 2021-05-27T00:00:00Z |
| source | MITRE |
| title | bcdedit |
Securelist BlackEnergy Nov 2014
Baumgartner, K. and Garnaeva, M.. (2014, November 3). BE2 custom plugins, router abuse, and target profiles. Retrieved March 24, 2016.
Internal MISP references
UUID c64696d0-ee42-41e5-92cb-13cf43fac0c9 which can be used as unique global reference for Securelist BlackEnergy Nov 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2014-11-03T00:00:00Z |
| source | MITRE |
| title | BE2 custom plugins, router abuse, and target profiles |
Securelist BlackEnergy Feb 2015
Baumgartner, K. and Garnaeva, M.. (2015, February 17). BE2 extraordinary plugins, Siemens targeting, dev fails. Retrieved March 24, 2016.
Internal MISP references
UUID ef043c07-6ae6-4cd2-82cf-7cbdb259f676 which can be used as unique global reference for Securelist BlackEnergy Feb 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2015-02-17T00:00:00Z |
| source | MITRE |
| title | BE2 extraordinary plugins, Siemens targeting, dev fails |
Crowdstrike DNC June 2016
Alperovitch, D.. (2016, June 15). Bears in the Midst: Intrusion into the Democratic National Committee. Retrieved August 3, 2016.
Internal MISP references
UUID 7f4edc06-ac67-4d71-b39c-5df9ce521bbb which can be used as unique global reference for Crowdstrike DNC June 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-06-15T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Bears in the Midst: Intrusion into the Democratic National Committee |
Deep Instinct Black Basta August 2022
Vilkomir-Preisman, S. (2022, August 18). Beating Black Basta Ransomware. Retrieved March 8, 2023.
Internal MISP references
UUID 72b64d7d-f8eb-54d3-83c8-a883906ceea1 which can be used as unique global reference for Deep Instinct Black Basta August 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-08-18T00:00:00Z |
| source | MITRE |
| title | Beating Black Basta Ransomware |
Bienstock, D. - Defending O365 - 2019
Bienstock, D.. (2019). BECS and Beyond: Investigating and Defending O365. Retrieved September 13, 2019.
Internal MISP references
UUID 4866e6c3-c1b2-4131-bd8f-0ac228168a10 which can be used as unique global reference for Bienstock, D. - Defending O365 - 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-13T00:00:00Z |
| date_published | 2019-01-01T00:00:00Z |
| source | MITRE |
| title | BECS and Beyond: Investigating and Defending O365 |
Kevin Mandia Statement to US Senate Committee on Intelligence
Kevin Mandia. (2017, March 30). Prepared Statement of Kevin Mandia, CEO of FireEye, Inc. before the United States Senate Select Committee on Intelligence. Retrieved April 19, 2019.
Internal MISP references
UUID c40a3f96-75f4-4b1c-98a5-cb38129c6dc4 which can be used as unique global reference for Kevin Mandia Statement to US Senate Committee on Intelligence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| source | MITRE |
| title | before the United States Senate Select Committee on Intelligence |
Microsoft Dofoil 2018
Windows Defender Research. (2018, March 7). Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign. Retrieved March 20, 2018.
Internal MISP references
UUID 85069317-2c25-448b-9ff4-504e429dc1bf which can be used as unique global reference for Microsoft Dofoil 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-20T00:00:00Z |
| date_published | 2018-03-07T00:00:00Z |
| source | MITRE |
| title | Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign |
FireEye CARBANAK June 2017
Bennett, J., Vengerik, B. (2017, June 12). Behind the CARBANAK Backdoor. Retrieved June 11, 2018.
Internal MISP references
UUID 39105492-6044-460c-9dc9-3d4473ee862e which can be used as unique global reference for FireEye CARBANAK June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-11T00:00:00Z |
| date_published | 2017-06-12T00:00:00Z |
| source | MITRE |
| title | Behind the CARBANAK Backdoor |
Expel Behind the Scenes
S. Lipton, L. Easterly, A. Randazzo and J. Hencinski. (2020, July 28). Behind the scenes in the Expel SOC: Alert-to-fix in AWS. Retrieved October 1, 2020.
Internal MISP references
UUID d538026c-da30-48d2-bc30-fde3776db1a8 which can be used as unique global reference for Expel Behind the Scenes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-01T00:00:00Z |
| date_published | 2020-07-28T00:00:00Z |
| source | MITRE |
| title | Behind the scenes in the Expel SOC: Alert-to-fix in AWS |
Microsoft BEC Campaign
Carr, N., Sellmer, S. (2021, June 14). Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign. Retrieved June 15, 2021.
Internal MISP references
UUID 1de8c853-2b0c-439b-a31b-a2c4fa9f4206 which can be used as unique global reference for Microsoft BEC Campaign in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-15T00:00:00Z |
| date_published | 2021-06-14T00:00:00Z |
| source | MITRE |
| title | Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign |
Unit42 BendyBear Feb 2021
Harbison, M. (2021, February 9). BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech. Retrieved February 16, 2021.
Internal MISP references
UUID f5cbc08f-6f2c-4c81-9d68-07f61e16f138 which can be used as unique global reference for Unit42 BendyBear Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-16T00:00:00Z |
| date_published | 2021-02-09T00:00:00Z |
| source | MITRE |
| title | BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech |
Google Cloud Storage Best Practices, 2019
Google. (2019, September 16). Best practices for Cloud Storage. Retrieved October 4, 2019.
Internal MISP references
UUID 752ad355-0f10-4c8d-bad8-42bf2fc75fa0 which can be used as unique global reference for Google Cloud Storage Best Practices, 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2019-09-16T00:00:00Z |
| source | MITRE |
| title | Best practices for Cloud Storage |
Shadowbunny VM Defense Evasion
Johann Rehberger. (2020, September 23). Beware of the Shadowbunny - Using virtual machines to persist and evade detections. Retrieved September 22, 2021.
Internal MISP references
UUID eef7cd8a-8cb6-4b24-ba49-9b17353d20b5 which can be used as unique global reference for Shadowbunny VM Defense Evasion in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2020-09-23T00:00:00Z |
| source | MITRE |
| title | Beware of the Shadowbunny - Using virtual machines to persist and evade detections |
Hexacorn Office Test
Hexacorn. (2014, April 16). Beyond good ol’ Run key, Part 10. Retrieved July 3, 2017.
Internal MISP references
UUID 60d90852-ea00-404d-b613-9ad1589aff31 which can be used as unique global reference for Hexacorn Office Test in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2014-04-16T00:00:00Z |
| source | MITRE |
| title | Beyond good ol’ Run key, Part 10 |
Hexacorn Logon Scripts
Hexacorn. (2014, November 14). Beyond good ol’ Run key, Part 18. Retrieved November 15, 2019.
Internal MISP references
UUID bdcdfe9e-1f22-4472-9a86-faefcb5c5618 which can be used as unique global reference for Hexacorn Logon Scripts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-15T00:00:00Z |
| date_published | 2014-11-14T00:00:00Z |
| source | MITRE |
| title | Beyond good ol’ Run key, Part 18 |
Hexacorn Office Template Macros
Hexacorn. (2017, April 17). Beyond good ol’ Run key, Part 62. Retrieved July 3, 2017.
Internal MISP references
UUID 7d558a35-a5c0-4e4c-92bf-cb2435c41a95 which can be used as unique global reference for Hexacorn Office Template Macros in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2017-04-17T00:00:00Z |
| source | MITRE |
| title | Beyond good ol’ Run key, Part 62 |
Bginfo.exe - LOLBAS Project
LOLBAS. (2018, May 25). Bginfo.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ca1eaac2-7449-4a76-bec2-9dc5971fd808 which can be used as unique global reference for Bginfo.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bginfo.exe |
BianLian Ransomware Gang Gives It a Go! | [redacted]
Ben Armstrong, Lauren Pearce, Brad Pittack, Danny Quist. (2022, September 1). BianLian Ransomware Gang Gives It a Go!. Retrieved May 18, 2023.
Internal MISP references
UUID fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d which can be used as unique global reference for BianLian Ransomware Gang Gives It a Go! | [redacted] in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-18T00:00:00Z |
| date_published | 2022-09-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BianLian Ransomware Gang Gives It a Go! |
Group IB APT 41 June 2021
Rostovcev, N. (2021, June 10). Big airline heist APT41 likely behind a third-party attack on Air India. Retrieved August 26, 2021.
Internal MISP references
UUID a2bf43a0-c7da-4cb9-8f9a-b34fac92b625 which can be used as unique global reference for Group IB APT 41 June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-26T00:00:00Z |
| date_published | 2021-06-10T00:00:00Z |
| source | MITRE |
| title | Big airline heist APT41 likely behind a third-party attack on Air India |
Crowdstrike Indrik November 2018
Frankoff, S., Hartley, B. (2018, November 14). Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware. Retrieved January 6, 2021.
Internal MISP references
UUID 0f85f611-90db-43ba-8b71-5d0d4ec8cdd5 which can be used as unique global reference for Crowdstrike Indrik November 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2018-11-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware |
CrowdStrike Ryuk January 2019
Hanel, A. (2019, January 10). Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved May 12, 2020.
Internal MISP references
UUID df471757-2ce0-48a7-922f-a84c57704914 which can be used as unique global reference for CrowdStrike Ryuk January 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-12T00:00:00Z |
| date_published | 2019-01-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware |
OWASP Binary Planting
OWASP. (2013, January 30). Binary planting. Retrieved June 7, 2016.
Internal MISP references
UUID 86fc5a62-385e-4c56-9812-138db0808fba which can be used as unique global reference for OWASP Binary Planting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-07T00:00:00Z |
| date_published | 2013-01-30T00:00:00Z |
| source | MITRE |
| title | Binary planting |
Wikipedia Binary-to-text Encoding
Wikipedia. (2016, December 26). Binary-to-text encoding. Retrieved March 1, 2017.
Internal MISP references
UUID 9b3820e8-f094-4e87-9ed6-ab0207d509fb which can be used as unique global reference for Wikipedia Binary-to-text Encoding in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2016-12-26T00:00:00Z |
| source | MITRE |
| title | Binary-to-text encoding |
Sucuri BIND9 August 2015
Cid, D.. (2015, August 2). BIND9 – Denial of Service Exploit in the Wild. Retrieved April 26, 2019.
Internal MISP references
UUID 5e108782-2f32-4704-be01-055d9e767216 which can be used as unique global reference for Sucuri BIND9 August 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-26T00:00:00Z |
| date_published | 2015-08-02T00:00:00Z |
| source | MITRE |
| title | BIND9 – Denial of Service Exploit in the Wild |
Wikipedia BIOS
Wikipedia. (n.d.). BIOS. Retrieved January 5, 2016.
Internal MISP references
UUID 0c4a2cb3-d663-47ee-87af-c5e9e68fe15f which can be used as unique global reference for Wikipedia BIOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-05T00:00:00Z |
| source | MITRE |
| title | BIOS |
Ge 2011
Ge, L. (2011, September 9). BIOS Threat is Showing up Again!. Retrieved November 14, 2014.
Internal MISP references
UUID dd6032fb-8913-4593-81b9-86d1239e01f4 which can be used as unique global reference for Ge 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-14T00:00:00Z |
| date_published | 2011-09-09T00:00:00Z |
| source | MITRE |
| title | BIOS Threat is Showing up Again! |
Talos Bisonal Mar 2020
Mercer, W., et al. (2020, March 5). Bisonal: 10 years of play. Retrieved January 26, 2022.
Internal MISP references
UUID eaecccff-e0a0-4fa0-81e5-799b23c26b5a which can be used as unique global reference for Talos Bisonal Mar 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-26T00:00:00Z |
| date_published | 2020-03-05T00:00:00Z |
| source | MITRE |
| title | Bisonal: 10 years of play |
Talos Bisonal 10 Years March 2020
Warren Mercer, Paul Rascagneres, Vitor Ventura. (2020, March 6). Bisonal 10 Years of Play. Retrieved October 17, 2021.
Internal MISP references
UUID 6844e59b-d393-43df-9978-e3e3cc7b8db6 which can be used as unique global reference for Talos Bisonal 10 Years March 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-17T00:00:00Z |
| date_published | 2020-03-06T00:00:00Z |
| source | MITRE |
| title | Bisonal 10 Years of Play |
Unit 42 Bisonal July 2018
Hayashi, K., Ray, V. (2018, July 31). Bisonal Malware Used in Attacks Against Russia and South Korea. Retrieved August 7, 2018.
Internal MISP references
UUID 30b2ec12-b785-43fb-ab72-b37387046d15 which can be used as unique global reference for Unit 42 Bisonal July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-07T00:00:00Z |
| date_published | 2018-07-31T00:00:00Z |
| source | MITRE |
| title | Bisonal Malware Used in Attacks Against Russia and South Korea |
Bitsadmin.exe - LOLBAS Project
LOLBAS. (2018, May 25). Bitsadmin.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 89bdc17b-553c-4245-acde-f6c56602e357 which can be used as unique global reference for Bitsadmin.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bitsadmin.exe |
Microsoft BITSAdmin
Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018.
Internal MISP references
UUID 5b8c2a8c-f01e-491a-aaf9-504ee7a1caed which can be used as unique global reference for Microsoft BITSAdmin in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| source | MITRE |
| title | BITSAdmin Tool |
Cisco Talos Bitter Bangladesh May 2022
Raghuprasad, C . (2022, May 11). Bitter APT adds Bangladesh to their targets. Retrieved June 1, 2022.
Internal MISP references
UUID 097583ed-03b0-41cd-bf85-66d473f46439 which can be used as unique global reference for Cisco Talos Bitter Bangladesh May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| date_published | 2022-05-11T00:00:00Z |
| source | MITRE |
| title | Bitter APT adds Bangladesh to their targets |
Forcepoint BITTER Pakistan Oct 2016
Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved June 1, 2022.
Internal MISP references
UUID 9fc54fb0-b7d9-49dc-b6dd-ab4cb2cd34fa which can be used as unique global reference for Forcepoint BITTER Pakistan Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| date_published | 2016-10-21T00:00:00Z |
| source | MITRE |
| title | BITTER: a targeted attack against Pakistan |
Camba RARSTONE
Camba, A. (2013, February 27). BKDR_RARSTONE: New RAT to Watch Out For. Retrieved January 8, 2016.
Internal MISP references
UUID bca93846-457d-4644-ba43-f9293982916f which can be used as unique global reference for Camba RARSTONE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-08T00:00:00Z |
| date_published | 2013-02-27T00:00:00Z |
| source | MITRE |
| title | BKDR_RARSTONE: New RAT to Watch Out For |
TrendMicro BKDR_URSNIF.SM
Sioting, S. (2013, June 15). BKDR_URSNIF.SM. Retrieved June 5, 2019.
Internal MISP references
UUID aa791512-039e-4230-ab49-f184ca0e38c5 which can be used as unique global reference for TrendMicro BKDR_URSNIF.SM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-05T00:00:00Z |
| date_published | 2013-06-15T00:00:00Z |
| source | MITRE |
| title | BKDR_URSNIF.SM |
Cyble September 28 2022
Cybleinc. (2023, September 28). Bl00dy – New Ransomware Strain Active in the Wild. Retrieved August 3, 2023.
Internal MISP references
UUID ae2daa9c-6741-4ab7-854d-bee1170b3d7a which can be used as unique global reference for Cyble September 28 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-03T00:00:00Z |
| date_published | 2023-09-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Bl00dy – New Ransomware Strain Active in the Wild |
Trend Micro Pikabot January 9 2024
Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot, Ian Kenefick. (2024, January 9). Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign. Retrieved January 11, 2024.
Internal MISP references
UUID dc7d882b-4e83-42da-8e2f-f557b675930a which can be used as unique global reference for Trend Micro Pikabot January 9 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-11T00:00:00Z |
| date_published | 2024-01-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign |
Check Point Black Basta October 2022
Check Point. (2022, October 20). BLACK BASTA AND THE UNNOTICED DELIVERY. Retrieved March 8, 2023.
Internal MISP references
UUID 7a00457b-ae72-5aea-904f-9ca7f4cb9fe9 which can be used as unique global reference for Check Point Black Basta October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-10-20T00:00:00Z |
| source | MITRE |
| title | BLACK BASTA AND THE UNNOTICED DELIVERY |
BlackBasta
Antonio Cocomazzi and Antonio Pirozzi. (2022, November 3). Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor. Retrieved March 14, 2023.
Internal MISP references
UUID c7e55e37-d051-5111-8d0a-738656f88650 which can be used as unique global reference for BlackBasta in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-14T00:00:00Z |
| date_published | 2022-11-03T00:00:00Z |
| source | MITRE |
| title | Black Basta Ransomware |
Trend Micro Black Basta October 2022
Kenefick, I. et al. (2022, October 12). Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike. Retrieved February 6, 2023.
Internal MISP references
UUID 6e4a1565-4a30-5a6b-961c-226a6f1967ae which can be used as unique global reference for Trend Micro Black Basta October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-06T00:00:00Z |
| date_published | 2022-10-12T00:00:00Z |
| source | MITRE |
| title | Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike |
Uptycs Black Basta ESXi June 2022
Sharma, S. and Hegde, N. (2022, June 7). Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems. Retrieved March 8, 2023.
Internal MISP references
UUID a8145e38-c2a4-5021-824d-5a831299b9d9 which can be used as unique global reference for Uptycs Black Basta ESXi June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-06-07T00:00:00Z |
| source | MITRE |
| title | Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems |
BlackBerry Black Basta May 2022
Ballmer, D. (2022, May 6). Black Basta: Rebrand of Conti or Something New?. Retrieved March 7, 2023.
Internal MISP references
UUID 32a272fe-ac10-5478-88a0-b3dd366ec540 which can be used as unique global reference for BlackBerry Black Basta May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-05-06T00:00:00Z |
| source | MITRE |
| title | Black Basta: Rebrand of Conti or Something New? |
FBI BlackCat April 19 2022
FBI. (2022, April 19). BlackCat/ALPHV Ransomware Indicators of Compromise. Retrieved September 14, 2023.
Internal MISP references
UUID 2640b58c-8413-4691-80e1-33aec9b6c7f6 which can be used as unique global reference for FBI BlackCat April 19 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2022-04-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackCat/ALPHV Ransomware Indicators of Compromise |
X-Force BlackCat May 30 2023
IBM Security X-Force Team. (2023, May 30). BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration. Retrieved September 14, 2023.
Internal MISP references
UUID b80c1f70-9d05-4f4b-bdc2-6157c6837202 which can be used as unique global reference for X-Force BlackCat May 30 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2023-05-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration |
BlackBerry BlackCat Threat Overview
BlackBerry. (n.d.). BlackCat Malware (AKA ALPHV). Retrieved September 14, 2023.
Internal MISP references
UUID 59f98ae1-c62d-460f-8d2a-9ae287b59953 which can be used as unique global reference for BlackBerry BlackCat Threat Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | BlackCat Malware (AKA ALPHV) |
Sophos BlackCat Jul 2022
Brandt, Andrew. (2022, July 14). BlackCat ransomware attacks not merely a byproduct of bad luck. Retrieved December 20, 2022.
Internal MISP references
UUID 481a0106-d5b6-532c-8f5b-6c0c477185f4 which can be used as unique global reference for Sophos BlackCat Jul 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-12-20T00:00:00Z |
| date_published | 2022-07-14T00:00:00Z |
| source | MITRE |
| title | BlackCat ransomware attacks not merely a byproduct of bad luck |
ESET BlackEnergy Jan 2016
Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry . Retrieved June 10, 2020.
Internal MISP references
UUID a0103079-c966-46b6-8871-c01f7f0eea4c which can be used as unique global reference for ESET BlackEnergy Jan 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2016-01-03T00:00:00Z |
| source | MITRE |
| title | BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry |
ESEST Black Energy Jan 2016
Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved May 18, 2016.
Internal MISP references
UUID 4d626eb9-3722-4aa4-b95e-1650cc2865c2 which can be used as unique global reference for ESEST Black Energy Jan 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-05-18T00:00:00Z |
| date_published | 2016-01-03T00:00:00Z |
| source | MITRE |
| title | BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry |
F-Secure BlackEnergy 2014
F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.
Internal MISP references
UUID 5f228fb5-d959-4c4a-bb8c-f9dc01d5af07 which can be used as unique global reference for F-Secure BlackEnergy 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | BlackEnergy & Quedagh: The convergence of crimeware and APT attacks |
Securelist BlackOasis Oct 2017
Kaspersky Lab's Global Research & Analysis Team. (2017, October 16). BlackOasis APT and new targeted attacks leveraging zero-day exploit. Retrieved February 15, 2018.
Internal MISP references
UUID 66121c37-6b66-4ab2-9f63-1adb80dcec62 which can be used as unique global reference for Securelist BlackOasis Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BlackOasis APT and new targeted attacks leveraging zero-day exploit |
Palo Alto Black-T October 2020
Quist, N. (2020, October 5). Black-T: New Cryptojacking Variant from TeamTNT. Retrieved September 22, 2021.
Internal MISP references
UUID d4351c8e-026d-4660-9344-166481ecf64a which can be used as unique global reference for Palo Alto Black-T October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2020-10-05T00:00:00Z |
| source | MITRE |
| title | Black-T: New Cryptojacking Variant from TeamTNT |
BlackWater Malware Cloudflare Workers
Lawrence Abrams. (2020, March 14). BlackWater Malware Abuses Cloudflare Workers for C2 Communication. Retrieved July 8, 2022.
Internal MISP references
UUID 053895e8-da3f-4291-a728-2198fde774e7 which can be used as unique global reference for BlackWater Malware Cloudflare Workers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-08T00:00:00Z |
| date_published | 2020-03-14T00:00:00Z |
| source | MITRE |
| title | BlackWater Malware Abuses Cloudflare Workers for C2 Communication |
NHS UK BLINDINGCAN Aug 2020
NHS Digital . (2020, August 20). BLINDINGCAN Remote Access Trojan. Retrieved August 20, 2020.
Internal MISP references
UUID acca4c89-acce-4916-88b6-f4dac7d8ab19 which can be used as unique global reference for NHS UK BLINDINGCAN Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-20T00:00:00Z |
| date_published | 2020-08-20T00:00:00Z |
| source | MITRE |
| title | BLINDINGCAN Remote Access Trojan |
Azure Blob Snapshots
Microsoft Azure. (2021, December 29). Blob snapshots. Retrieved March 2, 2022.
Internal MISP references
UUID 152628ab-3244-4cc7-a68e-a220b652039b which can be used as unique global reference for Azure Blob Snapshots in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-02T00:00:00Z |
| date_published | 2021-12-29T00:00:00Z |
| source | MITRE |
| title | Blob snapshots |
objsee block blocking login items
Patrick Wardle. (2018, July 23). Block Blocking Login Items. Retrieved October 1, 2021.
Internal MISP references
UUID 76511800-8331-476b-ab4f-0daa587f5e22 which can be used as unique global reference for objsee block blocking login items in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-01T00:00:00Z |
| date_published | 2018-07-23T00:00:00Z |
| source | MITRE |
| title | Block Blocking Login Items |
Technospot Chrome Extensions GP
Mohta, A. (n.d.). Block Chrome Extensions using Google Chrome Group Policy Settings. Retrieved January 10, 2018.
Internal MISP references
UUID 76faf20c-27d3-4e67-8ab7-8480f8f88ae5 which can be used as unique global reference for Technospot Chrome Extensions GP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-10T00:00:00Z |
| source | MITRE |
| title | Block Chrome Extensions using Google Chrome Group Policy Settings |
Evi1cg Forfiles Nov 2017
Evi1cg. (2017, November 26). block cmd.exe ? try this :. Retrieved January 22, 2018.
Internal MISP references
UUID b292b85e-68eb-43c3-9b5b-222810e2f26a which can be used as unique global reference for Evi1cg Forfiles Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2017-11-26T00:00:00Z |
| source | MITRE |
| title | block cmd.exe ? try this : |
Fifield Blocking Resistent Communication through domain fronting 2015
David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. (2015). Blocking-resistant communication through domain fronting. Retrieved November 20, 2017.
Internal MISP references
UUID 52671075-c425-40c7-a49a-b75e44a0c58a which can be used as unique global reference for Fifield Blocking Resistent Communication through domain fronting 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-20T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | Blocking-resistant communication through domain fronting |
GitHub Bloodhound
Robbins, A., Vazarkar, R., and Schroeder, W. (2016, April 17). Bloodhound: Six Degrees of Domain Admin. Retrieved March 5, 2019.
Internal MISP references
UUID e90b4941-5dff-4f38-b4dd-af3426fd621e which can be used as unique global reference for GitHub Bloodhound in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2016-04-17T00:00:00Z |
| source | MITRE |
| title | Bloodhound: Six Degrees of Domain Admin |
Blue Cloud of Death Video
Kunz, Bruce. (2018, October 14). Blue Cloud of Death: Red Teaming Azure. Retrieved November 21, 2019.
Internal MISP references
UUID 39b0adf6-c71e-4501-b8bb-fab82718486b which can be used as unique global reference for Blue Cloud of Death Video in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-21T00:00:00Z |
| date_published | 2018-10-14T00:00:00Z |
| source | MITRE |
| title | Blue Cloud of Death: Red Teaming Azure |
Blue Cloud of Death
Kunz, Bryce. (2018, May 11). Blue Cloud of Death: Red Teaming Azure. Retrieved October 23, 2019.
Internal MISP references
UUID 0c764280-9d8c-4fa4-9088-170f02550d4c which can be used as unique global reference for Blue Cloud of Death in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-23T00:00:00Z |
| date_published | 2018-05-11T00:00:00Z |
| source | MITRE |
| title | Blue Cloud of Death: Red Teaming Azure |
apple doco bonjour description
Apple Inc. (2013, April 23). Bonjour Overview. Retrieved October 11, 2021.
Internal MISP references
UUID b8538d67-ab91-41c2-9cc3-a7b00c6b372a which can be used as unique global reference for apple doco bonjour description in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-11T00:00:00Z |
| date_published | 2013-04-23T00:00:00Z |
| source | MITRE |
| title | Bonjour Overview |
Booby Trap Shortcut 2017
Weyne, F. (2017, April). Booby trap a shortcut with a backdoor. Retrieved October 3, 2023.
Internal MISP references
UUID 1a820fb8-3cff-584b-804f-9bad0592873b which can be used as unique global reference for Booby Trap Shortcut 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-03T00:00:00Z |
| date_published | 2017-04-01T00:00:00Z |
| source | MITRE |
| title | Booby trap a shortcut with a backdoor |
Microsoft Bootcfg
Gerend, J. et al. (2017, October 16). bootcfg. Retrieved August 30, 2021.
Internal MISP references
UUID 44ffaa60-4461-4463-a1b5-abc868368c0a which can be used as unique global reference for Microsoft Bootcfg in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-30T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | bootcfg |
Imperva DDoS for Hire
Imperva. (n.d.). Booters, Stressers and DDoSers. Retrieved October 4, 2020.
Internal MISP references
UUID 86f87ec6-058e-45a7-9314-0579a2b4e8f2 which can be used as unique global reference for Imperva DDoS for Hire in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-04T00:00:00Z |
| source | MITRE |
| title | Booters, Stressers and DDoSers |
Wikipedia Booting
Wikipedia. (n.d.). Booting. Retrieved November 13, 2019.
Internal MISP references
UUID 6d9c72cb-6cda-445e-89ea-7e695063d49a which can be used as unique global reference for Wikipedia Booting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-13T00:00:00Z |
| source | MITRE |
| title | Booting |
FireEye BOOTRASH SANS
Glyer, C.. (2017, June 22). Boot What?. Retrieved May 4, 2020.
Internal MISP references
UUID 835c9e5d-b291-43d9-9b8a-2978aa8c8cd3 which can be used as unique global reference for FireEye BOOTRASH SANS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-04T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE |
| title | Boot What? |
Unit42 LockerGoga 2019
Harbison, M. (2019, March 26). Born This Way? Origins of LockerGoga. Retrieved April 16, 2019.
Internal MISP references
UUID 8f058923-f2f7-4c0e-b90a-c7a0d5e62186 which can be used as unique global reference for Unit42 LockerGoga 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-03-26T00:00:00Z |
| source | MITRE |
| title | Born This Way? Origins of LockerGoga |
Threatexpress MetaTwin 2017
Vest, J. (2017, October 9). Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads. Retrieved September 10, 2019.
Internal MISP references
UUID 156efefd-793f-4219-8904-ef160a45c9ec which can be used as unique global reference for Threatexpress MetaTwin 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-10T00:00:00Z |
| date_published | 2017-10-09T00:00:00Z |
| source | MITRE |
| title | Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads |
Sandfly BPFDoor 2022
The Sandfly Security Team. (2022, May 11). BPFDoor - An Evasive Linux Backdoor Technical Analysis. Retrieved September 29, 2023.
Internal MISP references
UUID 01c8337f-614b-5f63-870f-5c880b390922 which can be used as unique global reference for Sandfly BPFDoor 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-29T00:00:00Z |
| date_published | 2022-05-11T00:00:00Z |
| source | MITRE |
| title | BPFDoor - An Evasive Linux Backdoor Technical Analysis |
AADInternals - BPRT
Dr. Nestori Syynimaa. (2021, January 31). BPRT unleashed: Joining multiple devices to Azure AD and Intune. Retrieved March 4, 2022.
Internal MISP references
UUID 19af3fce-eb57-4e67-9678-1968e9ea9677 which can be used as unique global reference for AADInternals - BPRT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-04T00:00:00Z |
| date_published | 2021-01-31T00:00:00Z |
| source | MITRE |
| title | BPRT unleashed: Joining multiple devices to Azure AD and Intune |
Brazking-Websockets
Shahar Tavor. (n.d.). BrazKing Android Malware Upgraded and Targeting Brazilian Banks. Retrieved March 24, 2023.
Internal MISP references
UUID fa813afd-b8f0-535b-9108-6d3d3989b6b9 which can be used as unique global reference for Brazking-Websockets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-24T00:00:00Z |
| source | MITRE |
| title | BrazKing Android Malware Upgraded and Targeting Brazilian Banks |
MSTIC Nobelium Toolset May 2021
MSTIC. (2021, May 28). Breaking down NOBELIUM’s latest early-stage toolset. Retrieved August 4, 2021.
Internal MISP references
UUID 52464e69-ff9e-4101-9596-dd0c6404bf76 which can be used as unique global reference for MSTIC Nobelium Toolset May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-04T00:00:00Z |
| date_published | 2021-05-28T00:00:00Z |
| source | MITRE |
| title | Breaking down NOBELIUM’s latest early-stage toolset |
Lee 2013
Lee, T., Hanzlik, D., Ahl, I. (2013, August 7). Breaking Down the China Chopper Web Shell - Part I. Retrieved March 27, 2015.
Internal MISP references
UUID 6d1e2b0a-fed2-490b-be25-6580dfb7d6aa which can be used as unique global reference for Lee 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-03-27T00:00:00Z |
| date_published | 2013-08-07T00:00:00Z |
| source | MITRE |
| title | Breaking Down the China Chopper Web Shell - Part I |
sentinelone-malvertising
Hegel, Tom. (2023, January 19). Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results. Retrieved February 21, 2023.
Internal MISP references
UUID 7989f0de-90b8-5e6d-bc20-1764610d1568 which can be used as unique global reference for sentinelone-malvertising in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2023-01-19T00:00:00Z |
| source | MITRE |
| title | Breaking Down the SEO Poisoning Attack |
OS X Keychain
Juuso Salonen. (2012, September 5). Breaking into the OS X keychain. Retrieved July 15, 2017.
Internal MISP references
UUID bde3ff9c-fbf9-49c4-b414-70dc8356d57d which can be used as unique global reference for OS X Keychain in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-15T00:00:00Z |
| date_published | 2012-09-05T00:00:00Z |
| source | MITRE |
| title | Breaking into the OS X keychain |
Brown Exploiting Linkers
Tim Brown. (2011, June 29). Breaking the links: Exploiting the linker. Retrieved March 29, 2021.
Internal MISP references
UUID 24674e91-5cbf-4023-98ae-a9f0968ad99a which can be used as unique global reference for Brown Exploiting Linkers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| date_published | 2011-06-29T00:00:00Z |
| source | MITRE |
| title | Breaking the links: Exploiting the linker |
FireEye Outlook Dec 2019
McWhirt, M., Carr, N., Bienstock, D. (2019, December 4). Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774). Retrieved June 23, 2020.
Internal MISP references
UUID f23a773f-9c50-4193-877d-97f7c13f48f1 which can be used as unique global reference for FireEye Outlook Dec 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| date_published | 2019-12-04T00:00:00Z |
| source | MITRE |
| title | Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) |
Cisco Talos Blog December 08 2022
Cisco Talos Blog. (2022, December 8). Breaking the silence - Recent Truebot activity. Retrieved May 8, 2023.
Internal MISP references
UUID bcf92374-48a3-480f-a679-9fd34b67bcdd which can be used as unique global reference for Cisco Talos Blog December 08 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-08T00:00:00Z |
| date_published | 2022-12-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Breaking the silence - Recent Truebot activity |
PaloAlto Preventing Opportunistic Attacks Apr 2016
Kiwi. (2016, April 6). Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks. Retrieved October 3, 2018.
Internal MISP references
UUID 60fac434-2815-4568-b951-4bde55c2e3af which can be used as unique global reference for PaloAlto Preventing Opportunistic Attacks Apr 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| date_published | 2016-04-06T00:00:00Z |
| source | MITRE |
| title | Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks |
Mandiant BYOL
Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 4, 2021.
Internal MISP references
UUID 445efe8b-659a-4023-afc7-aa7cd21ee5a1 which can be used as unique global reference for Mandiant BYOL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2018-06-18T00:00:00Z |
| source | MITRE |
| title | Bring Your Own Land (BYOL) – A Novel Red Teaming Technique |
Mandiant BYOL 2018
Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 8, 2021.
Internal MISP references
UUID 104a1c1c-0899-4ff9-a5c4-73de702c467d which can be used as unique global reference for Mandiant BYOL 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-08T00:00:00Z |
| date_published | 2018-06-18T00:00:00Z |
| source | MITRE |
| title | Bring Your Own Land (BYOL) – A Novel Red Teaming Technique |
Comparitech Leak
Bischoff, P. (2020, October 15). Broadvoice database of more than 350 million customer records exposed online. Retrieved October 20, 2020.
Internal MISP references
UUID fa0eac56-45ea-4628-88cf-b843874b4a4d which can be used as unique global reference for Comparitech Leak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | Broadvoice database of more than 350 million customer records exposed online |
ThreatPost Broadvoice Leak
Seals, T. (2020, October 15). Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts. Retrieved October 20, 2020.
Internal MISP references
UUID 91d20979-d4e7-4372-8a83-1e1512c8d3a9 which can be used as unique global reference for ThreatPost Broadvoice Leak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts |
Secureworks BRONZE BUTLER Oct 2017
Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
Internal MISP references
UUID c62d8d1a-cd1b-4b39-95b6-68f3f063dacf which can be used as unique global reference for Secureworks BRONZE BUTLER Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-04T00:00:00Z |
| date_published | 2017-10-12T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BRONZE BUTLER Targets Japanese Enterprises |
Secureworks BRONZE HUNTLEY
Secureworks. (2021, January 1). BRONZE HUNTLEY Threat Profile. Retrieved May 5, 2021.
Internal MISP references
UUID 9558ebc5-4de3-4b1d-b32c-a170adbc3451 which can be used as unique global reference for Secureworks BRONZE HUNTLEY in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-05T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | BRONZE HUNTLEY Threat Profile |
Secureworks BRONZE PRESIDENT December 2019
Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021.
Internal MISP references
UUID 019889e0-a2ce-476f-9a31-2fc394de2821 which can be used as unique global reference for Secureworks BRONZE PRESIDENT December 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2019-12-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BRONZE PRESIDENT Targets NGOs |
SecureWorks BRONZE UNION June 2017
Counter Threat Unit Research Team. (2017, June 27). BRONZE UNION Cyberespionage Persists Despite Disclosures. Retrieved July 13, 2017.
Internal MISP references
UUID 42adda47-f5d6-4d34-9b3d-3748a782f886 which can be used as unique global reference for SecureWorks BRONZE UNION June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-13T00:00:00Z |
| date_published | 2017-06-27T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | BRONZE UNION Cyberespionage Persists Despite Disclosures |
Wikipedia Browser Extension
Wikipedia. (2017, October 8). Browser Extension. Retrieved January 11, 2018.
Internal MISP references
UUID 52aef082-3f8e-41b4-af95-6631ce4c9e91 which can be used as unique global reference for Wikipedia Browser Extension in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-11T00:00:00Z |
| date_published | 2017-10-08T00:00:00Z |
| source | MITRE |
| title | Browser Extension |
Mr. D0x BitB 2022
mr.d0x. (2022, March 15). Browser In The Browser (BITB) Attack. Retrieved March 8, 2023.
Internal MISP references
UUID 447f6b34-ac3a-58d9-af96-aa1d947a3e0e which can be used as unique global reference for Mr. D0x BitB 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-03-15T00:00:00Z |
| source | MITRE |
| title | Browser In The Browser (BITB) Attack |
Cobalt Strike Browser Pivot
Mudge, R. (n.d.). Browser Pivoting. Retrieved January 10, 2018.
Internal MISP references
UUID 0c1dd453-7281-4ee4-9c8f-bdc401cf48d7 which can be used as unique global reference for Cobalt Strike Browser Pivot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-10T00:00:00Z |
| source | MITRE |
| title | Browser Pivoting |
Symantec Buckeye
Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.
Internal MISP references
UUID dbf3ce3e-bcf2-4e47-ad42-839e51967395 which can be used as unique global reference for Symantec Buckeye in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-26T00:00:00Z |
| date_published | 2016-09-06T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Buckeye cyberespionage group shifts gaze from US to Hong Kong |
ESET Buhtrap and Buran April 2019
ESET Research. (2019, April 30). Buhtrap backdoor and Buran ransomware distributed via major advertising platform. Retrieved May 11, 2020.
Internal MISP references
UUID e308a957-fb5c-44e8-a846-be6daef4b940 which can be used as unique global reference for ESET Buhtrap and Buran April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-11T00:00:00Z |
| date_published | 2019-04-30T00:00:00Z |
| source | MITRE |
| title | Buhtrap backdoor and Buran ransomware distributed via major advertising platform |
S1 Custom Shellcode Tool
Bunce, D. (2019, October 31). Building A Custom Tool For Shellcode Analysis. Retrieved October 4, 2021.
Internal MISP references
UUID f49bfd00-48d5-4d84-a7b7-cb23fcdf861b which can be used as unique global reference for S1 Custom Shellcode Tool in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2019-10-31T00:00:00Z |
| source | MITRE |
| title | Building A Custom Tool For Shellcode Analysis |
Data Driven Security DGA
Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.
Internal MISP references
UUID c92fb2ec-c144-42d4-bd42-179d3d737db0 which can be used as unique global reference for Data Driven Security DGA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2014-10-02T00:00:00Z |
| source | MITRE |
| title | Building a DGA Classifier: Part 2, Feature Engineering |
CTD PPID Spoofing Macro Mar 2019
Tafani-Dereeper, C. (2019, March 12). Building an Office macro to spoof parent processes and command line arguments. Retrieved June 3, 2019.
Internal MISP references
UUID b06b72ba-dbd6-4190-941a-0cdd3d659ab6 which can be used as unique global reference for CTD PPID Spoofing Macro Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-03T00:00:00Z |
| date_published | 2019-03-12T00:00:00Z |
| source | MITRE |
| title | Building an Office macro to spoof parent processes and command line arguments |
Cybereason Bumblebee August 2022
Cybereason. (2022, August 17). Bumblebee Loader – The High Road to Enterprise Domain Control. Retrieved August 29, 2022.
Internal MISP references
UUID 64bfb605-af69-4df0-ae56-32fa997516bc which can be used as unique global reference for Cybereason Bumblebee August 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-29T00:00:00Z |
| date_published | 2022-08-17T00:00:00Z |
| source | MITRE |
| title | Bumblebee Loader – The High Road to Enterprise Domain Control |
Symantec Bumblebee June 2022
Kamble, V. (2022, June 28). Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem. Retrieved August 24, 2022.
Internal MISP references
UUID 81bfabad-b5b3-4e45-ac1d-1e2e829fca33 which can be used as unique global reference for Symantec Bumblebee June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-24T00:00:00Z |
| date_published | 2022-06-28T00:00:00Z |
| source | MITRE |
| title | Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem |
objsee netwire backdoor 2019
Patrick Wardle. (2019, June 20). Burned by Fire(fox). Retrieved October 1, 2021.
Internal MISP references
UUID 866c5305-8629-4f09-8dfe-192c8573ffb0 which can be used as unique global reference for objsee netwire backdoor 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-01T00:00:00Z |
| date_published | 2019-06-20T00:00:00Z |
| source | MITRE |
| title | Burned by Fire(fox) |
401 TRG Winnti Umbrella May 2018
Hegel, T. (2018, May 3). Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers. Retrieved July 8, 2018.
Internal MISP references
UUID e3f1f2e4-dc1c-4d9c-925d-47013f44a69f which can be used as unique global reference for 401 TRG Winnti Umbrella May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-08T00:00:00Z |
| date_published | 2018-05-03T00:00:00Z |
| source | MITRE |
| title | Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers |
Bypassing Gatekeeper
Thomas Reed. (2016, March 31). Bypassing Apple's Gatekeeper. Retrieved July 5, 2017.
Internal MISP references
UUID 957a0916-614e-4c7b-a6dd-1baa4fc6f93e which can be used as unique global reference for Bypassing Gatekeeper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2016-03-31T00:00:00Z |
| source | MITRE |
| title | Bypassing Apple's Gatekeeper |
engima0x3 DNX Bypass
Nelson, M. (2017, November 17). Bypassing Application Whitelisting By Using dnx.exe. Retrieved May 25, 2017.
Internal MISP references
UUID e0186f1d-100d-4e52-b6f7-0a7e1c1a35f0 which can be used as unique global reference for engima0x3 DNX Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-25T00:00:00Z |
| date_published | 2017-11-17T00:00:00Z |
| source | MITRE |
| title | Bypassing Application Whitelisting By Using dnx.exe |
engima0x3 RCSI Bypass
Nelson, M. (2016, November 21). Bypassing Application Whitelisting By Using rcsi.exe. Retrieved May 26, 2017.
Internal MISP references
UUID 0b815bd9-6c7f-4bd8-9031-667fa6252f89 which can be used as unique global reference for engima0x3 RCSI Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-26T00:00:00Z |
| date_published | 2016-11-21T00:00:00Z |
| source | MITRE |
| title | Bypassing Application Whitelisting By Using rcsi.exe |
Exploit Monday WinDbg
Graeber, M. (2016, August 15). Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner. Retrieved May 26, 2017.
Internal MISP references
UUID abd5f871-e12e-4355-af72-d4be79cb0291 which can be used as unique global reference for Exploit Monday WinDbg in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-26T00:00:00Z |
| date_published | 2016-08-15T00:00:00Z |
| source | MITRE |
| title | Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner |
SubTee MSBuild
Smith, C. (2016, September 13). Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations. Retrieved September 13, 2016.
Internal MISP references
UUID 82a762d0-c59f-456d-a7d3-1cab3fa02526 which can be used as unique global reference for SubTee MSBuild in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-13T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations |
Bypassing CloudTrail in AWS Service Catalog
Nick Frichette. (2023, March 20). Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research. Retrieved September 18, 2023.
Internal MISP references
UUID de50bd67-96bb-537c-b91d-e541a717b7a1 which can be used as unique global reference for Bypassing CloudTrail in AWS Service Catalog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-18T00:00:00Z |
| date_published | 2023-03-20T00:00:00Z |
| source | MITRE |
| title | Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research |
AADInternals - Conditional Access Bypass
Dr. Nestori Syynimaa. (2020, September 6). Bypassing conditional access by faking device compliance. Retrieved March 4, 2022.
Internal MISP references
UUID 832841a1-92d1-4fcc-90f7-afbabad84aec which can be used as unique global reference for AADInternals - Conditional Access Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-04T00:00:00Z |
| date_published | 2020-09-06T00:00:00Z |
| source | MITRE |
| title | Bypassing conditional access by faking device compliance |
MsitPros CHM Aug 2017
Moe, O. (2017, August 13). Bypassing Device guard UMCI using CHM – CVE-2017-8625. Retrieved October 3, 2018.
Internal MISP references
UUID d4e4cc8a-3246-463f-ba06-d68459d907d4 which can be used as unique global reference for MsitPros CHM Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| date_published | 2017-08-13T00:00:00Z |
| source | MITRE |
| title | Bypassing Device guard UMCI using CHM – CVE-2017-8625 |
enigma0x3 sdclt app paths
Nelson, M. (2017, March 14). Bypassing UAC using App Paths. Retrieved May 25, 2017.
Internal MISP references
UUID 2e69a4a7-dc7f-4b7d-99b2-190c60d7efd1 which can be used as unique global reference for enigma0x3 sdclt app paths in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-25T00:00:00Z |
| date_published | 2017-03-14T00:00:00Z |
| source | MITRE |
| title | Bypassing UAC using App Paths |
MDSec System Calls
MDSec Research. (2020, December). Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams. Retrieved September 29, 2021.
Internal MISP references
UUID b461e226-1317-4ce4-a195-ba4c4957db99 which can be used as unique global reference for MDSec System Calls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams |
Hybrid Analysis Icacls1 June 2018
Hybrid Analysis. (2018, June 12). c9b65b764985dfd7a11d3faf599c56b8.exe. Retrieved August 19, 2018.
Internal MISP references
UUID 74df644a-06b8-4331-85a3-932358d65b62 which can be used as unique global reference for Hybrid Analysis Icacls1 June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-19T00:00:00Z |
| date_published | 2018-06-12T00:00:00Z |
| source | MITRE |
| title | c9b65b764985dfd7a11d3faf599c56b8.exe |
Microsoft Credential Manager store
Microsoft. (2016, August 31). Cached and Stored Credentials Technical Overview. Retrieved November 24, 2020.
Internal MISP references
UUID c949a29b-bb31-4bd7-a967-ddd48c7efb8e which can be used as unique global reference for Microsoft Credential Manager store in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-24T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Cached and Stored Credentials Technical Overview |
Microsoft - Cached Creds
Microsoft. (2016, August 21). Cached and Stored Credentials Technical Overview. Retrieved February 21, 2020.
Internal MISP references
UUID 590ea63f-f800-47e4-8d39-df11a184ba84 which can be used as unique global reference for Microsoft - Cached Creds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2016-08-21T00:00:00Z |
| source | MITRE |
| title | Cached and Stored Credentials Technical Overview |
Kaspersky CactusPete Aug 2020
Zykov, K. (2020, August 13). CactusPete APT group’s updated Bisonal backdoor. Retrieved May 5, 2021.
Internal MISP references
UUID 1c393964-e717-45ad-8eb6-5df5555d3c70 which can be used as unique global reference for Kaspersky CactusPete Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-05T00:00:00Z |
| date_published | 2020-08-13T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | CactusPete APT group’s updated Bisonal backdoor |
ESET CaddyWiper March 2022
ESET. (2022, March 15). CaddyWiper: New wiper malware discovered in Ukraine. Retrieved March 23, 2022.
Internal MISP references
UUID 9fa97444-311f-40c1-8728-c5f91634c750 which can be used as unique global reference for ESET CaddyWiper March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-23T00:00:00Z |
| date_published | 2022-03-15T00:00:00Z |
| source | MITRE |
| title | CaddyWiper: New wiper malware discovered in Ukraine |
Cadet Blizzard emerges as novel threat actor
Microsoft Threat Intelligence. (2023, June 14). Cadet Blizzard emerges as a novel and distinct Russian threat actor. Retrieved July 10, 2023.
Internal MISP references
UUID 7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b which can be used as unique global reference for Cadet Blizzard emerges as novel threat actor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-10T00:00:00Z |
| date_published | 2023-06-14T00:00:00Z |
| source | MITRE |
| title | Cadet Blizzard emerges as a novel and distinct Russian threat actor |
Cado Security Denonia
Matt Muir. (2022, April 6). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved May 27, 2022.
Internal MISP references
UUID 584e7ace-ef33-423b-9801-4728a447cb34 which can be used as unique global reference for Cado Security Denonia in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2022-04-06T00:00:00Z |
| source | MITRE |
| title | Cado Discovers Denonia: The First Malware Specifically Targeting Lambda |
Caesars Scattered Spider September 13 2023
William Turton. (2023, September 13). Caesars Entertainment Paid Millions to Hackers in Attack. Retrieved September 14, 2023.
Internal MISP references
UUID 6915c003-7c8b-451c-8fb1-3541f00c14fb which can be used as unique global reference for Caesars Scattered Spider September 13 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2023-09-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Caesars Entertainment Paid Millions to Hackers in Attack |
Securelist Calisto July 2018
Kuzin, M., Zelensky S. (2018, July 20). Calisto Trojan for macOS. Retrieved September 7, 2018.
Internal MISP references
UUID a292d77b-9150-46ea-b217-f51e091fdb57 which can be used as unique global reference for Securelist Calisto July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-07T00:00:00Z |
| date_published | 2018-07-20T00:00:00Z |
| source | MITRE |
| title | Calisto Trojan for macOS |
CERTFR-2023-CTI-009
CERT-FR. (2023, October 26). Campagnes d'attaques du mode opératoire APT28 depuis 2021. Retrieved October 26, 2023.
Internal MISP references
UUID 5365ac4c-fbb8-4389-989e-a64cb7693371 which can be used as unique global reference for CERTFR-2023-CTI-009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-26T00:00:00Z |
| date_published | 2023-10-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Campagnes d'attaques du mode opératoire APT28 depuis 2021 |
FSI Andariel Campaign Rifle July 2017
FSI. (2017, July 27). Campaign Rifle - Andariel, the Maiden of Anguish. Retrieved September 29, 2021.
Internal MISP references
UUID bde61ee9-16f9-4bd9-a847-5cc9df21335c which can be used as unique global reference for FSI Andariel Campaign Rifle July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2017-07-27T00:00:00Z |
| source | MITRE |
| title | Campaign Rifle - Andariel, the Maiden of Anguish |
Kaspersky Carbanak
Kaspersky Lab's Global Research and Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved August 23, 2018.
Internal MISP references
UUID 2f7e77db-fe39-4004-9945-3c8943708494 which can be used as unique global reference for Kaspersky Carbanak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-23T00:00:00Z |
| date_published | 2015-02-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | CARBANAK APT THE GREAT BANK ROBBERY |
KasperskyCarbanak
Kaspersky Lab's Global Research & Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved March 27, 2017.
Internal MISP references
UUID 053a2bbb-5509-4aba-bbd7-ccc3d8074291 which can be used as unique global reference for KasperskyCarbanak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-27T00:00:00Z |
| date_published | 2015-02-01T00:00:00Z |
| source | MITRE |
| title | CARBANAK APT THE GREAT BANK ROBBERY |
Forcepoint Carbanak Google C2
Griffin, N. (2017, January 17). CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL. Retrieved February 15, 2017.
Internal MISP references
UUID 3da6084f-5e12-4472-afb9-82efd3e22cf6 which can be used as unique global reference for Forcepoint Carbanak Google C2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-15T00:00:00Z |
| date_published | 2017-01-17T00:00:00Z |
| source | MITRE |
| title | CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL |
Trend Micro Carberp February 2014
Trend Micro. (2014, February 27). CARBERP. Retrieved July 29, 2020.
Internal MISP references
UUID 069e458f-d780-47f9-8ebe-21b195fe9b33 which can be used as unique global reference for Trend Micro Carberp February 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-29T00:00:00Z |
| date_published | 2014-02-27T00:00:00Z |
| source | MITRE |
| title | CARBERP |
Prevx Carberp March 2011
Giuliani, M., Allievi, A. (2011, February 28). Carberp - a modular information stealing trojan. Retrieved July 15, 2020.
Internal MISP references
UUID 8f95d81a-ea8c-44bf-950d-9eb868182d39 which can be used as unique global reference for Prevx Carberp March 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-15T00:00:00Z |
| date_published | 2011-02-28T00:00:00Z |
| source | MITRE |
| title | Carberp - a modular information stealing trojan |
Trusteer Carberp October 2010
Trusteer Fraud Prevention Center. (2010, October 7). Carberp Under the Hood of Carberp: Malware & Configuration Analysis. Retrieved July 15, 2020.
Internal MISP references
UUID f7af5be2-0cb4-4b41-9d08-2f652b6bac3c which can be used as unique global reference for Trusteer Carberp October 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-15T00:00:00Z |
| date_published | 2010-10-07T00:00:00Z |
| source | MITRE |
| title | Carberp Under the Hood of Carberp: Malware & Configuration Analysis |
ESET Carbon Mar 2017
ESET. (2017, March 30). Carbon Paper: Peering into Turla’s second stage backdoor. Retrieved November 7, 2018.
Internal MISP references
UUID 5d2a3a81-e7b7-430d-b748-b773f89d3c77 which can be used as unique global reference for ESET Carbon Mar 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-07T00:00:00Z |
| date_published | 2017-03-30T00:00:00Z |
| source | MITRE |
| title | Carbon Paper: Peering into Turla’s second stage backdoor |
CrowdStrike Carbon Spider August 2021
Loui, E. and Reynolds, J. (2021, August 30). CARBON SPIDER Embraces Big Game Hunting, Part 1. Retrieved September 20, 2021.
Internal MISP references
UUID 36f0ddb0-94af-494c-ad10-9d3f75d1d810 which can be used as unique global reference for CrowdStrike Carbon Spider August 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2021-08-30T00:00:00Z |
| source | MITRE |
| title | CARBON SPIDER Embraces Big Game Hunting, Part 1 |
PaloAlto CardinalRat Apr 2017
Grunzweig, J.. (2017, April 20). Cardinal RAT Active for Over Two Years. Retrieved December 8, 2018.
Internal MISP references
UUID 8d978b94-75c9-46a1-812a-bafe3396eda9 which can be used as unique global reference for PaloAlto CardinalRat Apr 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-08T00:00:00Z |
| date_published | 2017-04-20T00:00:00Z |
| source | MITRE |
| title | Cardinal RAT Active for Over Two Years |
ESET Casbaneiro Oct 2019
ESET Research. (2019, October 3). Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico. Retrieved September 23, 2021.
Internal MISP references
UUID a5cb3ee6-9a0b-4e90-bf32-be7177a858b1 which can be used as unique global reference for ESET Casbaneiro Oct 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2019-10-03T00:00:00Z |
| source | MITRE |
| title | Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico |
Microsoft Catalog Files and Signatures April 2017
Hudek, T. (2017, April 20). Catalog Files and Digital Signatures. Retrieved January 31, 2018.
Internal MISP references
UUID 5b6ae460-a1cf-4afe-a0c8-d6ea24741ebe which can be used as unique global reference for Microsoft Catalog Files and Signatures April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| date_published | 2017-04-20T00:00:00Z |
| source | MITRE |
| title | Catalog Files and Digital Signatures |
Catch All Chrome Extension
Marinho, R. (n.d.). "Catch-All" Google Chrome Malicious Extension Steals All Posted Data. Retrieved November 16, 2017.
Internal MISP references
UUID eddd2ea8-89c1-40f9-b6e3-37cbdebd210e which can be used as unique global reference for Catch All Chrome Extension in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-16T00:00:00Z |
| source | MITRE |
| title | "Catch-All" Google Chrome Malicious Extension Steals All Posted Data |
Akamai JS
Katz, O. (2020, October 26). Catch Me if You Can—JavaScript Obfuscation. Retrieved March 17, 2023.
Internal MISP references
UUID 379a177b-0c31-5840-ad54-3fdfc9904a88 which can be used as unique global reference for Akamai JS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2020-10-26T00:00:00Z |
| source | MITRE |
| title | Catch Me if You Can—JavaScript Obfuscation |
Categorisation_not_boundary
MDSec Research. (2017, July). Categorisation is not a Security Boundary. Retrieved September 20, 2019.
Internal MISP references
UUID 3c320f38-e691-46f7-a20d-58b024ea2fa2 which can be used as unique global reference for Categorisation_not_boundary in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-20T00:00:00Z |
| date_published | 2017-07-01T00:00:00Z |
| source | MITRE |
| title | Categorisation is not a Security Boundary |
CrowdStrike Flying Kitten
Dahl, M.. (2014, May 13). Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN. Retrieved May 27, 2020.
Internal MISP references
UUID ab669ded-e659-4313-b5ab-8c5362562f39 which can be used as unique global reference for CrowdStrike Flying Kitten in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-27T00:00:00Z |
| date_published | 2014-05-13T00:00:00Z |
| source | MITRE |
| title | Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN |
Telephone Attack Delivery
Selena Larson, Sam Scholten, Timothy Kromphardt. (2021, November 4). Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery. Retrieved January 5, 2022.
Internal MISP references
UUID 9670da7b-0600-4072-9ecc-65a918b89ac5 which can be used as unique global reference for Telephone Attack Delivery in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-05T00:00:00Z |
| date_published | 2021-11-04T00:00:00Z |
| source | MITRE |
| title | Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery |
Tetra Defense Sodinokibi March 2020
Tetra Defense. (2020, March). CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS. Retrieved December 14, 2020.
Internal MISP references
UUID a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50 which can be used as unique global reference for Tetra Defense Sodinokibi March 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-14T00:00:00Z |
| date_published | 2020-03-01T00:00:00Z |
| source | MITRE |
| title | CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS |
CarbonBlack RobbinHood May 2019
Lee, S. (2019, May 17). CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption. Retrieved July 29, 2019.
Internal MISP references
UUID cb9e49fa-253a-447a-9c88-c6e507bae0bb which can be used as unique global reference for CarbonBlack RobbinHood May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-29T00:00:00Z |
| date_published | 2019-05-17T00:00:00Z |
| source | MITRE |
| title | CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption |
Talos CCleanup 2017
Brumaghin, E. et al. (2017, September 18). CCleanup: A Vast Number of Machines at Risk. Retrieved March 9, 2018.
Internal MISP references
UUID f2522cf4-dc65-4dc5-87e3-9e88212fcfe9 which can be used as unique global reference for Talos CCleanup 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-09T00:00:00Z |
| date_published | 2017-09-18T00:00:00Z |
| source | MITRE |
| title | CCleanup: A Vast Number of Machines at Risk |
Cdb.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cdb.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e61b035f-6247-47e3-918c-2892815dfddf which can be used as unique global reference for Cdb.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cdb.exe |
ESET PLEAD Malware July 2018
Cherepanov, A.. (2018, July 9). Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign. Retrieved May 6, 2020.
Internal MISP references
UUID 2c28640d-e4ee-47db-a8f1-b34def7d2e9a which can be used as unique global reference for ESET PLEAD Malware July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-06T00:00:00Z |
| date_published | 2018-07-09T00:00:00Z |
| source | MITRE |
| title | Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign |
Medium Certified Pre Owned
Schroeder, W. (2021, June 17). Certified Pre-Owned. Retrieved August 2, 2022.
Internal MISP references
UUID 04e53c69-3f29-4bb4-83c9-ff3a2db1526b which can be used as unique global reference for Medium Certified Pre Owned in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2021-06-17T00:00:00Z |
| source | MITRE |
| title | Certified Pre-Owned |
SpecterOps Certified Pre Owned
Schroeder, W. & Christensen, L. (2021, June 22). Certified Pre-Owned - Abusing Active Directory Certificate Services. Retrieved August 2, 2022.
Internal MISP references
UUID 73b6a6a6-c2b8-4aed-9cbc-d3bdcbb97698 which can be used as unique global reference for SpecterOps Certified Pre Owned in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2021-06-22T00:00:00Z |
| source | MITRE |
| title | Certified Pre-Owned - Abusing Active Directory Certificate Services |
GitHub Certify
HarmJ0y et al. (2021, June 9). Certify. Retrieved August 4, 2022.
Internal MISP references
UUID 27fce38b-07d6-43ed-a3da-174458c4acbe which can be used as unique global reference for GitHub Certify in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-04T00:00:00Z |
| date_published | 2021-06-09T00:00:00Z |
| source | MITRE |
| title | Certify |
CertOC.exe - LOLBAS Project
LOLBAS. (2021, October 7). CertOC.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b906498e-2773-419b-8c6d-3e974925ac18 which can be used as unique global reference for CertOC.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-10-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CertOC.exe |
CertReq.exe - LOLBAS Project
LOLBAS. (2020, July 7). CertReq.exe. Retrieved December 4, 2023.
Internal MISP references
UUID be446484-8ecc-486e-8940-658c147f6978 which can be used as unique global reference for CertReq.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-07-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CertReq.exe |
GitHub CertStealer
TheWover. (2021, April 21). CertStealer. Retrieved August 2, 2022.
Internal MISP references
UUID da06ce8f-f950-4ae8-a62a-b59b236e91a3 which can be used as unique global reference for GitHub CertStealer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2021-04-21T00:00:00Z |
| source | MITRE |
| title | CertStealer |
TechNet Certutil
Microsoft. (2012, November 14). Certutil. Retrieved July 3, 2017.
Internal MISP references
UUID 8d095aeb-c72c-49c1-8482-dbf4ce9203ce which can be used as unique global reference for TechNet Certutil in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2012-11-14T00:00:00Z |
| source | MITRE |
| title | Certutil |
LOLBAS Certutil
LOLBAS. (n.d.). Certutil.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 4c875710-9b5d-47b5-bc9e-69ef95797c8f which can be used as unique global reference for LOLBAS Certutil in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Certutil.exe |
FireEye CFR Watering Hole 2012
Kindlund, D. (2012, December 30). CFR Watering Hole Attack Details. Retrieved December 18, 2020.
Internal MISP references
UUID 6108ab77-e4fd-43f2-9d49-8ce9c219ca9c which can be used as unique global reference for FireEye CFR Watering Hole 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2012-12-30T00:00:00Z |
| source | MITRE |
| title | CFR Watering Hole Attack Details |
Twitter Cglyer Status Update APT3 eml
Glyer, C. (2018, April 14). @cglyer Status Update. Retrieved October 11, 2018.
Internal MISP references
UUID cfcb0839-0736-489f-9779-72e5c96cce3d which can be used as unique global reference for Twitter Cglyer Status Update APT3 eml in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-11T00:00:00Z |
| date_published | 2018-04-14T00:00:00Z |
| source | MITRE |
| title | @cglyer Status Update |
Cybereason Chaes Nov 2020
Salem, E. (2020, November 17). CHAES: Novel Malware Targeting Latin American E-Commerce. Retrieved June 30, 2021.
Internal MISP references
UUID aaefa162-82a8-4b6d-b7be-fd31fafd9246 which can be used as unique global reference for Cybereason Chaes Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-30T00:00:00Z |
| date_published | 2020-11-17T00:00:00Z |
| source | MITRE |
| title | CHAES: Novel Malware Targeting Latin American E-Commerce |
Symantec Chafer February 2018
Symantec. (2018, February 28). Chafer: Latest Attacks Reveal Heightened Ambitions. Retrieved May 22, 2020.
Internal MISP references
UUID 3daaa402-5477-4868-b8f1-a2f6e38f04ef which can be used as unique global reference for Symantec Chafer February 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-22T00:00:00Z |
| date_published | 2018-02-28T00:00:00Z |
| source | MITRE |
| title | Chafer: Latest Attacks Reveal Heightened Ambitions |
Securelist Remexi Jan 2019
Legezo, D. (2019, January 30). Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities. Retrieved April 17, 2019.
Internal MISP references
UUID 07dfd8e7-4e51-4c6e-a4f6-aaeb74ff8845 which can be used as unique global reference for Securelist Remexi Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2019-01-30T00:00:00Z |
| source | MITRE |
| title | Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities |
change_rdp_port_conti
The DFIR Report. (2022, March 1). "Change RDP port" #ContiLeaks. Retrieved March 1, 2022.
Internal MISP references
UUID c0deb077-6c26-52f1-9e7c-d1fb535a02a0 which can be used as unique global reference for change_rdp_port_conti in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-01T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | "Change RDP port" #ContiLeaks |
Microsoft Change Normal Template
Microsoft. (n.d.). Change the Normal template (Normal.dotm). Retrieved July 3, 2017.
Internal MISP references
UUID 76bf3ce1-b94c-4b3d-9707-aca8a1ae5555 which can be used as unique global reference for Microsoft Change Normal Template in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| source | MITRE |
| title | Change the Normal template (Normal.dotm) |
Microsoft Change Default Programs
Microsoft. (n.d.). Change which programs Windows 7 uses by default. Retrieved July 26, 2016.
Internal MISP references
UUID de515277-a280-40e5-ba34-3e8f16a5c703 which can be used as unique global reference for Microsoft Change Default Programs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-26T00:00:00Z |
| source | MITRE |
| title | Change which programs Windows 7 uses by default |
Chaos Stolen Backdoor
Sebastian Feldmann. (2018, February 14). Chaos: a Stolen Backdoor Rising Again. Retrieved March 5, 2018.
Internal MISP references
UUID 8e6916c1-f102-4b54-b6a5-a58fed825c2e which can be used as unique global reference for Chaos Stolen Backdoor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-05T00:00:00Z |
| date_published | 2018-02-14T00:00:00Z |
| source | MITRE |
| title | Chaos: a Stolen Backdoor Rising Again |
Wardle Persistence Chapter
Patrick Wardle. (n.d.). Chapter 0x2: Persistence. Retrieved April 13, 2022.
Internal MISP references
UUID 6272b9a2-d704-43f3-9e25-6c434bb5d1ef which can be used as unique global reference for Wardle Persistence Chapter in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-13T00:00:00Z |
| source | MITRE |
| title | Chapter 0x2: Persistence |
cisco_deploy_rsa_keys
Cisco. (2023, February 17). Chapter: Deploying RSA Keys Within a PKI . Retrieved March 27, 2023.
Internal MISP references
UUID 132f387e-4ee3-51d3-a3b6-d61102ada152 which can be used as unique global reference for cisco_deploy_rsa_keys in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-27T00:00:00Z |
| date_published | 2023-02-17T00:00:00Z |
| source | MITRE |
| title | Chapter: Deploying RSA Keys Within a PKI |
Wikipedia Character Encoding
Wikipedia. (2017, February 19). Character Encoding. Retrieved March 1, 2017.
Internal MISP references
UUID 3e7df20f-5d11-4102-851f-04e89c25d12f which can be used as unique global reference for Wikipedia Character Encoding in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2017-02-19T00:00:00Z |
| source | MITRE |
| title | Character Encoding |
ClearSky Charming Kitten Dec 2017
ClearSky Cyber Security. (2017, December). Charming Kitten. Retrieved December 27, 2017.
Internal MISP references
UUID 23ab1ad2-e9d4-416a-926f-6220a59044ab which can be used as unique global reference for ClearSky Charming Kitten Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-27T00:00:00Z |
| date_published | 2017-12-01T00:00:00Z |
| source | MITRE |
| title | Charming Kitten |
Certfa Charming Kitten January 2021
Certfa Labs. (2021, January 8). Charming Kitten’s Christmas Gift. Retrieved May 3, 2021.
Internal MISP references
UUID c38a8af6-3f9b-40c3-8122-a2a51eb50664 which can be used as unique global reference for Certfa Charming Kitten January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-03T00:00:00Z |
| date_published | 2021-01-08T00:00:00Z |
| source | MITRE |
| title | Charming Kitten’s Christmas Gift |
Proofpoint TA2541 February 2022
Larson, S. and Wise, J. (2022, February 15). Charting TA2541's Flight. Retrieved September 12, 2023.
Internal MISP references
UUID db0b1425-8bd7-51b5-bae3-53c5ccccb8da which can be used as unique global reference for Proofpoint TA2541 February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-12T00:00:00Z |
| date_published | 2022-02-15T00:00:00Z |
| source | MITRE |
| title | Charting TA2541's Flight |
JPCERT ChChes Feb 2017
Nakamura, Y.. (2017, February 17). ChChes - Malware that Communicates with C&C Servers Using Cookie Headers. Retrieved March 1, 2017.
Internal MISP references
UUID 657b43aa-ead2-41d3-911a-d714d9b28e19 which can be used as unique global reference for JPCERT ChChes Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2017-02-17T00:00:00Z |
| source | MITRE |
| title | ChChes - Malware that Communicates with C&C Servers Using Cookie Headers |
EclecticLightChecksonEXECodeSigning
Howard Oakley. (2020, November 16). Checks on executable code in Catalina and Big Sur: a first draft. Retrieved September 21, 2022.
Internal MISP references
UUID 2885db46-4f8c-4c35-901c-7641c7701293 which can be used as unique global reference for EclecticLightChecksonEXECodeSigning in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-21T00:00:00Z |
| date_published | 2020-11-16T00:00:00Z |
| source | MITRE |
| title | Checks on executable code in Catalina and Big Sur: a first draft |
Anomali MUSTANG PANDA October 2019
Anomali Threat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021.
Internal MISP references
UUID 70277fa4-60a8-475e-993a-c74241b76127 which can be used as unique global reference for Anomali MUSTANG PANDA October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-12T00:00:00Z |
| date_published | 2019-10-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations |
FireEye admin@338
FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.
Internal MISP references
UUID f3470275-9652-440e-914d-ad4fc5165413 which can be used as unique global reference for FireEye admin@338 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-04T00:00:00Z |
| date_published | 2015-12-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets |
IronNet BlackTech Oct 2021
Demboski, M., et al. (2021, October 26). China cyber attacks: the current threat landscape. Retrieved March 25, 2022.
Internal MISP references
UUID 98b2d114-4246-409d-934a-238682fd5ae6 which can be used as unique global reference for IronNet BlackTech Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2021-10-26T00:00:00Z |
| source | MITRE |
| title | China cyber attacks: the current threat landscape |
Recorded Future RedEcho Feb 2021
Insikt Group. (2021, February 28). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved March 22, 2021.
Internal MISP references
UUID 6da7eb8a-aab4-41ea-a0b7-5313d88cbe91 which can be used as unique global reference for Recorded Future RedEcho Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-22T00:00:00Z |
| date_published | 2021-02-28T00:00:00Z |
| source | MITRE |
| title | China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions |
EFF China GitHub Attack
Budington, B. (2015, April 2). China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack. Retrieved September 1, 2023.
Internal MISP references
UUID b8405628-6366-5cc9-a9af-b97d5c9176dd which can be used as unique global reference for EFF China GitHub Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-01T00:00:00Z |
| date_published | 2015-04-02T00:00:00Z |
| source | MITRE |
| title | China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack |
PaloAlto 3102 Sept 2015
Falcone, R. & Miller-Osborn, J. (2015, September 23). Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media. Retrieved March 19, 2018.
Internal MISP references
UUID db340043-43a7-4b16-a570-92a0d879b2bf which can be used as unique global reference for PaloAlto 3102 Sept 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2015-09-23T00:00:00Z |
| source | MITRE |
| title | Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media |
ZScaler Hacking Team
Desai, D.. (2015, August 14). Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm. Retrieved January 26, 2016.
Internal MISP references
UUID 83e6ab22-1f01-4c9b-90e5-0279af487805 which can be used as unique global reference for ZScaler Hacking Team in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-26T00:00:00Z |
| date_published | 2015-08-14T00:00:00Z |
| source | MITRE |
| title | Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm |
Hacker News LuckyMouse June 2018
Khandelwal, S. (2018, June 14). Chinese Hackers Carried Out Country-Level Watering Hole Attack. Retrieved August 18, 2018.
Internal MISP references
UUID de78446a-cb46-4422-820b-9ddf07557b1a which can be used as unique global reference for Hacker News LuckyMouse June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-18T00:00:00Z |
| date_published | 2018-06-14T00:00:00Z |
| source | MITRE |
| title | Chinese Hackers Carried Out Country-Level Watering Hole Attack |
Dark Reading Codoso Feb 2015
Chickowski, E. (2015, February 10). Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole. Retrieved September 13, 2018.
Internal MISP references
UUID c24035b1-2021-44ae-b01e-651e44526737 which can be used as unique global reference for Dark Reading Codoso Feb 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-13T00:00:00Z |
| date_published | 2015-02-10T00:00:00Z |
| source | MITRE |
| title | Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole |
Recorded Future TAG-22 July 2021
INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 2, 2022.
Internal MISP references
UUID 258433e7-f829-4365-adbb-c5690159070f which can be used as unique global reference for Recorded Future TAG-22 July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-02T00:00:00Z |
| date_published | 2021-07-08T00:00:00Z |
| source | MITRE |
| title | Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling |
Recorded Future Chinese Activity in Southeast Asia December 2021
Insikt Group. (2021, December 8). Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia. Retrieved September 19, 2022.
Internal MISP references
UUID 0809db3b-81a8-475d-920a-cb913b30f42e which can be used as unique global reference for Recorded Future Chinese Activity in Southeast Asia December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-19T00:00:00Z |
| date_published | 2021-12-08T00:00:00Z |
| source | MITRE |
| title | Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia |
Recorded Future REDDELTA July 2020
Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retrieved April 13, 2021.
Internal MISP references
UUID e2bc037e-d483-4670-8281-70e51b16effe which can be used as unique global reference for Recorded Future REDDELTA July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2020-07-28T00:00:00Z |
| source | MITRE |
| title | CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS |
Github CHIPSEC
Intel. (2017, March 18). CHIPSEC Platform Security Assessment Framework. Retrieved March 20, 2017.
Internal MISP references
UUID 47501334-56cb-453b-a9e3-33990d88018b which can be used as unique global reference for Github CHIPSEC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-20T00:00:00Z |
| date_published | 2017-03-18T00:00:00Z |
| source | MITRE |
| title | CHIPSEC Platform Security Assessment Framework |
McAfee CHIPSEC Blog
Beek, C., Samani, R. (2017, March 8). CHIPSEC Support Against Vault 7 Disclosure Scanning. Retrieved March 13, 2017.
Internal MISP references
UUID b65ed687-c279-4f64-9dd2-839164cd269c which can be used as unique global reference for McAfee CHIPSEC Blog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-13T00:00:00Z |
| date_published | 2017-03-08T00:00:00Z |
| source | MITRE |
| title | CHIPSEC Support Against Vault 7 Disclosure Scanning |
Chkrootkit Main
Murilo, N., Steding-Jessen, K. (2017, August 23). Chkrootkit. Retrieved April 9, 2018.
Internal MISP references
UUID 828fb4b9-17a6-4a87-ac2a-631643adb18d which can be used as unique global reference for Chkrootkit Main in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2017-08-23T00:00:00Z |
| source | MITRE |
| title | Chkrootkit |
Azure AD Hybrid Identity
Microsoft. (2022, August 26). Choose the right authentication method for your Azure Active Directory hybrid identity solution. Retrieved September 28, 2022.
Internal MISP references
UUID b019406c-6e39-41a2-a8b4-97f8d6482147 which can be used as unique global reference for Azure AD Hybrid Identity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2022-08-26T00:00:00Z |
| source | MITRE |
| title | Choose the right authentication method for your Azure Active Directory hybrid identity solution |
show_ssh_users_cmd_cisco
Cisco. (2023, March 7). Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.
Internal MISP references
UUID 11d34884-4559-57ad-8910-54e517c6493e which can be used as unique global reference for show_ssh_users_cmd_cisco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2023-03-07T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Security Command Reference: Commands S to Z |
Cisco IOS Shellcode
George Nosenko. (2015). CISCO IOS SHELLCODE: ALL-IN-ONE. Retrieved October 21, 2020.
Internal MISP references
UUID 55a45f9b-7be4-4f1b-8b19-a0addf9da8d8 which can be used as unique global reference for Cisco IOS Shellcode in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | CISCO IOS SHELLCODE: ALL-IN-ONE |
Cisco IOS Software Integrity Assurance - AAA
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - AAA. Retrieved October 19, 2020.
Internal MISP references
UUID 2d1b5021-91ad-43c9-8527-4978fa779168 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - AAA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - AAA |
Cisco IOS Software Integrity Assurance - Boot Information
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Boot Information. Retrieved October 21, 2020.
Internal MISP references
UUID 5349863a-00c1-42bf-beac-4e7d053d6311 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Boot Information in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Boot Information |
Cisco IOS Software Integrity Assurance - Change Control
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Change Control. Retrieved October 21, 2020.
Internal MISP references
UUID 8fb532f2-c730-4b86-b8d2-2314ce559289 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Change Control in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Change Control |
Cisco IOS Software Integrity Assurance - Image File Verification
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification. Retrieved October 19, 2020.
Internal MISP references
UUID f1d736cb-63c1-43e8-a83b-ed86b7c27606 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Image File Verification in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification |
Cisco IOS Software Integrity Assurance - Run-Time Memory Verification
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification. Retrieved October 19, 2020.
Internal MISP references
UUID 284608ea-3769-470e-950b-cbd67796b20f which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Run-Time Memory Verification in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification |
Cisco IOS Software Integrity Assurance - Command History
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Command History. Retrieved October 21, 2020.
Internal MISP references
UUID dbca06dd-1184-4d52-9ee8-b059e368033c which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Command History in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Command History |
Cisco IOS Software Integrity Assurance - Credentials Management
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Credentials Management. Retrieved October 19, 2020.
Internal MISP references
UUID 9a7428e3-bd77-4c3e-ac90-c4e30d504ba6 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Credentials Management in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Credentials Management |
Cisco IOS Software Integrity Assurance - Deploy Signed IOS
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Deploy Signed IOS. Retrieved October 21, 2020.
Internal MISP references
UUID 71ea5591-6e46-4c58-a4e8-c629eba1b6c5 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Deploy Signed IOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Deploy Signed IOS |
Cisco IOS Software Integrity Assurance - Image File Integrity
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Image File Integrity. Retrieved October 21, 2020.
Internal MISP references
UUID 90909bd4-15e8-48ee-8067-69f04736c583 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Image File Integrity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Image File Integrity |
Cisco IOS Software Integrity Assurance - Secure Boot
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Secure Boot. Retrieved October 19, 2020.
Internal MISP references
UUID 4f6f686e-bcda-480a-88a1-ad7b00084c13 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - Secure Boot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - Secure Boot |
Cisco IOS Software Integrity Assurance - TACACS
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - TACACS. Retrieved October 19, 2020.
Internal MISP references
UUID 54506dc2-6496-4edb-a5bf-fe64bf235ac0 which can be used as unique global reference for Cisco IOS Software Integrity Assurance - TACACS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS Software Integrity Assurance - TACACS |
Cisco Traffic Mirroring
Cisco. (n.d.). Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x. Retrieved October 19, 2020.
Internal MISP references
UUID 1a5c86ad-d3b1-408b-a6b4-14ca0e572020 which can be used as unique global reference for Cisco Traffic Mirroring in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x |
Talos - Cisco Attack 2022
Nick Biasini. (2022, August 10). Cisco Talos shares insights related to recent cyber attack on Cisco. Retrieved March 9, 2023.
Internal MISP references
UUID 143182ad-6a16-5a0d-a5c4-7dae721a9e26 which can be used as unique global reference for Talos - Cisco Attack 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-09T00:00:00Z |
| date_published | 2022-08-10T00:00:00Z |
| source | MITRE |
| title | Cisco Talos shares insights related to recent cyber attack on Cisco |
Citrix Bulletin CVE-2023-3519
Citrix. (2023, July 18). Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467. Retrieved July 24, 2023.
Internal MISP references
UUID 245ef1b7-778d-4df2-99a9-b51c95c57580 which can be used as unique global reference for Citrix Bulletin CVE-2023-3519 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-24T00:00:00Z |
| date_published | 2023-07-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 |
Malwarebytes Citrix Bleed November 24 2023
Pieter Arntz. (2023, November 24). Citrix Bleed widely exploited, warn government agencies. Retrieved November 30, 2023.
Internal MISP references
UUID fdc86cea-0015-48d1-934f-b22244de6306 which can be used as unique global reference for Malwarebytes Citrix Bleed November 24 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-30T00:00:00Z |
| date_published | 2023-11-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Citrix Bleed widely exploited, warn government agencies |
Talent-Jump Clambling February 2020
Chen, T. and Chen, Z. (2020, February 17). CLAMBLING - A New Backdoor Base On Dropbox. Retrieved November 12, 2021.
Internal MISP references
UUID 51144a8a-0cd4-4d5d-826b-21c2dc8422be which can be used as unique global reference for Talent-Jump Clambling February 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-12T00:00:00Z |
| date_published | 2020-02-17T00:00:00Z |
| source | MITRE |
| title | CLAMBLING - A New Backdoor Base On Dropbox |
FireEye Clandestine Fox Part 2
Scott, M.. (2014, June 10). Clandestine Fox, Part Deux. Retrieved January 14, 2016.
Internal MISP references
UUID 82500741-984d-4039-8f53-b303845c2849 which can be used as unique global reference for FireEye Clandestine Fox Part 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2014-06-10T00:00:00Z |
| source | MITRE |
| title | Clandestine Fox, Part Deux |
Microsoft Clear-EventLog
Microsoft. (n.d.). Clear-EventLog. Retrieved July 2, 2018.
Internal MISP references
UUID 35944ff0-2bbd-4055-8e8a-cfff27241a8a which can be used as unique global reference for Microsoft Clear-EventLog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-02T00:00:00Z |
| source | MITRE |
| title | Clear-EventLog |
Clearing quarantine attribute
Rich Trouton. (2012, November 20). Clearing the quarantine extended attribute from downloaded applications. Retrieved July 5, 2017.
Internal MISP references
UUID 4115ab53-751c-4016-9151-a55eab7d6ddf which can be used as unique global reference for Clearing quarantine attribute in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2012-11-20T00:00:00Z |
| source | MITRE |
| title | Clearing the quarantine extended attribute from downloaded applications |
NPPSPY - Huntress
Dray Agha. (2022, August 16). Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY. Retrieved March 30, 2023.
Internal MISP references
UUID df1f7379-38c3-5ca9-8333-d684022c000c which can be used as unique global reference for NPPSPY - Huntress in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY |
CL_Invocation.ps1 - LOLBAS Project
LOLBAS. (2018, May 25). CL_Invocation.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID a53e093a-973c-491d-91e3-bc7804d87b8b which can be used as unique global reference for CL_Invocation.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CL_Invocation.ps1 |
clip_win_server
Microsoft, JasonGerend, et al. (2023, February 3). clip. Retrieved June 21, 2022.
Internal MISP references
UUID 8a961fa1-def0-5efe-8599-62e884d4ea22 which can be used as unique global reference for clip_win_server in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-21T00:00:00Z |
| date_published | 2023-02-03T00:00:00Z |
| source | MITRE |
| title | clip |
Red Canary Silver Sparrow Feb2021
Tony Lambert. (2021, February 18). Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight. Retrieved April 20, 2021.
Internal MISP references
UUID f08a856d-6c3e-49e2-b7ba-399831c637e5 which can be used as unique global reference for Red Canary Silver Sparrow Feb2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-20T00:00:00Z |
| date_published | 2021-02-18T00:00:00Z |
| source | MITRE |
| title | Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight |
CL_LoadAssembly.ps1 - LOLBAS Project
LOLBAS. (2021, September 26). CL_LoadAssembly.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 31a14027-1181-49b9-87bf-78a65a551312 which can be used as unique global reference for CL_LoadAssembly.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CL_LoadAssembly.ps1 |
CL_Mutexverifiers.ps1 - LOLBAS Project
LOLBAS. (2018, May 25). CL_Mutexverifiers.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 75b89502-21ed-4920-95cc-212eaf17f281 which can be used as unique global reference for CL_Mutexverifiers.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CL_Mutexverifiers.ps1 |
Cybereason Clop Dec 2020
Cybereason Nocturnus. (2020, December 23). Cybereason vs. Clop Ransomware. Retrieved May 11, 2021.
Internal MISP references
UUID f54d682d-100e-41bb-96be-6a79ea422066 which can be used as unique global reference for Cybereason Clop Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-11T00:00:00Z |
| source | MITRE |
| title | Clop Ransomware |
Mcafee Clop Aug 2019
Mundo, A. (2019, August 1). Clop Ransomware. Retrieved May 10, 2021.
Internal MISP references
UUID 458141bd-7dd2-41fd-82e8-7ea2e4a477ab which can be used as unique global reference for Mcafee Clop Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-10T00:00:00Z |
| date_published | 2019-08-01T00:00:00Z |
| source | MITRE |
| title | Clop Ransomware |
Kaspersky Cloud Atlas December 2014
GReAT. (2014, December 10). Cloud Atlas: RedOctober APT is back in style. Retrieved May 8, 2020.
Internal MISP references
UUID 41a9b3e3-0953-4bde-9e1d-c2f51de1120e which can be used as unique global reference for Kaspersky Cloud Atlas December 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-08T00:00:00Z |
| date_published | 2014-12-10T00:00:00Z |
| source | MITRE |
| title | Cloud Atlas: RedOctober APT is back in style |
Rhino Labs Cloud Backdoor September 2019
Rhino Labs. (2019, September). Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.
Internal MISP references
UUID ac31b781-dbe4-49c2-b7af-dfb23d435ce8 which can be used as unique global reference for Rhino Labs Cloud Backdoor September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| date_published | 2019-09-01T00:00:00Z |
| source | MITRE |
| title | Cloud Container Attack Tool (CCAT) |
Google Cloud Storage
Google. (n.d.). Cloud Storage. Retrieved October 13, 2021.
Internal MISP references
UUID 5fe51b4e-9b82-4e97-bb65-73708349538a which can be used as unique global reference for Google Cloud Storage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Cloud Storage |
Office 265 Azure Domain Availability
Microsoft. (2017, January 23). (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure. Retrieved May 27, 2022.
Internal MISP references
UUID dddf33ea-d074-4bc4-98d2-39b7e843e37d which can be used as unique global reference for Office 265 Azure Domain Availability in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2017-01-23T00:00:00Z |
| source | MITRE |
| title | (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure |
Mandiant Cloudy Logs 2023
Pany, D. & Hanley, C. (2023, May 3). Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations. Retrieved October 16, 2023.
Internal MISP references
UUID a9835fe9-8227-5310-a728-1d09f19342b3 which can be used as unique global reference for Mandiant Cloudy Logs 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-16T00:00:00Z |
| date_published | 2023-05-03T00:00:00Z |
| source | MITRE |
| title | Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations |
win_clsid_key
Microsoft. (2018, May 31). CLSID Key. Retrieved September 24, 2021.
Internal MISP references
UUID 239bb629-2733-4da3-87c2-47a7ab55433f which can be used as unique global reference for win_clsid_key in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-24T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | CLSID Key |
Kube Cluster Admin
kubernetes. (2021, January 16). Cluster Administration. Retrieved October 13, 2021.
Internal MISP references
UUID 6c5f2465-1db3-46cc-8d2a-9763c21aa8cc which can be used as unique global reference for Kube Cluster Admin in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| date_published | 2021-01-16T00:00:00Z |
| source | MITRE |
| title | Cluster Administration |
Kube Cluster Info
kubernetes. (n.d.). cluster-info. Retrieved October 13, 2021.
Internal MISP references
UUID 0f8b5d79-2393-45a2-b6d4-df394e513e39 which can be used as unique global reference for Kube Cluster Info in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | cluster-info |
TechNet Cmd
Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.
Internal MISP references
UUID dbfc01fe-c300-4c27-ab9a-a20508c1e04b which can be used as unique global reference for TechNet Cmd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-18T00:00:00Z |
| source | MITRE |
| title | Cmd |
Cmd.exe - LOLBAS Project
LOLBAS. (2019, June 26). Cmd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 887aa9af-3f0e-42bb-8c40-39149f34b922 which can be used as unique global reference for Cmd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-06-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cmd.exe |
Cmdkey.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cmdkey.exe. Retrieved December 4, 2023.
Internal MISP references
UUID c9ca075a-8327-463d-96ec-adddf6f1a7bb which can be used as unique global reference for Cmdkey.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cmdkey.exe |
cmdl32.exe - LOLBAS Project
LOLBAS. (2021, August 26). cmdl32.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2628e452-caa1-4058-a405-7c4657fa3245 which can be used as unique global reference for cmdl32.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | cmdl32.exe |
Cmstp.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cmstp.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 86c21dcd-464a-4870-8aae-25fcaccc889d which can be used as unique global reference for Cmstp.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cmstp.exe |
Twitter CMSTP Jan 2018
Tyrer, N. (2018, January 30). CMSTP.exe - remote .sct execution applocker bypass. Retrieved April 11, 2018.
Internal MISP references
UUID 3847149c-1463-4d94-be19-0a8cf1db0b58 which can be used as unique global reference for Twitter CMSTP Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-01-30T00:00:00Z |
| source | MITRE |
| title | CMSTP.exe - remote .sct execution applocker bypass |
Secureworks COBALT DICKENS September 2019
Counter Threat Unit Research Team. (2019, September 11). COBALT DICKENS Goes Back to School…Again. Retrieved February 3, 2021.
Internal MISP references
UUID 45815e4d-d678-4823-8315-583893e263e6 which can be used as unique global reference for Secureworks COBALT DICKENS September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-03T00:00:00Z |
| date_published | 2019-09-11T00:00:00Z |
| source | MITRE |
| title | COBALT DICKENS Goes Back to School…Again |
Morphisec Cobalt Gang Oct 2018
Gorelik, M. (2018, October 08). Cobalt Group 2.0. Retrieved November 5, 2018.
Internal MISP references
UUID 0a0bdd4b-a680-4a38-967d-3ad92f04d619 which can be used as unique global reference for Morphisec Cobalt Gang Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2018-10-08T00:00:00Z |
| source | MITRE |
| title | Cobalt Group 2.0 |
Secureworks COBALT GYPSY Threat Profile
Secureworks. (n.d.). COBALT GYPSY Threat Profile. Retrieved April 14, 2021.
Internal MISP references
UUID f1c21834-7536-430b-8539-e68373718b4d which can be used as unique global reference for Secureworks COBALT GYPSY Threat Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| source | MITRE |
| title | COBALT GYPSY Threat Profile |
Secureworks COBALT ILLUSION Threat Profile
Secureworks. (n.d.). COBALT ILLUSION Threat Profile. Retrieved April 14, 2021.
Internal MISP references
UUID 8d9a5b77-2516-4ad5-9710-4c8165df2882 which can be used as unique global reference for Secureworks COBALT ILLUSION Threat Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| source | MITRE |
| title | COBALT ILLUSION Threat Profile |
PTSecurity Cobalt Dec 2016
Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018.
Internal MISP references
UUID 2de4d38f-c99d-4149-89e6-0349a4902aa2 which can be used as unique global reference for PTSecurity Cobalt Dec 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-09T00:00:00Z |
| date_published | 2016-12-16T00:00:00Z |
| source | MITRE |
| title | Cobalt Snatch |
CobaltStrike Daddy May 2017
Mudge, R. (2017, May 23). Cobalt Strike 3.8 – Who’s Your Daddy?. Retrieved June 4, 2019.
Internal MISP references
UUID 056ef3cd-885d-41d6-9547-a2a575b03662 which can be used as unique global reference for CobaltStrike Daddy May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2017-05-23T00:00:00Z |
| source | MITRE |
| title | Cobalt Strike 3.8 – Who’s Your Daddy? |
Cobalt Strike Manual 4.3 November 2020
Strategic Cyber LLC. (2020, November 5). Cobalt Strike: Advanced Threat Tactics for Penetration Testers. Retrieved April 13, 2021.
Internal MISP references
UUID eb7abdb2-b270-46ae-a950-5a93d09b3565 which can be used as unique global reference for Cobalt Strike Manual 4.3 November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2020-11-05T00:00:00Z |
| source | MITRE |
| title | Cobalt Strike: Advanced Threat Tactics for Penetration Testers |
cobaltstrike manual
Strategic Cyber LLC. (2017, March 14). Cobalt Strike Manual. Retrieved May 24, 2017.
Internal MISP references
UUID 43277d05-0aa4-4cee-ac41-6f03a49851a9 which can be used as unique global reference for cobaltstrike manual in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-24T00:00:00Z |
| date_published | 2017-03-14T00:00:00Z |
| source | MITRE |
| title | Cobalt Strike Manual |
TrendMicro Cobalt Group Nov 2017
Giagone, R., Bermejo, L., and Yarochkin, F. (2017, November 20). Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks. Retrieved March 7, 2019.
Internal MISP references
UUID 81847e06-fea0-4d90-8a9e-5bc99a2bf3f0 which can be used as unique global reference for TrendMicro Cobalt Group Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-07T00:00:00Z |
| date_published | 2017-11-20T00:00:00Z |
| source | MITRE |
| title | Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks |
PTSecurity Cobalt Group Aug 2017
Positive Technologies. (2017, August 16). Cobalt Strikes Back: An Evolving Multinational Threat to Finance. Retrieved September 5, 2018.
Internal MISP references
UUID f4ce1b4d-4f01-4083-8bc6-931cbac9ac38 which can be used as unique global reference for PTSecurity Cobalt Group Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-05T00:00:00Z |
| date_published | 2017-08-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Cobalt Strikes Back: An Evolving Multinational Threat to Finance |
Zscaler Cobian Aug 2017
Yadav, A., et al. (2017, August 31). Cobian RAT – A backdoored RAT. Retrieved November 13, 2018.
Internal MISP references
UUID 46541bb9-15cb-4a7c-a624-48a1c7e838e3 which can be used as unique global reference for Zscaler Cobian Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2017-08-31T00:00:00Z |
| source | MITRE |
| title | Cobian RAT – A backdoored RAT |
MACOS Cocoa
Apple. (2015, September 16). Cocoa Application Layer. Retrieved June 25, 2020.
Internal MISP references
UUID 6ada4c6a-23dc-4469-a3a1-1d3b4935db97 which can be used as unique global reference for MACOS Cocoa in MISP communities and other software using the MISP galaxy
External references
- https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/OSX_Technology_Overview/CocoaApplicationLayer/CocoaApplicationLayer.html#//apple_ref/doc/uid/TP40001067-CH274-SW1
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2015-09-16T00:00:00Z |
| source | MITRE |
| title | Cocoa Application Layer |
code.exe - LOLBAS Project
LOLBAS. (2023, February 1). code.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4a93063b-f3a3-4726-870d-b8f744651363 which can be used as unique global reference for code.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-02-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | code.exe |
Dark Reading Code Spaces Cyber Attack
Brian Prince. (2014, June 20). Code Hosting Service Shuts Down After Cyber Attack. Retrieved March 21, 2023.
Internal MISP references
UUID e5a3028a-f4cc-537c-9ddd-769792ab33be which can be used as unique global reference for Dark Reading Code Spaces Cyber Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-21T00:00:00Z |
| date_published | 2014-06-20T00:00:00Z |
| source | MITRE |
| title | Code Hosting Service Shuts Down After Cyber Attack |
Medium Ptrace JUL 2018
Jain, S. (2018, July 25). Code injection in running process using ptrace. Retrieved February 21, 2020.
Internal MISP references
UUID 6dbfe4b5-9430-431b-927e-e8e775874cd9 which can be used as unique global reference for Medium Ptrace JUL 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2018-07-25T00:00:00Z |
| source | MITRE |
| title | Code injection in running process using ptrace |
Wikipedia Code Signing
Wikipedia. (2015, November 10). Code Signing. Retrieved March 31, 2016.
Internal MISP references
UUID 363e860d-e14c-4fcd-985f-f76353018908 which can be used as unique global reference for Wikipedia Code Signing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-31T00:00:00Z |
| date_published | 2015-11-10T00:00:00Z |
| source | MITRE |
| title | Code Signing |
SpectorOps Code Signing Dec 2017
Graeber, M. (2017, December 22). Code Signing Certificate Cloning Attacks and Defenses. Retrieved April 3, 2018.
Internal MISP references
UUID 3efc5ae9-c63a-4a07-bbbd-d7324acdbaf5 which can be used as unique global reference for SpectorOps Code Signing Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-12-22T00:00:00Z |
| source | MITRE |
| title | Code Signing Certificate Cloning Attacks and Defenses |
CoinLoader: A Sophisticated Malware Loader Campaign
Avira. (2019, November 28). CoinLoader: A Sophisticated Malware Loader Campaign. Retrieved June 5, 2023.
Internal MISP references
UUID 83469ab3-0199-5679-aa25-7b6885019552 which can be used as unique global reference for CoinLoader: A Sophisticated Malware Loader Campaign in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-05T00:00:00Z |
| date_published | 2019-11-28T00:00:00Z |
| source | MITRE |
| title | CoinLoader: A Sophisticated Malware Loader Campaign |
NYT-Colonial
Nicole Perlroth. (2021, May 13). Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.. Retrieved August 18, 2023.
Internal MISP references
UUID 58900911-ab4b-5157-968c-67fa69cc122d which can be used as unique global reference for NYT-Colonial in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2021-05-13T00:00:00Z |
| source | MITRE |
| title | Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers. |
Colorcpl.exe - LOLBAS Project
LOLBAS. (2023, June 26). Colorcpl.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 53ff662d-a0b3-41bd-ab9e-a9bb8bbdea25 which can be used as unique global reference for Colorcpl.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-06-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Colorcpl.exe |
sentinelone shlayer to zshlayer
Phil Stokes. (2020, September 8). Coming Out of Your Shell: From Shlayer to ZShlayer. Retrieved September 13, 2021.
Internal MISP references
UUID 17277b12-af29-475a-bc9a-0731bbe0bae2 which can be used as unique global reference for sentinelone shlayer to zshlayer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2020-09-08T00:00:00Z |
| source | MITRE |
| title | Coming Out of Your Shell: From Shlayer to ZShlayer |
University of Birmingham C2
Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.
Internal MISP references
UUID 113ce14e-147f-4a86-8b83-7b49b43a4e88 which can be used as unique global reference for University of Birmingham C2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| date_published | 2014-02-01T00:00:00Z |
| source | MITRE |
| title | Command & Control Understanding, Denying and Detecting |
Microsoft Command-line Logging
Mathers, B. (2017, March 7). Command line process auditing. Retrieved April 21, 2017.
Internal MISP references
UUID 4a58170b-906c-4df4-ad1e-0e5bc15366fa which can be used as unique global reference for Microsoft Command-line Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-21T00:00:00Z |
| date_published | 2017-03-07T00:00:00Z |
| source | MITRE |
| title | Command line process auditing |
Microsoft Netdom Trust Sept 2012
Microsoft. (2012, September 11). Command-Line Reference - Netdom Trust. Retrieved November 30, 2017.
Internal MISP references
UUID 380dc9fe-d490-4914-9595-05d765b27a85 which can be used as unique global reference for Microsoft Netdom Trust Sept 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| date_published | 2012-09-11T00:00:00Z |
| source | MITRE |
| title | Command-Line Reference - Netdom Trust |
Microsoft msxsl.exe
Microsoft. (n.d.). Command Line Transformation Utility (msxsl.exe). Retrieved July 3, 2018.
Internal MISP references
UUID a25d664c-d109-466f-9b6a-7e9ea8c57895 which can be used as unique global reference for Microsoft msxsl.exe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| source | MITRE |
| title | Command Line Transformation Utility (msxsl.exe) |
Kettle CSV DDE Aug 2014
Kettle, J. (2014, August 29). Comma Separated Vulnerabilities. Retrieved November 22, 2017.
Internal MISP references
UUID 2badfb63-19a3-4829-bbb5-7c3dfab877d5 which can be used as unique global reference for Kettle CSV DDE Aug 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| date_published | 2014-08-29T00:00:00Z |
| source | MITRE |
| title | Comma Separated Vulnerabilities |
Microsoft CLR Integration 2017
Microsoft. (2017, June 19). Common Language Runtime Integration. Retrieved July 8, 2019.
Internal MISP references
UUID 83fc7522-5eb1-4710-8391-090389948686 which can be used as unique global reference for Microsoft CLR Integration 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-08T00:00:00Z |
| date_published | 2017-06-19T00:00:00Z |
| source | MITRE |
| title | Common Language Runtime Integration |
Palo Alto Comnie
Grunzweig, J. (2018, January 31). Comnie Continues to Target Organizations in East Asia. Retrieved June 7, 2018.
Internal MISP references
UUID ff3cc105-2798-45de-8561-983bf57eb9d9 which can be used as unique global reference for Palo Alto Comnie in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-07T00:00:00Z |
| date_published | 2018-01-31T00:00:00Z |
| source | MITRE |
| title | Comnie Continues to Target Organizations in East Asia |
GDATA COM Hijacking
G DATA. (2014, October). COM Object hijacking: the discreet way of persistence. Retrieved August 13, 2016.
Internal MISP references
UUID 98e88505-b916-430d-aef6-616ba7ddd88e which can be used as unique global reference for GDATA COM Hijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-13T00:00:00Z |
| date_published | 2014-10-01T00:00:00Z |
| source | MITRE |
| title | COM Object hijacking: the discreet way of persistence |
AP-NotPetya
FRANK BAJAK AND RAPHAEL SATTER. (2017, June 30). Companies still hobbled from fearsome cyberattack. Retrieved August 18, 2023.
Internal MISP references
UUID 7f1af58a-33fd-538f-b092-789a8776780c which can be used as unique global reference for AP-NotPetya in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2017-06-30T00:00:00Z |
| source | MITRE |
| title | Companies still hobbled from fearsome cyberattack |
Microsoft COM
Microsoft. (n.d.). Component Object Model (COM). Retrieved November 22, 2017.
Internal MISP references
UUID edcd917d-ca5b-4e5c-b3be-118e828abe97 which can be used as unique global reference for Microsoft COM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | Component Object Model (COM) |
Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022
Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials: Case Studies From the Wild. Retrieved March 9, 2023.
Internal MISP references
UUID af755ba2-97c2-5152-ab00-2e24740f69f3 which can be used as unique global reference for Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-09T00:00:00Z |
| date_published | 2022-12-08T00:00:00Z |
| source | MITRE |
| title | Compromised Cloud Compute Credentials: Case Studies From the Wild |
US-CERT Alert TA15-314A Web Shells
US-CERT. (2015, November 13). Compromised Web Servers and Web Shells - Threat Awareness and Guidance. Retrieved June 8, 2016.
Internal MISP references
UUID 61ceb0c4-62f6-46cd-b42b-5736c869421f which can be used as unique global reference for US-CERT Alert TA15-314A Web Shells in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-08T00:00:00Z |
| date_published | 2015-11-13T00:00:00Z |
| source | MITRE |
| title | Compromised Web Servers and Web Shells - Threat Awareness and Guidance |
Comsvcs.dll - LOLBAS Project
LOLBAS. (2019, August 30). Comsvcs.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 2eb2756d-5a49-4df3-9e2f-104c41c645cd which can be used as unique global reference for Comsvcs.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-08-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Comsvcs.dll |
Condi-Botnet-binaries
Joie Salvio and Roy Tay. (2023, June 20). Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389. Retrieved September 5, 2023.
Internal MISP references
UUID a92b0d6c-b3e8-56a4-b1b4-1d117e59db84 which can be used as unique global reference for Condi-Botnet-binaries in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-05T00:00:00Z |
| date_published | 2023-06-20T00:00:00Z |
| source | MITRE |
| title | Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389 |
Microsoft Common Conditional Access Policies
Microsoft. (2022, December 14). Conditional Access templates. Retrieved February 21, 2023.
Internal MISP references
UUID 9ed9870b-d09a-511d-96f9-4956f26d46bf which can be used as unique global reference for Microsoft Common Conditional Access Policies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-12-14T00:00:00Z |
| source | MITRE |
| title | Conditional Access templates |
Trend Micro Conficker
Trend Micro. (2014, March 18). Conficker. Retrieved February 18, 2021.
Internal MISP references
UUID 62cf7f3a-9011-45eb-a7d9-91c76a2177e9 which can be used as unique global reference for Trend Micro Conficker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-18T00:00:00Z |
| date_published | 2014-03-18T00:00:00Z |
| source | MITRE |
| title | Conficker |
ConfigSecurityPolicy.exe - LOLBAS Project
LOLBAS. (2020, September 4). ConfigSecurityPolicy.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 30b8a5d8-596c-4ab3-b3db-b799cc8923e1 which can be used as unique global reference for ConfigSecurityPolicy.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-09-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ConfigSecurityPolicy.exe |
Microsoft SAML Token Lifetimes
Microsoft. (2020, December 14). Configurable token lifetimes in Microsoft Identity Platform. Retrieved December 22, 2020.
Internal MISP references
UUID 8b810f7c-1f26-420b-9014-732f1469f145 which can be used as unique global reference for Microsoft SAML Token Lifetimes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-22T00:00:00Z |
| date_published | 2020-12-14T00:00:00Z |
| source | MITRE |
| title | Configurable token lifetimes in Microsoft Identity Platform |
Apple Developer Configuration Profile
Apple. (2019, May 3). Configuration Profile Reference. Retrieved September 23, 2021.
Internal MISP references
UUID 8453f06d-5007-4e53-a9a2-1c0edb99be3d which can be used as unique global reference for Apple Developer Configuration Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2019-05-03T00:00:00Z |
| source | MITRE |
| title | Configuration Profile Reference |
MDMProfileConfigMacOS
Apple. (2019, May 3). Configuration Profile Reference, Developer. Retrieved April 15, 2022.
Internal MISP references
UUID a7078eee-5478-4a93-9a7e-8db1d020e1da which can be used as unique global reference for MDMProfileConfigMacOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-15T00:00:00Z |
| date_published | 2019-05-03T00:00:00Z |
| source | MITRE |
| title | Configuration Profile Reference, Developer |
Azure Just in Time Access 2023
Microsoft. (2023, August 29). Configure and approve just-in-time access for Azure Managed Applications. Retrieved September 21, 2023.
Internal MISP references
UUID ee35e13f-ca39-5faf-81ae-230d33329a28 which can be used as unique global reference for Azure Just in Time Access 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| date_published | 2023-08-29T00:00:00Z |
| source | MITRE |
| title | Configure and approve just-in-time access for Azure Managed Applications |
capture_embedded_packet_on_software
Cisco. (2022, August 17). Configure and Capture Embedded Packet on Software. Retrieved July 13, 2022.
Internal MISP references
UUID 5d973180-a28a-5c8f-b13a-45d21331700f which can be used as unique global reference for capture_embedded_packet_on_software in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-17T00:00:00Z |
| source | MITRE |
| title | Configure and Capture Embedded Packet on Software |
Kubernetes Security Context
Kubernetes. (n.d.). Configure a Security Context for a Pod or Container. Retrieved March 8, 2023.
Internal MISP references
UUID bd91ec00-95bb-572f-9452-8040ec633e00 which can be used as unique global reference for Kubernetes Security Context in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| source | MITRE |
| title | Configure a Security Context for a Pod or Container |
Microsoft SharePoint Logging
Microsoft. (2017, July 19). Configure audit settings for a site collection. Retrieved April 4, 2018.
Internal MISP references
UUID 9a6a08c0-94f2-4dbc-a0b3-01d5234e7753 which can be used as unique global reference for Microsoft SharePoint Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-04T00:00:00Z |
| date_published | 2017-07-19T00:00:00Z |
| source | MITRE |
| title | Configure audit settings for a site collection |
TechNet RDP NLA
Microsoft. (n.d.). Configure Network Level Authentication for Remote Desktop Services Connections. Retrieved June 6, 2016.
Internal MISP references
UUID 39e28cae-a35a-4cf2-a281-c35f4ebd16ba which can be used as unique global reference for TechNet RDP NLA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-06T00:00:00Z |
| source | MITRE |
| title | Configure Network Level Authentication for Remote Desktop Services Connections |
Microsoft Security Alerts for Azure AD Roles
Microsoft. (2022, November 14). Configure security alerts for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.
Internal MISP references
UUID 7bde8cd2-6c10-5342-9a4b-a45e84a861b6 which can be used as unique global reference for Microsoft Security Alerts for Azure AD Roles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-11-14T00:00:00Z |
| source | MITRE |
| title | Configure security alerts for Azure AD roles in Privileged Identity Management |
Kubernetes Service Accounts
Kubernetes. (2022, February 26). Configure Service Accounts for Pods. Retrieved April 1, 2022.
Internal MISP references
UUID a74ffa28-8a2e-4bfd-bc66-969b463bebd9 which can be used as unique global reference for Kubernetes Service Accounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2022-02-26T00:00:00Z |
| source | MITRE |
| title | Configure Service Accounts for Pods |
Windows RDP Sessions
Microsoft. (n.d.). Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions. Retrieved December 11, 2017.
Internal MISP references
UUID ccd0d241-4ff7-4a15-b2b4-06945980c6bf which can be used as unique global reference for Windows RDP Sessions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-11T00:00:00Z |
| source | MITRE |
| title | Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions |
Microsoft LSA Protection Mar 2014
Microsoft. (2014, March 12). Configuring Additional LSA Protection. Retrieved November 27, 2017.
Internal MISP references
UUID da3f1d7d-188f-4500-9bc6-3299ba043b5c which can be used as unique global reference for Microsoft LSA Protection Mar 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| date_published | 2014-03-12T00:00:00Z |
| source | MITRE |
| title | Configuring Additional LSA Protection |
Microsoft Configure LSA
Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved June 24, 2015.
Internal MISP references
UUID 4adfc72b-cd32-46a6-bdf4-a4c2c6cffa73 which can be used as unique global reference for Microsoft Configure LSA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-06-24T00:00:00Z |
| date_published | 2013-07-31T00:00:00Z |
| source | MITRE |
| title | Configuring Additional LSA Protection |
Microsoft LSA
Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved February 13, 2015.
Internal MISP references
UUID 3ad49746-4e42-4663-a49e-ae64152b9463 which can be used as unique global reference for Microsoft LSA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-02-13T00:00:00Z |
| date_published | 2013-07-31T00:00:00Z |
| source | MITRE |
| title | Configuring Additional LSA Protection |
Configuring Data Access audit logs
Google. (n.d.). Configuring Data Access audit logs. Retrieved October 16, 2020.
Internal MISP references
UUID bd310606-f472-4eda-a696-50a3a25f07b3 which can be used as unique global reference for Configuring Data Access audit logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| source | MITRE |
| title | Configuring Data Access audit logs |
Microsoft SID Filtering Quarantining Jan 2009
Microsoft. (n.d.). Configuring SID Filter Quarantining on External Trusts. Retrieved November 30, 2017.
Internal MISP references
UUID 134169f1-7bd3-4d04-81a8-f01e1407a4b6 which can be used as unique global reference for Microsoft SID Filtering Quarantining Jan 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Configuring SID Filter Quarantining on External Trusts |
TechRepublic Wireless GPO FEB 2009
Schauland, D. (2009, February 24). Configuring Wireless settings via Group Policy. Retrieved July 26, 2018.
Internal MISP references
UUID b62415f8-76bd-4585-ae81-a4d04ccfc703 which can be used as unique global reference for TechRepublic Wireless GPO FEB 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-26T00:00:00Z |
| date_published | 2009-02-24T00:00:00Z |
| source | MITRE |
| title | Configuring Wireless settings via Group Policy |
ZDNet Dtrack
Catalin Cimpanu. (2019, October 30). Confirmed: North Korean malware found on Indian nuclear plant's network. Retrieved January 20, 2021.
Internal MISP references
UUID 6e6e02da-b805-47d7-b410-343a1b5da042 which can be used as unique global reference for ZDNet Dtrack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-20T00:00:00Z |
| date_published | 2019-10-30T00:00:00Z |
| source | MITRE |
| title | Confirmed: North Korean malware found on Indian nuclear plant's network |
Uptycs Confucius APT Jan 2021
Uptycs Threat Research Team. (2021, January 12). Confucius APT deploys Warzone RAT. Retrieved December 17, 2021.
Internal MISP references
UUID d74f2c25-cd53-4587-b087-7ba0b8427dc4 which can be used as unique global reference for Uptycs Confucius APT Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-17T00:00:00Z |
| date_published | 2021-01-12T00:00:00Z |
| source | MITRE |
| title | Confucius APT deploys Warzone RAT |
TrendMicro Confucius APT Aug 2021
Lunghi, D. (2021, August 17). Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military. Retrieved December 26, 2021.
Internal MISP references
UUID 5c16aae9-d253-463b-8bbc-f14402ce77e4 which can be used as unique global reference for TrendMicro Confucius APT Aug 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-26T00:00:00Z |
| date_published | 2021-08-17T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military |
Conhost.exe - LOLBAS Project
LOLBAS. (2022, April 5). Conhost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5ed807c1-15d1-48aa-b497-8cd74fe5b299 which can be used as unique global reference for Conhost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-04-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Conhost.exe |
EC2 Instance Connect
AWS. (2023, June 2). Connect using EC2 Instance Connect. Retrieved June 2, 2023.
Internal MISP references
UUID deefa5b7-5a28-524c-b500-bc5574aa9920 which can be used as unique global reference for EC2 Instance Connect in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-02T00:00:00Z |
| date_published | 2023-06-02T00:00:00Z |
| source | MITRE |
| title | Connect using EC2 Instance Connect |
Docker Docs Container
docker docs. (n.d.). Containers. Retrieved October 13, 2021.
Internal MISP references
UUID 3475b705-3ab8-401d-bee6-e187c43ad3c2 which can be used as unique global reference for Docker Docs Container in MISP communities and other software using the MISP galaxy
External references
- https://docs.docker.com/engine/api/v1.41/#tag/Container
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Containers |
DigitalShadows CDN
Swisscom & Digital Shadows. (2017, September 6). Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It. Retrieved October 20, 2020.
Internal MISP references
UUID 183a070f-6c8c-46e3-915b-6edc58bb5e91 which can be used as unique global reference for DigitalShadows CDN in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2017-09-06T00:00:00Z |
| source | MITRE |
| title | Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It |
Content trust in Azure Container Registry
Microsoft. (2019, September 5). Content trust in Azure Container Registry. Retrieved October 16, 2019.
Internal MISP references
UUID fcd211a1-ac81-4ebc-b395-c8fa2a4d614a which can be used as unique global reference for Content trust in Azure Container Registry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-16T00:00:00Z |
| date_published | 2019-09-05T00:00:00Z |
| source | MITRE |
| title | Content trust in Azure Container Registry |
Content trust in Docker
Docker. (2019, October 10). Content trust in Docker. Retrieved October 16, 2019.
Internal MISP references
UUID 57691166-5a22-44a0-8724-6b3b19658c3b which can be used as unique global reference for Content trust in Docker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-16T00:00:00Z |
| date_published | 2019-10-10T00:00:00Z |
| source | MITRE |
| title | Content trust in Docker |
Arctic Wolf Conti Akira July 26 2023
Steven Campbell, Akshay Suthar, Connor Belfiore, Arctic Wolf Labs Team. (2023, July 26). Conti and Akira: Chained Together. Retrieved March 13, 2024.
Internal MISP references
UUID 72e1b75b-edf7-45b0-9c14-14776a146d0e which can be used as unique global reference for Arctic Wolf Conti Akira July 26 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-13T00:00:00Z |
| date_published | 2023-07-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Conti and Akira: Chained Together |
DFIR Conti Bazar Nov 2021
DFIR Report. (2021, November 29). CONTInuing the Bazar Ransomware Story. Retrieved September 29, 2022.
Internal MISP references
UUID a6f1a15d-448b-41d4-81f0-ee445cba83bd which can be used as unique global reference for DFIR Conti Bazar Nov 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-29T00:00:00Z |
| date_published | 2021-11-29T00:00:00Z |
| source | MITRE |
| title | CONTInuing the Bazar Ransomware Story |
Cybereason Conti Jan 2021
Rochberger, L. (2021, January 12). Cybereason vs. Conti Ransomware. Retrieved February 17, 2021.
Internal MISP references
UUID 3c0e82a2-41ab-4e63-ac10-bd691c786234 which can be used as unique global reference for Cybereason Conti Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-17T00:00:00Z |
| source | MITRE |
| title | Conti Ransomware |
Cybleinc Conti January 2020
Cybleinc. (2021, January 21). Conti Ransomware Resurfaces, Targeting Government & Large Organizations. Retrieved April 13, 2021.
Internal MISP references
UUID 5ef0ad9d-f34d-4771-a595-7ee4994f6c91 which can be used as unique global reference for Cybleinc Conti January 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2021-01-21T00:00:00Z |
| source | MITRE |
| title | Conti Ransomware Resurfaces, Targeting Government & Large Organizations |
Control.exe - LOLBAS Project
LOLBAS. (2018, May 25). Control.exe. Retrieved December 4, 2023.
Internal MISP references
UUID d0c821b9-7d37-4158-89fa-0dabe6e06800 which can be used as unique global reference for Control.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Control.exe |
Wikipedia Control Flow Integrity
Wikipedia. (2018, January 11). Control-flow integrity. Retrieved March 12, 2018.
Internal MISP references
UUID a9b2f525-d812-4dea-b4a6-c0d057d5f071 which can be used as unique global reference for Wikipedia Control Flow Integrity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-12T00:00:00Z |
| date_published | 2018-01-11T00:00:00Z |
| source | MITRE |
| title | Control-flow integrity |
Kubernetes API Control Access
The Kubernetes Authors. (n.d.). Controlling Access to The Kubernetes API. Retrieved March 29, 2021.
Internal MISP references
UUID fd4577b6-0085-44c0-b4c3-4d66dcb39fe7 which can be used as unique global reference for Kubernetes API Control Access in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Controlling Access to The Kubernetes API |
TrendMicro CPL Malware Dec 2013
Bernardino, J. (2013, December 17). Control Panel Files Used As Malicious Attachments. Retrieved January 18, 2018.
Internal MISP references
UUID fd38f1fd-37e9-4173-b319-3f92c2743055 which can be used as unique global reference for TrendMicro CPL Malware Dec 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-18T00:00:00Z |
| date_published | 2013-12-17T00:00:00Z |
| source | MITRE |
| title | Control Panel Files Used As Malicious Attachments |
GitHub Conveigh
Robertson, K. (2016, August 28). Conveigh. Retrieved November 17, 2017.
Internal MISP references
UUID 4deb8c8e-2da1-4634-bf04-5ccf620a2143 which can be used as unique global reference for GitHub Conveigh in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| date_published | 2016-08-28T00:00:00Z |
| source | MITRE |
| title | Conveigh |
MITRE Copernicus
Butterworth, J. (2013, July 30). Copernicus: Question Your Assumptions about BIOS Security. Retrieved December 11, 2015.
Internal MISP references
UUID 55d139fe-f5e5-4b5e-9123-8133b459ea72 which can be used as unique global reference for MITRE Copernicus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-11T00:00:00Z |
| date_published | 2013-07-30T00:00:00Z |
| source | MITRE |
| title | Copernicus: Question Your Assumptions about BIOS Security |
Secureworks COPPER FIELDSTONE Profile
Secureworks. (n.d.). COPPER FIELDSTONE. Retrieved October 6, 2021.
Internal MISP references
UUID d7f5f154-3638-47c1-8e1e-a30a6504a735 which can be used as unique global reference for Secureworks COPPER FIELDSTONE Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-06T00:00:00Z |
| source | MITRE |
| title | COPPER FIELDSTONE |
TechNet Copy
Microsoft. (n.d.). Copy. Retrieved April 26, 2016.
Internal MISP references
UUID 4e0d4b94-6b4c-4104-86e6-499b6aa7ba78 which can be used as unique global reference for TechNet Copy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-26T00:00:00Z |
| source | MITRE |
| title | Copy |
copy_cmd_cisco
Cisco. (2022, August 16). copy - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.
Internal MISP references
UUID 88138372-550f-5da5-be5e-b5ba0fe32f64 which can be used as unique global reference for copy_cmd_cisco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | copy - Cisco IOS Configuration Fundamentals Command Reference |
CopyKittens Nov 2015
Minerva Labs LTD and ClearSky Cyber Security. (2015, November 23). CopyKittens Attack Group. Retrieved September 11, 2017.
Internal MISP references
UUID 04e3ce40-5487-4931-98db-f55da83f412e which can be used as unique global reference for CopyKittens Nov 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-11T00:00:00Z |
| date_published | 2015-11-23T00:00:00Z |
| source | MITRE |
| title | CopyKittens Attack Group |
coregen.exe - LOLBAS Project
LOLBAS. (2020, October 9). coregen.exe. Retrieved December 4, 2023.
Internal MISP references
UUID f24d4cf5-9ca9-46bd-bd43-86b37e2a638a which can be used as unique global reference for coregen.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-10-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | coregen.exe |
Apple Core Services
Apple. (n.d.). Core Services. Retrieved June 25, 2020.
Internal MISP references
UUID 0ef05e47-1305-4715-a677-67f1b55b24a3 which can be used as unique global reference for Apple Core Services in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| source | MITRE |
| title | Core Services |
Microsoft STRONTIUM Aug 2019
MSRC Team. (2019, August 5). Corporate IoT – a path to intrusion. Retrieved August 16, 2019.
Internal MISP references
UUID 7efd3c8d-5e69-4b6f-8edb-9186abdf0e1a which can be used as unique global reference for Microsoft STRONTIUM Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-16T00:00:00Z |
| date_published | 2019-08-05T00:00:00Z |
| source | MITRE |
| title | Corporate IoT – a path to intrusion |
Palo Alto ARP
Palo Alto Networks. (2021, November 24). Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe. Retrieved December 7, 2021.
Internal MISP references
UUID 96ce4324-57d2-422b-8403-f5d4f3ce410c which can be used as unique global reference for Palo Alto ARP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-07T00:00:00Z |
| date_published | 2021-11-24T00:00:00Z |
| source | MITRE |
| title | Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe |
F-Secure Cosmicduke
F-Secure Labs. (2014, July). COSMICDUKE Cosmu with a twist of MiniDuke. Retrieved July 3, 2014.
Internal MISP references
UUID d0d5ecbe-1051-4ceb-b558-b8b451178358 which can be used as unique global reference for F-Secure Cosmicduke in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-07-03T00:00:00Z |
| date_published | 2014-07-01T00:00:00Z |
| source | MITRE |
| title | COSMICDUKE Cosmu with a twist of MiniDuke |
Costin Raiu IAmTheKing October 2020
Costin Raiu. (2020, October 2). Costin Raiu Twitter IAmTheKing SlothfulMedia. Retrieved November 16, 2020.
Internal MISP references
UUID 2be88843-ed3a-460e-87c1-85aa50e827c8 which can be used as unique global reference for Costin Raiu IAmTheKing October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-16T00:00:00Z |
| date_published | 2020-10-02T00:00:00Z |
| source | MITRE |
| title | Costin Raiu Twitter IAmTheKing SlothfulMedia |
Google Iran Threats October 2021
Bash, A. (2021, October 14). Countering threats from Iran. Retrieved January 4, 2023.
Internal MISP references
UUID 6d568141-eb54-5001-b880-ae8ac1156746 which can be used as unique global reference for Google Iran Threats October 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-04T00:00:00Z |
| date_published | 2021-10-14T00:00:00Z |
| source | MITRE |
| title | Countering threats from Iran |
Cisco DNSMessenger March 2017
Brumaghin, E. and Grady, C.. (2017, March 2). Covert Channels and Poor Decisions: The Tale of DNSMessenger. Retrieved March 8, 2017.
Internal MISP references
UUID 49f22ba2-5aca-4204-858e-c2499a7050ae which can be used as unique global reference for Cisco DNSMessenger March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-08T00:00:00Z |
| date_published | 2017-03-02T00:00:00Z |
| source | MITRE |
| title | Covert Channels and Poor Decisions: The Tale of DNSMessenger |
Juniper IcedID June 2020
Kimayong, P. (2020, June 18). COVID-19 and FMLA Campaigns used to install new IcedID banking malware. Retrieved July 14, 2020.
Internal MISP references
UUID 426886d0-cdf2-4af7-a0e4-366c1b0a1942 which can be used as unique global reference for Juniper IcedID June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-14T00:00:00Z |
| date_published | 2020-06-18T00:00:00Z |
| source | MITRE |
| title | COVID-19 and FMLA Campaigns used to install new IcedID banking malware |
PTSecurity Higaisa 2020
PT ESC Threat Intelligence. (2020, June 4). COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group. Retrieved March 2, 2021.
Internal MISP references
UUID cf8f3d9c-0d21-4587-a707-46848a15bd46 which can be used as unique global reference for PTSecurity Higaisa 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-02T00:00:00Z |
| date_published | 2020-06-04T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group |
F-Secure CozyDuke
F-Secure Labs. (2015, April 22). CozyDuke: Malware Analysis. Retrieved December 10, 2015.
Internal MISP references
UUID 08e1d233-0580-484e-b737-af091e2aa9ea which can be used as unique global reference for F-Secure CozyDuke in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-10T00:00:00Z |
| date_published | 2015-04-22T00:00:00Z |
| source | MITRE |
| title | CozyDuke: Malware Analysis |
TrendMicro CPL Malware Jan 2014
Mercês, F. (2014, January 27). CPL Malware - Malicious Control Panel Items. Retrieved January 18, 2018.
Internal MISP references
UUID 9549f9b6-b771-4500-bd82-426c7abdfd8f which can be used as unique global reference for TrendMicro CPL Malware Jan 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-18T00:00:00Z |
| date_published | 2014-01-27T00:00:00Z |
| source | MITRE |
| title | CPL Malware - Malicious Control Panel Items |
Trend Micro CPL
Merces, F. (2014). CPL Malware Malicious Control Panel Items. Retrieved November 1, 2017.
Internal MISP references
UUID d90a33aa-8f20-49cb-aa27-771249cb65eb which can be used as unique global reference for Trend Micro CPL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-01T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | CPL Malware Malicious Control Panel Items |
SANS Brute Ratel October 2022
Thomas, W. (2022, October 5). Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground. Retrieved February 6, 2023.
Internal MISP references
UUID 9544e762-6f72-59e7-8384-5bbef13bfe96 which can be used as unique global reference for SANS Brute Ratel October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-06T00:00:00Z |
| date_published | 2022-10-05T00:00:00Z |
| source | MITRE |
| title | Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground |
Stealthbits Cracking AS-REP Roasting Jun 2019
Jeff Warren. (2019, June 27). Cracking Active Directory Passwords with AS-REP Roasting. Retrieved August 24, 2020.
Internal MISP references
UUID 3af06034-8384-4de8-9356-e9aaa35b95a2 which can be used as unique global reference for Stealthbits Cracking AS-REP Roasting Jun 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-24T00:00:00Z |
| date_published | 2019-06-27T00:00:00Z |
| source | MITRE |
| title | Cracking Active Directory Passwords with AS-REP Roasting |
AdSecurity Cracking Kerberos Dec 2015
Metcalf, S. (2015, December 31). Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain. Retrieved March 22, 2018.
Internal MISP references
UUID 1b018fc3-515a-4ec4-978f-6d5649ceb0c5 which can be used as unique global reference for AdSecurity Cracking Kerberos Dec 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-22T00:00:00Z |
| date_published | 2015-12-31T00:00:00Z |
| source | MITRE |
| title | Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain |
Dragos Crashoverride 2017
Dragos Inc.. (2017, June 13). CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Retrieved December 18, 2020.
Internal MISP references
UUID c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce which can be used as unique global reference for Dragos Crashoverride 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2017-06-13T00:00:00Z |
| source | MITRE |
| title | CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations |
Unit 42 ATOM Crawling Taurus
Unit 42. (n.d.). Crawling Taurus. Retrieved September 14, 2023.
Internal MISP references
UUID 75098b2c-4928-4e3f-9bcc-b4f6b8de96f8 which can be used as unique global reference for Unit 42 ATOM Crawling Taurus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Crawling Taurus |
Microsoft Image
Microsoft. (2021, August 23). Create a managed image of a generalized VM in Azure. Retrieved October 13, 2021.
Internal MISP references
UUID 5317c625-d0be-45eb-9321-0cc9aa295cc9 which can be used as unique global reference for Microsoft Image in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| date_published | 2021-08-23T00:00:00Z |
| source | MITRE |
| title | Create a managed image of a generalized VM in Azure |
Microsoft Snapshot
Microsoft. (2021, September 16). Create a snapshot of a virtual hard disk. Retrieved October 13, 2021.
Internal MISP references
UUID 693549da-d9b9-4b67-a1bb-c8ea4a099842 which can be used as unique global reference for Microsoft Snapshot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| date_published | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Create a snapshot of a virtual hard disk |
Microsoft Create Token
Brower, N., Lich, B. (2017, April 19). Create a token object. Retrieved December 19, 2017.
Internal MISP references
UUID d36d4f06-007e-4ff0-8660-4c65721d0b92 which can be used as unique global reference for Microsoft Create Token in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | Create a token object |
GCP Create Cloud Identity Users
Google. (n.d.). Create Cloud Identity user accounts. Retrieved January 29, 2020.
Internal MISP references
UUID e91748b2-1432-4203-a1fe-100aa70458d2 which can be used as unique global reference for GCP Create Cloud Identity Users in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-29T00:00:00Z |
| source | MITRE |
| title | Create Cloud Identity user accounts |
Createdump.exe - LOLBAS Project
LOLBAS. (2022, January 20). Createdump.exe. Retrieved December 4, 2023.
Internal MISP references
UUID f3ccacc1-3b42-4042-9a5c-f5b483a5e801 which can be used as unique global reference for Createdump.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Createdump.exe |
Google Cloud Kubernetes IAM
Google Cloud. (n.d.). Create IAM policies. Retrieved July 14, 2023.
Internal MISP references
UUID e8ee3ac6-ae7c-5fd3-a339-b579a419dd96 which can be used as unique global reference for Google Cloud Kubernetes IAM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-14T00:00:00Z |
| source | MITRE |
| title | Create IAM policies |
Microsoft CreateProcess
Microsoft. (n.d.). CreateProcess function. Retrieved December 5, 2014.
Internal MISP references
UUID aa336e3a-464d-48ce-bebb-760b73764610 which can be used as unique global reference for Microsoft CreateProcess in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| source | MITRE |
| title | CreateProcess function |
Microsoft CLI Create Subscription
Microsoft . (n.d.). Create subscription. Retrieved August 4, 2023.
Internal MISP references
UUID 1331b524-7d6f-59d9-a2bd-78ff7b3e371f which can be used as unique global reference for Microsoft CLI Create Subscription in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| source | MITRE |
| title | Create subscription |
create_sym_links
Microsoft. (2021, October 28). Create symbolic links. Retrieved April 27, 2022.
Internal MISP references
UUID 06bfdf8f-8671-47f7-9d0c-baf234c7ae96 which can be used as unique global reference for create_sym_links in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-27T00:00:00Z |
| date_published | 2021-10-28T00:00:00Z |
| source | MITRE |
| title | Create symbolic links |
GCP - Creating and Starting a VM
Google. (2020, April 23). Creating and Starting a VM instance. Retrieved May 1, 2020.
Internal MISP references
UUID c1b87a56-115a-46d7-9117-80442091ac3c which can be used as unique global reference for GCP - Creating and Starting a VM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-01T00:00:00Z |
| date_published | 2020-04-23T00:00:00Z |
| source | MITRE |
| title | Creating and Starting a VM instance |
AWS Create IAM User
AWS. (n.d.). Creating an IAM User in Your AWS Account. Retrieved January 29, 2020.
Internal MISP references
UUID bb474e88-b7bb-4b92-837c-95fe7bdd03f7 which can be used as unique global reference for AWS Create IAM User in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-29T00:00:00Z |
| source | MITRE |
| title | Creating an IAM User in Your AWS Account |
GNU Fork
Free Software Foundation, Inc.. (2020, June 18). Creating a Process. Retrieved June 25, 2020.
Internal MISP references
UUID c46331cb-328a-46e3-89c4-e43fa345d6e8 which can be used as unique global reference for GNU Fork in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2020-06-18T00:00:00Z |
| source | MITRE |
| title | Creating a Process |
AppleDocs Launch Agent Daemons
Apple. (n.d.). Creating Launch Daemons and Agents. Retrieved July 10, 2017.
Internal MISP references
UUID 310d18f8-6f9a-48b7-af12-6b921209d1ab which can be used as unique global reference for AppleDocs Launch Agent Daemons in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-10T00:00:00Z |
| source | MITRE |
| title | Creating Launch Daemons and Agents |
TechNet Logon Scripts
Microsoft. (2005, January 21). Creating logon scripts. Retrieved April 27, 2016.
Internal MISP references
UUID 896cf5dd-3fe7-44ab-bbaf-d8b2b9980dca which can be used as unique global reference for TechNet Logon Scripts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-27T00:00:00Z |
| date_published | 2005-01-21T00:00:00Z |
| source | MITRE |
| title | Creating logon scripts |
Google Cloud Service Account Credentials
Google Cloud. (2022, March 31). Creating short-lived service account credentials. Retrieved April 1, 2022.
Internal MISP references
UUID c4befa09-3c7f-49f3-bfcc-4fcbb7bace22 which can be used as unique global reference for Google Cloud Service Account Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2022-03-31T00:00:00Z |
| source | MITRE |
| title | Creating short-lived service account credentials |
creatingXPCservices
Apple. (2016, September 9). Creating XPC Services. Retrieved April 19, 2022.
Internal MISP references
UUID 029acdee-95d6-47a7-86de-0f6b925cef9c which can be used as unique global reference for creatingXPCservices in MISP communities and other software using the MISP galaxy
External references
- https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html#//apple_ref/doc/uid/10000172i-SW6-SW1
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-19T00:00:00Z |
| date_published | 2016-09-09T00:00:00Z |
| source | MITRE |
| title | Creating XPC Services |
GitHub Creddump7
Flathers, R. (2018, February 19). creddump7. Retrieved April 11, 2018.
Internal MISP references
UUID 276975da-7b5f-49aa-975e-4ac9bc527cf2 which can be used as unique global reference for GitHub Creddump7 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-02-19T00:00:00Z |
| source | MITRE |
| title | creddump7 |
Microsoft Midnight Blizzard Replay Attack
Microsoft Threat Intelligence. (2023, June 21). Credential Attacks. Retrieved September 27, 2023.
Internal MISP references
UUID 5af0008b-0ced-5d1d-bbc9-6c9d60835071 which can be used as unique global reference for Microsoft Midnight Blizzard Replay Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2023-06-21T00:00:00Z |
| source | MITRE |
| title | Credential Attacks |
Anomali Template Injection MAR 2018
Intel_Acquisition_Team. (2018, March 1). Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection. Retrieved July 20, 2018.
Internal MISP references
UUID 3cdeb2a2-9582-4725-a132-6503dbe04e1d which can be used as unique global reference for Anomali Template Injection MAR 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-20T00:00:00Z |
| date_published | 2018-03-01T00:00:00Z |
| source | MITRE |
| title | Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection |
Microsoft Credential Locker
Microsoft. (2013, October 23). Credential Locker Overview. Retrieved November 24, 2020.
Internal MISP references
UUID 77505354-bb08-464c-9176-d0015a62c7c9 which can be used as unique global reference for Microsoft Credential Locker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-24T00:00:00Z |
| date_published | 2013-10-23T00:00:00Z |
| source | MITRE |
| title | Credential Locker Overview |
Microsoft CredEnumerate
Microsoft. (2018, December 5). CredEnumarateA function (wincred.h). Retrieved November 24, 2020.
Internal MISP references
UUID ec3e7b3f-99dd-4f2f-885b-09d66b01fe3e which can be used as unique global reference for Microsoft CredEnumerate in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-24T00:00:00Z |
| date_published | 2018-12-05T00:00:00Z |
| source | MITRE |
| title | CredEnumarateA function (wincred.h) |
TrendmicroHideoutsLease
Max Goncharov. (2015, July 15). Criminal Hideouts for Lease: Bulletproof Hosting Services. Retrieved March 6, 2017.
Internal MISP references
UUID 527de869-3c76-447c-98c4-c37a2acf75e2 which can be used as unique global reference for TrendmicroHideoutsLease in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2015-07-15T00:00:00Z |
| source | MITRE |
| title | Criminal Hideouts for Lease: Bulletproof Hosting Services |
doppelpaymer_crowdstrike
Hurley, S. (2021, December 7). Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes. Retrieved January 26, 2022.
Internal MISP references
UUID 54b5d8af-21f0-4d1c-ada8-b87db85dd742 which can be used as unique global reference for doppelpaymer_crowdstrike in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-26T00:00:00Z |
| date_published | 2021-12-07T00:00:00Z |
| source | MITRE |
| title | Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes |
Critical Vulnerabilities in PaperCut Print Management Software
Team Huntress. (2023, April 21). Critical Vulnerabilities in PaperCut Print Management Software. Retrieved May 8, 2023.
Internal MISP references
UUID 874f40f9-146d-4a52-93fd-9b2e7981b6da which can be used as unique global reference for Critical Vulnerabilities in PaperCut Print Management Software in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-08T00:00:00Z |
| date_published | 2023-04-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Critical Vulnerabilities in PaperCut Print Management Software |
Security Affairs SILENTTRINITY July 2019
Paganini, P. (2019, July 7). Croatia government agencies targeted with news SilentTrinity malware. Retrieved March 23, 2022.
Internal MISP references
UUID b4945fc0-b89b-445c-abfb-14959deba3d0 which can be used as unique global reference for Security Affairs SILENTTRINITY July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-23T00:00:00Z |
| date_published | 2019-07-07T00:00:00Z |
| source | MITRE |
| title | Croatia government agencies targeted with news SilentTrinity malware |
Die.net Linux crontab Man Page
Paul Vixie. (n.d.). crontab(5) - Linux man page. Retrieved December 19, 2017.
Internal MISP references
UUID 0339c2ab-7a08-4976-90eb-1637c23c5644 which can be used as unique global reference for Die.net Linux crontab Man Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| source | MITRE |
| title | crontab(5) - Linux man page |
Symantec Frutas Feb 2013
Bingham, J. (2013, February 11). Cross-Platform Frutas RAT Builder and Back Door. Retrieved April 23, 2019.
Internal MISP references
UUID 8d9f88be-9ddf-485b-9333-7e41704ec64f which can be used as unique global reference for Symantec Frutas Feb 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2013-02-11T00:00:00Z |
| source | MITRE |
| title | Cross-Platform Frutas RAT Builder and Back Door |
Bishop Fox Sliver Framework August 2019
Kervella, R. (2019, August 4). Cross-platform General Purpose Implant Framework Written in Golang. Retrieved July 30, 2021.
Internal MISP references
UUID 51e67e37-2d61-4228-999b-bec6f80cf106 which can be used as unique global reference for Bishop Fox Sliver Framework August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-30T00:00:00Z |
| date_published | 2019-08-04T00:00:00Z |
| source | MITRE |
| title | Cross-platform General Purpose Implant Framework Written in Golang |
Crowdstrike CrowdCast Oct 2013
Crowdstrike. (2013, October 16). CrowdCasts Monthly: You Have an Adversary Problem. Retrieved March 1, 2017.
Internal MISP references
UUID 2062a229-58b3-4610-99cb-8907e7fbb350 which can be used as unique global reference for Crowdstrike CrowdCast Oct 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2013-10-16T00:00:00Z |
| source | MITRE |
| title | CrowdCasts Monthly: You Have an Adversary Problem |
Crowdstrike Global Threat Report Feb 2018
CrowdStrike. (2018, February 26). CrowdStrike 2018 Global Threat Report. Retrieved October 10, 2018.
Internal MISP references
UUID 6c1ace5b-66b2-4c56-9301-822aad2c3c16 which can be used as unique global reference for Crowdstrike Global Threat Report Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-10T00:00:00Z |
| date_published | 2018-02-26T00:00:00Z |
| source | MITRE |
| title | CrowdStrike 2018 Global Threat Report |
CrowdStrike GTR 2021 June 2021
CrowdStrike. (2021, June 7). CrowdStrike 2021 Global Threat Report. Retrieved September 29, 2021.
Internal MISP references
UUID ec58e524-6de5-4cbb-a5d3-984b9b652f26 which can be used as unique global reference for CrowdStrike GTR 2021 June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2021-06-07T00:00:00Z |
| source | MITRE |
| title | CrowdStrike 2021 Global Threat Report |
CrowdStrike Adversary Carbon Spider
CrowdStrike. (2022, June 01). CrowdStrike Adversary Carbon Spider. Retrieved June 01, 2022.
Internal MISP references
UUID 9e28d375-c4a7-405f-9fff-7374c19f3af7 which can be used as unique global reference for CrowdStrike Adversary Carbon Spider in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Carbon Spider |
CrowdStrike Adversary Cozy Bear
CrowdStrike. (2022, May 4). CrowdStrike Adversary Cozy Bear. Retrieved May 4, 2022.
Internal MISP references
UUID 0998ad7a-b4aa-44af-a665-dc58a3a6f800 which can be used as unique global reference for CrowdStrike Adversary Cozy Bear in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-04T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Cozy Bear |
CrowdStrike Labyrinth Chollima Feb 2022
CrowdStrike. (2022, February 1). CrowdStrike Adversary Labyrinth Chollima. Retrieved February 1, 2022.
Internal MISP references
UUID ffe31bbf-a40d-4285-96a0-53c54298a680 which can be used as unique global reference for CrowdStrike Labyrinth Chollima Feb 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-01T00:00:00Z |
| date_published | 2022-02-01T00:00:00Z |
| source | MITRE |
| title | CrowdStrike Adversary Labyrinth Chollima |
CrowdStrike Adversary Ocean Buffalo
CrowdStrike. (2022, June 25). CrowdStrike Adversary Ocean Bufallo. Retrieved June 25, 2022.
Internal MISP references
UUID 466795cb-0269-4d0c-a48c-d71e9dfd9a3c which can be used as unique global reference for CrowdStrike Adversary Ocean Buffalo in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-25T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Ocean Buffalo |
CrowdStrike Adversary Venomous Bear
CrowdStrike. (2022, May 4). CrowdStrike Adversary Venomous Bear. Retrieved May 4, 2022.
Internal MISP references
UUID 8c04f2b8-74ba-44a5-9580-96eabdbbcda9 which can be used as unique global reference for CrowdStrike Adversary Venomous Bear in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-04T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Venomous Bear |
CrowdStrike Adversary Wizard Spider
CrowdStrike. (2022, June 23). CrowdStrike Adversary Wizard Spider. Retrieved June 23, 2022.
Internal MISP references
UUID 05f382c4-5163-49e0-a8a0-cf3a5992ef18 which can be used as unique global reference for CrowdStrike Adversary Wizard Spider in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-23T00:00:00Z |
| source | Tidal Cyber |
| title | CrowdStrike Adversary Wizard Spider |
Crowdstrike DriveSlayer February 2022
Thomas, W. et al. (2022, February 25). CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks. Retrieved March 25, 2022.
Internal MISP references
UUID 4f01e901-58f8-4fdb-ac8c-ef4b6bfd068e which can be used as unique global reference for Crowdstrike DriveSlayer February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-02-25T00:00:00Z |
| source | MITRE |
| title | CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks |
CrowdStrike Putter Panda
Crowdstrike Global Intelligence Team. (2014, June 9). CrowdStrike Intelligence Report: Putter Panda. Retrieved January 22, 2016.
Internal MISP references
UUID 413962d0-bd66-4000-a077-38c2677995d1 which can be used as unique global reference for CrowdStrike Putter Panda in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-22T00:00:00Z |
| date_published | 2014-06-09T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | CrowdStrike Intelligence Report: Putter Panda |
Softpedia MinerC
Cimpanu, C.. (2016, September 9). Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives. Retrieved October 12, 2016.
Internal MISP references
UUID 087b9bf1-bd9e-4cd6-a386-d9d2c812c927 which can be used as unique global reference for Softpedia MinerC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-10-12T00:00:00Z |
| date_published | 2016-09-09T00:00:00Z |
| source | MITRE |
| title | Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives |
Microsoft Cryptojacking 2023
Microsoft Threat Intelligence. (2023, July 25). Cryptojacking: Understanding and defending against cloud compute resource abuse. Retrieved September 5, 2023.
Internal MISP references
UUID e2dbc963-b913-5a44-bb61-88a3f0d8d8a3 which can be used as unique global reference for Microsoft Cryptojacking 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-05T00:00:00Z |
| date_published | 2023-07-25T00:00:00Z |
| source | MITRE |
| title | Cryptojacking: Understanding and defending against cloud compute resource abuse |
Microsoft CryptUnprotectData April 2018
Microsoft. (2018, April 12). CryptUnprotectData function. Retrieved June 18, 2019.
Internal MISP references
UUID 258088ae-96c2-4520-8eb5-1a7e540a9a24 which can be used as unique global reference for Microsoft CryptUnprotectData April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-18T00:00:00Z |
| date_published | 2018-04-12T00:00:00Z |
| source | MITRE |
| title | CryptUnprotectData function |
Csc.exe - LOLBAS Project
LOLBAS. (2018, May 25). Csc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 276c9e55-4673-426d-8f49-06edee2e3b30 which can be used as unique global reference for Csc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Csc.exe |
Cscript.exe - LOLBAS Project
LOLBAS. (2018, May 25). Cscript.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 428b6223-63b7-497f-b13a-e472b4583a9f which can be used as unique global reference for Cscript.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Cscript.exe |
csi.exe - LOLBAS Project
LOLBAS. (2018, May 25). csi.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b810ee91-de4e-4c7b-8fa8-24dca95133e5 which can be used as unique global reference for csi.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | csi.exe |
OWASP CSV Injection
Albinowax Timo Goosen. (n.d.). CSV Injection. Retrieved February 7, 2022.
Internal MISP references
UUID 0cdde66c-a7ae-48a2-8ade-067643de304d which can be used as unique global reference for OWASP CSV Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-07T00:00:00Z |
| source | MITRE |
| title | CSV Injection |
Microsoft Subkey
Microsoft. (n.d.). CurrentControlSet\Services Subkey Entries. Retrieved November 30, 2014.
Internal MISP references
UUID be233077-7bb4-48be-aecf-03258931527d which can be used as unique global reference for Microsoft Subkey in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-30T00:00:00Z |
| source | MITRE |
| title | CurrentControlSet\Services Subkey Entries |
Microsoft SolarWinds Customer Guidance
MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 17, 2020.
Internal MISP references
UUID b486ae40-a854-4998-bf1b-aaf6ea2047ed which can be used as unique global reference for Microsoft SolarWinds Customer Guidance in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2020-12-13T00:00:00Z |
| source | MITRE |
| title | Customer Guidance on Recent Nation-State Cyber Attacks |
Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks
MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 30, 2020.
Internal MISP references
UUID 47031992-841f-4ef4-87c6-bb4c077fb8dc which can be used as unique global reference for Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-30T00:00:00Z |
| date_published | 2020-12-13T00:00:00Z |
| source | MITRE |
| title | Customer Guidance on Recent Nation-State Cyber Attacks |
Login Scripts Apple Dev
Apple. (2016, September 13). Customizing Login and Logout. Retrieved April 1, 2022.
Internal MISP references
UUID 9c0094b6-a8e3-4f4d-8d2e-33b408d44a06 which can be used as unique global reference for Login Scripts Apple Dev in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | Customizing Login and Logout |
TechNet Screensaver GP
Microsoft. (n.d.). Customizing the Desktop. Retrieved December 5, 2017.
Internal MISP references
UUID 7cf8056e-6d3b-4930-9d2c-160d7d9636ac which can be used as unique global reference for TechNet Screensaver GP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-05T00:00:00Z |
| source | MITRE |
| title | Customizing the Desktop |
CustomShellHost.exe - LOLBAS Project
LOLBAS. (2021, November 14). CustomShellHost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 96324ab1-7eb8-42dc-b19a-fa1d9f85e239 which can be used as unique global reference for CustomShellHost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-11-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CustomShellHost.exe |
Symantec Naid in the Wild June 2012
Symantec Security Response. (2012, June 18). CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid). Retrieved February 22, 2018.
Internal MISP references
UUID e1531171-709c-4043-9e3a-af9e37f3ac57 which can be used as unique global reference for Symantec Naid in the Wild June 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-22T00:00:00Z |
| date_published | 2012-06-18T00:00:00Z |
| source | MITRE |
| title | CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid) |
NVD CVE-2014-7169
National Vulnerability Database. (2017, September 24). CVE-2014-7169 Detail. Retrieved April 3, 2018.
Internal MISP references
UUID c3aab918-51c6-4773-8677-a89b27a00eb1 which can be used as unique global reference for NVD CVE-2014-7169 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-09-24T00:00:00Z |
| source | MITRE |
| title | CVE-2014-7169 Detail |
NVD CVE-2016-6662
National Vulnerability Database. (2017, February 2). CVE-2016-6662 Detail. Retrieved April 3, 2018.
Internal MISP references
UUID 1813c26d-da68-4a82-a959-27351dd5e51b which can be used as unique global reference for NVD CVE-2016-6662 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-02-02T00:00:00Z |
| source | MITRE |
| title | CVE-2016-6662 Detail |
NVD CVE-2017-0176
National Vulnerability Database. (2017, June 22). CVE-2017-0176 Detail. Retrieved April 3, 2018.
Internal MISP references
UUID 82602351-0ab0-48d7-90dd-f4536b4d009b which can be used as unique global reference for NVD CVE-2017-0176 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE |
| title | CVE-2017-0176 Detail |
FireEye Attacks Leveraging HTA
Berry, A., Galang, L., Jiang, G., Leathery, J., Mohandas, R. (2017, April 11). CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler. Retrieved October 27, 2017.
Internal MISP references
UUID 1876a476-b2ff-4605-a78b-89443d21b063 which can be used as unique global reference for FireEye Attacks Leveraging HTA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-27T00:00:00Z |
| date_published | 2017-04-11T00:00:00Z |
| source | MITRE |
| title | CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler |
Microsoft CVE-2017-8625 Aug 2017
Microsoft. (2017, August 8). CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability. Retrieved October 3, 2018.
Internal MISP references
UUID 402cb526-ef57-4d27-b96b-f98008abe716 which can be used as unique global reference for Microsoft CVE-2017-8625 Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| date_published | 2017-08-08T00:00:00Z |
| source | MITRE |
| title | CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability |
NVD CVE-2019-3610
National Vulnerability Database. (2019, October 9). CVE-2019-3610 Detail. Retrieved April 14, 2021.
Internal MISP references
UUID 889b742e-7572-4aad-8944-7f071483b613 which can be used as unique global reference for NVD CVE-2019-3610 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| date_published | 2019-10-09T00:00:00Z |
| source | MITRE |
| title | CVE-2019-3610 Detail |
CVMServer Vuln
Mickey Jin. (2021, June 3). CVE-2021-30724: CVMServer Vulnerability in macOS and iOS. Retrieved October 12, 2021.
Internal MISP references
UUID 6f83da0c-d2ce-4923-ba32-c6886eb22587 which can be used as unique global reference for CVMServer Vuln in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2021-06-03T00:00:00Z |
| source | MITRE |
| title | CVE-2021-30724: CVMServer Vulnerability in macOS and iOS |
Crowdstrike Kubernetes Container Escape
Manoj Ahuje. (2022, January 31). CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit. Retrieved July 6, 2022.
Internal MISP references
UUID 84d5f015-9014-417c-b2a9-f650fe19d448 which can be used as unique global reference for Crowdstrike Kubernetes Container Escape in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-06T00:00:00Z |
| date_published | 2022-01-31T00:00:00Z |
| source | MITRE |
| title | CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit |
CyberArk Labs Safe Mode 2016
Naim, D.. (2016, September 15). CyberArk Labs: From Safe Mode to Domain Compromise. Retrieved June 23, 2021.
Internal MISP references
UUID bd9c14dd-0e2a-447b-a245-f548734d2400 which can be used as unique global reference for CyberArk Labs Safe Mode 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-23T00:00:00Z |
| date_published | 2016-09-15T00:00:00Z |
| source | MITRE |
| title | CyberArk Labs: From Safe Mode to Domain Compromise |
Cyware Ngrok May 2019
Cyware. (2019, May 29). Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems. Retrieved September 15, 2020.
Internal MISP references
UUID 583a01b6-cb4e-41e7-aade-ac2fd19bda4e which can be used as unique global reference for Cyware Ngrok May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-15T00:00:00Z |
| date_published | 2019-05-29T00:00:00Z |
| source | MITRE |
| title | Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems |
Microsoft Phosphorus Oct 2020
Burt, T. (2020, October 28). Cyberattacks target international conference attendees. Retrieved March 8, 2021.
Internal MISP references
UUID 8986c21c-16a0-4a53-8e37-9935bbbfaa4b which can be used as unique global reference for Microsoft Phosphorus Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-08T00:00:00Z |
| date_published | 2020-10-28T00:00:00Z |
| source | MITRE |
| title | Cyberattacks target international conference attendees |
Talos Seduploader Oct 2017
Mercer, W., et al. (2017, October 22). "Cyber Conflict" Decoy Document Used in Real Cyber Conflict. Retrieved November 2, 2018.
Internal MISP references
UUID 2db77619-72df-461f-84bf-2d1c3499a5c0 which can be used as unique global reference for Talos Seduploader Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-02T00:00:00Z |
| date_published | 2017-10-22T00:00:00Z |
| source | MITRE |
| title | "Cyber Conflict" Decoy Document Used in Real Cyber Conflict |
FBI-search
FBI. (2022, December 21). Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users. Retrieved February 21, 2023.
Internal MISP references
UUID deea5b42-bfab-50af-8d85-cc04fd317a82 which can be used as unique global reference for FBI-search in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-12-21T00:00:00Z |
| source | MITRE |
| title | Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users |
Secureworks GOLD KINGSWOOD September 2018
CTU. (2018, September 27). Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish. Retrieved September 20, 2021.
Internal MISP references
UUID cda529b2-e152-4ff0-a6b3-d0305b09fef9 which can be used as unique global reference for Secureworks GOLD KINGSWOOD September 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2018-09-27T00:00:00Z |
| source | MITRE |
| title | Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish |
Cybereason OSX Pirrit
Amit Serper. (2016). Cybereason Lab Analysis OSX.Pirrit. Retrieved December 10, 2021.
Internal MISP references
UUID ebdf09ed-6eec-450f-aaea-067504ec25ca which can be used as unique global reference for Cybereason OSX Pirrit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-10T00:00:00Z |
| date_published | 2016-01-01T00:00:00Z |
| source | MITRE |
| title | Cybereason Lab Analysis OSX.Pirrit |
Zdnet Kimsuky Dec 2018
Cimpanu, C.. (2018, December 5). Cyber-espionage group uses Chrome extension to infect victims. Retrieved August 26, 2019.
Internal MISP references
UUID b17acdc3-0163-4c98-b5fb-a457a7e6b58d which can be used as unique global reference for Zdnet Kimsuky Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-26T00:00:00Z |
| date_published | 2018-12-05T00:00:00Z |
| source | MITRE |
| title | Cyber-espionage group uses Chrome extension to infect victims |
FireEye APT32 May 2017
Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017.
Internal MISP references
UUID b72d017b-a70f-4003-b3d9-90d79aca812d which can be used as unique global reference for FireEye APT32 May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-18T00:00:00Z |
| date_published | 2017-05-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations |
Shadowserver Strategic Web Compromise
Adair, S., Moran, N. (2012, May 15). Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results. Retrieved March 13, 2018.
Internal MISP references
UUID cf531866-ac3c-4078-b847-5b4af7eb161f which can be used as unique global reference for Shadowserver Strategic Web Compromise in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-13T00:00:00Z |
| date_published | 2012-05-15T00:00:00Z |
| source | MITRE |
| title | Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results |
CyberKnow Tweet July 7 2022
Cyberknow20. (2022, July 7). CyberKnow Tweet July 7 2022. Retrieved October 10, 2023.
Internal MISP references
UUID a37564a4-ff83-4ce0-818e-80750172f302 which can be used as unique global reference for CyberKnow Tweet July 7 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2022-07-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | CyberKnow Tweet July 7 2022 |
NSA NCSC Turla OilRig
NSA/NCSC. (2019, October 21). Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims. Retrieved October 16, 2020.
Internal MISP references
UUID 3e86a807-5188-4278-9a58-babd23b86410 which can be used as unique global reference for NSA NCSC Turla OilRig in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| date_published | 2019-10-21T00:00:00Z |
| source | MITRE |
| title | Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims |
OPM Leak
Cybersecurity Resource Center. (n.d.). CYBERSECURITY INCIDENTS. Retrieved October 20, 2020.
Internal MISP references
UUID b67ed4e9-ed44-460a-bd59-c978bdfda32f which can be used as unique global reference for OPM Leak in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | CYBERSECURITY INCIDENTS |
ExpressVPN PATH env Windows 2021
ExpressVPN Security Team. (2021, November 16). Cybersecurity lessons: A PATH vulnerability in Windows. Retrieved September 28, 2023.
Internal MISP references
UUID 26096485-1dd6-512a-a2a1-27dbbfb6fde0 which can be used as unique global reference for ExpressVPN PATH env Windows 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-28T00:00:00Z |
| date_published | 2021-11-16T00:00:00Z |
| source | MITRE |
| title | Cybersecurity lessons: A PATH vulnerability in Windows |
NCSC Cyclops Blink February 2022
NCSC. (2022, February 23). Cyclops Blink Malware Analysis Report. Retrieved March 3, 2022.
Internal MISP references
UUID 91ed6adf-f066-49e4-8ec7-1989bc6615a6 which can be used as unique global reference for NCSC Cyclops Blink February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-03T00:00:00Z |
| date_published | 2022-02-23T00:00:00Z |
| source | MITRE |
| title | Cyclops Blink Malware Analysis Report |
Trend Micro Cyclops Blink March 2022
Haquebord, F. et al. (2022, March 17). Cyclops Blink Sets Sights on Asus Routers. Retrieved March 17, 2022.
Internal MISP references
UUID 64e9a24f-f386-4774-9874-063e0ebfb8e1 which can be used as unique global reference for Trend Micro Cyclops Blink March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-17T00:00:00Z |
| date_published | 2022-03-17T00:00:00Z |
| source | MITRE |
| title | Cyclops Blink Sets Sights on Asus Routers |
Cynet Ragnar Apr 2020
Gold, B. (2020, April 27). Cynet Detection Report: Ragnar Locker Ransomware. Retrieved June 29, 2020.
Internal MISP references
UUID aeb637ea-0b83-42a0-8f68-9fdc59aa462a which can be used as unique global reference for Cynet Ragnar Apr 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-29T00:00:00Z |
| date_published | 2020-04-27T00:00:00Z |
| source | MITRE |
| title | Cynet Detection Report: Ragnar Locker Ransomware |
Microsoft DACL May 2018
Microsoft. (2018, May 30). DACLs and ACEs. Retrieved August 19, 2018.
Internal MISP references
UUID 32a250ca-a7eb-4d7f-af38-f3e6a09540e2 which can be used as unique global reference for Microsoft DACL May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-19T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | DACLs and ACEs |
Apple Developer Doco Archive Launchd
Apple. (2016, September 13). Daemons and Services Programming Guide - Creating Launch Daemons and Agents. Retrieved February 24, 2021.
Internal MISP references
UUID 41311827-3d81-422a-9b07-ee8ddc2fc7f1 which can be used as unique global reference for Apple Developer Doco Archive Launchd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-24T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | Daemons and Services Programming Guide - Creating Launch Daemons and Agents |
Picus Daixin Team October 24 2022
Huseyin Can Yuceel. (2022, October 24). Daixin Team Targets Healthcare Organizations with Ransomware Attacks. Retrieved December 1, 2023.
Internal MISP references
UUID eba3b1b9-d0a0-4c03-8c14-21f7bbcc8a02 which can be used as unique global reference for Picus Daixin Team October 24 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-01T00:00:00Z |
| date_published | 2022-10-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Daixin Team Targets Healthcare Organizations with Ransomware Attacks |
Medium Eli Salem GuLoader April 2021
Salem, E. (2021, April 19). Dancing With Shellcodes: Cracking the latest version of Guloader. Retrieved July 7, 2021.
Internal MISP references
UUID 87c5e84a-b96d-489d-aa10-db95b78c5a93 which can be used as unique global reference for Medium Eli Salem GuLoader April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-07T00:00:00Z |
| date_published | 2021-04-19T00:00:00Z |
| source | MITRE |
| title | Dancing With Shellcodes: Cracking the latest version of Guloader |
Lookout Dark Caracal Jan 2018
Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.
Internal MISP references
UUID c558f5db-a426-4041-b883-995ec56e7155 which can be used as unique global reference for Lookout Dark Caracal Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-01-18T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Dark Caracal: Cyber-espionage at a Global Scale |
Dark Clouds_Usenix_Mulazzani_08_2011
Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar Weippl. (2011, August). Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space. Retrieved July 14, 2022.
Internal MISP references
UUID ee5d2c9c-c704-4f35-baeb-055a35dd04b5 which can be used as unique global reference for Dark Clouds_Usenix_Mulazzani_08_2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| date_published | 2011-08-01T00:00:00Z |
| source | MITRE |
| title | Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space |
TrendMicro DarkComet Sept 2014
TrendMicro. (2014, September 03). DARKCOMET. Retrieved November 6, 2018.
Internal MISP references
UUID fb365600-4961-43ed-8292-1c07cbc530ef which can be used as unique global reference for TrendMicro DarkComet Sept 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-06T00:00:00Z |
| date_published | 2014-09-03T00:00:00Z |
| source | MITRE |
| title | DARKCOMET |
DarkGate Loader delivered via Teams - Truesec
Jakob Nordenlund. (2023, September 6). DarkGate Loader delivered via Teams - Truesec. Retrieved October 20, 2023.
Internal MISP references
UUID 4222a06f-9528-4076-8037-a27012c2930c which can be used as unique global reference for DarkGate Loader delivered via Teams - Truesec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2023-09-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DarkGate Loader delivered via Teams - Truesec |
Bleeping Computer DarkGate October 14 2023
Sergiu Gatlan. (2023, October 14). DarkGate malware spreads through compromised Skype accounts. Retrieved October 20, 2023.
Internal MISP references
UUID 313e5558-d8f9-4457-9004-810d9fa5340c which can be used as unique global reference for Bleeping Computer DarkGate October 14 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2023-10-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DarkGate malware spreads through compromised Skype accounts |
Trend Micro DarkGate October 12 2023
Trent Bessell, Ryan Maglaque, Aira Marcelo, Jack Walsh, David Walsh. (2023, October 12). DarkGate Opens Organizations for Attack via Skype, Teams. Retrieved October 20, 2023.
Internal MISP references
UUID 81650f5b-628b-4e76-80d6-2c15cf70d37a which can be used as unique global reference for Trend Micro DarkGate October 12 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2023-10-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DarkGate Opens Organizations for Attack via Skype, Teams |
DarkGate - Threat Breakdown Journey
0xToxin. (n.d.). DarkGate - Threat Breakdown Journey. Retrieved October 20, 2023.
Internal MISP references
UUID 8a1ac4b8-05f6-4be9-a866-e3026bc92c7f which can be used as unique global reference for DarkGate - Threat Breakdown Journey in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DarkGate - Threat Breakdown Journey |
Kaspersky Tomiris Sep 2021
Kwiatkoswki, I. and Delcher, P. (2021, September 29). DarkHalo After SolarWinds: the Tomiris connection. Retrieved December 27, 2021.
Internal MISP references
UUID a881a7e4-a1df-4ad2-b67f-ef03caddb721 which can be used as unique global reference for Kaspersky Tomiris Sep 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-27T00:00:00Z |
| date_published | 2021-09-29T00:00:00Z |
| source | MITRE |
| title | DarkHalo After SolarWinds: the Tomiris connection |
Volexity SolarWinds
Cash, D. et al. (2020, December 14). Dark Halo Leverages SolarWinds Compromise to Breach Organizations. Retrieved December 29, 2020.
Internal MISP references
UUID 355cecf8-ef3e-4a6e-a652-3bf26fe46d88 which can be used as unique global reference for Volexity SolarWinds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-29T00:00:00Z |
| date_published | 2020-12-14T00:00:00Z |
| source | MITRE |
| title | Dark Halo Leverages SolarWinds Compromise to Breach Organizations |
Securelist Darkhotel Aug 2015
Kaspersky Lab's Global Research & Analysis Team. (2015, August 10). Darkhotel's attacks in 2015. Retrieved November 2, 2018.
Internal MISP references
UUID 5a45be49-f5f1-4d5b-b7da-0a2f38194ec1 which can be used as unique global reference for Securelist Darkhotel Aug 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-02T00:00:00Z |
| date_published | 2015-08-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Darkhotel's attacks in 2015 |
Unit42 DarkHydrus Jan 2019
Lee, B., Falcone, R. (2019, January 18). DarkHydrus delivers new Trojan that can use Google Drive for C2 communications. Retrieved April 17, 2019.
Internal MISP references
UUID eb235504-d142-4c6d-9ffd-3c0b0dd23e80 which can be used as unique global reference for Unit42 DarkHydrus Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2019-01-18T00:00:00Z |
| source | MITRE |
| title | DarkHydrus delivers new Trojan that can use Google Drive for C2 communications |
Unit 42 Phishery Aug 2018
Falcone, R. (2018, August 07). DarkHydrus Uses Phishery to Harvest Credentials in the Middle East. Retrieved August 10, 2018.
Internal MISP references
UUID ab9d59c1-8ea5-4f9c-b733-b16223ffe84a which can be used as unique global reference for Unit 42 Phishery Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-10T00:00:00Z |
| date_published | 2018-08-07T00:00:00Z |
| source | MITRE |
| title | DarkHydrus Uses Phishery to Harvest Credentials in the Middle East |
Darkside Ransomware Cybereason
Cybereason Nocturnus. (2021, April 1). Cybereason vs. Darkside Ransomware. Retrieved August 18, 2021.
Internal MISP references
UUID eded380e-33e9-4fdc-8e1f-b51d650b9731 which can be used as unique global reference for Darkside Ransomware Cybereason in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-18T00:00:00Z |
| source | MITRE |
| title | Darkside Ransomware |
DarkSide Ransomware Gang
Ramarcus Baylor. (2021, May 12). DarkSide Ransomware Gang: An Overview. Retrieved August 30, 2022.
Internal MISP references
UUID 5f8d49e8-22da-425f-b63b-a799b97ec2b5 which can be used as unique global reference for DarkSide Ransomware Gang in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-30T00:00:00Z |
| date_published | 2021-05-12T00:00:00Z |
| source | MITRE |
| title | DarkSide Ransomware Gang: An Overview |
Secureworks DarkTortilla Aug 2022
Secureworks Counter Threat Unit Research Team. (2022, August 17). DarkTortilla Malware Analysis. Retrieved November 3, 2022.
Internal MISP references
UUID 4b48cc22-55ac-5b61-b183-9008f7db37fd which can be used as unique global reference for Secureworks DarkTortilla Aug 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-11-03T00:00:00Z |
| date_published | 2022-08-17T00:00:00Z |
| source | MITRE |
| title | DarkTortilla Malware Analysis |
Securelist DarkVishnya Dec 2018
Golovanov, S. (2018, December 6). DarkVishnya: Banks attacked through direct connection to local network. Retrieved May 15, 2020.
Internal MISP references
UUID da9ac5a7-c644-45fa-ab96-30ac6bfc9f81 which can be used as unique global reference for Securelist DarkVishnya Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-15T00:00:00Z |
| date_published | 2018-12-06T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | DarkVishnya: Banks attacked through direct connection to local network |
Prevailion DarkWatchman 2021
Smith, S., Stafford, M. (2021, December 14). DarkWatchman: A new evolution in fileless techniques. Retrieved January 10, 2022.
Internal MISP references
UUID 449e7b5c-7c62-4a63-a676-80026a597fc9 which can be used as unique global reference for Prevailion DarkWatchman 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-10T00:00:00Z |
| date_published | 2021-12-14T00:00:00Z |
| source | MITRE |
| title | DarkWatchman: A new evolution in fileless techniques |
Moran 2014
Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwin’s Favorite APT Group [Blog]. Retrieved November 12, 2014.
Internal MISP references
UUID 15ef155b-7628-4b18-bc53-1d30be4eac5d which can be used as unique global reference for Moran 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-09-03T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Darwin’s Favorite APT Group [Blog] |
DataSvcUtil.exe - LOLBAS Project
LOLBAS. (2020, December 1). DataSvcUtil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 0c373780-3202-4036-8c83-f3d468155b35 which can be used as unique global reference for DataSvcUtil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DataSvcUtil.exe |
Hijacking VNC
Z3RO. (2019, March 10). Day 70: Hijacking VNC (Enum, Brute, Access and Crack). Retrieved September 20, 2021.
Internal MISP references
UUID 7a58938f-058b-4c84-aa95-9c37dcdda1fb which can be used as unique global reference for Hijacking VNC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2019-03-10T00:00:00Z |
| source | MITRE |
| title | Day 70: Hijacking VNC (Enum, Brute, Access and Crack) |
Microsoft COM ACL
Microsoft. (n.d.). DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1. Retrieved November 22, 2017.
Internal MISP references
UUID 88769217-57f1-46d4-977c-2cb2969db437 which can be used as unique global reference for Microsoft COM ACL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 |
DCShadow Blog
Delpy, B. & LE TOUX, V. (n.d.). DCShadow. Retrieved March 20, 2018.
Internal MISP references
UUID 37514816-b8b3-499f-842b-2d8cce9e140b which can be used as unique global reference for DCShadow Blog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-20T00:00:00Z |
| source | MITRE |
| title | DCShadow |
GitHub DCSYNCMonitor
Spencer S. (2018, February 22). DCSYNCMonitor. Retrieved March 30, 2018.
Internal MISP references
UUID be03c794-d9f3-4678-8198-257abf6dcdbd which can be used as unique global reference for GitHub DCSYNCMonitor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| date_published | 2018-02-22T00:00:00Z |
| source | MITRE |
| title | DCSYNCMonitor |
DD Man
Kerrisk, M. (2020, February 2). DD(1) User Commands. Retrieved February 21, 2020.
Internal MISP references
UUID f64bee0d-e37d-45d5-9968-58e622e89bfe which can be used as unique global reference for DD Man in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2020-02-02T00:00:00Z |
| source | MITRE |
| title | DD(1) User Commands |
Arbor SSLDoS April 2012
ASERT Team, Netscout Arbor. (2012, April 24). DDoS Attacks on SSL: Something Old, Something New. Retrieved April 22, 2019.
Internal MISP references
UUID b5de4376-0deb-45de-83a0-09df98480464 which can be used as unique global reference for Arbor SSLDoS April 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2012-04-24T00:00:00Z |
| source | MITRE |
| title | DDoS Attacks on SSL: Something Old, Something New |
CERT-EU DDoS March 2017
Meintanis, S., Revuelto, V., Socha, K.. (2017, March 10). DDoS Overview and Response Guide. Retrieved April 24, 2019.
Internal MISP references
UUID 64341348-f448-4e56-bf78-442b92e6d435 which can be used as unique global reference for CERT-EU DDoS March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-24T00:00:00Z |
| date_published | 2017-03-10T00:00:00Z |
| source | MITRE |
| title | DDoS Overview and Response Guide |
Unit42 Sofacy Dec 2018
Lee, B., Falcone, R. (2018, December 12). Dear Joohn: The Sofacy Group’s Global Campaign. Retrieved April 19, 2019.
Internal MISP references
UUID 540c4c33-d4c2-4324-94cd-f57646666e32 which can be used as unique global reference for Unit42 Sofacy Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| date_published | 2018-12-12T00:00:00Z |
| source | MITRE |
| title | Dear Joohn: The Sofacy Group’s Global Campaign |
Death by 1000 installers; it's all broken!
Patrick Wardle. (2017). Death by 1000 installers; it's all broken!. Retrieved August 8, 2019.
Internal MISP references
UUID 2ae99e9b-cd00-4e60-ba9e-bcc50e709e88 which can be used as unique global reference for Death by 1000 installers; it's all broken! in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-08T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | Death by 1000 installers; it's all broken! |
SpecterOps Lateral Movement from Azure to On-Prem AD 2020
Andy Robbins. (2020, August 17). Death from Above: Lateral Movement from Azure to On-Prem AD. Retrieved March 13, 2023.
Internal MISP references
UUID eb97d3d6-21cb-5f27-9a78-1e8576acecdc which can be used as unique global reference for SpecterOps Lateral Movement from Azure to On-Prem AD 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2020-08-17T00:00:00Z |
| source | MITRE |
| title | Death from Above: Lateral Movement from Azure to On-Prem AD |
Microsoft PowerShell SilentlyContinue
Microsoft. (2023, March 2). $DebugPreference. Retrieved August 30, 2023.
Internal MISP references
UUID ece52a64-1c8d-547d-aedc-ff43d7418cd2 which can be used as unique global reference for Microsoft PowerShell SilentlyContinue in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-30T00:00:00Z |
| date_published | 2023-03-02T00:00:00Z |
| source | MITRE |
| title | $DebugPreference |
virtualization.info 2006
virtualization.info. (Interviewer) & Liguori, A. (Interviewee). (2006, August 11). Debunking Blue Pill myth [Interview transcript]. Retrieved November 13, 2014.
Internal MISP references
UUID 8ff8fb53-e468-4df7-b7e3-b344be1507ae which can be used as unique global reference for virtualization.info 2006 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-13T00:00:00Z |
| date_published | 2006-08-11T00:00:00Z |
| source | MITRE |
| title | Debunking Blue Pill myth [Interview transcript] |
TrendMicro Confucius APT Feb 2018
Lunghi, D and Horejsi, J. (2018, February 13). Deciphering Confucius: A Look at the Group's Cyberespionage Operations. Retrieved December 26, 2021.
Internal MISP references
UUID d1d5a708-75cb-4d41-b2a3-d035a14ac956 which can be used as unique global reference for TrendMicro Confucius APT Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-26T00:00:00Z |
| date_published | 2018-02-13T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Deciphering Confucius: A Look at the Group's Cyberespionage Operations |
Ciberseguridad Decoding malicious RTF files
Pedrero, R.. (2021, July). Decoding malicious RTF files. Retrieved November 16, 2021.
Internal MISP references
UUID 82d2451b-300f-4891-b1e7-ade53dff1126 which can be used as unique global reference for Ciberseguridad Decoding malicious RTF files in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-16T00:00:00Z |
| date_published | 2021-07-01T00:00:00Z |
| source | MITRE |
| title | Decoding malicious RTF files |
Nccgroup Gh0st April 2018
Pantazopoulos, N. (2018, April 17). Decoding network data from a Gh0st RAT variant. Retrieved November 2, 2018.
Internal MISP references
UUID 4476aa0a-b1ef-4ac6-9e44-5721a0b3e92b which can be used as unique global reference for Nccgroup Gh0st April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-02T00:00:00Z |
| date_published | 2018-04-17T00:00:00Z |
| source | MITRE |
| title | Decoding network data from a Gh0st RAT variant |
MalwareBytes Template Injection OCT 2017
Segura, J. (2017, October 13). Decoy Microsoft Word document delivers malware through a RAT. Retrieved July 21, 2018.
Internal MISP references
UUID 7ef0ab1f-c7d6-46fe-b489-fab4db623e0a which can be used as unique global reference for MalwareBytes Template Injection OCT 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-21T00:00:00Z |
| date_published | 2017-10-13T00:00:00Z |
| source | MITRE |
| title | Decoy Microsoft Word document delivers malware through a RAT |
Crowdstrike PartyTicket March 2022
Crowdstrike. (2022, March 1). Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities. Retrieved March 1, 2022.
Internal MISP references
UUID 8659fea7-7d65-4ee9-8ceb-cf41204b57e0 which can be used as unique global reference for Crowdstrike PartyTicket March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-01T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities |
Fortinet Emotet May 2017
Xiaopeng Zhang. (2017, May 3). Deep Analysis of New Emotet Variant – Part 1. Retrieved April 1, 2019.
Internal MISP references
UUID 2b8b6ab4-906f-4732-94f8-eaac5ec0151d which can be used as unique global reference for Fortinet Emotet May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-01T00:00:00Z |
| date_published | 2017-05-03T00:00:00Z |
| source | MITRE |
| title | Deep Analysis of New Emotet Variant – Part 1 |
Aqua TeamTNT August 2020
Kol, Roi. Morag, A. (2020, August 25). Deep Analysis of TeamTNT Techniques Using Container Images to Attack. Retrieved September 22, 2021.
Internal MISP references
UUID ca10ad0d-1a47-4006-8f76-c2246aee7752 which can be used as unique global reference for Aqua TeamTNT August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2020-08-25T00:00:00Z |
| source | MITRE |
| title | Deep Analysis of TeamTNT Techniques Using Container Images to Attack |
Bitdefender FIN8 July 2021
Martin Zugec. (2021, July 27). Deep Dive Into a FIN8 Attack - A Forensic Investigation. Retrieved September 1, 2021.
Internal MISP references
UUID aee3179e-1536-40ab-9965-1c10bdaa6dff which can be used as unique global reference for Bitdefender FIN8 July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-01T00:00:00Z |
| date_published | 2021-07-27T00:00:00Z |
| source | MITRE |
| title | Deep Dive Into a FIN8 Attack - A Forensic Investigation |
Sophos Pikabot June 12 2023
Karl Ackerman. (2023, June 12). Deep dive into the Pikabot cyber threat. Retrieved January 11, 2024.
Internal MISP references
UUID f10c37d8-2efe-4d9e-8987-8978beef7e9d which can be used as unique global reference for Sophos Pikabot June 12 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-11T00:00:00Z |
| date_published | 2023-06-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Deep dive into the Pikabot cyber threat |
Microsoft Deep Dive Solorigate January 2021
MSTIC, CDOC, 365 Defender Research Team. (2021, January 20). Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop . Retrieved January 22, 2021.
Internal MISP references
UUID ddd70eef-ab94-45a9-af43-c396c9e3fbc6 which can be used as unique global reference for Microsoft Deep Dive Solorigate January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-22T00:00:00Z |
| date_published | 2021-01-20T00:00:00Z |
| source | MITRE |
| title | Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop |
AADInternals - Device Registration
Dr. Nestori Syynimaa. (2021, March 3). Deep-dive to Azure AD device join. Retrieved March 9, 2022.
Internal MISP references
UUID 978b408d-f9e9-422c-b2d7-741f6cc298d4 which can be used as unique global reference for AADInternals - Device Registration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-09T00:00:00Z |
| date_published | 2021-03-03T00:00:00Z |
| source | MITRE |
| title | Deep-dive to Azure AD device join |
Alperovitch 2014
Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.
Internal MISP references
UUID 72e19be9-35dd-4199-bc07-bd9d0c664df6 which can be used as unique global reference for Alperovitch 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-07-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Deep in Thought: Chinese Targeting of National Security Think Tanks |
DefaultPack.EXE - LOLBAS Project
LOLBAS. (2020, October 1). DefaultPack.EXE. Retrieved December 4, 2023.
Internal MISP references
UUID 106efc3e-5816-44ae-a384-5e026e68ab89 which can be used as unique global reference for DefaultPack.EXE - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DefaultPack.EXE |
Lastline DarkHotel Just In Time Decryption Nov 2015
Arunpreet Singh, Clemens Kolbitsch. (2015, November 5). Defeating Darkhotel Just-In-Time Decryption. Retrieved April 15, 2021.
Internal MISP references
UUID e43341ae-178f-43ba-9d66-f4d0380d2c59 which can be used as unique global reference for Lastline DarkHotel Just In Time Decryption Nov 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-15T00:00:00Z |
| date_published | 2015-11-05T00:00:00Z |
| source | MITRE |
| title | Defeating Darkhotel Just-In-Time Decryption |
piazza launch agent mitigation
Antonio Piazza (4n7m4n). (2021, November 23). Defeating Malicious Launch Persistence. Retrieved April 19, 2022.
Internal MISP references
UUID 8a3591f2-34b0-4914-bb42-d4621966faed which can be used as unique global reference for piazza launch agent mitigation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-19T00:00:00Z |
| date_published | 2021-11-23T00:00:00Z |
| source | MITRE |
| title | Defeating Malicious Launch Persistence |
VectorSec ForFiles Aug 2017
vector_sec. (2017, August 11). Defenders watching launches of cmd? What about forfiles?. Retrieved January 22, 2018.
Internal MISP references
UUID 8088d15d-9512-4d12-a99a-c76ad9dc3390 which can be used as unique global reference for VectorSec ForFiles Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2017-08-11T00:00:00Z |
| source | MITRE |
| title | Defenders watching launches of cmd? What about forfiles? |
Black Hat 2015 App Shim
Pierce, Sean. (2015, November). Defending Against Malicious Application Compatibility Shims. Retrieved June 22, 2017.
Internal MISP references
UUID 19e3cddb-b077-40cf-92e0-131b12efa4f7 which can be used as unique global reference for Black Hat 2015 App Shim in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-22T00:00:00Z |
| date_published | 2015-11-01T00:00:00Z |
| source | MITRE |
| title | Defending Against Malicious Application Compatibility Shims |
TechNet O365 Outlook Rules
Koeller, B.. (2018, February 21). Defending Against Rules and Forms Injection. Retrieved November 5, 2019.
Internal MISP references
UUID c7f9bd2f-254a-4254-8a92-a3ab02455fcb which can be used as unique global reference for TechNet O365 Outlook Rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-05T00:00:00Z |
| date_published | 2018-02-21T00:00:00Z |
| source | MITRE |
| title | Defending Against Rules and Forms Injection |
Defending Against Scheduled Task Attacks in Windows Environments
Harshal Tupsamudre. (2022, June 20). Defending Against Scheduled Tasks. Retrieved July 5, 2022.
Internal MISP references
UUID 111d21df-5531-4927-a173-fac9cd7672b3 which can be used as unique global reference for Defending Against Scheduled Task Attacks in Windows Environments in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-05T00:00:00Z |
| date_published | 2022-06-20T00:00:00Z |
| source | MITRE |
| title | Defending Against Scheduled Tasks |
Rapid7 HAFNIUM Mar 2021
Eoin Miller. (2021, March 23). Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange. Retrieved October 27, 2022.
Internal MISP references
UUID cf05d229-c2ba-54f2-a79d-4b7c9185c663 which can be used as unique global reference for Rapid7 HAFNIUM Mar 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-27T00:00:00Z |
| date_published | 2021-03-23T00:00:00Z |
| source | MITRE |
| title | Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange |
Microsoft SQL Server
Microsoft Threat Intelligence. (2023, October 3). Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement. Retrieved October 3, 2023.
Internal MISP references
UUID a904fde8-b8f9-5411-ab46-0dacf39cc81f which can be used as unique global reference for Microsoft SQL Server in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-03T00:00:00Z |
| date_published | 2023-10-03T00:00:00Z |
| source | MITRE |
| title | Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement |
rundll32.exe defense evasion
Ariel silver. (2022, February 1). Defense Evasion Techniques. Retrieved April 8, 2022.
Internal MISP references
UUID 0f31f0ff-9ddb-4ea9-88d0-7b3b688764af which can be used as unique global reference for rundll32.exe defense evasion in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-08T00:00:00Z |
| date_published | 2022-02-01T00:00:00Z |
| source | MITRE |
| title | Defense Evasion Techniques |
def_ev_win_event_logging
Chandel, R. (2021, April 22). Defense Evasion: Windows Event Logging (T1562.002). Retrieved September 14, 2021.
Internal MISP references
UUID 166e3a8a-047a-4798-b6cb-5aa36903a764 which can be used as unique global reference for def_ev_win_event_logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2021-04-22T00:00:00Z |
| source | MITRE |
| title | Defense Evasion: Windows Event Logging (T1562.002) |
Kaspersky DeftTorero October 3 2022
Global Research & Analysis Team. (2022, October 3). DeftTorero: tactics, techniques and procedures of intrusions revealed. Retrieved October 25, 2023.
Internal MISP references
UUID f6b43988-4d8b-455f-865e-3150e43d4f11 which can be used as unique global reference for Kaspersky DeftTorero October 3 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| date_published | 2022-10-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DeftTorero: tactics, techniques and procedures of intrusions revealed |
TechNet Del
Microsoft. (n.d.). Del. Retrieved April 22, 2016.
Internal MISP references
UUID 01fc44b9-0eb3-4fd2-b755-d611825374ae which can be used as unique global reference for TechNet Del in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-22T00:00:00Z |
| source | MITRE |
| title | Del |
Azure Shared Access Signature
Delegate access with a shared access signature. (2019, December 18). Delegate access with a shared access signature. Retrieved March 2, 2022.
Internal MISP references
UUID f6ffe1ef-13f3-4225-b714-cfb89aaaf3fa which can be used as unique global reference for Azure Shared Access Signature in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-02T00:00:00Z |
| date_published | 2019-12-18T00:00:00Z |
| source | MITRE |
| title | Delegate access with a shared access signature |
Register Deloitte
Thomson, I. (2017, September 26). Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'. Retrieved October 19, 2020.
Internal MISP references
UUID e6b10687-8666-4c9c-ac77-1988378e096d which can be used as unique global reference for Register Deloitte in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2017-09-26T00:00:00Z |
| source | MITRE |
| title | Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' |
Talos Micropsia June 2017
Rascagneres, P., Mercer, W. (2017, June 19). Delphi Used To Score Against Palestine. Retrieved November 13, 2018.
Internal MISP references
UUID c727152c-079a-4ff9-a0e5-face919cf59b which can be used as unique global reference for Talos Micropsia June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2017-06-19T00:00:00Z |
| source | MITRE |
| title | Delphi Used To Score Against Palestine |
TrendMicro EarthLusca 2022
Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.
Internal MISP references
UUID f6e1bffd-e35b-4eae-b9bf-c16a82bf7004 which can be used as unique global reference for TrendMicro EarthLusca 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-01T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | Delving Deep: An Analysis of Earth Lusca’s Operations |
Demiguise Guardrail Router Logo
Warren, R. (2017, August 2). Demiguise: virginkey.js. Retrieved January 17, 2019.
Internal MISP references
UUID 2e55d33a-fe75-4397-b6f0-a28d397b4c24 which can be used as unique global reference for Demiguise Guardrail Router Logo in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-17T00:00:00Z |
| date_published | 2017-08-02T00:00:00Z |
| source | MITRE |
| title | Demiguise: virginkey.js |
FireEye Hacking Team
FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016.
Internal MISP references
UUID c1e798b8-6771-4ba7-af25-69c640321e40 which can be used as unique global reference for FireEye Hacking Team in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-25T00:00:00Z |
| date_published | 2015-07-13T00:00:00Z |
| source | MITRE |
| title | Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak |
Demystifying Azure AD Service Principals
Bellavance, Ned. (2019, July 16). Demystifying Azure AD Service Principals. Retrieved January 19, 2020.
Internal MISP references
UUID 3e285884-2191-4773-9243-74100ce177c8 which can be used as unique global reference for Demystifying Azure AD Service Principals in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-19T00:00:00Z |
| date_published | 2019-07-16T00:00:00Z |
| source | MITRE |
| title | Demystifying Azure AD Service Principals |
demystifying_ryuk
Tran, T. (2020, November 24). Demystifying Ransomware Attacks Against Microsoft Defender Solution. Retrieved January 26, 2022.
Internal MISP references
UUID 3dc684c7-14de-4dc0-9f11-79160c4f5038 which can be used as unique global reference for demystifying_ryuk in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-26T00:00:00Z |
| date_published | 2020-11-24T00:00:00Z |
| source | MITRE |
| title | Demystifying Ransomware Attacks Against Microsoft Defender Solution |
DOJ Iran Indictments September 2020
DOJ. (2020, September 17). Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community. Retrieved December 10, 2020.
Internal MISP references
UUID f30a77dd-d1d0-41b8-b82a-461dd6cd126f which can be used as unique global reference for DOJ Iran Indictments September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-10T00:00:00Z |
| date_published | 2020-09-17T00:00:00Z |
| source | MITRE |
| title | Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community |
Microsoft GitHub Device Guard CI Policies
Microsoft. (2017, June 16). Deploy code integrity policies: steps. Retrieved June 28, 2017.
Internal MISP references
UUID 9646af1a-19fe-44c9-96ca-3c8ec097c3db which can be used as unique global reference for Microsoft GitHub Device Guard CI Policies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-28T00:00:00Z |
| date_published | 2017-06-16T00:00:00Z |
| source | MITRE |
| title | Deploy code integrity policies: steps |
Microsoft Deploying AD Federation
Microsoft. (n.d.). Deploying Active Directory Federation Services in Azure. Retrieved March 13, 2020.
Internal MISP references
UUID beeb460e-4dba-42fb-8109-0861cd0df562 which can be used as unique global reference for Microsoft Deploying AD Federation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| source | MITRE |
| title | Deploying Active Directory Federation Services in Azure |
Apple Kernel Extension Deprecation
Apple. (n.d.). Deprecated Kernel Extensions and System Extension Alternatives. Retrieved November 4, 2020.
Internal MISP references
UUID 86053c5a-f2dd-4eb3-9dc2-6a6a4e1c2ae5 which can be used as unique global reference for Apple Kernel Extension Deprecation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-04T00:00:00Z |
| source | MITRE |
| title | Deprecated Kernel Extensions and System Extension Alternatives |
Amazon Describe Instance
Amazon. (n.d.). describe-instance-information. Retrieved March 3, 2020.
Internal MISP references
UUID c0b6a8a4-0d94-414d-b5ab-cf5485240dee which can be used as unique global reference for Amazon Describe Instance in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-03T00:00:00Z |
| source | MITRE |
| title | describe-instance-information |
Amazon Describe Instances API
Amazon. (n.d.). DescribeInstances. Retrieved May 26, 2020.
Internal MISP references
UUID 95629746-43d2-4f41-87da-4bd44a43ef4a which can be used as unique global reference for Amazon Describe Instances API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| source | MITRE |
| title | DescribeInstances |
DescribeSecurityGroups - Amazon Elastic Compute Cloud
Amazon Web Services, Inc. . (2022). DescribeSecurityGroups. Retrieved January 28, 2022.
Internal MISP references
UUID aa953df5-40b5-42d2-9e33-a227a093497f which can be used as unique global reference for DescribeSecurityGroups - Amazon Elastic Compute Cloud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-28T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | DescribeSecurityGroups |
Microsoft RunOnceEx APR 2018
Microsoft. (2018, August 20). Description of the RunOnceEx Registry Key. Retrieved June 29, 2018.
Internal MISP references
UUID f80bb86f-ce75-4778-bdee-777cf37a6de7 which can be used as unique global reference for Microsoft RunOnceEx APR 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-29T00:00:00Z |
| date_published | 2018-08-20T00:00:00Z |
| source | MITRE |
| title | Description of the RunOnceEx Registry Key |
Designing Daemons Apple Dev
Apple. (n.d.). Retrieved October 12, 2021.
Internal MISP references
UUID 4baac228-1f6a-4c65-ae98-5a542600dfc6 which can be used as unique global reference for Designing Daemons Apple Dev in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| source | MITRE |
| title | Designing Daemons Apple Dev |
Desk.cpl - LOLBAS Project
LOLBAS. (2022, April 21). Desk.cpl. Retrieved December 4, 2023.
Internal MISP references
UUID 487a54d9-9f90-478e-b305-bd041af55e12 which can be used as unique global reference for Desk.cpl - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-04-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Desk.cpl |
Free Desktop Application Autostart Feb 2006
Free Desktop. (2006, February 13). Desktop Application Autostart Specification. Retrieved September 12, 2019.
Internal MISP references
UUID 0885434e-3908-4425-9597-ce6abe531ca5 which can be used as unique global reference for Free Desktop Application Autostart Feb 2006 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| date_published | 2006-02-13T00:00:00Z |
| source | MITRE |
| title | Desktop Application Autostart Specification |
Desktopimgdownldr.exe - LOLBAS Project
LOLBAS. (2020, June 28). Desktopimgdownldr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 1df3aacf-76c4-472a-92c8-2a85ae9e2860 which can be used as unique global reference for Desktopimgdownldr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-06-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Desktopimgdownldr.exe |
CISA AA22-057A Destructive Malware February 2022
CISA. (2022, February 26). Destructive Malware Targeting Organizations in Ukraine. Retrieved March 25, 2022.
Internal MISP references
UUID 18684085-c156-4610-8b1f-cc9646f2c06e which can be used as unique global reference for CISA AA22-057A Destructive Malware February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-02-26T00:00:00Z |
| source | MITRE |
| title | Destructive Malware Targeting Organizations in Ukraine |
Microsoft WhisperGate January 2022
MSTIC. (2022, January 15). Destructive malware targeting Ukrainian organizations. Retrieved March 10, 2022.
Internal MISP references
UUID e0c1fcd3-b7a8-42af-8984-873a6f969975 which can be used as unique global reference for Microsoft WhisperGate January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-10T00:00:00Z |
| date_published | 2022-01-15T00:00:00Z |
| source | MITRE |
| title | Destructive malware targeting Ukrainian organizations |
NSA and ASD Detect and Prevent Web Shells 2020
NSA and ASD. (2020, April 3). Detect and Prevent Web Shell Malware. Retrieved July 23, 2021.
Internal MISP references
UUID e9a882a5-1a88-4fdf-9349-205f4fa167c9 which can be used as unique global reference for NSA and ASD Detect and Prevent Web Shells 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-23T00:00:00Z |
| date_published | 2020-04-03T00:00:00Z |
| source | MITRE |
| title | Detect and Prevent Web Shell Malware |
Microsoft Detect Outlook Forms
Fox, C., Vangel, D. (2018, April 22). Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365. Retrieved February 4, 2019.
Internal MISP references
UUID fd63775c-8482-477d-ab41-8c64ca17b602 which can be used as unique global reference for Microsoft Detect Outlook Forms in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-04T00:00:00Z |
| date_published | 2018-04-22T00:00:00Z |
| source | MITRE |
| title | Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365 |
ADDSecurity DCShadow Feb 2018
Lucand,G. (2018, February 18). Detect DCShadow, impossible?. Retrieved March 30, 2018.
Internal MISP references
UUID c1cd4767-b5a1-4821-8574-b5782a83920f which can be used as unique global reference for ADDSecurity DCShadow Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| date_published | 2018-02-18T00:00:00Z |
| source | MITRE |
| title | Detect DCShadow, impossible? |
Pace University Detecting DGA May 2017
Chen, L., Wang, T.. (2017, May 5). Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods . Retrieved April 26, 2019.
Internal MISP references
UUID 7a4e7e05-986b-4549-a021-8c3c729bd3cc which can be used as unique global reference for Pace University Detecting DGA May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-26T00:00:00Z |
| date_published | 2017-05-05T00:00:00Z |
| source | MITRE |
| title | Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods |
MDSec Detecting DOTNET
MDSec Research. (n.d.). Detecting and Advancing In-Memory .NET Tradecraft. Retrieved October 4, 2021.
Internal MISP references
UUID a7952f0e-6690-48de-ad93-9922d6d6989c which can be used as unique global reference for MDSec Detecting DOTNET in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| source | MITRE |
| title | Detecting and Advancing In-Memory .NET Tradecraft |
Cisco DoSdetectNetflow
Cisco. (n.d.). Detecting and Analyzing Network Threats With NetFlow. Retrieved April 25, 2019.
Internal MISP references
UUID ce447063-ec9a-4729-aaec-64ec123077ce which can be used as unique global reference for Cisco DoSdetectNetflow in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-25T00:00:00Z |
| source | MITRE |
| title | Detecting and Analyzing Network Threats With NetFlow |
RSA2017 Detect and Respond Adair
Adair, S. (2017, February 17). Detecting and Responding to Advanced Threats within Exchange Environments. Retrieved March 20, 2017.
Internal MISP references
UUID 005a276c-3369-4d29-bf0e-c7fa4e7d90bb which can be used as unique global reference for RSA2017 Detect and Respond Adair in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-20T00:00:00Z |
| date_published | 2017-02-17T00:00:00Z |
| source | MITRE |
| title | Detecting and Responding to Advanced Threats within Exchange Environments |
Nmap Firewalls NIDS
Nmap. (n.d.). Chapter 10. Detecting and Subverting Firewalls and Intrusion Detection Systems. Retrieved October 20, 2020.
Internal MISP references
UUID c696ac8c-2c7a-4708-a369-0832a493e0a6 which can be used as unique global reference for Nmap Firewalls NIDS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Detecting and Subverting Firewalls and Intrusion Detection Systems |
Medium Detecting Attempts to Steal Passwords from Memory
French, D. (2018, October 2). Detecting Attempts to Steal Passwords from Memory. Retrieved October 11, 2019.
Internal MISP references
UUID 63955204-3cf9-4628-88d2-361de4dae94f which can be used as unique global reference for Medium Detecting Attempts to Steal Passwords from Memory in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2018-10-02T00:00:00Z |
| source | MITRE |
| title | Detecting Attempts to Steal Passwords from Memory |
Endurant CMSTP July 2018
Seetharaman, N. (2018, July 7). Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon.. Retrieved August 6, 2018.
Internal MISP references
UUID d67901a4-8774-42d3-98de-c20158f88eb6 which can be used as unique global reference for Endurant CMSTP July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-06T00:00:00Z |
| date_published | 2018-07-07T00:00:00Z |
| source | MITRE |
| title | Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon. |
Red Canary COR_PROFILER May 2020
Brown, J. (2020, May 7). Detecting COR_PROFILER manipulation for persistence. Retrieved June 24, 2020.
Internal MISP references
UUID 3d8cb4d3-1cbe-416a-95b5-15003cbc2beb which can be used as unique global reference for Red Canary COR_PROFILER May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| date_published | 2020-05-07T00:00:00Z |
| source | MITRE |
| title | Detecting COR_PROFILER manipulation for persistence |
NVisio Labs DDE Detection Oct 2017
NVISO Labs. (2017, October 11). Detecting DDE in MS Office documents. Retrieved November 21, 2017.
Internal MISP references
UUID 75ccde9a-2d51-4492-9a8a-02fce30f9167 which can be used as unique global reference for NVisio Labs DDE Detection Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-10-11T00:00:00Z |
| source | MITRE |
| title | Detecting DDE in MS Office documents |
Zhang 2013
Zhang, H., Papadopoulos, C., & Massey, D. (2013, April). Detecting encrypted botnet traffic. Retrieved August 19, 2015.
Internal MISP references
UUID 29edb7ad-3b3a-4fdb-9c4e-bb99fc2a1c67 which can be used as unique global reference for Zhang 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-08-19T00:00:00Z |
| date_published | 2013-04-01T00:00:00Z |
| source | MITRE |
| title | Detecting encrypted botnet traffic |
ADSecurity Detecting Forged Tickets
Metcalf, S. (2015, May 03). Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory. Retrieved December 23, 2015.
Internal MISP references
UUID 4c328a1a-6a83-4399-86c5-d6e1586da8a3 which can be used as unique global reference for ADSecurity Detecting Forged Tickets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-23T00:00:00Z |
| date_published | 2015-05-03T00:00:00Z |
| source | MITRE |
| title | Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory |
Microsoft Detecting Kerberoasting Feb 2018
Bani, M. (2018, February 23). Detecting Kerberoasting activity using Azure Security Center. Retrieved March 23, 2018.
Internal MISP references
UUID b36d82a8-82ca-4f22-85c0-ee82be3b6940 which can be used as unique global reference for Microsoft Detecting Kerberoasting Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-23T00:00:00Z |
| date_published | 2018-02-23T00:00:00Z |
| source | MITRE |
| title | Detecting Kerberoasting activity using Azure Security Center |
Medium Detecting Lateral Movement
French, D. (2018, September 30). Detecting Lateral Movement Using Sysmon and Splunk. Retrieved October 11, 2019.
Internal MISP references
UUID 91bea3c2-df54-424e-8667-035e6e15fe38 which can be used as unique global reference for Medium Detecting Lateral Movement in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2018-09-30T00:00:00Z |
| source | MITRE |
| title | Detecting Lateral Movement Using Sysmon and Splunk |
macOS root VNC login without authentication
Nick Miles. (2017, November 30). Detecting macOS High Sierra root account without authentication. Retrieved September 20, 2021.
Internal MISP references
UUID 4dc6ea85-a41b-4218-a9ae-e1eea841f2f2 which can be used as unique global reference for macOS root VNC login without authentication in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Detecting macOS High Sierra root account without authentication |
Sans Virtual Jan 2016
Keragala, D. (2016, January 16). Detecting Malware and Sandbox Evasion Techniques. Retrieved April 17, 2019.
Internal MISP references
UUID 5d3d567c-dc25-44c1-8d2a-71ae00b60dbe which can be used as unique global reference for Sans Virtual Jan 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2016-01-16T00:00:00Z |
| source | MITRE |
| title | Detecting Malware and Sandbox Evasion Techniques |
Mandiant Azure AD Backdoors
Mike Burns. (2020, September 30). Detecting Microsoft 365 and Azure Active Directory Backdoors. Retrieved September 28, 2022.
Internal MISP references
UUID 7b4502ff-a45c-4ba7-b00e-ca9f6e9c2ac8 which can be used as unique global reference for Mandiant Azure AD Backdoors in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2020-09-30T00:00:00Z |
| source | MITRE |
| title | Detecting Microsoft 365 and Azure Active Directory Backdoors |
CounterCept PPID Spoofing Dec 2018
Loh, I. (2018, December 21). Detecting Parent PID Spoofing. Retrieved June 3, 2019.
Internal MISP references
UUID a1fdb8db-4c5f-4fb9-a013-b232cd8471f8 which can be used as unique global reference for CounterCept PPID Spoofing Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-03T00:00:00Z |
| date_published | 2018-12-21T00:00:00Z |
| source | MITRE |
| title | Detecting Parent PID Spoofing |
CISA SolarWinds Cloud Detection
CISA. (2021, January 8). Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments. Retrieved January 8, 2021.
Internal MISP references
UUID b8fd5fe3-dbfa-4f28-a9b5-39f1d7db9e62 which can be used as unique global reference for CISA SolarWinds Cloud Detection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-08T00:00:00Z |
| date_published | 2021-01-08T00:00:00Z |
| source | MITRE |
| title | Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments |
Detecting Rclone
Aaron Greetham. (2021, May 27). Detecting Rclone – An Effective Tool for Exfiltration. Retrieved August 30, 2022.
Internal MISP references
UUID 2e44290c-32f5-4e7f-96de-9874df79fe89 which can be used as unique global reference for Detecting Rclone in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-30T00:00:00Z |
| date_published | 2021-05-27T00:00:00Z |
| source | MITRE |
| title | Detecting Rclone – An Effective Tool for Exfiltration |
Medium Detecting WMI Persistence
French, D. (2018, October 9). Detecting & Removing an Attacker’s WMI Persistence. Retrieved October 11, 2019.
Internal MISP references
UUID 539e7cd0-d1e9-46ba-96fe-d8a1061c857e which can be used as unique global reference for Medium Detecting WMI Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2018-10-09T00:00:00Z |
| source | MITRE |
| title | Detecting & Removing an Attacker’s WMI Persistence |
Okta Scatter Swine 2022
Okta. (2022, August 25). Detecting Scatter Swine: Insights into a Relentless Phishing Campaign. Retrieved February 24, 2023.
Internal MISP references
UUID 66d1b6e2-c069-5832-b549-fc5f0edeed40 which can be used as unique global reference for Okta Scatter Swine 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-24T00:00:00Z |
| date_published | 2022-08-25T00:00:00Z |
| source | MITRE |
| title | Detecting Scatter Swine: Insights into a Relentless Phishing Campaign |
Splunk Supernova Jan 2021
Stoner, J. (2021, January 21). Detecting Supernova Malware: SolarWinds Continued. Retrieved February 22, 2021.
Internal MISP references
UUID 7e43bda5-0978-46aa-b3b3-66ffb62b9fdb which can be used as unique global reference for Splunk Supernova Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2021-01-21T00:00:00Z |
| source | MITRE |
| title | Detecting Supernova Malware: SolarWinds Continued |
Microsoft Winnti Jan 2017
Cap, P., et al. (2017, January 25). Detecting threat actors in recent German industrial attacks with Windows Defender ATP. Retrieved February 8, 2017.
Internal MISP references
UUID 6b63fac9-4bde-4fc8-a016-e77c8485fab7 which can be used as unique global reference for Microsoft Winnti Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-08T00:00:00Z |
| date_published | 2017-01-25T00:00:00Z |
| source | MITRE |
| title | Detecting threat actors in recent German industrial attacks with Windows Defender ATP |
Chokepoint preload rootkits
stderr. (2014, February 14). Detecting Userland Preload Rootkits. Retrieved December 20, 2017.
Internal MISP references
UUID 16c00830-eade-40e2-9ee6-6e1af4b58e5d which can be used as unique global reference for Chokepoint preload rootkits in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2014-02-14T00:00:00Z |
| source | MITRE |
| title | Detecting Userland Preload Rootkits |
Sygnia Golden SAML
Sygnia. (2020, December). Detection and Hunting of Golden SAML Attack. Retrieved January 6, 2021.
Internal MISP references
UUID 1a6673b0-2a30-481e-a2a4-9e17e2676c5d which can be used as unique global reference for Sygnia Golden SAML in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | Detection and Hunting of Golden SAML Attack |
FireEye Exchange Zero Days March 2021
Bromiley, M. et al. (2021, March 4). Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities. Retrieved March 9, 2021.
Internal MISP references
UUID 5e5452a4-c3f5-4802-bcb4-198612cc8282 which can be used as unique global reference for FireEye Exchange Zero Days March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-09T00:00:00Z |
| date_published | 2021-03-04T00:00:00Z |
| source | MITRE |
| title | Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities |
Microsoft DEV-0537
Microsoft. (2022, March 22). DEV-0537 criminal actor targeting organizations for data exfiltration and destruction. Retrieved March 23, 2022.
Internal MISP references
UUID 2f7a59f3-620d-4e2e-8595-af96cd4e16c3 which can be used as unique global reference for Microsoft DEV-0537 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-23T00:00:00Z |
| date_published | 2022-03-22T00:00:00Z |
| source | MITRE |
| title | DEV-0537 criminal actor targeting organizations for data exfiltration and destruction |
MSTIC DEV-0537 Mar 2022
MSTIC, DART, M365 Defender. (2022, March 24). DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction. Retrieved May 17, 2022.
Internal MISP references
UUID a9ce7e34-6e7d-4681-9869-8e8f2b5b0390 which can be used as unique global reference for MSTIC DEV-0537 Mar 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-17T00:00:00Z |
| date_published | 2022-03-24T00:00:00Z |
| source | MITRE |
| title | DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction |
Microsoft Royal ransomware November 2022
MSTIC. (2022, November 17). DEV-0569 finds new ways to deliver Royal ransomware, various payloads. Retrieved March 30, 2023.
Internal MISP references
UUID 91efc6bf-e15c-514a-96c1-e838268d222f which can be used as unique global reference for Microsoft Royal ransomware November 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2022-11-17T00:00:00Z |
| source | MITRE |
| title | DEV-0569 finds new ways to deliver Royal ransomware, various payloads |
Cisco IOS Forensics Developments
Felix 'FX' Lindner. (2008, February). Developments in Cisco IOS Forensics. Retrieved October 21, 2020.
Internal MISP references
UUID 95fdf251-f40d-4f7a-bb12-8762e9c961b9 which can be used as unique global reference for Cisco IOS Forensics Developments in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-21T00:00:00Z |
| date_published | 2008-02-01T00:00:00Z |
| source | MITRE |
| title | Developments in Cisco IOS Forensics |
DeviceCredentialDeployment.exe - LOLBAS Project
LOLBAS. (2021, August 16). DeviceCredentialDeployment.exe. Retrieved December 4, 2023.
Internal MISP references
UUID fef281e8-8138-4420-b11b-66d1e6a19805 which can be used as unique global reference for DeviceCredentialDeployment.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DeviceCredentialDeployment.exe |
GitHub mattifestation DeviceGuardBypass
Graeber, M. (2016, November 13). DeviceGuardBypassMitigationRules. Retrieved November 30, 2016.
Internal MISP references
UUID 4ecd64b4-8014-447a-91d2-a431f4adbfcd which can be used as unique global reference for GitHub mattifestation DeviceGuardBypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-30T00:00:00Z |
| date_published | 2016-11-13T00:00:00Z |
| source | MITRE |
| title | DeviceGuardBypassMitigationRules |
Devinit.exe - LOLBAS Project
LOLBAS. (2022, January 20). Devinit.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 27343583-c17d-4c11-a7e3-14d725756556 which can be used as unique global reference for Devinit.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Devinit.exe |
Devtoolslauncher.exe - LOLBAS Project
LOLBAS. (2019, October 4). Devtoolslauncher.exe. Retrieved December 4, 2023.
Internal MISP references
UUID cb263978-019c-40c6-b6de-61db0e7a8941 which can be used as unique global reference for Devtoolslauncher.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-10-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Devtoolslauncher.exe |
devtunnel.exe - LOLBAS Project
LOLBAS. (2023, September 16). devtunnel.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 657c8b4c-1eee-4997-8461-c7592eaed9e8 which can be used as unique global reference for devtunnel.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-09-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | devtunnel.exe |
Dfshim.dll - LOLBAS Project
LOLBAS. (2018, May 25). Dfshim.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 30503e42-6047-46a9-8189-e6caa5f4deb0 which can be used as unique global reference for Dfshim.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dfshim.dll |
Dfsvc.exe - LOLBAS Project
LOLBAS. (2018, May 25). Dfsvc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7f3a78c0-68b2-4a9d-ae6a-6e63e8ddac3f which can be used as unique global reference for Dfsvc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dfsvc.exe |
dhcp_serv_op_events
Microsoft. (2006, August 31). DHCP Server Operational Events. Retrieved March 7, 2022.
Internal MISP references
UUID e2b1e810-2a78-4553-8927-38ed5fba0f38 which can be used as unique global reference for dhcp_serv_op_events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-07T00:00:00Z |
| date_published | 2006-08-31T00:00:00Z |
| source | MITRE |
| title | DHCP Server Operational Events |
GitHub Diamorphine
Mello, V. (2018, March 8). Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64). Retrieved April 9, 2018.
Internal MISP references
UUID 92993055-d2e6-46b2-92a3-ad70b62e4cc0 which can be used as unique global reference for GitHub Diamorphine in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2018-03-08T00:00:00Z |
| source | MITRE |
| title | Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64) |
diantz.exe_lolbas
Living Off The Land Binaries, Scripts and Libraries (LOLBAS). (n.d.). Diantz.exe. Retrieved October 25, 2021.
Internal MISP references
UUID 66652db8-5594-414f-8a6b-83d708a0c1fa which can be used as unique global reference for diantz.exe_lolbas in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-25T00:00:00Z |
| source | MITRE |
| title | Diantz.exe |
Fortinet Diavol July 2021
Neeamni, D., Rubinfeld, A.. (2021, July 1). Diavol - A New Ransomware Used By Wizard Spider?. Retrieved November 12, 2021.
Internal MISP references
UUID 28c650f2-8ce8-4c78-ab4a-cae56c1548ed which can be used as unique global reference for Fortinet Diavol July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-12T00:00:00Z |
| date_published | 2021-07-01T00:00:00Z |
| source | MITRE |
| title | Diavol - A New Ransomware Used By Wizard Spider? |
DFIR Diavol Ransomware December 2021
DFIR Report. (2021, December 13). Diavol Ransomware. Retrieved March 9, 2022.
Internal MISP references
UUID eb89f18d-684c-4220-b2a8-967f1f8f9162 which can be used as unique global reference for DFIR Diavol Ransomware December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-09T00:00:00Z |
| date_published | 2021-12-13T00:00:00Z |
| source | MITRE |
| title | Diavol Ransomware |
Überwachung APT28 Forfiles June 2015
Guarnieri, C. (2015, June 19). Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag. Retrieved January 22, 2018.
Internal MISP references
UUID 3b85fff0-88d8-4df6-af0b-66e57492732e which can be used as unique global reference for Überwachung APT28 Forfiles June 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2015-06-19T00:00:00Z |
| source | MITRE |
| title | Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag |
Microsoft DSE June 2017
Microsoft. (2017, June 1). Digital Signatures for Kernel Modules on Windows. Retrieved April 22, 2021.
Internal MISP references
UUID 451bdfe3-0b30-425c-97a0-44727b70c1da which can be used as unique global reference for Microsoft DSE June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| date_published | 2017-06-01T00:00:00Z |
| source | MITRE |
| title | Digital Signatures for Kernel Modules on Windows |
ESET Turla Mosquito Jan 2018
ESET, et al. (2018, January). Diplomats in Eastern Europe bitten by a Turla mosquito. Retrieved July 3, 2018.
Internal MISP references
UUID cd177c2e-ef22-47be-9926-61e25fd5f33b which can be used as unique global reference for ESET Turla Mosquito Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2018-01-01T00:00:00Z |
| source | MITRE |
| title | Diplomats in Eastern Europe bitten by a Turla mosquito |
TechNet Dir
Microsoft. (n.d.). Dir. Retrieved April 18, 2016.
Internal MISP references
UUID f1eb8631-6bea-4688-a5ff-a388b1fdceb0 which can be used as unique global reference for TechNet Dir in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-18T00:00:00Z |
| source | MITRE |
| title | Dir |
Frisk DMA August 2016
Ulf Frisk. (2016, August 5). Direct Memory Attack the Kernel. Retrieved March 30, 2018.
Internal MISP references
UUID c504485b-2daa-4159-96da-481a0b97a979 which can be used as unique global reference for Frisk DMA August 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| date_published | 2016-08-05T00:00:00Z |
| source | MITRE |
| title | Direct Memory Attack the Kernel |
Redops Syscalls
Feichter, D. (2023, June 30). Direct Syscalls vs Indirect Syscalls. Retrieved September 27, 2023.
Internal MISP references
UUID dd8c2edd-b5ba-5a41-b65d-c3a2951d07b8 which can be used as unique global reference for Redops Syscalls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2023-06-30T00:00:00Z |
| source | MITRE |
| title | Direct Syscalls vs Indirect Syscalls |
GitHub Disable DDEAUTO Oct 2017
Dormann, W. (2017, October 20). Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016. Retrieved February 3, 2018.
Internal MISP references
UUID eea0dd34-4efa-4093-bd11-a59d1601868f which can be used as unique global reference for GitHub Disable DDEAUTO Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-03T00:00:00Z |
| date_published | 2017-10-20T00:00:00Z |
| source | MITRE |
| title | Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016 |
Disable automount for ISO
wordmann. (2022, February 8). Disable Disc Imgage. Retrieved February 8, 2022.
Internal MISP references
UUID 2155591e-eacf-4575-b7a6-f031675ef1b3 which can be used as unique global reference for Disable automount for ISO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-08T00:00:00Z |
| date_published | 2022-02-08T00:00:00Z |
| source | MITRE |
| title | Disable Disc Imgage |
Disable_Win_Event_Logging
dmcxblue. (n.d.). Disable Windows Event Logging. Retrieved September 10, 2021.
Internal MISP references
UUID 0fa5e507-33dc-40ea-b960-bcd9aa024ab1 which can be used as unique global reference for Disable_Win_Event_Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-10T00:00:00Z |
| source | MITRE |
| title | Disable Windows Event Logging |
GitHub MOTW
wdormann. (2019, August 29). Disable Windows Explorer file associations for Disc Image Mount. Retrieved April 16, 2022.
Internal MISP references
UUID 044aa74a-9320-496a-9d15-37d8b934c244 which can be used as unique global reference for GitHub MOTW in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-16T00:00:00Z |
| date_published | 2019-08-29T00:00:00Z |
| source | MITRE |
| title | Disable Windows Explorer file associations for Disc Image Mount |
Apple Disable SIP
Apple. (n.d.). Disabling and Enabling System Integrity Protection. Retrieved April 22, 2021.
Internal MISP references
UUID d7545e0c-f0b7-4be4-800b-06a02240385e which can be used as unique global reference for Apple Disable SIP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| source | MITRE |
| title | Disabling and Enabling System Integrity Protection |
Microsoft GPO Bluetooth FEB 2009
Microsoft. (2009, February 9). Disabling Bluetooth and Infrared Beaming. Retrieved July 26, 2018.
Internal MISP references
UUID 27573597-5269-4894-87fb-24afcdb8f30a which can be used as unique global reference for Microsoft GPO Bluetooth FEB 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-26T00:00:00Z |
| date_published | 2009-02-09T00:00:00Z |
| source | MITRE |
| title | Disabling Bluetooth and Infrared Beaming |
ITSyndicate Disabling PHP functions
Kondratiev, A. (n.d.). Disabling dangerous PHP functions. Retrieved July 26, 2021.
Internal MISP references
UUID 6e91f485-5777-4a06-94a3-cdc4718a8e39 which can be used as unique global reference for ITSyndicate Disabling PHP functions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-26T00:00:00Z |
| source | MITRE |
| title | Disabling dangerous PHP functions |
disable_notif_synology_ransom
TheDFIRReport. (2022, March 1). Disabling notifications on Synology servers before ransom. Retrieved October 19, 2022.
Internal MISP references
UUID d53e8f89-df78-565b-a316-cf2644c5ed36 which can be used as unique global reference for disable_notif_synology_ransom in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-19T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | Disabling notifications on Synology servers before ransom |
Diskshadow.exe - LOLBAS Project
LOLBAS. (2018, May 25). Diskshadow.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 27a3f0b4-e699-4319-8b52-8eae4581faa2 which can be used as unique global reference for Diskshadow.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Diskshadow.exe |
Bitdefender FunnyDream Campaign November 2020
Vrabie, V. (2020, November). Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. Retrieved September 19, 2022.
Internal MISP references
UUID b62a9f2c-02ca-4dfa-95fc-5dc6ad9568de which can be used as unique global reference for Bitdefender FunnyDream Campaign November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-19T00:00:00Z |
| date_published | 2020-11-01T00:00:00Z |
| source | MITRE |
| title | Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions |
FireEye NETWIRE March 2019
Maniath, S. and Kadam P. (2019, March 19). Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing. Retrieved January 7, 2021.
Internal MISP references
UUID 404d4f7e-62de-4483-9320-a90fb255e783 which can be used as unique global reference for FireEye NETWIRE March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-07T00:00:00Z |
| date_published | 2019-03-19T00:00:00Z |
| source | MITRE |
| title | Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing |
Cybereason Dissecting DGAs
Sternfeld, U. (2016). Dissecting Domain Generation Algorithms: Eight Real World DGA Variants. Retrieved February 18, 2019.
Internal MISP references
UUID 9888cdb6-fe85-49b4-937c-75005ac9660d which can be used as unique global reference for Cybereason Dissecting DGAs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2016-01-01T00:00:00Z |
| source | MITRE |
| title | Dissecting Domain Generation Algorithms: Eight Real World DGA Variants |
FireEye POSHSPY April 2017
Dunwoody, M.. (2017, April 3). Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY). Retrieved April 5, 2017.
Internal MISP references
UUID b1271e05-80d7-4761-a13f-b6f0db7d7e5a which can be used as unique global reference for FireEye POSHSPY April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-05T00:00:00Z |
| date_published | 2017-04-03T00:00:00Z |
| source | MITRE |
| title | Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY) |
Microsoft DTC
Microsoft. (2011, January 12). Distributed Transaction Coordinator. Retrieved February 25, 2016.
Internal MISP references
UUID d2a1aab3-a4c9-4583-9cf8-170eeb77d828 which can be used as unique global reference for Microsoft DTC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-25T00:00:00Z |
| date_published | 2011-01-12T00:00:00Z |
| source | MITRE |
| title | Distributed Transaction Coordinator |
FireEye DLL Search Order Hijacking
Nick Harbour. (2010, September 1). DLL Search Order Hijacking Revisited. Retrieved March 13, 2020.
Internal MISP references
UUID 0ba2675d-4d7f-406a-81fa-b87e62d7a539 which can be used as unique global reference for FireEye DLL Search Order Hijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2010-09-01T00:00:00Z |
| source | MITRE |
| title | DLL Search Order Hijacking Revisited |
Mandiant Search Order
Mandiant. (2010, August 31). DLL Search Order Hijacking Revisited. Retrieved December 5, 2014.
Internal MISP references
UUID 2f602a6c-0305-457c-b329-a17b55d8e094 which can be used as unique global reference for Mandiant Search Order in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| date_published | 2010-08-31T00:00:00Z |
| source | MITRE |
| title | DLL Search Order Hijacking Revisited |
Stewart 2014
Stewart, A. (2014). DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry. Retrieved November 12, 2014.
Internal MISP references
UUID 813905b5-7aa5-4bab-b2ac-eaafdea55805 which can be used as unique global reference for Stewart 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry |
Dnscmd.exe - LOLBAS Project
LOLBAS. (2018, May 25). Dnscmd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3571ca9d-3388-4e74-8b30-dd92ef2b5f10 which can be used as unique global reference for Dnscmd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dnscmd.exe |
Dnscmd Microsoft
Microsoft. (2023, February 3). Dnscmd Microsoft. Retrieved July 11, 2023.
Internal MISP references
UUID 24b1cb7b-357f-470f-9715-fa0ec3958cbb which can be used as unique global reference for Dnscmd Microsoft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-11T00:00:00Z |
| date_published | 2023-02-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dnscmd Microsoft |
DNS Dumpster
Hacker Target. (n.d.). DNS Dumpster. Retrieved October 20, 2020.
Internal MISP references
UUID 0bbe1e50-28af-4265-a493-4bb4fd693bad which can be used as unique global reference for DNS Dumpster in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | DNS Dumpster |
Talos DNSpionage Nov 2018
Mercer, W., Rascagneres, P. (2018, November 27). DNSpionage Campaign Targets Middle East. Retrieved October 9, 2020.
Internal MISP references
UUID d597ad7d-f808-4289-b42a-79807248c2d6 which can be used as unique global reference for Talos DNSpionage Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-09T00:00:00Z |
| date_published | 2018-11-27T00:00:00Z |
| source | MITRE |
| title | DNSpionage Campaign Targets Middle East |
Unit42 DNS Mar 2019
Hinchliffe, A. (2019, March 15). DNS Tunneling: how DNS can be (ab)used by malicious actors. Retrieved October 3, 2020.
Internal MISP references
UUID e41fde80-5ced-4f66-9852-392d1ef79520 which can be used as unique global reference for Unit42 DNS Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-03T00:00:00Z |
| date_published | 2019-03-15T00:00:00Z |
| source | MITRE |
| title | DNS Tunneling: how DNS can be (ab)used by malicious actors |
dnx.exe - LOLBAS Project
LOLBAS. (2018, May 25). dnx.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 50652a27-c47b-41d4-a2eb-2ebf74e5bd09 which can be used as unique global reference for dnx.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | dnx.exe |
Docker Daemon CLI
Docker. (n.d.). DockerD CLI. Retrieved March 29, 2021.
Internal MISP references
UUID ea86eae4-6ad4-4d79-9dd3-dd965a7feb5c which can be used as unique global reference for Docker Daemon CLI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | DockerD CLI |
Docker API
Docker. (n.d.). Docker Engine API v1.41 Reference. Retrieved March 31, 2021.
Internal MISP references
UUID b8ec1e37-7286-40e8-9577-ff9c54801086 which can be used as unique global reference for Docker API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-31T00:00:00Z |
| source | MITRE |
| title | Docker Engine API v1.41 Reference |
Docker Build Image
Docker. ( null). Docker Engine API v1.41 Reference - Build an Image. Retrieved March 30, 2021.
Internal MISP references
UUID ee708b64-57f3-4b47-af05-1e26b698c21f which can be used as unique global reference for Docker Build Image in MISP communities and other software using the MISP galaxy
External references
- https://docs.docker.com/engine/api/v1.41/#operation/ImageBuild
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | Docker Engine API v1.41 Reference - Build an Image |
Docker Containers API
Docker. (n.d.). Docker Engine API v1.41 Reference - Container. Retrieved March 29, 2021.
Internal MISP references
UUID 2351cb32-23d6-4557-9c52-e6e228402bab which can be used as unique global reference for Docker Containers API in MISP communities and other software using the MISP galaxy
External references
- https://docs.docker.com/engine/api/v1.41/#tag/Container
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Docker Engine API v1.41 Reference - Container |
Docker Exec
Docker. (n.d.). Docker Exec. Retrieved March 29, 2021.
Internal MISP references
UUID 5f1ace27-6584-4585-98de-52cb71d419c1 which can be used as unique global reference for Docker Exec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Docker Exec |
Docker Images
Docker. (n.d.). Docker Images. Retrieved April 6, 2021.
Internal MISP references
UUID 9b4d1e80-61e9-4557-a562-5eda66d0bbf7 which can be used as unique global reference for Docker Images in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-06T00:00:00Z |
| source | MITRE |
| title | Docker Images |
Docker Overview
Docker. (n.d.). Docker Overview. Retrieved March 30, 2021.
Internal MISP references
UUID 52954bb1-16b0-4717-a72c-8a6dec97610b which can be used as unique global reference for Docker Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | Docker Overview |
Docker Entrypoint
Docker. (n.d.). Docker run reference. Retrieved March 29, 2021.
Internal MISP references
UUID c80ad3fd-d7fc-4a7a-8565-da3feaa4a915 which can be used as unique global reference for Docker Entrypoint in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Docker run reference |
TechNet Server Operator Scheduled Task
Microsoft. (2012, November 15). Domain controller: Allow server operators to schedule tasks. Retrieved December 18, 2017.
Internal MISP references
UUID a9497afa-42c8-499e-a6b6-4231b1c22f6e which can be used as unique global reference for TechNet Server Operator Scheduled Task in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2012-11-15T00:00:00Z |
| source | MITRE |
| title | Domain controller: Allow server operators to schedule tasks |
Cisco Umbrella DGA
Scarfo, A. (2016, October 10). Domain Generation Algorithms – Why so effective?. Retrieved February 18, 2019.
Internal MISP references
UUID 5dbe2bcb-40b9-4ff8-a37a-0893a7a6cb58 which can be used as unique global reference for Cisco Umbrella DGA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2016-10-10T00:00:00Z |
| source | MITRE |
| title | Domain Generation Algorithms – Why so effective? |
Microsoft GetAllTrustRelationships
Microsoft. (n.d.). Domain.GetAllTrustRelationships Method. Retrieved February 14, 2019.
Internal MISP references
UUID 571086ce-42d3-4416-9521-315f694647a6 which can be used as unique global reference for Microsoft GetAllTrustRelationships in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-14T00:00:00Z |
| source | MITRE |
| title | Domain.GetAllTrustRelationships Method |
ICANNDomainNameHijacking
ICANN Security and Stability Advisory Committee. (2005, July 12). Domain Name Hijacking: Incidents, Threats, Risks and Remediation. Retrieved March 6, 2017.
Internal MISP references
UUID 96c5ec6c-d53d-49c3-bca1-0b6abe0080e6 which can be used as unique global reference for ICANNDomainNameHijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2005-07-12T00:00:00Z |
| source | MITRE |
| title | Domain Name Hijacking: Incidents, Threats, Risks and Remediation |
Palo Alto Unit 42 Domain Shadowing 2022
Janos Szurdi, Rebekah Houser and Daiping Liu. (2022, September 21). Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime. Retrieved March 7, 2023.
Internal MISP references
UUID ec460017-fd25-5975-b697-c8c11fee960d which can be used as unique global reference for Palo Alto Unit 42 Domain Shadowing 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-09-21T00:00:00Z |
| source | MITRE |
| title | Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime |
ASERT Donot March 2018
Schwarz, D., Sopko J. (2018, March 08). Donot Team Leverages New Modular Malware Framework in South Asia. Retrieved June 11, 2018.
Internal MISP references
UUID a1b987cc-7789-411c-9673-3cf6357b207c which can be used as unique global reference for ASERT Donot March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-11T00:00:00Z |
| date_published | 2018-03-08T00:00:00Z |
| source | MITRE |
| title | Donot Team Leverages New Modular Malware Framework in South Asia |
Mandiant URL Obfuscation 2023
Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved August 4, 2023.
Internal MISP references
UUID b63f5934-2ace-5326-89be-7a850469a563 which can be used as unique global reference for Mandiant URL Obfuscation 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| date_published | 2023-05-22T00:00:00Z |
| source | MITRE |
| title | Don't @ Me: URL Obfuscation Through Schema Abuse |
Donut Github
TheWover. (2019, May 9). donut. Retrieved March 25, 2022.
Internal MISP references
UUID 5f28c41f-6903-4779-93d4-3de99e031b70 which can be used as unique global reference for Donut Github in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2019-05-09T00:00:00Z |
| source | MITRE |
| title | donut |
Introducing Donut
The Wover. (2019, May 9). Donut - Injecting .NET Assemblies as Shellcode. Retrieved October 4, 2021.
Internal MISP references
UUID 8fd099c6-e002-44d0-8b7f-65f290a42c07 which can be used as unique global reference for Introducing Donut in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2019-05-09T00:00:00Z |
| source | MITRE |
| title | Donut - Injecting .NET Assemblies as Shellcode |
Dotnet.exe - LOLBAS Project
LOLBAS. (2019, November 12). Dotnet.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 8abe21ad-88d1-4a5c-b79e-8216b4b06862 which can be used as unique global reference for Dotnet.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-11-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dotnet.exe |
cyberproof-double-bounce
Itkin, Liora. (2022, September 1). Double-bounced attacks with email spoofing . Retrieved February 24, 2023.
Internal MISP references
UUID 4406d688-c392-5244-b438-6995f38dfc61 which can be used as unique global reference for cyberproof-double-bounce in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-24T00:00:00Z |
| date_published | 2022-09-01T00:00:00Z |
| source | MITRE |
| title | Double-bounced attacks with email spoofing |
FireEye APT41 Aug 2019
Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.
Internal MISP references
UUID 20f8e252-0a95-4ebd-857c-d05b0cde0904 which can be used as unique global reference for FireEye APT41 Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-23T00:00:00Z |
| date_published | 2019-08-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Double DragonAPT41, a dual espionage and cyber crime operation APT41 |
FireEye APT41 2019
FireEye. (2019). Double DragonAPT41, a dual espionage andcyber crime operationAPT41. Retrieved September 23, 2019.
Internal MISP references
UUID daa31f35-15a6-413b-9319-80d6921d1598 which can be used as unique global reference for FireEye APT41 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-23T00:00:00Z |
| date_published | 2019-01-01T00:00:00Z |
| source | MITRE |
| title | Double DragonAPT41, a dual espionage andcyber crime operationAPT41 |
Malwarebytes IssacWiper CaddyWiper March 2022
Threat Intelligence Team. (2022, March 18). Double header: IsaacWiper and CaddyWiper . Retrieved April 11, 2022.
Internal MISP references
UUID 931aed95-a629-4f94-8762-aad580f5d3e2 which can be used as unique global reference for Malwarebytes IssacWiper CaddyWiper March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-11T00:00:00Z |
| date_published | 2022-03-18T00:00:00Z |
| source | MITRE |
| title | Double header: IsaacWiper and CaddyWiper |
tlseminar_downgrade_att
Team Cinnamon. (2017, February 3). Downgrade Attacks. Retrieved December 9, 2021.
Internal MISP references
UUID 8b5d46bf-fb4e-4ecd-b8a9-9c084c1864a3 which can be used as unique global reference for tlseminar_downgrade_att in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-09T00:00:00Z |
| date_published | 2017-02-03T00:00:00Z |
| source | MITRE |
| title | Downgrade Attacks |
LogRhythm Do You Trust Oct 2014
Foss, G. (2014, October 3). Do You Trust Your Computer?. Retrieved December 17, 2018.
Internal MISP references
UUID 88a84f9a-e077-4fdd-9936-30fc7b290476 which can be used as unique global reference for LogRhythm Do You Trust Oct 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-17T00:00:00Z |
| date_published | 2014-10-03T00:00:00Z |
| source | MITRE |
| title | Do You Trust Your Computer? |
VNC Vulnerabilities
Sergiu Gatlan. (2019, November 22). Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions. Retrieved September 20, 2021.
Internal MISP references
UUID 3ec5440a-cb3b-4aa9-8e0e-0f92525ef51c which can be used as unique global reference for VNC Vulnerabilities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2019-11-22T00:00:00Z |
| source | MITRE |
| title | Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions |
Accenture Dragonfish Jan 2018
Accenture Security. (2018, January 27). DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES. Retrieved November 14, 2018.
Internal MISP references
UUID f692c6fa-7b3a-4d1d-9002-b1a59f7116f4 which can be used as unique global reference for Accenture Dragonfish Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-14T00:00:00Z |
| date_published | 2018-01-27T00:00:00Z |
| source | MITRE |
| title | DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES |
Symantec Dragonfly
Symantec Security Response. (2014, June 30). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.
Internal MISP references
UUID 9514c5cd-2ed6-4dbf-aa9e-1c425e969226 which can be used as unique global reference for Symantec Dragonfly in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-08T00:00:00Z |
| date_published | 2014-06-30T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Dragonfly: Cyberespionage Attacks Against Energy Suppliers |
Symantec Dragonfly 2.0 October 2017
Symantec. (2017, October 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved April 19, 2022.
Internal MISP references
UUID a0439d4a-a3ea-4be5-9a01-f223ca259681 which can be used as unique global reference for Symantec Dragonfly 2.0 October 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-19T00:00:00Z |
| date_published | 2017-10-07T00:00:00Z |
| source | MITRE |
| title | Dragonfly: Western energy sector targeted by sophisticated attack group |
Symantec Dragonfly Sept 2017
Symantec Security Response. (2014, July 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 9, 2017.
Internal MISP references
UUID 11bbeafc-ed5d-4d2b-9795-a0a9544fb64e which can be used as unique global reference for Symantec Dragonfly Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-09T00:00:00Z |
| date_published | 2014-07-07T00:00:00Z |
| source | MITRE |
| title | Dragonfly: Western energy sector targeted by sophisticated attack group |
Kaspersky Dridex May 2017
Slepogin, N. (2017, May 25). Dridex: A History of Evolution. Retrieved May 31, 2019.
Internal MISP references
UUID 52c48bc3-2b53-4214-85c3-7e5dd036c969 which can be used as unique global reference for Kaspersky Dridex May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-31T00:00:00Z |
| date_published | 2017-05-25T00:00:00Z |
| source | MITRE |
| title | Dridex: A History of Evolution |
Dell Dridex Oct 2015
Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, October 13). Dridex (Bugat v5) Botnet Takeover Operation. Retrieved May 31, 2019.
Internal MISP references
UUID f81ce947-d875-4631-9709-b54c8b5d25bc which can be used as unique global reference for Dell Dridex Oct 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-31T00:00:00Z |
| date_published | 2015-10-13T00:00:00Z |
| source | MITRE |
| title | Dridex (Bugat v5) Botnet Takeover Operation |
Red Canary Dridex Threat Report 2021
Red Canary. (2021, February 9). Dridex - Red Canary Threat Detection Report. Retrieved August 3, 2023.
Internal MISP references
UUID 3be25132-6655-5fa9-92cb-772d02f49d2b which can be used as unique global reference for Red Canary Dridex Threat Report 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-03T00:00:00Z |
| date_published | 2021-02-09T00:00:00Z |
| source | MITRE |
| title | Dridex - Red Canary Threat Detection Report |
volexity_0day_sophos_FW
Adair, S., Lancaster, T., Volexity Threat Research. (2022, June 15). DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach. Retrieved July 1, 2022.
Internal MISP references
UUID 85bee18e-216d-4ea6-b34e-b071e3f63382 which can be used as unique global reference for volexity_0day_sophos_FW in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-01T00:00:00Z |
| date_published | 2022-06-15T00:00:00Z |
| source | MITRE |
| title | DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach |
Microsoft Driverquery
Microsoft. (n.d.). driverquery. Retrieved March 28, 2023.
Internal MISP references
UUID 7302dc00-a75a-5787-a04c-88ef4922ac09 which can be used as unique global reference for Microsoft Driverquery in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| source | MITRE |
| title | driverquery |
Dropbox Malware Sync
David Talbot. (2013, August 21). Dropbox and Similar Services Can Sync Malware. Retrieved May 31, 2023.
Internal MISP references
UUID 06ca63fa-8c6c-501c-96d3-5e7e45ca1e04 which can be used as unique global reference for Dropbox Malware Sync in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-31T00:00:00Z |
| date_published | 2013-08-21T00:00:00Z |
| source | MITRE |
| title | Dropbox and Similar Services Can Sync Malware |
Cyberreason Anchor December 2019
Dahan, A. et al. (2019, December 11). DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE. Retrieved September 10, 2020.
Internal MISP references
UUID a8dc5598-9963-4a1d-a473-bee8d2c72c57 which can be used as unique global reference for Cyberreason Anchor December 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-10T00:00:00Z |
| date_published | 2019-12-11T00:00:00Z |
| source | MITRE |
| title | DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE |
Samba DRSUAPI
SambaWiki. (n.d.). DRSUAPI. Retrieved December 4, 2017.
Internal MISP references
UUID 79e8f598-9962-4124-b884-eb10f86885af which can be used as unique global reference for Samba DRSUAPI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| source | MITRE |
| title | DRSUAPI |
dsdbutil.exe - LOLBAS Project
LOLBAS. (2023, May 31). dsdbutil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID fc982faf-a37d-4d0b-949c-f7a27adc3030 which can be used as unique global reference for dsdbutil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-05-31T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | dsdbutil.exe |
TechNet Dsquery
Microsoft. (n.d.). Dsquery. Retrieved April 18, 2016.
Internal MISP references
UUID bbbb4a45-2963-4f04-901a-fb2752800e12 which can be used as unique global reference for TechNet Dsquery in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-18T00:00:00Z |
| source | MITRE |
| title | Dsquery |
CyberBit Dtrack
Hod Gavriel. (2019, November 21). Dtrack: In-depth analysis of APT on a nuclear power plant. Retrieved January 20, 2021.
Internal MISP references
UUID 1ac944f4-868c-4312-8b5d-1580fd6542a0 which can be used as unique global reference for CyberBit Dtrack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-20T00:00:00Z |
| date_published | 2019-11-21T00:00:00Z |
| source | MITRE |
| title | Dtrack: In-depth analysis of APT on a nuclear power plant |
Kaspersky Dtrack
Kaspersky Global Research and Analysis Team. (2019, September 23). DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers. Retrieved January 20, 2021.
Internal MISP references
UUID 0122ee35-938d-493f-a3bb-bc75fc808f62 which can be used as unique global reference for Kaspersky Dtrack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-20T00:00:00Z |
| date_published | 2019-09-23T00:00:00Z |
| source | MITRE |
| title | DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers |
Crowdstrike Qakbot October 2020
CS. (2020, October 7). Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2. Retrieved September 27, 2021.
Internal MISP references
UUID 636a9b94-8260-45cc-bd74-a764cd8f50b0 which can be used as unique global reference for Crowdstrike Qakbot October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| date_published | 2020-10-07T00:00:00Z |
| source | MITRE |
| title | Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2 |
Dump64.exe - LOLBAS Project
LOLBAS. (2021, November 16). Dump64.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b0186447-a6d5-40d7-a11d-ab2e9fb93087 which can be used as unique global reference for Dump64.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-11-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dump64.exe |
dump_pwd_dcsync
Metcalf, S. (2015, November 22). Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync. Retrieved November 15, 2021.
Internal MISP references
UUID bd1d7e75-feee-47fd-abfb-7e3dfc648a72 which can be used as unique global reference for dump_pwd_dcsync in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-15T00:00:00Z |
| date_published | 2015-11-22T00:00:00Z |
| source | MITRE |
| title | Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync |
ired mscache
Mantvydas Baranauskas. (2019, November 16). Dumping and Cracking mscash - Cached Domain Credentials. Retrieved February 21, 2020.
Internal MISP references
UUID 5b643e7d-1ace-4517-88c2-96115cac1209 which can be used as unique global reference for ired mscache in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2019-11-16T00:00:00Z |
| source | MITRE |
| title | Dumping and Cracking mscash - Cached Domain Credentials |
ired Dumping LSA Secrets
Mantvydas Baranauskas. (2019, November 16). Dumping LSA Secrets. Retrieved February 21, 2020.
Internal MISP references
UUID cf883397-11e9-4f94-977a-bbe46e3107f5 which can be used as unique global reference for ired Dumping LSA Secrets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2019-11-16T00:00:00Z |
| source | MITRE |
| title | Dumping LSA Secrets |
DumpMinitool.exe - LOLBAS Project
LOLBAS. (2022, January 20). DumpMinitool.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4634e025-c005-46fe-b97c-5d7dda455ba0 which can be used as unique global reference for DumpMinitool.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | DumpMinitool.exe |
Wikipedia Duqu
Wikipedia. (2017, December 29). Duqu. Retrieved April 10, 2018.
Internal MISP references
UUID 5cf0101e-c036-4c1c-b322-48f04e2aef0b which can be used as unique global reference for Wikipedia Duqu in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-10T00:00:00Z |
| date_published | 2017-12-29T00:00:00Z |
| source | MITRE |
| title | Duqu |
Dxcap.exe - LOLBAS Project
LOLBAS. (2018, May 25). Dxcap.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7611eb7a-46b7-4c76-9728-67c1fbf20e17 which can be used as unique global reference for Dxcap.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Dxcap.exe |
TheEvilBit DYLD_INSERT_LIBRARIES
Fitzl, C. (2019, July 9). DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX. Retrieved March 26, 2020.
Internal MISP references
UUID bd27026c-81eb-480e-b092-f861472ac775 which can be used as unique global reference for TheEvilBit DYLD_INSERT_LIBRARIES in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-26T00:00:00Z |
| date_published | 2019-07-09T00:00:00Z |
| source | MITRE |
| title | DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX |
Wardle Dylib Hijacking OSX 2015
Patrick Wardle. (2015, March 1). Dylib Hijacking on OS X. Retrieved March 29, 2021.
Internal MISP references
UUID c78d8c94-4fe3-4aa9-b879-f0b0e9d2714b which can be used as unique global reference for Wardle Dylib Hijacking OSX 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| date_published | 2015-03-01T00:00:00Z |
| source | MITRE |
| title | Dylib Hijacking on OS X |
Dragos DYMALLOY
Dragos. (n.d.). DYMALLOY. Retrieved August 20, 2020.
Internal MISP references
UUID d2785c6e-e0d1-4e90-a2d5-2c302176d5d3 which can be used as unique global reference for Dragos DYMALLOY in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-20T00:00:00Z |
| source | MITRE |
| title | DYMALLOY |
MWRInfoSecurity Dynamic Hooking 2015
Hillman, M. (2015, August 8). Dynamic Hooking Techniques: User Mode. Retrieved December 20, 2017.
Internal MISP references
UUID 3cb6d0b1-4d6b-4f2d-bd7d-e4b2dcde081d which can be used as unique global reference for MWRInfoSecurity Dynamic Hooking 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2015-08-08T00:00:00Z |
| source | MITRE |
| title | Dynamic Hooking Techniques: User Mode |
rfc2131
Droms, R. (1997, March). Dynamic Host Configuration Protocol. Retrieved March 9, 2022.
Internal MISP references
UUID b16bd2d5-162b-44cb-a812-7becd6684021 which can be used as unique global reference for rfc2131 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-09T00:00:00Z |
| date_published | 1997-03-01T00:00:00Z |
| source | MITRE |
| title | Dynamic Host Configuration Protocol |
rfc3315
J. Bound, et al. (2003, July). Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Retrieved June 27, 2022.
Internal MISP references
UUID 9349f864-79e9-4481-ad77-44099621795a which can be used as unique global reference for rfc3315 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-27T00:00:00Z |
| date_published | 2003-07-01T00:00:00Z |
| source | MITRE |
| title | Dynamic Host Configuration Protocol for IPv6 (DHCPv6) |
Microsoft DLL Redirection
Microsoft. (n.d.). Dynamic-Link Library Redirection. Retrieved December 5, 2014.
Internal MISP references
UUID ac60bb28-cb14-4ff9-bc05-df48273a28a9 which can be used as unique global reference for Microsoft DLL Redirection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Redirection |
Microsoft Dynamic-Link Library Redirection
Microsoft. (2018, May 31). Dynamic-Link Library Redirection. Retrieved March 13, 2020.
Internal MISP references
UUID 72458590-ee1b-4447-adb8-ca4f486d1db5 which can be used as unique global reference for Microsoft Dynamic-Link Library Redirection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Redirection |
Microsoft Dynamic Link Library Search Order
Microsoft. (2018, May 31). Dynamic-Link Library Search Order. Retrieved November 30, 2014.
Internal MISP references
UUID 7b1f945b-2547-4bc6-98bf-30248bdf3587 which can be used as unique global reference for Microsoft Dynamic Link Library Search Order in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-30T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Search Order |
Microsoft DLL Search
Microsoft. (n.d.). Dynamic-Link Library Search Order. Retrieved November 30, 2014.
Internal MISP references
UUID c157444d-bf2b-4806-b069-519122b7a459 which can be used as unique global reference for Microsoft DLL Search in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-30T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Search Order |
Microsoft DLL Security
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved November 27, 2017.
Internal MISP references
UUID 584490c7-b155-4f62-b68d-a5a2a1799e60 which can be used as unique global reference for Microsoft DLL Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Security |
Microsoft Dynamic-Link Library Security
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.
Internal MISP references
UUID e087442a-0a53-4cc8-9fd6-772cbd0295d5 which can be used as unique global reference for Microsoft Dynamic-Link Library Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-25T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Security |
MSDN DLL Security
Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.
Internal MISP references
UUID 5d1d1916-cef4-49d1-b8e2-a6d18fb297f6 which can be used as unique global reference for MSDN DLL Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-25T00:00:00Z |
| source | MITRE |
| title | Dynamic-Link Library Security |
Symantec Dyre June 2015
Symantec Security Response. (2015, June 23). Dyre: Emerging threat on financial fraud landscape. Retrieved August 23, 2018.
Internal MISP references
UUID a9780bb0-302f-44c2-8252-b53d94da24e6 which can be used as unique global reference for Symantec Dyre June 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-23T00:00:00Z |
| date_published | 2015-06-23T00:00:00Z |
| source | MITRE |
| title | Dyre: Emerging threat on financial fraud landscape |
EA Hacked via Slack - June 2021
Anthony Spadafora. (2021, June 11). EA hack reportedly used stolen cookies and Slack to target gaming giant. Retrieved May 31, 2022.
Internal MISP references
UUID 3362e1df-cfb9-4281-a0a1-9a3710d76945 which can be used as unique global reference for EA Hacked via Slack - June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-31T00:00:00Z |
| date_published | 2021-06-11T00:00:00Z |
| source | MITRE |
| title | EA hack reportedly used stolen cookies and Slack to target gaming giant |
CrowdStrike StellarParticle January 2022
CrowdStrike. (2022, January 27). Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign. Retrieved February 7, 2022.
Internal MISP references
UUID 149c1446-d6a1-4a63-9420-def9272d6cb9 which can be used as unique global reference for CrowdStrike StellarParticle January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-07T00:00:00Z |
| date_published | 2022-01-27T00:00:00Z |
| source | MITRE |
| title | Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign |
Trend Micro Muddy Water March 2021
Peretz, A. and Theck, E. (2021, March 5). Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East. Retrieved March 18, 2021.
Internal MISP references
UUID 16b4b834-2f44-4bac-b810-f92080c41f09 which can be used as unique global reference for Trend Micro Muddy Water March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-18T00:00:00Z |
| date_published | 2021-03-05T00:00:00Z |
| source | MITRE |
| title | Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East |
SEC EDGAR Search
U.S. SEC. (n.d.). EDGAR - Search and Access. Retrieved August 27, 2021.
Internal MISP references
UUID 97958143-80c5-41f6-9fa6-4748e90e9f12 which can be used as unique global reference for SEC EDGAR Search in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-27T00:00:00Z |
| source | MITRE |
| title | EDGAR - Search and Access |
Intrinsec Egregor Nov 2020
Bichet, J. (2020, November 12). Egregor – Prolock: Fraternal Twins ?. Retrieved January 6, 2021.
Internal MISP references
UUID e55604da-b419-411a-85cf-073f2d78e0c1 which can be used as unique global reference for Intrinsec Egregor Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2020-11-12T00:00:00Z |
| source | MITRE |
| title | Egregor – Prolock: Fraternal Twins ? |
Cybereason Egregor Nov 2020
Rochberger, L. (2020, November 26). Cybereason vs. Egregor Ransomware. Retrieved December 30, 2020.
Internal MISP references
UUID c36b38d4-cfa2-4f1e-a410-6d629a24be62 which can be used as unique global reference for Cybereason Egregor Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-30T00:00:00Z |
| source | MITRE |
| title | Egregor Ransomware |
Cyble Egregor Oct 2020
Cybleinc. (2020, October 31). Egregor Ransomware – A Deep Dive Into Its Activities and Techniques. Retrieved December 29, 2020.
Internal MISP references
UUID 545a131d-88fc-4b34-923c-0b759b45fc7f which can be used as unique global reference for Cyble Egregor Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-29T00:00:00Z |
| date_published | 2020-10-31T00:00:00Z |
| source | MITRE |
| title | Egregor Ransomware – A Deep Dive Into Its Activities and Techniques |
NHS Digital Egregor Nov 2020
NHS Digital. (2020, November 26). Egregor Ransomware The RaaS successor to Maze. Retrieved December 29, 2020.
Internal MISP references
UUID 92f74037-2a20-4667-820d-2ccc0e4dbd3d which can be used as unique global reference for NHS Digital Egregor Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-29T00:00:00Z |
| date_published | 2020-11-26T00:00:00Z |
| source | MITRE |
| title | Egregor Ransomware The RaaS successor to Maze |
Security Boulevard Egregor Oct 2020
Meskauskas, T.. (2020, October 29). Egregor: Sekhmet’s Cousin. Retrieved January 6, 2021.
Internal MISP references
UUID cd37a000-9e15-45a3-a7c9-bb508c10e55d which can be used as unique global reference for Security Boulevard Egregor Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2020-10-29T00:00:00Z |
| source | MITRE |
| title | Egregor: Sekhmet’s Cousin |
U.S. CISA Trends June 30 2020
Cybersecurity and Infrastructure Security Agency. (2020, June 30). EINSTEIN Data Trends – 30-day Lookback. Retrieved October 25, 2023.
Internal MISP references
UUID b97e9a02-4cc5-4845-8058-0be4c566cd7c which can be used as unique global reference for U.S. CISA Trends June 30 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| date_published | 2020-06-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | EINSTEIN Data Trends – 30-day Lookback |
Dragos EKANS
Dragos. (2020, February 3). EKANS Ransomware and ICS Operations. Retrieved February 9, 2021.
Internal MISP references
UUID c8a018c5-caa3-4af1-b210-b65bbf94c8b2 which can be used as unique global reference for Dragos EKANS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-09T00:00:00Z |
| date_published | 2020-02-03T00:00:00Z |
| source | MITRE |
| title | EKANS Ransomware and ICS Operations |
EldoS RawDisk ITpro
Edwards, M. (2007, March 14). EldoS Provides Raw Disk Access for Vista and XP. Retrieved March 26, 2019.
Internal MISP references
UUID a6cf3d1d-2310-42bb-9324-495b4e94d329 which can be used as unique global reference for EldoS RawDisk ITpro in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-26T00:00:00Z |
| date_published | 2007-03-14T00:00:00Z |
| source | MITRE |
| title | EldoS Provides Raw Disk Access for Vista and XP |
Microsoft Targeting Elections September 2020
Burt, T. (2020, September 10). New cyberattacks targeting U.S. elections. Retrieved March 24, 2021.
Internal MISP references
UUID 1d7070fd-01be-4776-bb21-13368a6173b1 which can be used as unique global reference for Microsoft Targeting Elections September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | elections |
Secureworks IRON RITUAL USAID Phish May 2021
Secureworks CTU. (2021, May 28). USAID-Themed Phishing Campaign Leverages U.S. Elections Lure. Retrieved February 24, 2022.
Internal MISP references
UUID 0d42c329-5847-4970-9580-2318a566df4e which can be used as unique global reference for Secureworks IRON RITUAL USAID Phish May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-24T00:00:00Z |
| source | MITRE |
| title | Elections Lure |
Dragos ELECTRUM
Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.
Internal MISP references
UUID 494f7056-7a39-4fa0-958d-fb1172d01852 which can be used as unique global reference for Dragos ELECTRUM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | ELECTRUM Threat Profile |
Symantec Elfin Mar 2019
Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.
Internal MISP references
UUID 55671ede-f309-4924-a1b4-3d597517b27e which can be used as unique global reference for Symantec Elfin Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-10T00:00:00Z |
| date_published | 2019-03-27T00:00:00Z |
| source | MITRE |
| title | Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. |
Backtrace VDSO
backtrace. (2016, April 22). ELF SHARED LIBRARY INJECTION FORENSICS. Retrieved June 15, 2020.
Internal MISP references
UUID 1c8fa804-6579-4e68-a0b3-d16e0bee5654 which can be used as unique global reference for Backtrace VDSO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2016-04-22T00:00:00Z |
| source | MITRE |
| title | ELF SHARED LIBRARY INJECTION FORENSICS |
Securelist Machete Aug 2014
Kaspersky Global Research and Analysis Team. (2014, August 20). El Machete. Retrieved September 13, 2019.
Internal MISP references
UUID fc7be240-bd15-4ec4-bc01-f8891d7210d9 which can be used as unique global reference for Securelist Machete Aug 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-13T00:00:00Z |
| date_published | 2014-08-20T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | El Machete |
Cylance Machete Mar 2017
The Cylance Threat Research Team. (2017, March 22). El Machete's Malware Attacks Cut Through LATAM. Retrieved September 13, 2019.
Internal MISP references
UUID 92a9a311-1e0b-4819-9856-2dfc8dbfc08d which can be used as unique global reference for Cylance Machete Mar 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-13T00:00:00Z |
| date_published | 2017-03-22T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | El Machete's Malware Attacks Cut Through LATAM |
Power Automate Email Exfiltration Controls
Microsoft. (2022, February 15). Email exfiltration controls for connectors. Retrieved May 27, 2022.
Internal MISP references
UUID 79eeaadf-5c1e-4608-84a5-6c903966a7f3 which can be used as unique global reference for Power Automate Email Exfiltration Controls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2022-02-15T00:00:00Z |
| source | MITRE |
| title | Email exfiltration controls for connectors |
HackersArise Email
Hackers Arise. (n.d.). Email Scraping and Maltego. Retrieved October 20, 2020.
Internal MISP references
UUID b6aefd99-fd97-4ca0-b717-f9dc147c9413 which can be used as unique global reference for HackersArise Email in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Email Scraping and Maltego |
Elastic - Koadiac Detection with EQL
Stepanic, D.. (2020, January 13). Embracing offensive tooling: Building detections against Koadic using EQL. Retrieved November 30, 2020.
Internal MISP references
UUID 689b71f4-f8e5-455f-91c2-c599c8650f11 which can be used as unique global reference for Elastic - Koadiac Detection with EQL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-30T00:00:00Z |
| date_published | 2020-01-13T00:00:00Z |
| source | MITRE |
| title | Embracing offensive tooling: Building detections against Koadic using EQL |
Nccgroup Emissary Panda May 2018
Pantazopoulos, N., Henry T. (2018, May 18). Emissary Panda – A potential new malicious tool. Retrieved June 25, 2018.
Internal MISP references
UUID e279c308-fabc-47d3-bdeb-296266c80988 which can be used as unique global reference for Nccgroup Emissary Panda May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-25T00:00:00Z |
| date_published | 2018-05-18T00:00:00Z |
| source | MITRE |
| title | Emissary Panda – A potential new malicious tool |
Unit42 Emissary Panda May 2019
Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.
Internal MISP references
UUID 3a3ec86c-88da-40ab-8e5f-a7d5102c026b which can be used as unique global reference for Unit42 Emissary Panda May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-09T00:00:00Z |
| date_published | 2019-05-28T00:00:00Z |
| source | MITRE |
| title | Emissary Panda Attacks Middle East Government Sharepoint Servers |
Emissary Trojan Feb 2016
Falcone, R. and Miller-Osborn, J. (2016, February 3). Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?. Retrieved February 15, 2016.
Internal MISP references
UUID 580ce22f-b76b-4a92-9fab-26ce8f449ab6 which can be used as unique global reference for Emissary Trojan Feb 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-15T00:00:00Z |
| date_published | 2016-02-03T00:00:00Z |
| source | MITRE |
| title | Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? |
Sophos Emotet Apr 2019
Brandt, A.. (2019, May 5). Emotet 101, stage 4: command and control. Retrieved April 16, 2019.
Internal MISP references
UUID 0bd01e6c-6fb5-4bae-9fe9-395de061c1da which can be used as unique global reference for Sophos Emotet Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-05-05T00:00:00Z |
| source | MITRE |
| title | Emotet 101, stage 4: command and control |
CIS Emotet Apr 2017
CIS. (2017, April 28). Emotet Changes TTPs and Arrives in United States. Retrieved January 17, 2019.
Internal MISP references
UUID 8dc7653f-84ef-4f0a-91f6-9b10ff50b756 which can be used as unique global reference for CIS Emotet Apr 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-17T00:00:00Z |
| date_published | 2017-04-28T00:00:00Z |
| source | MITRE |
| title | Emotet Changes TTPs and Arrives in United States |
Binary Defense Emotes Wi-Fi Spreader
Binary Defense. (n.d.). Emotet Evolves With new Wi-Fi Spreader. Retrieved September 8, 2023.
Internal MISP references
UUID 05e624ee-c53d-5cd1-8fd2-6b2d38344bfd which can be used as unique global reference for Binary Defense Emotes Wi-Fi Spreader in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| source | MITRE |
| title | Emotet Evolves With new Wi-Fi Spreader |
ESET Emotet Nov 2018
ESET . (2018, November 9). Emotet launches major new spam campaign. Retrieved March 25, 2019.
Internal MISP references
UUID e954c9aa-4995-452c-927e-11d0a6e2f442 which can be used as unique global reference for ESET Emotet Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2018-11-09T00:00:00Z |
| source | MITRE |
| title | Emotet launches major new spam campaign |
Trend Micro Emotet 2020
Cybercrime & Digital Threat Team. (2020, February 13). Emotet Now Spreads via Wi-Fi. Retrieved February 16, 2022.
Internal MISP references
UUID 150327e6-db4b-4588-8cf2-ee131569150b which can be used as unique global reference for Trend Micro Emotet 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-16T00:00:00Z |
| date_published | 2020-02-13T00:00:00Z |
| source | MITRE |
| title | Emotet Now Spreads via Wi-Fi |
Talos Emotet Jan 2019
Brumaghin, E.. (2019, January 15). Emotet re-emerges after the holidays. Retrieved March 25, 2019.
Internal MISP references
UUID 83180391-89b6-4431-87f4-2703b47cb81b which can be used as unique global reference for Talos Emotet Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2019-01-15T00:00:00Z |
| source | MITRE |
| title | Emotet re-emerges after the holidays |
Emotet shutdown
The DFIR Report. (2022, November 8). Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware. Retrieved March 6, 2023.
Internal MISP references
UUID 02e6c7bf-f81c-53a3-b771-fd77d4cdb5a0 which can be used as unique global reference for Emotet shutdown in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-06T00:00:00Z |
| date_published | 2022-11-08T00:00:00Z |
| source | MITRE |
| title | Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware |
Carbon Black Emotet Apr 2019
Lee, S.. (2019, April 24). Emotet Using WMI to Launch PowerShell Encoded Code. Retrieved May 24, 2019.
Internal MISP references
UUID db8fe753-d674-4668-9ee5-c1269085a7a1 which can be used as unique global reference for Carbon Black Emotet Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-24T00:00:00Z |
| date_published | 2019-04-24T00:00:00Z |
| source | MITRE |
| title | Emotet Using WMI to Launch PowerShell Encoded Code |
DanielManea Emotet May 2017
Manea, D.. (2019, May 25). Emotet v4 Analysis. Retrieved April 16, 2019.
Internal MISP references
UUID 578e44f2-9ff5-4bed-8dee-a992711df8ce which can be used as unique global reference for DanielManea Emotet May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-05-25T00:00:00Z |
| source | MITRE |
| title | Emotet v4 Analysis |
Empire Keychain Decrypt
Empire. (2018, March 8). Empire keychaindump_decrypt Module. Retrieved April 14, 2022.
Internal MISP references
UUID 41075230-73a2-4195-b716-379f9e5ae93b which can be used as unique global reference for Empire Keychain Decrypt in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-14T00:00:00Z |
| date_published | 2018-03-08T00:00:00Z |
| source | MITRE |
| title | Empire keychaindump_decrypt Module |
Github EmpireProject CreateHijacker Dylib
Wardle, P., Ross, C. (2018, April 8). EmpireProject Create Dylib Hijacker. Retrieved April 1, 2021.
Internal MISP references
UUID 2908418d-54cf-4245-92c6-63f616b04e91 which can be used as unique global reference for Github EmpireProject CreateHijacker Dylib in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2018-04-08T00:00:00Z |
| source | MITRE |
| title | EmpireProject Create Dylib Hijacker |
Github EmpireProject HijackScanner
Wardle, P., Ross, C. (2017, September 21). Empire Project Dylib Hijack Vulnerability Scanner. Retrieved April 1, 2021.
Internal MISP references
UUID c83e8833-9648-4178-b5be-6fa0af8f737f which can be used as unique global reference for Github EmpireProject HijackScanner in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2017-09-21T00:00:00Z |
| source | MITRE |
| title | Empire Project Dylib Hijack Vulnerability Scanner |
Microsoft ASR Nov 2017
Brower, N. & D'Souza-Wiltshire, I. (2017, November 9). Enable Attack surface reduction. Retrieved February 3, 2018.
Internal MISP references
UUID 1cb445f6-a366-4ae6-a698-53da6c61b4c9 which can be used as unique global reference for Microsoft ASR Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-03T00:00:00Z |
| date_published | 2017-11-09T00:00:00Z |
| source | MITRE |
| title | Enable Attack surface reduction |
Microsoft TESTSIGNING Feb 2021
Microsoft. (2021, February 15). Enable Loading of Test Signed Drivers. Retrieved April 22, 2021.
Internal MISP references
UUID c04153f9-d4c7-4349-9bef-3f883eec0028 which can be used as unique global reference for Microsoft TESTSIGNING Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| date_published | 2021-02-15T00:00:00Z |
| source | MITRE |
| title | Enable Loading of Test Signed Drivers |
Microsoft Disable DCOM
Microsoft. (n.d.). Enable or Disable DCOM. Retrieved November 22, 2017.
Internal MISP references
UUID 1aeac4da-f5fd-4fa3-9cc0-b1a50427c121 which can be used as unique global reference for Microsoft Disable DCOM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | Enable or Disable DCOM |
Microsoft Disable Macros
Microsoft. (n.d.). Enable or disable macros in Office files. Retrieved September 13, 2018.
Internal MISP references
UUID cfe592a1-c06d-4555-a30f-c5d533dfd73e which can be used as unique global reference for Microsoft Disable Macros in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-13T00:00:00Z |
| source | MITRE |
| title | Enable or disable macros in Office files |
Microsoft Remote
Microsoft. (n.d.). Enable the Remote Registry Service. Retrieved May 1, 2015.
Internal MISP references
UUID 331d59e3-ce7f-483c-b77d-001c8a9ae1df which can be used as unique global reference for Microsoft Remote in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-05-01T00:00:00Z |
| source | MITRE |
| title | Enable the Remote Registry Service |
PCMag DoubleExtension
PCMag. (n.d.). Encyclopedia: double extension. Retrieved August 4, 2021.
Internal MISP references
UUID a729519d-8c9f-477c-b992-434076a9d294 which can be used as unique global reference for PCMag DoubleExtension in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-04T00:00:00Z |
| source | MITRE |
| title | Encyclopedia: double extension |
FireEye Periscope March 2018
FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018.
Internal MISP references
UUID 8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f which can be used as unique global reference for FireEye Periscope March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| source | MITRE |
| title | Engineering and Maritime Industries |
NCCIC AR-17-20045 February 2017
NCCIC. (2017, February 10). Enhanced Analysis of GRIZZLY STEPPE Activity. Retrieved April 12, 2021.
Internal MISP references
UUID b930e838-649b-42ab-86dc-0443667276de which can be used as unique global reference for NCCIC AR-17-20045 February 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-12T00:00:00Z |
| date_published | 2017-02-10T00:00:00Z |
| source | MITRE |
| title | Enhanced Analysis of GRIZZLY STEPPE Activity |
ESET Sednit Part 1
ESET. (2016, October). En Route with Sednit - Part 1: Approaching the Target. Retrieved November 8, 2016.
Internal MISP references
UUID a2016103-ead7-46b3-bae5-aa97c45a12b7 which can be used as unique global reference for ESET Sednit Part 1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-08T00:00:00Z |
| date_published | 2016-10-01T00:00:00Z |
| source | MITRE |
| title | En Route with Sednit - Part 1: Approaching the Target |
ESET Sednit Part 2
ESET. (2016, October). En Route with Sednit - Part 2: Observing the Comings and Goings. Retrieved November 21, 2016.
Internal MISP references
UUID aefb9eda-df5a-437f-af2a-ec1b6c04628b which can be used as unique global reference for ESET Sednit Part 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-21T00:00:00Z |
| date_published | 2016-10-01T00:00:00Z |
| source | MITRE |
| title | En Route with Sednit - Part 2: Observing the Comings and Goings |
ESET Sednit Part 3
ESET. (2016, October). En Route with Sednit - Part 3: A Mysterious Downloader. Retrieved November 21, 2016.
Internal MISP references
UUID 7c2be444-a947-49bc-b5f6-8f6bec870c6a which can be used as unique global reference for ESET Sednit Part 3 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-21T00:00:00Z |
| date_published | 2016-10-01T00:00:00Z |
| source | MITRE |
| title | En Route with Sednit - Part 3: A Mysterious Downloader |
Google Ensuring Your Information is Safe
Google. (2011, June 1). Ensuring your information is safe online. Retrieved April 1, 2022.
Internal MISP references
UUID ad3eda19-08eb-4d59-a2c9-3b5ed8302205 which can be used as unique global reference for Google Ensuring Your Information is Safe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2011-06-01T00:00:00Z |
| source | MITRE |
| title | Ensuring your information is safe online |
Fortinet Blog November 13 2018
Fortinet Blog. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved October 20, 2023.
Internal MISP references
UUID 1b9b5c48-d504-4c73-aedc-37e935c47f17 which can be used as unique global reference for Fortinet Blog November 13 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2018-11-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign |
Splunk DarkGate January 17 2024
Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved January 24, 2024.
Internal MISP references
UUID a45a920c-3bda-4442-8650-4ad78f950283 which can be used as unique global reference for Splunk DarkGate January 17 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-24T00:00:00Z |
| date_published | 2024-01-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Enter The Gates: An Analysis of the DarkGate AutoIt Loader |
Microsoft EnumDeviceDrivers
Microsoft. (2021, October 12). EnumDeviceDrivers function (psapi.h). Retrieved March 28, 2023.
Internal MISP references
UUID 647ffc70-8eab-5f2f-abf4-9bbf42554043 which can be used as unique global reference for Microsoft EnumDeviceDrivers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| date_published | 2021-10-12T00:00:00Z |
| source | MITRE |
| title | EnumDeviceDrivers function (psapi.h) |
EK Clueless Agents
Riordan, J., Schneier, B. (1998, June 18). Environmental Key Generation towards Clueless Agents. Retrieved January 18, 2019.
Internal MISP references
UUID ef7409d2-af39-4ad8-8469-76f0165687bd which can be used as unique global reference for EK Clueless Agents in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-18T00:00:00Z |
| date_published | 1998-06-18T00:00:00Z |
| source | MITRE |
| title | Environmental Key Generation towards Clueless Agents |
Deloitte Environment Awareness
Torello, A. & Guibernau, F. (n.d.). Environment Awareness. Retrieved May 18, 2021.
Internal MISP references
UUID af842a1f-8f39-4b4f-b4d2-0bbb810e6c31 which can be used as unique global reference for Deloitte Environment Awareness in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-18T00:00:00Z |
| source | MITRE |
| title | Environment Awareness |
MSDN Environment Property
Microsoft. (n.d.). Environment Property. Retrieved July 27, 2016.
Internal MISP references
UUID 79ea888c-2dd7-40cb-9149-e2469a35ea3a which can be used as unique global reference for MSDN Environment Property in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-27T00:00:00Z |
| source | MITRE |
| title | Environment Property |
Microsoft Environment Property
Microsoft. (2011, October 24). Environment Property. Retrieved July 27, 2016.
Internal MISP references
UUID 64598969-864d-4bc7-805e-c289cccb7bc6 which can be used as unique global reference for Microsoft Environment Property in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-27T00:00:00Z |
| date_published | 2011-10-24T00:00:00Z |
| source | MITRE |
| title | Environment Property |
Kaspersky Equation QA
Kaspersky Lab's Global Research and Analysis Team. (2015, February). Equation Group: Questions and Answers. Retrieved December 21, 2015.
Internal MISP references
UUID 34674802-fbd9-4cdb-8611-c58665c430e5 which can be used as unique global reference for Kaspersky Equation QA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-21T00:00:00Z |
| date_published | 2015-02-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Equation Group: Questions and Answers |
erase_cmd_cisco
Cisco. (2022, August 16). erase - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.
Internal MISP references
UUID 4c90eba9-118e-5d50-ad58-27bcb0e1e228 which can be used as unique global reference for erase_cmd_cisco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | erase - Cisco IOS Configuration Fundamentals Command Reference |
Container Escape
0xn3va. (n.d.). Escaping. Retrieved May 27, 2022.
Internal MISP references
UUID 8248917a-9afd-4ec6-a086-1a97a68deff1 which can be used as unique global reference for Container Escape in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| source | MITRE |
| title | Escaping |
Microsoft Esentutl
Microsoft. (2016, August 30). Esentutl. Retrieved September 3, 2019.
Internal MISP references
UUID 08fb9e84-495f-4710-bd1e-417eb8191a10 which can be used as unique global reference for Microsoft Esentutl in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-03T00:00:00Z |
| date_published | 2016-08-30T00:00:00Z |
| source | MITRE |
| title | Esentutl |
LOLBAS Esentutl
LOLBAS. (n.d.). Esentutl.exe. Retrieved September 3, 2019.
Internal MISP references
UUID 691b4907-3544-4ad0-989c-b5c845e0330f which can be used as unique global reference for LOLBAS Esentutl in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-03T00:00:00Z |
| source | MITRE |
| title | Esentutl.exe |
ESET Twitter Ida Pro Nov 2021
Cherepanov, Anton. (2019, November 10). ESETresearch discovered a trojanized IDA Pro installer. Retrieved March 2, 2022.
Internal MISP references
UUID 6d079207-a7c0-4023-b504-1010dd538221 which can be used as unique global reference for ESET Twitter Ida Pro Nov 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-02T00:00:00Z |
| date_published | 2019-11-10T00:00:00Z |
| source | MITRE |
| title | ESETresearch discovered a trojanized IDA Pro installer |
ESET PowerPool Code October 2020
ESET Research. (2020, October 1). ESET Research Tweet Linking Slothfulmedia and PowerPool. Retrieved November 17, 2020.
Internal MISP references
UUID d583b409-35bd-45ea-8f2a-c0d566a6865b which can be used as unique global reference for ESET PowerPool Code October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-17T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | ESET Research Tweet Linking Slothfulmedia and PowerPool |
ESET FinFisher Jan 2018
Kafka, F. (2018, January). ESET's Guide to Deobfuscating and Devirtualizing FinFisher. Retrieved August 12, 2019.
Internal MISP references
UUID be169308-19e8-4ee9-8ff6-e08eb9291ef8 which can be used as unique global reference for ESET FinFisher Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-12T00:00:00Z |
| date_published | 2018-01-01T00:00:00Z |
| source | MITRE |
| title | ESET's Guide to Deobfuscating and Devirtualizing FinFisher |
ESET Trickbot Oct 2020
Boutin, J. (2020, October 12). ESET takes part in global operation to disrupt Trickbot. Retrieved March 15, 2021.
Internal MISP references
UUID c3320c11-4631-4e02-8025-5c1e5b54e521 which can be used as unique global reference for ESET Trickbot Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-15T00:00:00Z |
| date_published | 2020-10-12T00:00:00Z |
| source | MITRE |
| title | ESET takes part in global operation to disrupt Trickbot |
WeLiveSecurity April 19 2022
Jean-Ian Boutin, Tomáš Procházka. (2022, April 19). ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity. Retrieved May 10, 2023.
Internal MISP references
UUID f86845b9-03c4-446b-845f-b31b79b247ee which can be used as unique global reference for WeLiveSecurity April 19 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-10T00:00:00Z |
| date_published | 2022-04-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ESET takes part in global operation to disrupt Zloader botnets |
Riskiq Remcos Jan 2018
Klijnsma, Y. (2018, January 23). Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors. Retrieved November 6, 2018.
Internal MISP references
UUID a641a41c-dcd8-47e5-9b29-109dd2eb7f1e which can be used as unique global reference for Riskiq Remcos Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-06T00:00:00Z |
| date_published | 2018-01-23T00:00:00Z |
| source | MITRE |
| title | Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors |
EventLog_Core_Technologies
Core Technologies. (2021, May 24). Essential Windows Services: EventLog / Windows Event Log. Retrieved September 14, 2021.
Internal MISP references
UUID 2a1f452f-57b6-4764-b474-befa7787642d which can be used as unique global reference for EventLog_Core_Technologies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2021-05-24T00:00:00Z |
| source | MITRE |
| title | Essential Windows Services: EventLog / Windows Event Log |
ISACA Malware Tricks
Kolbitsch, C. (2017, November 1). Evasive Malware Tricks: How Malware Evades Detection by Sandboxes. Retrieved March 30, 2021.
Internal MISP references
UUID a071bf02-066b-46e6-a554-f43d0c170807 which can be used as unique global reference for ISACA Malware Tricks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| date_published | 2017-11-01T00:00:00Z |
| source | MITRE |
| title | Evasive Malware Tricks: How Malware Evades Detection by Sandboxes |
ThreatStream Evasion Analysis
Shelmire, A.. (2015, July 6). Evasive Maneuvers. Retrieved January 22, 2016.
Internal MISP references
UUID de6bc044-6275-4cab-80a1-feefebd3c1f0 which can be used as unique global reference for ThreatStream Evasion Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-22T00:00:00Z |
| date_published | 2015-07-06T00:00:00Z |
| source | MITRE |
| title | Evasive Maneuvers |
Anomali Evasive Maneuvers July 2015
Shelmire, A. (2015, July 06). Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels. Retrieved November 15, 2018.
Internal MISP references
UUID 471ae30c-2753-468e-8e4d-6e7a3be599c9 which can be used as unique global reference for Anomali Evasive Maneuvers July 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-15T00:00:00Z |
| date_published | 2015-07-06T00:00:00Z |
| source | MITRE |
| title | Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels |
Unit42 OilRig Playbook 2023
Unit42. (2016, May 1). Evasive Serpens Unit 42 Playbook Viewer. Retrieved February 6, 2023.
Internal MISP references
UUID e38902bb-9bab-5beb-817b-668a67a76541 which can be used as unique global reference for Unit42 OilRig Playbook 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-06T00:00:00Z |
| date_published | 2016-05-01T00:00:00Z |
| source | MITRE |
| title | Evasive Serpens Unit 42 Playbook Viewer |
Microsoft EventLog.Clear
Microsoft. (n.d.). EventLog.Clear Method (). Retrieved July 2, 2018.
Internal MISP references
UUID b2711ad3-981c-4c77-bb64-643b547bfda6 which can be used as unique global reference for Microsoft EventLog.Clear in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-02T00:00:00Z |
| source | MITRE |
| title | EventLog.Clear Method () |
evt_log_tampering
svch0st. (2020, September 30). Event Log Tampering Part 1: Disrupting the EventLog Service. Retrieved September 14, 2021.
Internal MISP references
UUID 7757bbc6-8058-4584-a5aa-14b647d932a6 which can be used as unique global reference for evt_log_tampering in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2020-09-30T00:00:00Z |
| source | MITRE |
| title | Event Log Tampering Part 1: Disrupting the EventLog Service |
Microsoft ETW May 2018
Microsoft. (2018, May 30). Event Tracing. Retrieved September 6, 2018.
Internal MISP references
UUID 876f8690-1874-41c0-bd38-d3bd41c96acc which can be used as unique global reference for Microsoft ETW May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-06T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Event Tracing |
Eventvwr.exe - LOLBAS Project
LOLBAS. (2018, November 1). Eventvwr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 0c09812a-a936-4282-b574-35a00f631857 which can be used as unique global reference for Eventvwr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-11-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Eventvwr.exe |
Secure Ideas SMB Relay
Kuehn, E. (2018, April 11). Ever Run a Relay? Why SMB Relays Should Be On Your Mind. Retrieved February 7, 2019.
Internal MISP references
UUID ac4b2e91-f338-44c3-8950-435102136991 which can be used as unique global reference for Secure Ideas SMB Relay in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-07T00:00:00Z |
| date_published | 2018-04-11T00:00:00Z |
| source | MITRE |
| title | Ever Run a Relay? Why SMB Relays Should Be On Your Mind |
CSV Excel Macro Injection
Ishaq Mohammed . (2021, January 10). Everything about CSV Injection and CSV Excel Macro Injection. Retrieved February 7, 2022.
Internal MISP references
UUID 22c871ff-2701-4809-9f5b-fb29da7481e8 which can be used as unique global reference for CSV Excel Macro Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-07T00:00:00Z |
| date_published | 2021-01-10T00:00:00Z |
| source | MITRE |
| title | Everything about CSV Injection and CSV Excel Macro Injection |
Avertium callback phishing
Avertium. (n.d.). EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING. Retrieved February 2, 2023.
Internal MISP references
UUID abeb1146-e5e5-5ecc-9b70-b348fba097f6 which can be used as unique global reference for Avertium callback phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-02T00:00:00Z |
| source | MITRE |
| title | EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING |
Intezer Aurora Sept 2017
Rosenberg, J. (2017, September 20). Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner. Retrieved February 13, 2018.
Internal MISP references
UUID b2999bd7-50d5-4d49-8893-8c0903d49104 which can be used as unique global reference for Intezer Aurora Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-13T00:00:00Z |
| date_published | 2017-09-20T00:00:00Z |
| source | MITRE |
| title | Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner |
Cyphort EvilBunny Dec 2014
Marschalek, M.. (2014, December 16). EvilBunny: Malware Instrumented By Lua. Retrieved June 28, 2019.
Internal MISP references
UUID a0218d0f-3378-4508-9d3c-a7cd3e00a156 which can be used as unique global reference for Cyphort EvilBunny Dec 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-28T00:00:00Z |
| date_published | 2014-12-16T00:00:00Z |
| source | MITRE |
| title | EvilBunny: Malware Instrumented By Lua |
Evil Clippy May 2019
Hegt, S. (2019, May 5). Evil Clippy: MS Office maldoc assistant. Retrieved September 17, 2020.
Internal MISP references
UUID aafa27e8-5df7-4fc6-9fe5-9a438f2b507a which can be used as unique global reference for Evil Clippy May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-17T00:00:00Z |
| date_published | 2019-05-05T00:00:00Z |
| source | MITRE |
| title | Evil Clippy: MS Office maldoc assistant |
Evilginx 2 July 2018
Gretzky, K.. (2018, July 26). Evilginx 2 - Next Generation of Phishing 2FA Tokens. Retrieved October 14, 2019.
Internal MISP references
UUID 9099b5aa-25eb-4cb7-9e3a-da4c3244f15a which can be used as unique global reference for Evilginx 2 July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-14T00:00:00Z |
| date_published | 2018-07-26T00:00:00Z |
| source | MITRE |
| title | Evilginx 2 - Next Generation of Phishing 2FA Tokens |
Evilginx Sources & Methods December 2023
Matthew Conway. (2023, December 14). Evilginx Phishing Proxy. Retrieved January 3, 2023.
Internal MISP references
UUID 13bdabb2-5956-492a-baf9-b0c3a0629806 which can be used as unique global reference for Evilginx Sources & Methods December 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-03T00:00:00Z |
| date_published | 2023-12-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Evilginx Phishing Proxy |
SentinelOne EvilQuest Ransomware Spyware 2020
Phil Stokes. (2020, July 8). “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One. Retrieved April 1, 2021.
Internal MISP references
UUID 4dc26c77-d0ce-4836-a4cc-0490b6d7f115 which can be used as unique global reference for SentinelOne EvilQuest Ransomware Spyware 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2020-07-08T00:00:00Z |
| source | MITRE |
| title | “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One |
Cisco Synful Knock Evolution
Graham Holmes. (2015, October 8). Evolution of attacks on Cisco IOS devices. Retrieved October 19, 2020.
Internal MISP references
UUID 29301297-8343-4f75-8096-7fe229812f75 which can be used as unique global reference for Cisco Synful Knock Evolution in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2015-10-08T00:00:00Z |
| source | MITRE |
| title | Evolution of attacks on Cisco IOS devices |
Securelist JSWorm
Fedor Sinitsyn. (2021, May 25). Evolution of JSWorm Ransomware. Retrieved August 18, 2021.
Internal MISP references
UUID c29ca9f2-1e48-4913-b10b-15e558868ed8 which can be used as unique global reference for Securelist JSWorm in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-18T00:00:00Z |
| date_published | 2021-05-25T00:00:00Z |
| source | MITRE |
| title | Evolution of JSWorm Ransomware |
S2 Grupo TrickBot June 2017
Salinas, M., Holguin, J. (2017, June). Evolution of Trickbot. Retrieved July 31, 2018.
Internal MISP references
UUID 28faff77-3e68-4f5c-974d-dc7c9d06ce5e which can be used as unique global reference for S2 Grupo TrickBot June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-31T00:00:00Z |
| date_published | 2017-06-01T00:00:00Z |
| source | MITRE |
| title | Evolution of Trickbot |
Unit 42 Valak July 2020
Duncan, B. (2020, July 24). Evolution of Valak, from Its Beginnings to Mass Distribution. Retrieved August 31, 2020.
Internal MISP references
UUID 9a96da13-5795-49bc-ab82-dfd4f964d9d0 which can be used as unique global reference for Unit 42 Valak July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-31T00:00:00Z |
| date_published | 2020-07-24T00:00:00Z |
| source | MITRE |
| title | Evolution of Valak, from Its Beginnings to Mass Distribution |
Microsoft - Device Registration
Microsoft 365 Defender Threat Intelligence Team. (2022, January 26). Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA. Retrieved March 4, 2022.
Internal MISP references
UUID 3f42fc18-2adc-46ef-ae0a-c2d530518435 which can be used as unique global reference for Microsoft - Device Registration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-04T00:00:00Z |
| date_published | 2022-01-26T00:00:00Z |
| source | MITRE |
| title | Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA |
Amnesty OAuth Phishing Attacks, August 2019
Amnesty International. (2019, August 16). Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa. Retrieved October 8, 2019.
Internal MISP references
UUID 0b0f9cf6-f0af-4f86-9699-a63ff36c49e2 which can be used as unique global reference for Amnesty OAuth Phishing Attacks, August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2019-08-16T00:00:00Z |
| source | MITRE |
| title | Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa |
RSAC 2015 Abu Dhabi Stefano Maccaglia
Maccaglia, S. (2015, November 4). Evolving Threats: dissection of a CyberEspionage attack. Retrieved April 4, 2018.
Internal MISP references
UUID a6cb597e-e25b-4f49-bbb0-d270b1ac53f2 which can be used as unique global reference for RSAC 2015 Abu Dhabi Stefano Maccaglia in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-04T00:00:00Z |
| date_published | 2015-11-04T00:00:00Z |
| source | MITRE |
| title | Evolving Threats: dissection of a CyberEspionage attack |
Microsoft Iranian Threat Actor Trends November 2021
MSTIC. (2021, November 16). Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021. Retrieved January 12, 2023.
Internal MISP references
UUID 78d39ee7-1cd5-5cb8-844a-1c3649e367a1 which can be used as unique global reference for Microsoft Iranian Threat Actor Trends November 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-12T00:00:00Z |
| date_published | 2021-11-16T00:00:00Z |
| source | MITRE |
| title | Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 |
Palo Alto Unit 42 VBA Infostealer 2014
Vicky Ray and Rob Downs. (2014, October 29). Examining a VBA-Initiated Infostealer Campaign. Retrieved March 13, 2023.
Internal MISP references
UUID c3eccab6-b12b-513a-9a04-396f7b3dcf63 which can be used as unique global reference for Palo Alto Unit 42 VBA Infostealer 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2014-10-29T00:00:00Z |
| source | MITRE |
| title | Examining a VBA-Initiated Infostealer Campaign |
Trend Micro Black Basta May 2022
Gonzalez, I., Chavez I., et al. (2022, May 9). Examining the Black Basta Ransomware’s Infection Routine. Retrieved March 7, 2023.
Internal MISP references
UUID b0351b0a-112f-543f-8909-f4b4a9f23e2e which can be used as unique global reference for Trend Micro Black Basta May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-05-09T00:00:00Z |
| source | MITRE |
| title | Examining the Black Basta Ransomware’s Infection Routine |
Mandiant Glyer APT 2010
Glyer, C. (2010). Examples of Recent APT Persistence Mechanism. Retrieved December 18, 2020.
Internal MISP references
UUID bb336a6f-d76e-4535-ba81-0c7932ae91e3 which can be used as unique global reference for Mandiant Glyer APT 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2010-01-01T00:00:00Z |
| source | MITRE |
| title | Examples of Recent APT Persistence Mechanism |
Excel.exe - LOLBAS Project
LOLBAS. (2019, July 19). Excel.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9a2458f7-63ca-4eca-8c61-b6098ec0798f which can be used as unique global reference for Excel.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-07-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Excel.exe |
Microsoft Tim McMichael Exchange Mail Forwarding 2
McMichael, T.. (2015, June 8). Exchange and Office 365 Mail Forwarding. Retrieved October 8, 2019.
Internal MISP references
UUID b5bf8e12-0133-46ea-85e3-b48c9901b518 which can be used as unique global reference for Microsoft Tim McMichael Exchange Mail Forwarding 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2015-06-08T00:00:00Z |
| source | MITRE |
| title | Exchange and Office 365 Mail Forwarding |
DFIR Phosphorus November 2021
DFIR Report. (2021, November 15). Exchange Exploit Leads to Domain Wide Ransomware. Retrieved January 5, 2023.
Internal MISP references
UUID 0156d408-a36d-5876-96fd-f0b0cf296ea2 which can be used as unique global reference for DFIR Phosphorus November 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-05T00:00:00Z |
| date_published | 2021-11-15T00:00:00Z |
| source | MITRE |
| title | Exchange Exploit Leads to Domain Wide Ransomware |
ExchangePowerShell Module
Microsoft. (2017, September 25). ExchangePowerShell. Retrieved June 10, 2022.
Internal MISP references
UUID 8af67c2a-15e2-48c9-9ec2-b62ffca0f677 which can be used as unique global reference for ExchangePowerShell Module in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-10T00:00:00Z |
| date_published | 2017-09-25T00:00:00Z |
| source | MITRE |
| title | ExchangePowerShell |
ESET Exchange Mar 2021
Faou, M., Tartare, M., Dupuy, T. (2021, March 10). Exchange servers under siege from at least 10 APT groups. Retrieved May 21, 2021.
Internal MISP references
UUID c83f1810-22bb-4def-ab2f-3f3d67703f47 which can be used as unique global reference for ESET Exchange Mar 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-21T00:00:00Z |
| date_published | 2021-03-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Exchange servers under siege from at least 10 APT groups |
Executable Installers are Vulnerable
Stefan Kanthak. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved December 4, 2014.
Internal MISP references
UUID 5c2791d4-556d-426a-b305-44e23b50f013 which can be used as unique global reference for Executable Installers are Vulnerable in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-04T00:00:00Z |
| date_published | 2015-12-08T00:00:00Z |
| source | MITRE |
| title | Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege |
Seclists Kanthak 7zip Installer
Kanthak, S. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved March 10, 2017.
Internal MISP references
UUID f2ebfc35-1bd9-4bc5-8a54-e2dea4e1caf5 which can be used as unique global reference for Seclists Kanthak 7zip Installer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-10T00:00:00Z |
| date_published | 2015-12-08T00:00:00Z |
| source | MITRE |
| title | Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege |
Redxorblue Remote Template Injection
Hawkins, J. (2018, July 18). Executing Macros From a DOCX With Remote Template Injection. Retrieved October 12, 2018.
Internal MISP references
UUID bce1cd78-b55e-40cf-8a90-64240db867ac which can be used as unique global reference for Redxorblue Remote Template Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-12T00:00:00Z |
| date_published | 2018-07-18T00:00:00Z |
| source | MITRE |
| title | Executing Macros From a DOCX With Remote Template Injection |
Microsoft PSfromCsharp APR 2014
Babinec, K. (2014, April 28). Executing PowerShell scripts from C#. Retrieved April 22, 2019.
Internal MISP references
UUID 83e346d5-1894-4c46-98eb-88a61ce7f003 which can be used as unique global reference for Microsoft PSfromCsharp APR 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2014-04-28T00:00:00Z |
| source | MITRE |
| title | Executing PowerShell scripts from C# |
PAM Creds
Fernández, J. M. (2018, June 27). Exfiltrating credentials via PAM backdoors & DNS requests. Retrieved June 26, 2020.
Internal MISP references
UUID aa9d5bdd-2102-4322-8736-56db8e083fc0 which can be used as unique global reference for PAM Creds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-26T00:00:00Z |
| date_published | 2018-06-27T00:00:00Z |
| source | MITRE |
| title | Exfiltrating credentials via PAM backdoors & DNS requests |
Microsoft Expand Utility
Microsoft. (2017, October 15). Expand. Retrieved February 19, 2019.
Internal MISP references
UUID bf73a375-87b7-4603-8734-9f3d8d11967e which can be used as unique global reference for Microsoft Expand Utility in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-19T00:00:00Z |
| date_published | 2017-10-15T00:00:00Z |
| source | MITRE |
| title | Expand |
LOLBAS Expand
LOLBAS. (n.d.). Expand.exe. Retrieved February 19, 2019.
Internal MISP references
UUID 689b058e-a4ec-45bf-b0f8-8885eb8d8b63 which can be used as unique global reference for LOLBAS Expand in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-19T00:00:00Z |
| source | MITRE |
| title | Expand.exe |
Mandiant CVE-2023-3519 Exploitation
James Nugent, Foti Castelan, Doug Bienstock, Justin Moore, Josh Murchie. (2023, July 21). Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519). Retrieved July 24, 2023.
Internal MISP references
UUID 4404ed65-3020-453d-8c51-2885018ba03b which can be used as unique global reference for Mandiant CVE-2023-3519 Exploitation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-24T00:00:00Z |
| date_published | 2023-07-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519) |
Exploit Database
Offensive Security. (n.d.). Exploit Database. Retrieved October 15, 2020.
Internal MISP references
UUID 38f7b3ea-9959-4dfb-8216-a745d071e7e2 which can be used as unique global reference for Exploit Database in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | Exploit Database |
Rhino Labs Cloud Image Backdoor Technique Sept 2019
Rhino Labs. (2019, August). Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.
Internal MISP references
UUID 8fb46ed8-0c21-4b57-b2a6-89cb28f0abaf which can be used as unique global reference for Rhino Labs Cloud Image Backdoor Technique Sept 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| date_published | 2019-08-01T00:00:00Z |
| source | MITRE |
| title | Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT) |
Azure AD PTA Vulnerabilities
Dr. Nestori Syynimaa. (2022, September 20). Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials. Retrieved September 28, 2022.
Internal MISP references
UUID a0ddb60b-5445-46b3-94c5-b47e76de553d which can be used as unique global reference for Azure AD PTA Vulnerabilities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2022-09-20T00:00:00Z |
| source | MITRE |
| title | Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials |
Exploiting Smartphone USB
Zhaohui Wang & Angelos Stavrou. (n.d.). Exploiting Smart-Phone USB Connectivity For Fun And Profit. Retrieved May 25, 2022.
Internal MISP references
UUID 573796bd-4553-4ae1-884a-9af71b5de873 which can be used as unique global reference for Exploiting Smartphone USB in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-25T00:00:00Z |
| source | MITRE |
| title | Exploiting Smart-Phone USB Connectivity For Fun And Profit |
versprite xpc vpn
VerSprite. (2018, January 24). Exploiting VyprVPN for MacOS. Retrieved April 20, 2022.
Internal MISP references
UUID 5e65d8cc-142b-4724-8a07-8e21558e0f64 which can be used as unique global reference for versprite xpc vpn in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-20T00:00:00Z |
| date_published | 2018-01-24T00:00:00Z |
| source | MITRE |
| title | Exploiting VyprVPN for MacOS |
Explorer.exe - LOLBAS Project
LOLBAS. (2020, June 24). Explorer.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9ba3d54c-02d1-45bd-bfe8-939e84d9d44b which can be used as unique global reference for Explorer.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-06-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Explorer.exe |
Trend Micro Emotet Jan 2019
Trend Micro. (2019, January 16). Exploring Emotet's Activities . Retrieved March 25, 2019.
Internal MISP references
UUID a81f1dad-5841-4142-80c1-483b240fd67d which can be used as unique global reference for Trend Micro Emotet Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2019-01-16T00:00:00Z |
| source | MITRE |
| title | Exploring Emotet's Activities |
SecurityTrails Google Hacking
Borges, E. (2019, March 5). Exploring Google Hacking Techniques. Retrieved October 20, 2020.
Internal MISP references
UUID 3e7fdeaf-24a7-4cb5-8ed3-6057c9035303 which can be used as unique global reference for SecurityTrails Google Hacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-03-05T00:00:00Z |
| source | MITRE |
| title | Exploring Google Hacking Techniques |
Medium SSL Cert
Jain, M. (2019, September 16). Export & Download — SSL Certificate from Server (Site URL). Retrieved October 20, 2020.
Internal MISP references
UUID 6502425f-3435-4162-8c96-9e10a789d362 which can be used as unique global reference for Medium SSL Cert in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-09-16T00:00:00Z |
| source | MITRE |
| title | Export & Download — SSL Certificate from Server (Site URL) |
Google EXOTIC LILY March 2022
Stolyarov, V. (2022, March 17). Exposing initial access broker with ties to Conti. Retrieved August 18, 2022.
Internal MISP references
UUID 19d2cb48-bdb2-41fe-ba24-0769d7bd4d94 which can be used as unique global reference for Google EXOTIC LILY March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-18T00:00:00Z |
| date_published | 2022-03-17T00:00:00Z |
| source | MITRE |
| title | Exposing initial access broker with ties to Conti |
Microsoft POLONIUM June 2022
Microsoft. (2022, June 2). Exposing POLONIUM activity and infrastructure targeting Israeli organizations. Retrieved July 1, 2022.
Internal MISP references
UUID 689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd which can be used as unique global reference for Microsoft POLONIUM June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-01T00:00:00Z |
| date_published | 2022-06-02T00:00:00Z |
| source | MITRE |
| title | Exposing POLONIUM activity and infrastructure targeting Israeli organizations |
External to DA, the OS X Way
Alex Rymdeko-Harvey, Steve Borosh. (2016, May 14). External to DA, the OS X Way. Retrieved July 3, 2017.
Internal MISP references
UUID b714e6a9-5c12-4a3b-89f9-d379c0284f06 which can be used as unique global reference for External to DA, the OS X Way in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2016-05-14T00:00:00Z |
| source | MITRE |
| title | External to DA, the OS X Way |
Extexport.exe - LOLBAS Project
LOLBAS. (2018, May 25). Extexport.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2aa09a10-a492-4753-bbd8-aacd31e4fee3 which can be used as unique global reference for Extexport.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Extexport.exe |
Extrac32.exe - LOLBAS Project
LOLBAS. (2018, May 25). Extrac32.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ae632afc-336c-488e-81f6-91ffe1829595 which can be used as unique global reference for Extrac32.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Extrac32.exe |
Journey into IR ZeroAccess NTFS EA
Harrell, C. (2012, December 11). Extracting ZeroAccess from NTFS Extended Attributes. Retrieved June 3, 2016.
Internal MISP references
UUID e9dff187-fe7d-469d-81cb-30ad520dbd3d which can be used as unique global reference for Journey into IR ZeroAccess NTFS EA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2012-12-11T00:00:00Z |
| source | MITRE |
| title | Extracting ZeroAccess from NTFS Extended Attributes |
Bizeul 2014
Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.
Internal MISP references
UUID a4617ef4-e6d2-47e7-8f81-68e7380279bf which can be used as unique global reference for Bizeul 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-29T00:00:00Z |
| date_published | 2014-07-11T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Eye of the Tiger |
ThreatPost Social Media Phishing
O'Donnell, L. (2020, October 20). Facebook: A Top Launching Pad For Phishing Attacks. Retrieved October 20, 2020.
Internal MISP references
UUID 186c1213-d0c5-4eb6-aa0f-0fd61b07a1f7 which can be used as unique global reference for ThreatPost Social Media Phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Facebook: A Top Launching Pad For Phishing Attacks |
SentinelLabs reversing run-only applescripts 2021
Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 29, 2022.
Internal MISP references
UUID 34dc9010-e800-420c-ace4-4f426c915d2f which can be used as unique global reference for SentinelLabs reversing run-only applescripts 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-29T00:00:00Z |
| date_published | 2021-01-11T00:00:00Z |
| source | MITRE |
| title | FADE DEAD |
Sentinel Labs
Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 30, 2022.
Internal MISP references
UUID 785f7692-2be8-4f5d-921e-51efdfe0c0b9 which can be used as unique global reference for Sentinel Labs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2021-01-11T00:00:00Z |
| source | MITRE |
| title | FADE DEAD |
ESET OceanLotus Mar 2019
Dumont, R. (2019, March 20). Fake or Fake: Keeping up with OceanLotus decoys. Retrieved April 1, 2019.
Internal MISP references
UUID b2745f5c-a181-48e1-b1cf-37a1ffe1fdf0 which can be used as unique global reference for ESET OceanLotus Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-01T00:00:00Z |
| date_published | 2019-03-20T00:00:00Z |
| source | MITRE |
| title | Fake or Fake: Keeping up with OceanLotus decoys |
ZScaler BitB 2020
ZScaler. (2020, February 11). Fake Sites Stealing Steam Credentials. Retrieved March 8, 2023.
Internal MISP references
UUID c2f01a3b-a164-59b7-be5d-5eec4eb69ee5 which can be used as unique global reference for ZScaler BitB 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2020-02-11T00:00:00Z |
| source | MITRE |
| title | Fake Sites Stealing Steam Credentials |
FalconFeedsio Tweet October 9 2023
FalconFeedsio. (2023, October 9). FalconFeedsio Tweet October 9 2023. Retrieved October 10, 2023.
Internal MISP references
UUID e9810a28-f060-468b-b4ea-ffed9403ae8b which can be used as unique global reference for FalconFeedsio Tweet October 9 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-10-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FalconFeedsio Tweet October 9 2023 |
FalconFeedsio Tweet September 28 2023
FalconFeedsio. (2023, September 28). FalconFeedsio Tweet September 28 2023. Retrieved October 10, 2023.
Internal MISP references
UUID 78128031-bcbb-42c2-8bed-4613a10a02ca which can be used as unique global reference for FalconFeedsio Tweet September 28 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-09-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FalconFeedsio Tweet September 28 2023 |
falconoverwatch_blackcat_attack
Falcon OverWatch Team. (2022, March 23). Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack. Retrieved May 5, 2022.
Internal MISP references
UUID 9d0ff77c-09e9-4d58-86f4-e2398f298ca9 which can be used as unique global reference for falconoverwatch_blackcat_attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-05T00:00:00Z |
| date_published | 2022-03-23T00:00:00Z |
| source | MITRE |
| title | Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack |
CitizenLab Tropic Trooper Aug 2018
Alexander, G., et al. (2018, August 8). Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces. Retrieved June 17, 2019.
Internal MISP references
UUID 5c662775-9703-4d01-844b-40a0e5c24fb9 which can be used as unique global reference for CitizenLab Tropic Trooper Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-17T00:00:00Z |
| date_published | 2018-08-08T00:00:00Z |
| source | MITRE |
| title | Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces |
CISA AA20-239A BeagleBoyz August 2020
DHS/CISA. (2020, August 26). FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks. Retrieved September 29, 2021.
Internal MISP references
UUID a8a2e3f2-3967-4e82-a36a-2436c654fb3f which can be used as unique global reference for CISA AA20-239A BeagleBoyz August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2020-08-26T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks |
Fast Flux - Welivesecurity
Albors, Josep. (2017, January 12). Fast Flux networks: What are they and how do they work?. Retrieved March 11, 2020.
Internal MISP references
UUID e232d739-663e-4878-b13b-9248cd81e657 which can be used as unique global reference for Fast Flux - Welivesecurity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-11T00:00:00Z |
| date_published | 2017-01-12T00:00:00Z |
| source | MITRE |
| title | Fast Flux networks: What are they and how do they work? |
MehtaFastFluxPt1
Mehta, L. (2014, December 17). Fast Flux Networks Working and Detection, Part 1. Retrieved March 6, 2017.
Internal MISP references
UUID 5f169cae-6b59-4879-9a8f-93fdcea5cc58 which can be used as unique global reference for MehtaFastFluxPt1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2014-12-17T00:00:00Z |
| source | MITRE |
| title | Fast Flux Networks Working and Detection, Part 1 |
MehtaFastFluxPt2
Mehta, L. (2014, December 23). Fast Flux Networks Working and Detection, Part 2. Retrieved March 6, 2017.
Internal MISP references
UUID f8a98e55-c91e-4b5e-b6f3-0065ef07375d which can be used as unique global reference for MehtaFastFluxPt2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2014-12-23T00:00:00Z |
| source | MITRE |
| title | Fast Flux Networks Working and Detection, Part 2 |
FBI-BEC
FBI. (2022). FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud. Retrieved August 18, 2023.
Internal MISP references
UUID 3388bfec-7822-56dc-a384-95aa79f42fe8 which can be used as unique global reference for FBI-BEC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud |
FBI Flash FIN7 USB
The Record. (2022, January 7). FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware. Retrieved January 14, 2022.
Internal MISP references
UUID 42dc957c-007b-4f90-88c6-1afd6d1032e8 which can be used as unique global reference for FBI Flash FIN7 USB in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-14T00:00:00Z |
| date_published | 2022-01-07T00:00:00Z |
| source | MITRE |
| title | FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware |
FBI Lazarus Stake.com Theft Attribution September 2023
FBI National Press Office. (2023, September 6). FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com. Retrieved September 13, 2023.
Internal MISP references
UUID d753c01c-c0f6-4382-ae79-5605a28c94d5 which can be used as unique global reference for FBI Lazarus Stake.com Theft Attribution September 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-13T00:00:00Z |
| date_published | 2023-09-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com |
Hakobyan 2009
Hakobyan, A. (2009, January 8). FDump - Dumping File Sectors Directly from Disk using Logical Offsets. Retrieved November 12, 2014.
Internal MISP references
UUID d92f6dc0-e902-4a4a-9083-8d1667a7003e which can be used as unique global reference for Hakobyan 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2009-01-08T00:00:00Z |
| source | MITRE |
| title | FDump - Dumping File Sectors Directly from Disk using Logical Offsets |
Google Federating GC
Google. (n.d.). Federating Google Cloud with Active Directory. Retrieved March 13, 2020.
Internal MISP references
UUID 4e17ca9b-5c98-409b-9496-7c37fe9ee837 which can be used as unique global reference for Google Federating GC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| source | MITRE |
| title | Federating Google Cloud with Active Directory |
Kaspersky Ferocious Kitten Jun 2021
GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021.
Internal MISP references
UUID b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50 which can be used as unique global reference for Kaspersky Ferocious Kitten Jun 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-06-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Ferocious Kitten: 6 Years of Covert Surveillance in Iran |
Fidelis njRAT June 2013
Fidelis Cybersecurity. (2013, June 28). Fidelis Threat Advisory #1009: "njRAT" Uncovered. Retrieved June 4, 2019.
Internal MISP references
UUID 6c985470-a923-48fd-82c9-9128b6d59bcb which can be used as unique global reference for Fidelis njRAT June 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2013-06-28T00:00:00Z |
| source | MITRE |
| title | Fidelis Threat Advisory #1009: "njRAT" Uncovered |
Fidelis INOCNATION
Fidelis Cybersecurity. (2015, December 16). Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign. Retrieved March 24, 2016.
Internal MISP references
UUID 9d9c0c71-d5a2-41e4-aa90-d1046e0742c7 which can be used as unique global reference for Fidelis INOCNATION in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2015-12-16T00:00:00Z |
| source | MITRE |
| title | Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign |
Securelist fileless attacks Feb 2017
Kaspersky Lab's Global Research and Analysis Team. (2017, February 8). Fileless attacks against enterprise networks. Retrieved February 8, 2017.
Internal MISP references
UUID b58d9c32-89c5-449a-88e7-1c7dd3f8380e which can be used as unique global reference for Securelist fileless attacks Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-08T00:00:00Z |
| date_published | 2017-02-08T00:00:00Z |
| source | MITRE |
| title | Fileless attacks against enterprise networks |
Airbus Security Kovter Analysis
Dove, A. (2016, March 23). Fileless Malware – A Behavioural Analysis Of Kovter Persistence. Retrieved December 5, 2017.
Internal MISP references
UUID a8420828-9e00-45a1-90d7-a37f898204f9 which can be used as unique global reference for Airbus Security Kovter Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-05T00:00:00Z |
| date_published | 2016-03-23T00:00:00Z |
| source | MITRE |
| title | Fileless Malware – A Behavioural Analysis Of Kovter Persistence |
Microsoft Fileless
Microsoft. (2023, February 6). Fileless threats. Retrieved March 23, 2023.
Internal MISP references
UUID 263fc1ab-f928-583f-986d-1e1bae9b3c85 which can be used as unique global reference for Microsoft Fileless in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-23T00:00:00Z |
| date_published | 2023-02-06T00:00:00Z |
| source | MITRE |
| title | Fileless threats |
enigma0x3 Fileless UAC Bypass
Nelson, M. (2016, August 15). "Fileless" UAC Bypass using eventvwr.exe and Registry Hijacking. Retrieved December 27, 2016.
Internal MISP references
UUID 74b16ca4-9494-4f10-97c5-103a8521818f which can be used as unique global reference for enigma0x3 Fileless UAC Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-12-27T00:00:00Z |
| date_published | 2016-08-15T00:00:00Z |
| source | MITRE |
| title | "Fileless" UAC Bypass using eventvwr.exe and Registry Hijacking |
enigma0x3 sdclt bypass
Nelson, M. (2017, March 17). "Fileless" UAC Bypass Using sdclt.exe. Retrieved May 25, 2017.
Internal MISP references
UUID 5e5597e2-ea05-41e0-8752-ca95a89a5aa3 which can be used as unique global reference for enigma0x3 sdclt bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-25T00:00:00Z |
| date_published | 2017-03-17T00:00:00Z |
| source | MITRE |
| title | "Fileless" UAC Bypass Using sdclt.exe |
Microsoft File Mgmt
Microsoft. (2018, May 31). File Management (Local File Systems). Retrieved September 28, 2021.
Internal MISP references
UUID e6d84416-5808-4e7d-891b-ba67dada8726 which can be used as unique global reference for Microsoft File Mgmt in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | File Management (Local File Systems) |
Microsoft File Streams
Microsoft. (n.d.). File Streams. Retrieved December 2, 2014.
Internal MISP references
UUID ef3f58da-e735-4b1d-914c-fafabb7439bf which can be used as unique global reference for Microsoft File Streams in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-02T00:00:00Z |
| source | MITRE |
| title | File Streams |
file_upload_attacks_pt2
YesWeRHackers. (2021, June 16). File Upload Attacks (Part 2). Retrieved August 23, 2022.
Internal MISP references
UUID 4f7c7d6c-ad56-594f-bcb8-79523f436f2c which can be used as unique global reference for file_upload_attacks_pt2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-23T00:00:00Z |
| date_published | 2021-06-16T00:00:00Z |
| source | MITRE |
| title | File Upload Attacks (Part 2) |
Microsoft GPO Security Filtering
Microsoft. (2018, May 30). Filtering the Scope of a GPO. Retrieved March 13, 2019.
Internal MISP references
UUID 327caed7-a53f-4245-8774-a9f170932012 which can be used as unique global reference for Microsoft GPO Security Filtering in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-13T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Filtering the Scope of a GPO |
FireEye FIN10 June 2017
FireEye iSIGHT Intelligence. (2017, June 16). FIN10: Anatomy of a Cyber Extortion Operation. Retrieved June 25, 2017.
Internal MISP references
UUID 9d5c3956-7169-48d5-b4d0-f7a56a742adf which can be used as unique global reference for FireEye FIN10 June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-25T00:00:00Z |
| date_published | 2017-06-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | FIN10: Anatomy of a Cyber Extortion Operation |
Mandiant FIN12 Group Profile October 07 2021
Joshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly. (2021, October 7). FIN12 Group Profile. Retrieved September 22, 2023.
Internal MISP references
UUID 7af84b3d-bbd6-449f-b29b-2f14591c9f05 which can be used as unique global reference for Mandiant FIN12 Group Profile October 07 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-22T00:00:00Z |
| date_published | 2021-10-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN12 Group Profile |
Mandiant FIN12 Oct 2021
Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.
Internal MISP references
UUID 4514d7cc-b999-5711-a398-d90e5d3570f2 which can be used as unique global reference for Mandiant FIN12 Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-15T00:00:00Z |
| date_published | 2021-10-07T00:00:00Z |
| source | MITRE |
| title | FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets |
CERTFR-2023-CTI-007
CERT-FR. (2023, September 18). FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel. Retrieved September 21, 2023.
Internal MISP references
UUID 0f4a03c5-79b3-418e-a77d-305d5a32caca which can be used as unique global reference for CERTFR-2023-CTI-007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| date_published | 2023-09-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel |
Mandiant FIN13 Aug 2022
Ta, V., et al. (2022, August 8). FIN13: A Cybercriminal Threat Actor Focused on Mexico. Retrieved February 9, 2023.
Internal MISP references
UUID ebd9d479-1954-5a4a-b7f0-d5372489733c which can be used as unique global reference for Mandiant FIN13 Aug 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-09T00:00:00Z |
| date_published | 2022-08-08T00:00:00Z |
| source | MITRE |
| title | FIN13: A Cybercriminal Threat Actor Focused on Mexico |
FireEye FIN4 Stealing Insider NOV 2014
Dennesen, K. et al.. (2014, November 30). FIN4: Stealing Insider Information for an Advantage in Stock Trading?. Retrieved December 17, 2018.
Internal MISP references
UUID b27f1040-46e5-411a-b238-0b40f6160680 which can be used as unique global reference for FireEye FIN4 Stealing Insider NOV 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-17T00:00:00Z |
| date_published | 2014-11-30T00:00:00Z |
| source | MITRE |
| title | FIN4: Stealing Insider Information for an Advantage in Stock Trading? |
Visa FIN6 Feb 2019
Visa Public. (2019, February). FIN6 Cybercrime Group Expands Threat to eCommerce Merchants. Retrieved September 16, 2019.
Internal MISP references
UUID 9e9e8811-1d8e-4400-8688-e634f859c4e0 which can be used as unique global reference for Visa FIN6 Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-16T00:00:00Z |
| date_published | 2019-02-01T00:00:00Z |
| source | MITRE |
| title | FIN6 Cybercrime Group Expands Threat to eCommerce Merchants |
SentinelOne FrameworkPOS September 2019
Kremez, V. (2019, September 19). FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals. Retrieved September 8, 2020.
Internal MISP references
UUID 054d7827-3d0c-40a7-b2a0-1428ad7729ea which can be used as unique global reference for SentinelOne FrameworkPOS September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-08T00:00:00Z |
| date_published | 2019-09-19T00:00:00Z |
| source | MITRE |
| title | FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals |
SecureList Griffon May 2019
Namestnikov, Y. and Aime, F. (2019, May 8). FIN7.5: the infamous cybercrime rig “FIN7” continues its activities. Retrieved October 11, 2019.
Internal MISP references
UUID 42e196e4-42a7-427d-a69b-d78fa6375f8c which can be used as unique global reference for SecureList Griffon May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2019-05-08T00:00:00Z |
| source | MITRE |
| title | FIN7.5: the infamous cybercrime rig “FIN7” continues its activities |
Threatpost Lizar May 2021
Seals, T. (2021, May 14). FIN7 Backdoor Masquerades as Ethical Hacking Tool. Retrieved February 2, 2022.
Internal MISP references
UUID 1b89f62f-586d-4dee-b6dd-e5a5cd090a0e which can be used as unique global reference for Threatpost Lizar May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-02T00:00:00Z |
| date_published | 2021-05-14T00:00:00Z |
| source | MITRE |
| title | FIN7 Backdoor Masquerades as Ethical Hacking Tool |
FireEye FIN7 April 2017
Carr, N., et al. (2017, April 24). FIN7 Evolution and the Phishing LNK. Retrieved April 24, 2017.
Internal MISP references
UUID 6ee27fdb-1753-4fdf-af72-3295b072ff10 which can be used as unique global reference for FireEye FIN7 April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-24T00:00:00Z |
| date_published | 2017-04-24T00:00:00Z |
| source | MITRE |
| title | FIN7 Evolution and the Phishing LNK |
Mandiant FIN7 Apr 2022
Abdo, B., et al. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved April 5, 2022.
Internal MISP references
UUID be9919c0-ca52-593b-aea0-c5e9a262b570 which can be used as unique global reference for Mandiant FIN7 Apr 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-05T00:00:00Z |
| date_published | 2022-04-04T00:00:00Z |
| source | MITRE |
| title | FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 |
Gemini FIN7 Oct 2021
Gemini Advisory. (2021, October 21). FIN7 Recruits Talent For Push Into Ransomware. Retrieved February 2, 2022.
Internal MISP references
UUID bbaef178-8577-4398-8e28-604faf0950b4 which can be used as unique global reference for Gemini FIN7 Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-02T00:00:00Z |
| date_published | 2021-10-21T00:00:00Z |
| source | MITRE |
| title | FIN7 Recruits Talent For Push Into Ransomware |
Flashpoint FIN 7 March 2019
Platt, J. and Reeves, J.. (2019, March). FIN7 Revisited: Inside Astra Panel and SQLRat Malware. Retrieved June 18, 2019.
Internal MISP references
UUID b09453a3-c0df-4e96-b399-e7b34e068e9d which can be used as unique global reference for Flashpoint FIN 7 March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-18T00:00:00Z |
| date_published | 2019-03-01T00:00:00Z |
| source | MITRE |
| title | FIN7 Revisited: Inside Astra Panel and SQLRat Malware |
FireEye FIN7 March 2017
Miller, S., et al. (2017, March 7). FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings. Retrieved March 8, 2017.
Internal MISP references
UUID 7987bb91-ec41-42f8-bd2d-dabc26509a08 which can be used as unique global reference for FireEye FIN7 March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-08T00:00:00Z |
| date_published | 2017-03-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings |
Morphisec FIN7 June 2017
Gorelik, M.. (2017, June 9). FIN7 Takes Another Bite at the Restaurant Industry. Retrieved July 13, 2017.
Internal MISP references
UUID 3831173c-7c67-4f16-b652-ad992a7ce411 which can be used as unique global reference for Morphisec FIN7 June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-13T00:00:00Z |
| date_published | 2017-06-09T00:00:00Z |
| source | MITRE |
| title | FIN7 Takes Another Bite at the Restaurant Industry |
CyberScoop FIN7 Oct 2017
Waterman, S. (2017, October 16). Fin7 weaponization of DDE is just their latest slick move, say researchers. Retrieved November 21, 2017.
Internal MISP references
UUID e38adff1-7f53-4b0c-9d58-a4640b09b10d which can be used as unique global reference for CyberScoop FIN7 Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | Fin7 weaponization of DDE is just their latest slick move, say researchers |
BitDefender BADHATCH Mar 2021
Vrabie, V., et al. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved September 8, 2021.
Internal MISP references
UUID 958cfc9a-901c-549d-96c2-956272b240e3 which can be used as unique global reference for BitDefender BADHATCH Mar 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-08T00:00:00Z |
| date_published | 2021-03-10T00:00:00Z |
| source | MITRE |
| title | FIN8 Returns with Improved BADHATCH Toolkit |
Bitdefender FIN8 BADHATCH Report
Bitdefender. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved October 30, 2023.
Internal MISP references
UUID 501b6391-e09e-47dc-9cfc-c8ed4c034aca which can be used as unique global reference for Bitdefender FIN8 BADHATCH Report in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-30T00:00:00Z |
| date_published | 2021-03-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FIN8 Returns with Improved BADHATCH Toolkit |
Bitdefender Sardonic Aug 2021
Budaca, E., et al. (2021, August 25). FIN8 Threat Actor Goes Agile with New Sardonic Backdoor. Retrieved August 9, 2023.
Internal MISP references
UUID 8e9d05c9-6783-5738-ac85-a444810a8074 which can be used as unique global reference for Bitdefender Sardonic Aug 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-09T00:00:00Z |
| date_published | 2021-08-25T00:00:00Z |
| source | MITRE |
| title | FIN8 Threat Actor Goes Agile with New Sardonic Backdoor |
Symantec FIN8 Jul 2023
Symantec Threat Hunter Team. (2023, July 18). FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware. Retrieved August 9, 2023.
Internal MISP references
UUID 9b08b7f0-1a33-5d76-817f-448fac0d165a which can be used as unique global reference for Symantec FIN8 Jul 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-09T00:00:00Z |
| date_published | 2023-07-18T00:00:00Z |
| source | MITRE |
| title | FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware |
DiginotarCompromise
Fisher, D. (2012, October 31). Final Report on DigiNotar Hack Shows Total Compromise of CA Servers. Retrieved March 6, 2017.
Internal MISP references
UUID 3c9b7b9a-d30a-4865-a96c-6e68d9e20452 which can be used as unique global reference for DiginotarCompromise in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2012-10-31T00:00:00Z |
| source | MITRE |
| title | Final Report on DigiNotar Hack Shows Total Compromise of CA Servers |
FireEye Financial Actors Moving into OT
Brubaker, N. Zafra, D. K. Lunden, K. Proska, K. Hildebrandt, C.. (2020, July 15). Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families. Retrieved February 15, 2021.
Internal MISP references
UUID 4bd514b8-1f79-4946-b001-110ce5cf29a9 which can be used as unique global reference for FireEye Financial Actors Moving into OT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-15T00:00:00Z |
| date_published | 2020-07-15T00:00:00Z |
| source | MITRE |
| title | Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families |
MITRECND FindAPIHash
Jason (jxb5151). (2021, January 28). findapihash.py. Retrieved August 22, 2022.
Internal MISP references
UUID 2260f0a1-2a6c-4373-9e3a-624fd89446e3 which can be used as unique global reference for MITRECND FindAPIHash in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-22T00:00:00Z |
| date_published | 2021-01-28T00:00:00Z |
| source | MITRE |
| title | findapihash.py |
Expel IO Evil in AWS
A. Randazzo, B. Manahan and S. Lipton. (2020, April 28). Finding Evil in AWS. Retrieved June 25, 2020.
Internal MISP references
UUID 4c2424d6-670b-4db0-a752-868b4c954e29 which can be used as unique global reference for Expel IO Evil in AWS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2020-04-28T00:00:00Z |
| source | MITRE |
| title | Finding Evil in AWS |
SANS Decrypting SSL
Butler, M. (2013, November). Finding Hidden Threats by Decrypting SSL. Retrieved April 5, 2016.
Internal MISP references
UUID d251a79b-8516-41a7-b394-47a761d0ab3b which can be used as unique global reference for SANS Decrypting SSL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-05T00:00:00Z |
| date_published | 2013-11-01T00:00:00Z |
| source | MITRE |
| title | Finding Hidden Threats by Decrypting SSL |
Operation Emmental
Sancho, D., Hacquebord, F., Link, R. (2014, July 22). Finding Holes Operation Emmental. Retrieved February 9, 2016.
Internal MISP references
UUID 36443369-4fa9-4802-8b21-68cc382b949f which can be used as unique global reference for Operation Emmental in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-09T00:00:00Z |
| date_published | 2014-07-22T00:00:00Z |
| source | MITRE |
| title | Finding Holes Operation Emmental |
ADSecurity Finding Passwords in SYSVOL
Sean Metcalf. (2015, December 28). Finding Passwords in SYSVOL & Exploiting Group Policy Preferences. Retrieved February 17, 2020.
Internal MISP references
UUID 538def90-5de4-4b8c-b535-0e2570ba1841 which can be used as unique global reference for ADSecurity Finding Passwords in SYSVOL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-17T00:00:00Z |
| date_published | 2015-12-28T00:00:00Z |
| source | MITRE |
| title | Finding Passwords in SYSVOL & Exploiting Group Policy Preferences |
Findstr.exe - LOLBAS Project
LOLBAS. (2018, May 25). Findstr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID fc4b7b28-ac74-4a8f-a39d-ce55df5fca08 which can be used as unique global reference for Findstr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Findstr.exe |
FinFisher Citation
FinFisher. (n.d.). Retrieved December 20, 2017.
Internal MISP references
UUID 6ef0b8d8-ba98-49ce-807d-5a85d111b027 which can be used as unique global reference for FinFisher Citation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| source | MITRE |
| title | FinFisher Citation |
Microsoft FinFisher March 2018
Allievi, A.,Flori, E. (2018, March 01). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved July 9, 2018.
Internal MISP references
UUID 88c97a9a-ef14-4695-bde0-9de2b5f5343b which can be used as unique global reference for Microsoft FinFisher March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-09T00:00:00Z |
| date_published | 2018-03-01T00:00:00Z |
| source | MITRE |
| title | FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines |
FinFisher exposed
Microsoft Defender Security Research Team. (2018, March 1). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved January 27, 2022.
Internal MISP references
UUID b2f4541e-f981-4b25-abf4-1bec92b16faa which can be used as unique global reference for FinFisher exposed in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-27T00:00:00Z |
| date_published | 2018-03-01T00:00:00Z |
| source | MITRE |
| title | FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines |
Finger.exe - LOLBAS Project
LOLBAS. (2021, August 30). Finger.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e32d01eb-d904-43dc-a7e2-bdcf42f3ebb2 which can be used as unique global reference for Finger.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Finger.exe |
FireEye Cyber Threats to Media Industries
FireEye. (n.d.). Retrieved April 19, 2019.
Internal MISP references
UUID 7b9bd753-01b7-4923-9964-19c59123ace2 which can be used as unique global reference for FireEye Cyber Threats to Media Industries in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| source | MITRE |
| title | FireEye Cyber Threats to Media Industries |
FireEye DLL Side-Loading
Amanda Steward. (2014). FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry. Retrieved March 13, 2020.
Internal MISP references
UUID 9d58bcbb-5b96-4e12-8ff2-e0b084c3eb8c which can be used as unique global reference for FireEye DLL Side-Loading in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry |
FireEye Shamoon Nov 2016
FireEye. (2016, November 30). FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region. Retrieved January 11, 2017.
Internal MISP references
UUID 44b2eb6b-4902-4ca0-80e5-7333d620e075 which can be used as unique global reference for FireEye Shamoon Nov 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-01-11T00:00:00Z |
| date_published | 2016-11-30T00:00:00Z |
| source | MITRE |
| title | FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region |
FireEye Ryuk and Trickbot January 2019
Goody, K., et al (2019, January 11). A Nasty Trick: From Credential Theft Malware to Business Disruption. Retrieved May 12, 2020.
Internal MISP references
UUID b29dc755-f1f0-4206-9ecf-29257a1909ee which can be used as unique global reference for FireEye Ryuk and Trickbot January 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-12T00:00:00Z |
| source | MITRE |
| title | FireEye Ryuk and Trickbot January 2019 |
DarkReading FireEye SolarWinds
Kelly Jackson Higgins. (2021, January 7). FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack. Retrieved April 18, 2022.
Internal MISP references
UUID a662c764-8954-493f-88e5-e022e093a785 which can be used as unique global reference for DarkReading FireEye SolarWinds in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-18T00:00:00Z |
| date_published | 2021-01-07T00:00:00Z |
| source | MITRE |
| title | FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack |
FireEye FinSpy Sept 2017
Jiang, G., et al. (2017, September 12). FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY. Retrieved February 15, 2018.
Internal MISP references
UUID 142cf7a3-2ca2-4cf3-b95a-9f4b3bc1cdce which can be used as unique global reference for FireEye FinSpy Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-09-12T00:00:00Z |
| source | MITRE |
| title | FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY |
RiskIQ Cobalt Jan 2018
Klijnsma, Y.. (2018, January 16). First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks. Retrieved October 10, 2018.
Internal MISP references
UUID 7d48b679-d44d-466e-b12b-16f0f9858d15 which can be used as unique global reference for RiskIQ Cobalt Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-10T00:00:00Z |
| date_published | 2018-01-16T00:00:00Z |
| source | MITRE |
| title | First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks |
Chrome Extension Crypto Miner
Brinkmann, M. (2017, September 19). First Chrome extension with JavaScript Crypto Miner detected. Retrieved November 16, 2017.
Internal MISP references
UUID ae28f530-40da-451e-89b8-b472340c3e0a which can be used as unique global reference for Chrome Extension Crypto Miner in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-16T00:00:00Z |
| date_published | 2017-09-19T00:00:00Z |
| source | MITRE |
| title | First Chrome extension with JavaScript Crypto Miner detected |
Aquasec Kubernetes Attack 2023
Michael Katchinskiy, Assaf Morag. (2023, April 21). First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. Retrieved July 14, 2023.
Internal MISP references
UUID 6d6e2fc8-9806-5480-bfaa-a43a962a4980 which can be used as unique global reference for Aquasec Kubernetes Attack 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-14T00:00:00Z |
| date_published | 2023-04-21T00:00:00Z |
| source | MITRE |
| title | First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters |
ESET-Twitoor
ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.
Internal MISP references
UUID 845896a6-b21d-489d-b75c-1e35b3ec78e0 which can be used as unique global reference for ESET-Twitoor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-12-22T00:00:00Z |
| date_published | 2016-08-24T00:00:00Z |
| source | MITRE |
| title | First Twitter-controlled Android botnet discovered |
Microsoft Azure AD Admin Consent
Baldwin, M., Flores, J., Kess, B.. (2018, June 17). Five steps to securing your identity infrastructure. Retrieved October 4, 2019.
Internal MISP references
UUID 3a0c4458-c8ec-44f9-95cc-0eb136a927cb which can be used as unique global reference for Microsoft Azure AD Admin Consent in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2018-06-17T00:00:00Z |
| source | MITRE |
| title | Five steps to securing your identity infrastructure |
NTT Security Flagpro new December 2021
Hada, H. (2021, December 28). Flagpro The new malware used by BlackTech. Retrieved March 25, 2022.
Internal MISP references
UUID c0f523fa-7f3b-4c85-b48f-19ae770e9f3b which can be used as unique global reference for NTT Security Flagpro new December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2021-12-28T00:00:00Z |
| source | MITRE |
| title | Flagpro The new malware used by BlackTech |
Kaspersky Flame Functionality
Gostev, A. (2012, May 30). Flame: Bunny, Frog, Munch and BeetleJuice…. Retrieved March 1, 2017.
Internal MISP references
UUID c7d030ad-0ecf-458f-85d4-93778d759dc1 which can be used as unique global reference for Kaspersky Flame Functionality in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2012-05-30T00:00:00Z |
| source | MITRE |
| title | Flame: Bunny, Frog, Munch and BeetleJuice… |
Crysys Skywiper
sKyWIper Analysis Team. (2012, May 31). sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks. Retrieved September 6, 2018.
Internal MISP references
UUID ea35f530-b0fd-4e27-a7a9-6ba41566154c which can be used as unique global reference for Crysys Skywiper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-06T00:00:00Z |
| source | MITRE |
| title | Flamer): A complex malware for targeted attacks |
Symantec Beetlejuice
Symantec Security Response. (2012, May 31). Flamer: A Recipe for Bluetoothache. Retrieved February 25, 2017.
Internal MISP references
UUID 691ada65-fe64-4917-b379-1db2573eea32 which can be used as unique global reference for Symantec Beetlejuice in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-25T00:00:00Z |
| date_published | 2012-05-31T00:00:00Z |
| source | MITRE |
| title | Flamer: A Recipe for Bluetoothache |
fltMC.exe - LOLBAS Project
LOLBAS. (2021, September 18). fltMC.exe. Retrieved December 4, 2023.
Internal MISP references
UUID cf9b4bd3-92f0-405b-85e7-95e65d548b79 which can be used as unique global reference for fltMC.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | fltMC.exe |
IranThreats Kittens Dec 2017
Iran Threats . (2017, December 5). Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code. Retrieved May 28, 2020.
Internal MISP references
UUID 8338ad75-89f2-47d8-b85b-7cbf331bd7cd which can be used as unique global reference for IranThreats Kittens Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-28T00:00:00Z |
| date_published | 2017-12-05T00:00:00Z |
| source | MITRE |
| title | Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code |
MSTIC FoggyWeb September 2021
Ramin Nafisi. (2021, September 27). FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor. Retrieved October 4, 2021.
Internal MISP references
UUID 1ef61100-c5e7-4725-8456-e508c5f6d68a which can be used as unique global reference for MSTIC FoggyWeb September 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2021-09-27T00:00:00Z |
| source | MITRE |
| title | FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor |
Following the CloudTrail: Generating strong AWS security signals with Sumo Logic
Dan Whalen. (2019, September 10). Following the CloudTrail: Generating strong AWS security signals with Sumo Logic. Retrieved October 16, 2020.
Internal MISP references
UUID 96560211-59b3-4eae-b8a3-2f988f6fdca3 which can be used as unique global reference for Following the CloudTrail: Generating strong AWS security signals with Sumo Logic in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| date_published | 2019-09-10T00:00:00Z |
| source | MITRE |
| title | Following the CloudTrail: Generating strong AWS security signals with Sumo Logic |
Group IB RTM August 2019
Skulkin, O. (2019, August 5). Following the RTM Forensic examination of a computer infected with a banking trojan. Retrieved May 11, 2020.
Internal MISP references
UUID 739da2f2-2aea-4f65-bc4d-ec6723f90520 which can be used as unique global reference for Group IB RTM August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-11T00:00:00Z |
| date_published | 2019-08-05T00:00:00Z |
| source | MITRE |
| title | Following the RTM Forensic examination of a computer infected with a banking trojan |
TrendMicro BlackTech June 2017
Bermejo, L., et al. (2017, June 22). Following the Trail of BlackTech’s Cyber Espionage Campaigns. Retrieved May 5, 2020.
Internal MISP references
UUID abb9cb19-d30e-4048-b106-eb29a6dad7fc which can be used as unique global reference for TrendMicro BlackTech June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-05T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Following the Trail of BlackTech’s Cyber Espionage Campaigns |
FireEye FIN6 April 2016
FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved June 1, 2016.
Internal MISP references
UUID 8c0997e1-b285-42dd-9492-75065eac8f8b which can be used as unique global reference for FireEye FIN6 April 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-01T00:00:00Z |
| date_published | 2016-04-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6 |
ESET FontOnLake Analysis 2021
Vladislav Hrčka. (2021, January 1). FontOnLake. Retrieved September 27, 2023.
Internal MISP references
UUID dbcced87-91ee-514f-98c8-29a85d967384 which can be used as unique global reference for ESET FontOnLake Analysis 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | FontOnLake |
amnesty_nso_pegasus
Amnesty International Security Lab. (2021, July 18). Forensic Methodology Report: How to catch NSO Group’s Pegasus. Retrieved February 22, 2022.
Internal MISP references
UUID 9e40d93a-fe91-504a-a6f2-e6546067ba53 which can be used as unique global reference for amnesty_nso_pegasus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-22T00:00:00Z |
| date_published | 2021-07-18T00:00:00Z |
| source | MITRE |
| title | Forensic Methodology Report: How to catch NSO Group’s Pegasus |
Microsoft Forfiles Aug 2016
Microsoft. (2016, August 31). Forfiles. Retrieved January 22, 2018.
Internal MISP references
UUID fd7eaa47-3512-4dbd-b881-bc679d06cd1b which can be used as unique global reference for Microsoft Forfiles Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Forfiles |
Forfiles.exe - LOLBAS Project
LOLBAS. (2018, May 25). Forfiles.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9e2c3833-b667-431c-a9e5-1b412583cc5a which can be used as unique global reference for Forfiles.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Forfiles.exe |
Symantec Seaduke 2015
Symantec Security Response. (2015, July 13). “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory. Retrieved July 22, 2015.
Internal MISP references
UUID 5ec05c01-8767-44c1-9855-e1b0e5ee0002 which can be used as unique global reference for Symantec Seaduke 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-07-22T00:00:00Z |
| date_published | 2015-07-13T00:00:00Z |
| source | MITRE |
| title | “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory |
Register Uber
McCarthy, K. (2015, February 28). FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers. Retrieved October 19, 2020.
Internal MISP references
UUID 89b85928-a962-4230-875c-63742b3c9d37 which can be used as unique global reference for Register Uber in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2015-02-28T00:00:00Z |
| source | MITRE |
| title | FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers |
format_cmd_cisco
Cisco. (2022, August 16). format - Cisco IOS Configuration Fundamentals Command Reference. Retrieved July 13, 2022.
Internal MISP references
UUID 9442e08d-0858-5aa5-b642-a6b1e46018bc which can be used as unique global reference for format_cmd_cisco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | format - Cisco IOS Configuration Fundamentals Command Reference |
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
ALEXANDER MARVI, BRAD SLAYBAUGH, DAN EBREO, TUFAIL AHMED, MUHAMMAD UMAIR, TINA JOHNSON. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved May 15, 2023.
Internal MISP references
UUID a43dd8ce-23d6-5768-8522-6973dc45e1ac which can be used as unique global reference for Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-15T00:00:00Z |
| date_published | 2023-03-16T00:00:00Z |
| source | MITRE |
| title | Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation |
Mandiant Fortinet Zero Day
Marvi, A. et al.. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved March 22, 2023.
Internal MISP references
UUID 7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7 which can be used as unique global reference for Mandiant Fortinet Zero Day in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-22T00:00:00Z |
| date_published | 2023-03-16T00:00:00Z |
| source | MITRE |
| title | Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation |
macOS Foundation
Apple. (n.d.). Foundation. Retrieved July 1, 2020.
Internal MISP references
UUID ea194268-0a8f-4494-be09-ef5f679f68fe which can be used as unique global reference for macOS Foundation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-01T00:00:00Z |
| source | MITRE |
| title | Foundation |
SentinelOne Lazarus macOS July 2020
Stokes, P. (2020, July 27). Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform. Retrieved August 7, 2020.
Internal MISP references
UUID 489c52a2-34cc-47ff-b42b-9d48f83b9e90 which can be used as unique global reference for SentinelOne Lazarus macOS July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-07T00:00:00Z |
| date_published | 2020-07-27T00:00:00Z |
| source | MITRE |
| title | Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform |
DOJ Russia Targeting Critical Infrastructure March 2022
Department of Justice. (2022, March 24). Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide. Retrieved April 5, 2022.
Internal MISP references
UUID 768a0ec6-b767-4044-acad-82834508640f which can be used as unique global reference for DOJ Russia Targeting Critical Infrastructure March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-05T00:00:00Z |
| date_published | 2022-03-24T00:00:00Z |
| source | MITRE |
| title | Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide |
ClearkSky Fox Kitten February 2020
ClearSky. (2020, February 16). Fox Kitten – Widespread Iranian Espionage-Offensive Campaign. Retrieved December 21, 2020.
Internal MISP references
UUID a5ad6321-897a-4adc-9cdd-034a2538e3d6 which can be used as unique global reference for ClearkSky Fox Kitten February 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| date_published | 2020-02-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Fox Kitten – Widespread Iranian Espionage-Offensive Campaign |
FSISAC FraudNetDoS September 2012
FS-ISAC. (2012, September 17). Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud. Retrieved April 18, 2019.
Internal MISP references
UUID 9c8772eb-6d1d-4742-a2db-a5e1006effaa which can be used as unique global reference for FSISAC FraudNetDoS September 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-18T00:00:00Z |
| date_published | 2012-09-17T00:00:00Z |
| source | MITRE |
| title | Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud |
MalwareBytes Ngrok February 2020
Segura, J. (2020, February 26). Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server. Retrieved September 15, 2020.
Internal MISP references
UUID 531206c7-11ec-46bf-a35c-0464244a58c9 which can be used as unique global reference for MalwareBytes Ngrok February 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-15T00:00:00Z |
| date_published | 2020-02-26T00:00:00Z |
| source | MITRE |
| title | Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server |
ESET ComRAT May 2020
Faou, M. (2020, May). From Agent.btz to ComRAT v4: A ten-year journey. Retrieved June 15, 2020.
Internal MISP references
UUID cd9043b8-4d14-449b-a6b2-2e9b99103bb0 which can be used as unique global reference for ESET ComRAT May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2020-05-01T00:00:00Z |
| source | MITRE |
| title | From Agent.btz to ComRAT v4: A ten-year journey |
Azure AD to AD
Sean Metcalf. (2020, May 27). From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path. Retrieved September 28, 2022.
Internal MISP references
UUID 087d07a9-0d33-4253-b7c1-d55be13c0467 which can be used as unique global reference for Azure AD to AD in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2020-05-27T00:00:00Z |
| source | MITRE |
| title | From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path |
blackmatter_blackcat
Pereira, T. Huey, C. (2022, March 17). From BlackMatter to BlackCat: Analyzing two attacks from one affiliate. Retrieved May 5, 2022.
Internal MISP references
UUID 605b58ea-9544-49b8-b3c8-0a97b2b155dc which can be used as unique global reference for blackmatter_blackcat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-05T00:00:00Z |
| date_published | 2022-03-17T00:00:00Z |
| source | MITRE |
| title | From BlackMatter to BlackCat: Analyzing two attacks from one affiliate |
Unit42 Malware Roundup December 29 2023
Samantha Stallings, Brad Duncan. (2023, December 29). From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence. Retrieved January 11, 2024.
Internal MISP references
UUID a18e19b5-9046-4c2c-bd94-2cd5061064bf which can be used as unique global reference for Unit42 Malware Roundup December 29 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-11T00:00:00Z |
| date_published | 2023-12-29T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence |
Reaqta Mavinject
Reaqta. (2017, December 16). From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector. Retrieved September 22, 2021.
Internal MISP references
UUID 5c0e0c84-2992-4098-8913-66a20ca61bf4 which can be used as unique global reference for Reaqta Mavinject in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2017-12-16T00:00:00Z |
| source | MITRE |
| title | From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector |
IBM MegaCortex
Del Fierro, C. Kessem, L.. (2020, January 8). From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications. Retrieved February 15, 2021.
Internal MISP references
UUID 3d70d9b7-88e4-411e-a59a-bc862da965a7 which can be used as unique global reference for IBM MegaCortex in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-15T00:00:00Z |
| date_published | 2020-01-08T00:00:00Z |
| source | MITRE |
| title | From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications |
BiZone Lizar May 2021
BI.ZONE Cyber Threats Research Team. (2021, May 13). From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit. Retrieved February 2, 2022.
Internal MISP references
UUID 315f47e1-69e5-4dcb-94b2-59583e91dd26 which can be used as unique global reference for BiZone Lizar May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-02T00:00:00Z |
| date_published | 2021-05-13T00:00:00Z |
| source | MITRE |
| title | From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit |
Kaspersky StoneDrill 2017
Kaspersky Lab. (2017, March 7). From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond. Retrieved March 14, 2019.
Internal MISP references
UUID e2637cb3-c449-4609-af7b-ac78a900cc8b which can be used as unique global reference for Kaspersky StoneDrill 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-14T00:00:00Z |
| date_published | 2017-03-07T00:00:00Z |
| source | MITRE |
| title | From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond |
FsiAnyCpu.exe - LOLBAS Project
LOLBAS. (2021, September 26). FsiAnyCpu.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 87031d31-b6d7-4860-b11b-5a0dc8774d92 which can be used as unique global reference for FsiAnyCpu.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | FsiAnyCpu.exe |
Fsi.exe - LOLBAS Project
LOLBAS. (2021, September 26). Fsi.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4e14e87f-2ad9-4959-8cb2-8585b67931c0 which can be used as unique global reference for Fsi.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Fsi.exe |
fsutil_behavior
Microsoft. (2021, September 27). fsutil behavior. Retrieved January 14, 2022.
Internal MISP references
UUID 07712696-b1fd-4704-b157-9e420840fb2c which can be used as unique global reference for fsutil_behavior in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-14T00:00:00Z |
| date_published | 2021-09-27T00:00:00Z |
| source | MITRE |
| title | fsutil behavior |
Fsutil.exe - LOLBAS Project
LOLBAS. (2021, August 16). Fsutil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e2305dac-4245-4fac-8813-69cb210e9cd3 which can be used as unique global reference for Fsutil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Fsutil.exe |
Microsoft FTP
Microsoft. (2021, July 21). ftp. Retrieved February 25, 2022.
Internal MISP references
UUID 970f8d16-f5b7-44e2-b81f-738b931c60d9 which can be used as unique global reference for Microsoft FTP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-25T00:00:00Z |
| date_published | 2021-07-21T00:00:00Z |
| source | MITRE |
| title | ftp |
Linux FTP
N/A. (n.d.). ftp(1) - Linux man page. Retrieved February 25, 2022.
Internal MISP references
UUID 021ea6bc-abff-48de-a6bb-315dbbfa6147 which can be used as unique global reference for Linux FTP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-25T00:00:00Z |
| source | MITRE |
| title | ftp(1) - Linux man page |
Ftp.exe - LOLBAS Project
LOLBAS. (2018, December 10). Ftp.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3b51993d-6062-4138-bfc6-a2c0fc5d039a which can be used as unique global reference for Ftp.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-12-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ftp.exe |
Microsoft WMI Filters
Microsoft. (2008, September 11). Fun with WMI Filters in Group Policy. Retrieved March 13, 2019.
Internal MISP references
UUID 2894c3bf-6f8d-4338-8206-4dc873e3bb8d which can be used as unique global reference for Microsoft WMI Filters in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-13T00:00:00Z |
| date_published | 2008-09-11T00:00:00Z |
| source | MITRE |
| title | Fun with WMI Filters in Group Policy |
Cybersecurity Advisory SVR TTP May 2021
NCSC, CISA, FBI, NSA. (2021, May 7). Further TTPs associated with SVR cyber actors. Retrieved July 29, 2021.
Internal MISP references
UUID e18c1b56-f29d-4ea9-a425-a6af8ac6a347 which can be used as unique global reference for Cybersecurity Advisory SVR TTP May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-29T00:00:00Z |
| date_published | 2021-05-07T00:00:00Z |
| source | MITRE |
| title | Further TTPs associated with SVR cyber actors |
RiskIQ Cobalt Nov 2017
Klijnsma, Y.. (2017, November 28). Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions. Retrieved October 10, 2018.
Internal MISP references
UUID ebf961c5-bd68-42f3-8fd3-000946c7ae9c which can be used as unique global reference for RiskIQ Cobalt Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-10T00:00:00Z |
| date_published | 2017-11-28T00:00:00Z |
| source | MITRE |
| title | Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions |
Unit 42 PingPull Jun 2022
Unit 42. (2022, June 13). GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool. Retrieved August 7, 2022.
Internal MISP references
UUID ac6491ab-6ef1-4091-8a15-50e2cbafe157 which can be used as unique global reference for Unit 42 PingPull Jun 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-07T00:00:00Z |
| date_published | 2022-06-13T00:00:00Z |
| source | MITRE |
| title | GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool |
Microsoft GALLIUM December 2019
MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.
Internal MISP references
UUID 5bc76b47-ff68-4031-a347-f2dc0daba203 which can be used as unique global reference for Microsoft GALLIUM December 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-13T00:00:00Z |
| date_published | 2019-12-12T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | GALLIUM: Targeting global telecom |
Symantec Gallmaker Oct 2018
Symantec Security Response. (2018, October 10). Gallmaker: New Attack Group Eschews Malware to Live off the Land. Retrieved November 27, 2018.
Internal MISP references
UUID f47b3e2b-acdd-4487-88b9-de5cbe45cf33 which can be used as unique global reference for Symantec Gallmaker Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-27T00:00:00Z |
| date_published | 2018-10-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Gallmaker: New Attack Group Eschews Malware to Live off the Land |
TrendMicro Gamaredon April 2020
Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.
Internal MISP references
UUID 3800cfc2-0260-4b36-b629-7a336b9f9f10 which can be used as unique global reference for TrendMicro Gamaredon April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-19T00:00:00Z |
| date_published | 2020-04-17T00:00:00Z |
| source | MITRE |
| title | Gamaredon APT Group Use Covid-19 Lure in Campaigns |
ESET Gamaredon June 2020
Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.
Internal MISP references
UUID 6532664d-2311-4b38-8960-f43762471729 which can be used as unique global reference for ESET Gamaredon June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-16T00:00:00Z |
| date_published | 2020-06-11T00:00:00Z |
| source | MITRE |
| title | Gamaredon group grows its game |
CERT-EE Gamaredon January 2021
CERT-EE. (2021, January 27). Gamaredon Infection: From Dropper to Entry. Retrieved February 17, 2022.
Internal MISP references
UUID fec320ed-29c1-40db-ad2e-701fda428922 which can be used as unique global reference for CERT-EE Gamaredon January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-17T00:00:00Z |
| date_published | 2021-01-27T00:00:00Z |
| source | MITRE |
| title | Gamaredon Infection: From Dropper to Entry |
Kaspersky Winnti June 2015
Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.
Internal MISP references
UUID 86504950-0f4f-42bc-b003-24f60ae97c99 which can be used as unique global reference for Kaspersky Winnti June 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2015-06-22T00:00:00Z |
| source | MITRE |
| title | Games are over: Winnti is now targeting pharmaceutical companies |
WeLiveSecurity Gapz and Redyms Mar 2013
Matrosov, A. (2013, March 19). Gapz and Redyms droppers based on Power Loader code. Retrieved December 16, 2017.
Internal MISP references
UUID b8d328b7-2eb3-4851-8d44-2e1bad7710c2 which can be used as unique global reference for WeLiveSecurity Gapz and Redyms Mar 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-16T00:00:00Z |
| date_published | 2013-03-19T00:00:00Z |
| source | MITRE |
| title | Gapz and Redyms droppers based on Power Loader code |
theevilbit gatekeeper bypass 2021
Csaba Fitzl. (2021, June 29). GateKeeper - Not a Bypass (Again). Retrieved September 22, 2021.
Internal MISP references
UUID d00f373d-2133-47c3-9b0a-104ecc9a6869 which can be used as unique global reference for theevilbit gatekeeper bypass 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-06-29T00:00:00Z |
| source | MITRE |
| title | GateKeeper - Not a Bypass (Again) |
Kaspersky Gauss Whitepaper
Kaspersky Lab. (2012, August). Gauss: Abnormal Distribution. Retrieved January 17, 2019.
Internal MISP references
UUID 4bf39390-f3ca-4132-841e-b35abefe7dee which can be used as unique global reference for Kaspersky Gauss Whitepaper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-17T00:00:00Z |
| date_published | 2012-08-01T00:00:00Z |
| source | MITRE |
| title | Gauss: Abnormal Distribution |
Kaspersky MoleRATs April 2019
GReAT. (2019, April 10). Gaza Cybergang Group1, operation SneakyPastes. Retrieved May 13, 2020.
Internal MISP references
UUID 38216a34-5ffd-4e79-80b1-7270743b728e which can be used as unique global reference for Kaspersky MoleRATs April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-13T00:00:00Z |
| date_published | 2019-04-10T00:00:00Z |
| source | MITRE |
| title | Gaza Cybergang Group1, operation SneakyPastes |
ESET Gazer Aug 2017
ESET. (2017, August). Gazing at Gazer: Turla’s new second stage backdoor. Retrieved September 14, 2017.
Internal MISP references
UUID 9d1c40af-d4bc-4d4a-b667-a17378942685 which can be used as unique global reference for ESET Gazer Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-14T00:00:00Z |
| date_published | 2017-08-01T00:00:00Z |
| source | MITRE |
| title | Gazing at Gazer: Turla’s new second stage backdoor |
file_sig_table
Kessler, G. (2022, December 9). GCK'S FILE SIGNATURES TABLE. Retrieved August 23, 2022.
Internal MISP references
UUID 4bc3a8af-d0c1-514d-9edd-dcebb3344db8 which can be used as unique global reference for file_sig_table in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-23T00:00:00Z |
| date_published | 2022-12-09T00:00:00Z |
| source | MITRE |
| title | GCK'S FILE SIGNATURES TABLE |
Google Cloud Add Metadata
Google Cloud. (2022, March 31). gcloud compute instances add-metadata. Retrieved April 1, 2022.
Internal MISP references
UUID eba4b850-8784-4da2-b87d-54b5bd0f58d6 which can be used as unique global reference for Google Cloud Add Metadata in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2022-03-31T00:00:00Z |
| source | MITRE |
| title | gcloud compute instances add-metadata |
Google Compute Instances
Google. (n.d.). gcloud compute instances list. Retrieved May 26, 2020.
Internal MISP references
UUID ae09e791-a00c-487b-b0e5-7768df0679a3 which can be used as unique global reference for Google Compute Instances in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| source | MITRE |
| title | gcloud compute instances list |
GCP SSH Key Add
Google. (n.d.). gcloud compute os-login ssh-keys add. Retrieved October 1, 2020.
Internal MISP references
UUID 372b6cfd-abdc-41b7-be78-4b1dc0426044 which can be used as unique global reference for GCP SSH Key Add in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | gcloud compute os-login ssh-keys add |
Google Cloud - IAM Servie Accounts List API
Google. (2020, June 23). gcloud iam service-accounts list. Retrieved August 4, 2020.
Internal MISP references
UUID 3ffad706-1dac-41dd-b197-06f22fec3b30 which can be used as unique global reference for Google Cloud - IAM Servie Accounts List API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2020-06-23T00:00:00Z |
| source | MITRE |
| title | gcloud iam service-accounts list |
ESET Gelsemium June 2021
Dupuy, T. and Faou, M. (2021, June). Gelsemium. Retrieved November 30, 2021.
Internal MISP references
UUID ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5 which can be used as unique global reference for ESET Gelsemium June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-30T00:00:00Z |
| date_published | 2021-06-01T00:00:00Z |
| source | MITRE |
| title | Gelsemium |
TechNet Scheduled Task Events
Microsoft. (n.d.). General Task Registration. Retrieved December 12, 2017.
Internal MISP references
UUID 344703ac-f67c-465b-8c56-c9617675a00b which can be used as unique global reference for TechNet Scheduled Task Events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| source | MITRE |
| title | General Task Registration |
Ebowla: Genetic Malware
Morrow, T., Pitts, J. (2016, October 28). Genetic Malware: Designing Payloads for Specific Targets. Retrieved January 18, 2019.
Internal MISP references
UUID 8c65dbc1-33ad-470c-b172-7497c6fd2480 which can be used as unique global reference for Ebowla: Genetic Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-18T00:00:00Z |
| date_published | 2016-10-28T00:00:00Z |
| source | MITRE |
| title | Genetic Malware: Designing Payloads for Specific Targets |
Proofpoint NETWIRE December 2020
Proofpoint. (2020, December 2). Geofenced NetWire Campaigns. Retrieved January 7, 2021.
Internal MISP references
UUID 5a974fc5-31bb-44b5-9834-ef98175402ec which can be used as unique global reference for Proofpoint NETWIRE December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-07T00:00:00Z |
| date_published | 2020-12-02T00:00:00Z |
| source | MITRE |
| title | Geofenced NetWire Campaigns |
Hartrell cd00r 2002
Hartrell, Greg. (2002, August). Get a handle on cd00r: The invisible backdoor. Retrieved October 13, 2018.
Internal MISP references
UUID 739e6517-10f5-484d-8000-8818d63e7341 which can be used as unique global reference for Hartrell cd00r 2002 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-13T00:00:00Z |
| date_published | 2002-08-01T00:00:00Z |
| source | MITRE |
| title | Get a handle on cd00r: The invisible backdoor |
Kubectl Exec Get Shell
The Kubernetes Authors. (n.d.). Get a Shell to a Running Container. Retrieved March 29, 2021.
Internal MISP references
UUID ffb9c0ca-533f-4911-8c0c-a2653410a76d which can be used as unique global reference for Kubectl Exec Get Shell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Get a Shell to a Running Container |
Microsoft getglobaladdresslist
Microsoft. (n.d.). Get-GlobalAddressList. Retrieved October 6, 2019.
Internal MISP references
UUID a4948a80-d11c-44ed-ae63-e3f5660463f9 which can be used as unique global reference for Microsoft getglobaladdresslist in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| source | MITRE |
| title | Get-GlobalAddressList |
Jay GetHooks Sept 2011
Satiro, J. (2011, September 14). GetHooks. Retrieved December 12, 2017.
Internal MISP references
UUID 228ac239-3a97-446f-8e1c-d5c0f580710c which can be used as unique global reference for Jay GetHooks Sept 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2011-09-14T00:00:00Z |
| source | MITRE |
| title | GetHooks |
Microsoft Get-InboxRule
Microsoft. (n.d.). Get-InboxRule. Retrieved June 10, 2021.
Internal MISP references
UUID c6a1b00c-22d4-407a-a515-fbce5c197606 which can be used as unique global reference for Microsoft Get-InboxRule in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-10T00:00:00Z |
| source | MITRE |
| title | Get-InboxRule |
Microsoft Msolrole
Microsoft. (n.d.). Get-MsolRole. Retrieved October 6, 2019.
Internal MISP references
UUID e36f4e3a-61c9-4fdc-98de-d51a2b3b4865 which can be used as unique global reference for Microsoft Msolrole in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| source | MITRE |
| title | Get-MsolRole |
Microsoft msolrolemember
Microsoft. (n.d.). Get-MsolRoleMember. Retrieved October 6, 2019.
Internal MISP references
UUID ca28494c-d834-4afc-9237-ab78dcfc427b which can be used as unique global reference for Microsoft msolrolemember in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| source | MITRE |
| title | Get-MsolRoleMember |
rowland linux at 2019
Craig Rowland. (2019, July 25). Getting an Attacker IP Address from a Malicious Linux At Job. Retrieved October 15, 2021.
Internal MISP references
UUID 85056eba-c587-4619-b5e4-dff9680be7b3 which can be used as unique global reference for rowland linux at 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-15T00:00:00Z |
| date_published | 2019-07-25T00:00:00Z |
| source | MITRE |
| title | Getting an Attacker IP Address from a Malicious Linux At Job |
BlackHatRobinSage
Ryan, T. (2010). “Getting In Bed with Robin Sage.”. Retrieved March 6, 2017.
Internal MISP references
UUID 82068e93-a3f8-4d05-9358-6fe76a0055bb which can be used as unique global reference for BlackHatRobinSage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2010-01-01T00:00:00Z |
| source | MITRE |
| title | “Getting In Bed with Robin Sage.” |
AADInternals Root Access to Azure VMs
Dr. Nestori Syynimaa. (2020, June 4). Getting root access to Azure VMs as a Azure AD Global Administrator. Retrieved March 13, 2023.
Internal MISP references
UUID 7080ae79-bec4-5886-9a43-6039d0cfd32f which can be used as unique global reference for AADInternals Root Access to Azure VMs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2020-06-04T00:00:00Z |
| source | MITRE |
| title | Getting root access to Azure VMs as a Azure AD Global Administrator |
Wardle Dylib Hijack Vulnerable Apps
Patrick Wardle. (2019, July 2). Getting Root with Benign AppStore Apps. Retrieved March 31, 2021.
Internal MISP references
UUID 128b4e3f-bb58-45e0-b8d9-bff9fc3ec3df which can be used as unique global reference for Wardle Dylib Hijack Vulnerable Apps in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-31T00:00:00Z |
| date_published | 2019-07-02T00:00:00Z |
| source | MITRE |
| title | Getting Root with Benign AppStore Apps |
MSDN VBA in Office
Austin, J. (2017, June 6). Getting Started with VBA in Office. Retrieved July 3, 2017.
Internal MISP references
UUID 9c44416d-1f3d-4d99-b497-4615ed6f5546 which can be used as unique global reference for MSDN VBA in Office in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2017-06-06T00:00:00Z |
| source | MITRE |
| title | Getting Started with VBA in Office |
Windows Getting Started Drivers
Viviano, A. (2021, August 17). Getting started with Windows drivers: User mode and kernel mode. Retrieved September 24, 2021.
Internal MISP references
UUID 1b93e7ba-6afa-45ff-a9e2-3586cdae822c which can be used as unique global reference for Windows Getting Started Drivers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-24T00:00:00Z |
| date_published | 2021-08-17T00:00:00Z |
| source | MITRE |
| title | Getting started with Windows drivers: User mode and kernel mode |
Bloxham
Bloxham, B. (n.d.). Getting Windows to Play with Itself [PowerPoint slides]. Retrieved November 12, 2014.
Internal MISP references
UUID b212d16f-5347-49ab-8339-432b4fd1ef50 which can be used as unique global reference for Bloxham in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| source | MITRE |
| title | Getting Windows to Play with Itself [PowerPoint slides] |
Microsoft GetWindowLong function
Microsoft. (n.d.). GetWindowLong function. Retrieved December 16, 2017.
Internal MISP references
UUID 4366217a-2325-4056-ab68-f5f4d2a0703c which can be used as unique global reference for Microsoft GetWindowLong function in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-16T00:00:00Z |
| source | MITRE |
| title | GetWindowLong function |
Microsoft GFlags Mar 2017
Microsoft. (2017, May 23). GFlags Overview. Retrieved December 18, 2017.
Internal MISP references
UUID 9c11c382-b420-4cf9-9db2-eaa7b60aee2d which can be used as unique global reference for Microsoft GFlags Mar 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2017-05-23T00:00:00Z |
| source | MITRE |
| title | GFlags Overview |
GfxDownloadWrapper.exe - LOLBAS Project
LOLBAS. (2019, December 27). GfxDownloadWrapper.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5d97b7d7-428e-4408-a4d3-00f52cf4bf15 which can be used as unique global reference for GfxDownloadWrapper.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-12-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GfxDownloadWrapper.exe |
GhostToken GCP flaw
Sergiu Gatlan. (2023, April 21). GhostToken GCP flaw let attackers backdoor Google accounts. Retrieved September 18, 2023.
Internal MISP references
UUID 3f87bd65-4194-5be6-93a1-acde6eaef547 which can be used as unique global reference for GhostToken GCP flaw in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-18T00:00:00Z |
| date_published | 2023-04-21T00:00:00Z |
| source | MITRE |
| title | GhostToken GCP flaw let attackers backdoor Google accounts |
GitHub ADRecon
adrecon. (n.d.). GitHub ADRecon. Retrieved March 5, 2024.
Internal MISP references
UUID 8ef4bcee-673d-4bab-8e18-947f45c6fc77 which can be used as unique global reference for GitHub ADRecon in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub ADRecon |
GitHub Chisel
jpillora. (n.d.). GitHub Chisel. Retrieved October 20, 2023.
Internal MISP references
UUID 4a60fb46-06b7-44ea-a9f6-8d6fa81e9363 which can be used as unique global reference for GitHub Chisel in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub Chisel |
Github evilginx2
Gretzky, Kuba. (2019, April 10). Retrieved October 8, 2019.
Internal MISP references
UUID 322e5d90-5095-47ea-b0e2-e7e5fb45fcca which can be used as unique global reference for Github evilginx2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| source | MITRE |
| title | Github evilginx2 |
GitHub evilginx2
kgretzky. (n.d.). GitHub evilginx2. Retrieved December 14, 2023.
Internal MISP references
UUID eea178f4-80bd-49d1-84b1-f80671e9a3e4 which can be used as unique global reference for GitHub evilginx2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub evilginx2 |
GitHub Malleable C2
Mudge, R. (2014, July 14). Github Malleable-C2-Profiles safebrowsing.profile. Retrieved June 18, 2017.
Internal MISP references
UUID 0a609b90-dbaf-47bc-a642-1d180ca56498 which can be used as unique global reference for GitHub Malleable C2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-18T00:00:00Z |
| date_published | 2014-07-14T00:00:00Z |
| source | MITRE |
| title | Github Malleable-C2-Profiles safebrowsing.profile |
GitHub masscan
robertdavidgraham. (n.d.). GitHub masscan. Retrieved March 13, 2024.
Internal MISP references
UUID 7ae0b5c6-c9e5-4922-9e98-6483c81a8b42 which can be used as unique global reference for GitHub masscan in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub masscan |
GitHub meganz MEGAsync
GitHub. (n.d.). GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive. Retrieved June 22, 2023.
Internal MISP references
UUID 6e59c47d-597c-4687-942f-9f1cf1db75d5 which can be used as unique global reference for GitHub meganz MEGAsync in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-22T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive |
code_persistence_zsh
Leo Pitt. (2020, November 11). Github - PersistentJXA/BashProfilePersist.js. Retrieved January 11, 2021.
Internal MISP references
UUID b76d3ed0-e484-4ed1-aa6b-892a6f34e478 which can be used as unique global reference for code_persistence_zsh in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-11T00:00:00Z |
| date_published | 2020-11-11T00:00:00Z |
| source | MITRE |
| title | Github - PersistentJXA/BashProfilePersist.js |
Github PowerShell Empire
Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.
Internal MISP references
UUID 017ec673-454c-492a-a65b-10d3a20dfdab which can be used as unique global reference for Github PowerShell Empire in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-28T00:00:00Z |
| source | MITRE |
| title | Github PowerShellEmpire |
GitHub Pupy
Nicolas Verdier. (n.d.). Retrieved January 29, 2018.
Internal MISP references
UUID 69d5cb59-6545-4405-8ca6-733db99d3ee9 which can be used as unique global reference for GitHub Pupy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-29T00:00:00Z |
| source | MITRE |
| title | GitHub Pupy |
GitHub random_c2_profile
threatexpress. (n.d.). GitHub random_c2_profile. Retrieved September 21, 2023.
Internal MISP references
UUID dcb30328-6aa4-461b-8333-451d6af4b384 which can be used as unique global reference for GitHub random_c2_profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub random_c2_profile |
GitHub ransomware_map
cert-orangecyberdefense. (n.d.). GitHub ransomware_map. Retrieved March 13, 2024.
Internal MISP references
UUID d995f4b2-3262-4c37-855a-61aef7d7b8a8 which can be used as unique global reference for GitHub ransomware_map in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub ransomware_map |
GitHub rsockstun
llkat. (n.d.). GitHub rsockstun. Retrieved December 14, 2023.
Internal MISP references
UUID 1644457f-75d6-4064-a11b-9217249fa5e6 which can be used as unique global reference for GitHub rsockstun in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub rsockstun |
GitHub secretsdump
fortra. (n.d.). GitHub secretsdump. Retrieved November 16, 2023.
Internal MISP references
UUID c29a90a7-016f-49b7-a970-334290964f19 which can be used as unique global reference for GitHub secretsdump in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub secretsdump |
GitHub SharpChromium
djhohnstein. (n.d.). GitHub SharpChromium. Retrieved December 14, 2023.
Internal MISP references
UUID ca1956a5-72f2-43ad-a17f-a52ca97bd84e which can be used as unique global reference for GitHub SharpChromium in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub SharpChromium |
GitHub SharpHound
BloodHoundAD. (n.d.). GitHub SharpHound. Retrieved March 7, 2024.
Internal MISP references
UUID e1c405b4-b591-4469-848c-7a7dd69151c0 which can be used as unique global reference for GitHub SharpHound in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub SharpHound |
GitHub SharpRoast
GhostPack. (n.d.). GitHub SharpRoast. Retrieved September 22, 2023.
Internal MISP references
UUID 43a2e05d-4662-4a5c-9c99-3165f0d71169 which can be used as unique global reference for GitHub SharpRoast in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-22T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub SharpRoast |
GitHub SILENTTRINITY March 2022
Salvati, M (2019, August 6). SILENTTRINITY. Retrieved March 23, 2022.
Internal MISP references
UUID cff66280-c592-4e3c-a56c-32a9620cf95c which can be used as unique global reference for GitHub SILENTTRINITY March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-23T00:00:00Z |
| source | MITRE |
| title | GitHub SILENTTRINITY March 2022 |
GitHub Terminator
ZeroMemoryEx. (n.d.). GitHub Terminator. Retrieved March 13, 2024.
Internal MISP references
UUID c2556bcf-9cc9-4f46-8a0f-8f8d801dfdbf which can be used as unique global reference for GitHub Terminator in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub Terminator |
GitHub xmrig-proxy
xmrig. (n.d.). GitHub xmrig-proxy. Retrieved October 25, 2023.
Internal MISP references
UUID bd2a5de0-f55f-4eeb-a11f-8ec1e9f2ae2b which can be used as unique global reference for GitHub xmrig-proxy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | GitHub xmrig-proxy |
GitHub Gitrob
Michael Henriksen. (2018, June 9). Gitrob: Putting the Open Source in OSINT. Retrieved October 19, 2020.
Internal MISP references
UUID 1dee0842-15cc-4835-b8a8-938e0c94807b which can be used as unique global reference for GitHub Gitrob in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2018-06-09T00:00:00Z |
| source | MITRE |
| title | Gitrob: Putting the Open Source in OSINT |
FireEye DNS Hijack 2019
Hirani, M., Jones, S., Read, B. (2019, January 10). Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. Retrieved October 9, 2020.
Internal MISP references
UUID 2c696e90-11eb-4196-9946-b5c4c11ccddc which can be used as unique global reference for FireEye DNS Hijack 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-09T00:00:00Z |
| date_published | 2019-01-10T00:00:00Z |
| source | MITRE |
| title | Global DNS Hijacking Campaign: DNS Record Manipulation at Scale |
McAfee Night Dragon
McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.
Internal MISP references
UUID 242d2933-ca2b-4511-803a-454727a3acc5 which can be used as unique global reference for McAfee Night Dragon in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-19T00:00:00Z |
| date_published | 2011-02-10T00:00:00Z |
| source | MITRE |
| title | Global Energy Cyberattacks: “Night Dragon” |
GMER Rootkits
GMER. (n.d.). GMER. Retrieved December 12, 2017.
Internal MISP references
UUID f43e9881-4919-4ccc-b2ed-929d7838b2b4 which can be used as unique global reference for GMER Rootkits in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| source | MITRE |
| title | GMER |
Gnome Remote Desktop grd-settings
Pascal Nowack. (n.d.). Retrieved September 21, 2021.
Internal MISP references
UUID 8f494ff3-b02b-470b-a57d-d2275989f541 which can be used as unique global reference for Gnome Remote Desktop grd-settings in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-21T00:00:00Z |
| source | MITRE |
| title | Gnome Remote Desktop grd-settings |
Gnome Remote Desktop gschema
Pascal Nowack. (n.d.). Retrieved September 21, 2021.
Internal MISP references
UUID c7c749d5-b1b0-4a0f-8d14-eef47cfa1279 which can be used as unique global reference for Gnome Remote Desktop gschema in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-21T00:00:00Z |
| source | MITRE |
| title | Gnome Remote Desktop gschema |
MITRE Trustworthy Firmware Measurement
Upham, K. (2014, March). Going Deep into the BIOS with MITRE Firmware Security Research. Retrieved January 5, 2016.
Internal MISP references
UUID 25f52172-293e-4b23-9239-201a0ddbcdf1 which can be used as unique global reference for MITRE Trustworthy Firmware Measurement in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-05T00:00:00Z |
| date_published | 2014-03-01T00:00:00Z |
| source | MITRE |
| title | Going Deep into the BIOS with MITRE Firmware Security Research |
Secureworks Gold Blackburn Mar 2022
Secureworks Counter Threat Unit. (2022, March 1). Gold Blackburn Threat Profile. Retrieved June 15, 2023.
Internal MISP references
UUID b6b27fa9-488c-5b6d-8e12-fe8371846cd3 which can be used as unique global reference for Secureworks Gold Blackburn Mar 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-15T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | Gold Blackburn Threat Profile |
Secureworks GOLD CABIN
Secureworks. (n.d.). GOLD CABIN Threat Profile. Retrieved March 17, 2021.
Internal MISP references
UUID 778babec-e7d3-4341-9e33-aab361f2b98a which can be used as unique global reference for Secureworks GOLD CABIN in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-17T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | GOLD CABIN Threat Profile |
McAfee Gold Dragon
Sherstobitoff, R., Saavedra-Morales, J. (2018, February 02). Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems. Retrieved June 6, 2018.
Internal MISP references
UUID 4bdfa92b-cbbd-43e6-aa3e-422561ff8d7a which can be used as unique global reference for McAfee Gold Dragon in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-06T00:00:00Z |
| date_published | 2018-02-02T00:00:00Z |
| source | MITRE |
| title | Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems |
Cyberark Golden SAML
Reiner, S. (2017, November 21). Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps. Retrieved December 17, 2020.
Internal MISP references
UUID 58083370-8126-47d3-827c-1910ed3f4b2a which can be used as unique global reference for Cyberark Golden SAML in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2017-11-21T00:00:00Z |
| source | MITRE |
| title | Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps |
Trustwave GoldenSpy2 June 2020
Trustwave SpiderLabs. (2020, June 26). GoldenSpy: Chapter Two – The Uninstaller. Retrieved July 23, 2020.
Internal MISP references
UUID 5031e82e-66e8-4ae0-be47-53daa87ddf94 which can be used as unique global reference for Trustwave GoldenSpy2 June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-23T00:00:00Z |
| date_published | 2020-06-26T00:00:00Z |
| source | MITRE |
| title | GoldenSpy: Chapter Two – The Uninstaller |
Secureworks GOLD KINGSWOOD Threat Profile
Secureworks. (n.d.). GOLD KINGSWOOD. Retrieved October 18, 2021.
Internal MISP references
UUID 36035bbb-1609-4461-be27-ef4a920b814c which can be used as unique global reference for Secureworks GOLD KINGSWOOD Threat Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-18T00:00:00Z |
| source | MITRE |
| title | GOLD KINGSWOOD |
MSTIC NOBELIUM Mar 2021
Nafisi, R., Lelli, A. (2021, March 4). GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence. Retrieved March 8, 2021.
Internal MISP references
UUID 8688a0a9-d644-4b96-81bb-031f1f898652 which can be used as unique global reference for MSTIC NOBELIUM Mar 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-08T00:00:00Z |
| date_published | 2021-03-04T00:00:00Z |
| source | MITRE |
| title | GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence |
Secureworks GOLD NIAGARA Threat Profile
CTU. (n.d.). GOLD NIAGARA. Retrieved September 21, 2021.
Internal MISP references
UUID b11276cb-f6dd-4e91-90cd-9c287fb3e6b1 which can be used as unique global reference for Secureworks GOLD NIAGARA Threat Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-21T00:00:00Z |
| source | MITRE |
| title | GOLD NIAGARA |
Secureworks GOLD SOUTHFIELD
Secureworks. (n.d.). GOLD SOUTHFIELD. Retrieved October 6, 2020.
Internal MISP references
UUID 01d1ffaa-16b3-41c4-bb5a-afe2b41f1142 which can be used as unique global reference for Secureworks GOLD SOUTHFIELD in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-06T00:00:00Z |
| source | MITRE |
| title | GOLD SOUTHFIELD |
Google Cloud Identity API Documentation
Google. (n.d.). Retrieved March 16, 2021.
Internal MISP references
UUID 67f2719e-74fd-4bc1-9eeb-07d3095a5191 which can be used as unique global reference for Google Cloud Identity API Documentation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-16T00:00:00Z |
| source | MITRE |
| title | Google Cloud Identity API Documentation |
GCPBucketBrute
Spencer Gietzen. (2019, February 26). Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation. Retrieved March 4, 2022.
Internal MISP references
UUID d956e1f6-37ca-4352-b275-84c174888b88 which can be used as unique global reference for GCPBucketBrute in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-04T00:00:00Z |
| date_published | 2019-02-26T00:00:00Z |
| source | MITRE |
| title | Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation |
ExploitDB GoogleHacking
Offensive Security. (n.d.). Google Hacking Database. Retrieved October 23, 2020.
Internal MISP references
UUID 29714b88-a1ff-4684-a3b0-35c3a2c78947 which can be used as unique global reference for ExploitDB GoogleHacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-23T00:00:00Z |
| source | MITRE |
| title | Google Hacking Database |
Google Workspace Global Access List
Google. (n.d.). Retrieved March 16, 2021.
Internal MISP references
UUID 5104f0ea-1fb6-4260-a9b6-95922b3a8e5b which can be used as unique global reference for Google Workspace Global Access List in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-16T00:00:00Z |
| source | MITRE |
| title | Google Workspace Global Access List |
Sophos Gootloader
Szappanos, G. & Brandt, A. (2021, March 1). “Gootloader” expands its payload delivery options. Retrieved September 30, 2022.
Internal MISP references
UUID 63357292-0f08-4405-a45a-34b606ab7110 which can be used as unique global reference for Sophos Gootloader in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2021-03-01T00:00:00Z |
| source | MITRE |
| title | “Gootloader” expands its payload delivery options |
Unit 42 CARROTBAT January 2020
McCabe, A. (2020, January 23). The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks. Retrieved June 2, 2020.
Internal MISP references
UUID b65442ca-18ca-42e0-8be0-7c2b66c26d02 which can be used as unique global reference for Unit 42 CARROTBAT January 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-02T00:00:00Z |
| source | MITRE |
| title | Government Agency Targeted in Spear-Phishing Attacks |
Secureworks BRONZE SILHOUETTE May 2023
Counter Threat Unit Research Team. (2023, May 24). Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations. Retrieved July 27, 2023.
Internal MISP references
UUID 77624549-e170-5894-9219-a15b4aa31726 which can be used as unique global reference for Secureworks BRONZE SILHOUETTE May 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-27T00:00:00Z |
| source | MITRE |
| title | Government and Defense Organizations |
FireEye HAWKBALL Jun 2019
Patil, S. and Williams, M.. (2019, June 5). Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities. Retrieved June 20, 2019.
Internal MISP references
UUID c88150b1-8c0a-4fc5-b5b7-11e242af1c43 which can be used as unique global reference for FireEye HAWKBALL Jun 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-20T00:00:00Z |
| date_published | 2019-06-05T00:00:00Z |
| source | MITRE |
| title | Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities |
CISA AA20-296A Berserk Bear December 2020
CISA. (2020, December 1). Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets. Retrieved December 9, 2021.
Internal MISP references
UUID c7bc4b25-2043-4f43-8320-590f82d0e09a which can be used as unique global reference for CISA AA20-296A Berserk Bear December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-09T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Government Targets |
Obscuresecurity Get-GPPPassword
Campbell, C. (2012, May 24). GPP Password Retrieval with PowerShell. Retrieved April 11, 2018.
Internal MISP references
UUID 54351cf9-8d2a-47fb-92d5-fe64b628ab06 which can be used as unique global reference for Obscuresecurity Get-GPPPassword in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2012-05-24T00:00:00Z |
| source | MITRE |
| title | GPP Password Retrieval with PowerShell |
Microsoft gpresult
Microsoft. (2017, October 16). gpresult. Retrieved August 6, 2021.
Internal MISP references
UUID 88af38e8-e437-4153-80af-a1be8c6a8629 which can be used as unique global reference for Microsoft gpresult in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-06T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | gpresult |
Gpscript.exe - LOLBAS Project
LOLBAS. (2018, May 25). Gpscript.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 619f57d9-d93b-4e9b-aae0-6ce89d91deb6 which can be used as unique global reference for Gpscript.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Gpscript.exe |
ESET Grandoreiro April 2020
ESET. (2020, April 28). Grandoreiro: How engorged can an EXE get?. Retrieved November 13, 2020.
Internal MISP references
UUID d6270492-986b-4fb6-bdbc-2e364947847c which can be used as unique global reference for ESET Grandoreiro April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-13T00:00:00Z |
| date_published | 2020-04-28T00:00:00Z |
| source | MITRE |
| title | Grandoreiro: How engorged can an EXE get? |
IBM Grandoreiro April 2020
Abramov, D. (2020, April 13). Grandoreiro Malware Now Targeting Banks in Spain. Retrieved November 12, 2020.
Internal MISP references
UUID a2d4bca5-d57d-4a77-95c6-409f90115e2f which can be used as unique global reference for IBM Grandoreiro April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-12T00:00:00Z |
| date_published | 2020-04-13T00:00:00Z |
| source | MITRE |
| title | Grandoreiro Malware Now Targeting Banks in Spain |
AWS PassRole
AWS. (n.d.). Granting a user permissions to pass a role to an AWS service. Retrieved July 10, 2023.
Internal MISP references
UUID 01e0c198-dd59-5dd1-b632-73cb316eafe0 which can be used as unique global reference for AWS PassRole in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-10T00:00:00Z |
| source | MITRE |
| title | Granting a user permissions to pass a role to an AWS service |
CopyFromScreen .NET
Microsoft. (n.d.). Graphics.CopyFromScreen Method. Retrieved March 24, 2020.
Internal MISP references
UUID b9733af4-ffb4-416e-884e-d51649aecbce which can be used as unique global reference for CopyFromScreen .NET in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-24T00:00:00Z |
| source | MITRE |
| title | Graphics.CopyFromScreen Method |
Talos GravityRAT
Mercer, W., Rascagneres, P. (2018, April 26). GravityRAT - The Two-Year Evolution Of An APT Targeting India. Retrieved May 16, 2018.
Internal MISP references
UUID 2d7a1d72-cc9a-4b0b-a89a-e24ca836879b which can be used as unique global reference for Talos GravityRAT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-16T00:00:00Z |
| date_published | 2018-04-26T00:00:00Z |
| source | MITRE |
| title | GravityRAT - The Two-Year Evolution Of An APT Targeting India |
FireEye PowerShell Logging
Dunwoody, M. (2016, February 11). Greater Visibility Through PowerShell Logging. Retrieved September 28, 2021.
Internal MISP references
UUID 02ee8297-60e8-42bf-8791-2461ebc29207 which can be used as unique global reference for FireEye PowerShell Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2016-02-11T00:00:00Z |
| source | MITRE |
| title | Greater Visibility Through PowerShell Logging |
FireEye PowerShell Logging 2016
Dunwoody, M. (2016, February 11). GREATER VISIBILITY THROUGH POWERSHELL LOGGING. Retrieved February 16, 2016.
Internal MISP references
UUID eb1e9dc7-b935-42ae-bbde-d2fdda5953db which can be used as unique global reference for FireEye PowerShell Logging 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-16T00:00:00Z |
| date_published | 2016-02-11T00:00:00Z |
| source | MITRE |
| title | GREATER VISIBILITY THROUGH POWERSHELL LOGGING |
Glitch-Cat Green Lambert ATTCK Oct 2021
Sandvik, Runa. (2021, October 18). Green Lambert and ATT&CK. Retrieved March 21, 2022.
Internal MISP references
UUID f22d033c-4474-4bd7-b194-c7a4d9819a2b which can be used as unique global reference for Glitch-Cat Green Lambert ATTCK Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-21T00:00:00Z |
| date_published | 2021-10-18T00:00:00Z |
| source | MITRE |
| title | Green Lambert and ATT&CK |
ESET GreyEnergy Oct 2018
Cherepanov, A. (2018, October). GREYENERGY A successor to BlackEnergy. Retrieved November 15, 2018.
Internal MISP references
UUID f3e70f41-6c22-465c-b872-a7ec5e6a3e67 which can be used as unique global reference for ESET GreyEnergy Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-15T00:00:00Z |
| date_published | 2018-10-01T00:00:00Z |
| source | MITRE |
| title | GREYENERGY A successor to BlackEnergy |
GRIZZLY STEPPE JAR
Department of Homeland Security and Federal Bureau of Investigation. (2016, December 29). GRIZZLY STEPPE – Russian Malicious Cyber Activity. Retrieved January 11, 2017.
Internal MISP references
UUID 4b26d274-497f-49bc-a2a5-b93856a49893 which can be used as unique global reference for GRIZZLY STEPPE JAR in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-01-11T00:00:00Z |
| date_published | 2016-12-29T00:00:00Z |
| source | MITRE |
| title | GRIZZLY STEPPE – Russian Malicious Cyber Activity |
Citizen Lab Group5
Scott-Railton, J., et al. (2016, August 2). Group5: Syria and the Iranian Connection. Retrieved September 26, 2016.
Internal MISP references
UUID ffbec5e8-947a-4363-b7e1-812dfd79935a which can be used as unique global reference for Citizen Lab Group5 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-26T00:00:00Z |
| date_published | 2016-08-02T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Group5: Syria and the Iranian Connection |
Group-IB Threat Intelligence Tweet October 9 2023
GroupIB_TI. (2023, October 9). Group-IB Threat Intelligence Tweet October 9 2023. Retrieved October 10, 2023.
Internal MISP references
UUID 2df546ed-6577-44b2-9b26-0a17c3622df7 which can be used as unique global reference for Group-IB Threat Intelligence Tweet October 9 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-10-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Group-IB Threat Intelligence Tweet October 9 2023 |
TechNet Group Policy Basics
srachui. (2012, February 13). Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object. Retrieved March 5, 2019.
Internal MISP references
UUID 9b9c8c6c-c272-424e-a594-a34b7bf62477 which can be used as unique global reference for TechNet Group Policy Basics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2012-02-13T00:00:00Z |
| source | MITRE |
| title | Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object |
Microsoft GPP 2016
Microsoft. (2016, August 31). Group Policy Preferences. Retrieved March 9, 2020.
Internal MISP references
UUID fa3beaf1-81e7-411b-849a-24cffaf7c552 which can be used as unique global reference for Microsoft GPP 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-09T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Group Policy Preferences |
Venafi SSH Key Abuse
Blachman, Y. (2020, April 22). Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities. Retrieved June 24, 2020.
Internal MISP references
UUID cba14230-13bc-47ad-8f3f-d798217657bd which can be used as unique global reference for Venafi SSH Key Abuse in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| date_published | 2020-04-22T00:00:00Z |
| source | MITRE |
| title | Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities |
Wikibooks Grsecurity
Wikibooks. (2018, August 19). Grsecurity/The RBAC System. Retrieved June 4, 2020.
Internal MISP references
UUID 8a7abfa0-97e8-4cac-9d76-c886e9666a16 which can be used as unique global reference for Wikibooks Grsecurity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-04T00:00:00Z |
| date_published | 2018-08-19T00:00:00Z |
| source | MITRE |
| title | Grsecurity/The RBAC System |
TrueSec Gsecdump
TrueSec. (n.d.). gsecdump v2.0b5. Retrieved September 29, 2015.
Internal MISP references
UUID ba1d07ed-2e18-4f5f-9d44-082530946f14 which can be used as unique global reference for TrueSec Gsecdump in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-29T00:00:00Z |
| source | MITRE |
| title | gsecdump v2.0b5 |
GTFOBins Suid
Emilio Pinna, Andrea Cardaci. (n.d.). GTFOBins. Retrieved January 28, 2022.
Internal MISP references
UUID 0b7d8e81-da8e-4f6a-a1b7-4ed81e441b4d which can be used as unique global reference for GTFOBins Suid in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-28T00:00:00Z |
| source | MITRE |
| title | GTFOBins |
GTFObins at
Emilio Pinna, Andrea Cardaci. (n.d.). gtfobins at. Retrieved September 28, 2021.
Internal MISP references
UUID 3fad6618-5a85-4f7a-be2b-0600269d7768 which can be used as unique global reference for GTFObins at in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| source | MITRE |
| title | gtfobins at |
Fortinet Moses Staff February 15 2022
Rotem Sde-Or. (2022, February 15). Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months. Retrieved October 23, 2023.
Internal MISP references
UUID 4a435edb-18ae-4c31-beff-2b8f2e6cad34 which can be used as unique global reference for Fortinet Moses Staff February 15 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-23T00:00:00Z |
| date_published | 2022-02-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months |
Unit 42 NETWIRE April 2020
Duncan, B. (2020, April 3). GuLoader: Malspam Campaign Installing NetWire RAT. Retrieved January 7, 2021.
Internal MISP references
UUID b42f119d-144a-470a-b9fe-ccbf80a78fbb which can be used as unique global reference for Unit 42 NETWIRE April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-07T00:00:00Z |
| date_published | 2020-04-03T00:00:00Z |
| source | MITRE |
| title | GuLoader: Malspam Campaign Installing NetWire RAT |
Cisco H1N1 Part 1
Reynolds, J.. (2016, September 13). H1N1: Technical analysis reveals new capabilities. Retrieved September 26, 2016.
Internal MISP references
UUID 03a2faca-1a47-4f68-9f26-3fa98145f2ab which can be used as unique global reference for Cisco H1N1 Part 1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-26T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | H1N1: Technical analysis reveals new capabilities |
Cisco H1N1 Part 2
Reynolds, J.. (2016, September 14). H1N1: Technical analysis reveals new capabilities – part 2. Retrieved September 26, 2016.
Internal MISP references
UUID b53e55dc-078d-4535-a99f-c979ad8ca6e6 which can be used as unique global reference for Cisco H1N1 Part 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-26T00:00:00Z |
| date_published | 2016-09-14T00:00:00Z |
| source | MITRE |
| title | H1N1: Technical analysis reveals new capabilities – part 2 |
Wired Magecart S3 Buckets, 2019
Barrett, B.. (2019, July 11). Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting. Retrieved October 4, 2019.
Internal MISP references
UUID 47fb06ed-b4ce-454c-9bbe-21b28309f351 which can be used as unique global reference for Wired Magecart S3 Buckets, 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2019-07-11T00:00:00Z |
| source | MITRE |
| title | Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting |
Wired Uber Breach
Andy Greenberg. (2017, January 21). Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach. Retrieved May 14, 2021.
Internal MISP references
UUID 3bdf88b3-8f41-4945-9292-e299bab4f98e which can be used as unique global reference for Wired Uber Breach in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-14T00:00:00Z |
| date_published | 2017-01-21T00:00:00Z |
| source | MITRE |
| title | Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach |
Trendmicro NPM Compromise
Trendmicro. (2018, November 29). Hacker Infects Node.js Package to Steal from Bitcoin Wallets. Retrieved April 10, 2019.
Internal MISP references
UUID 69eac1b0-1c50-4534-99e0-2d0fd738ab8f which can be used as unique global reference for Trendmicro NPM Compromise in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-10T00:00:00Z |
| date_published | 2018-11-29T00:00:00Z |
| source | MITRE |
| title | Hacker Infects Node.js Package to Steal from Bitcoin Wallets |
Data Destruction - Threat Post
Mimoso, M.. (2014, June 18). Hacker Puts Hosting Service Code Spaces Out of Business. Retrieved December 15, 2020.
Internal MISP references
UUID 97d16d3a-98a0-4a7d-9f74-8877c8088ddf which can be used as unique global reference for Data Destruction - Threat Post in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-15T00:00:00Z |
| date_published | 2014-06-18T00:00:00Z |
| source | MITRE |
| title | Hacker Puts Hosting Service Code Spaces Out of Business |
Salesforce zero-day in facebook phishing attack
Bill Toulas. (2023, August 2). Hackers exploited Salesforce zero-day in Facebook phishing attack. Retrieved September 18, 2023.
Internal MISP references
UUID cbd360bb-f4b6-5326-8861-b05f3a2a8737 which can be used as unique global reference for Salesforce zero-day in facebook phishing attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-18T00:00:00Z |
| date_published | 2023-08-02T00:00:00Z |
| source | MITRE |
| title | Hackers exploited Salesforce zero-day in Facebook phishing attack |
Fortune Dragonfly 2.0 Sept 2017
Hackett, R. (2017, September 6). Hackers Have Penetrated Energy Grid, Symantec Warns. Retrieved June 6, 2018.
Internal MISP references
UUID b56c5b41-b8e0-4fef-a6d8-183bb283dc7c which can be used as unique global reference for Fortune Dragonfly 2.0 Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-06T00:00:00Z |
| date_published | 2017-09-06T00:00:00Z |
| source | MITRE |
| title | Hackers Have Penetrated Energy Grid, Symantec Warns |
Huntress API Hash
Brennan, M. (2022, February 16). Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection. Retrieved August 22, 2022.
Internal MISP references
UUID e9f91661-29e3-408e-bfdd-c7df22f3f400 which can be used as unique global reference for Huntress API Hash in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-22T00:00:00Z |
| date_published | 2022-02-16T00:00:00Z |
| source | MITRE |
| title | Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection |
BleepingComputer Agent Tesla steal wifi passwords
Sergiu Gatlan. (2020, April 16). Hackers steal WiFi passwords using upgraded Agent Tesla malware. Retrieved September 8, 2023.
Internal MISP references
UUID 93b5ecd2-35a3-5bd8-9d6e-87bace012546 which can be used as unique global reference for BleepingComputer Agent Tesla steal wifi passwords in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| date_published | 2020-04-16T00:00:00Z |
| source | MITRE |
| title | Hackers steal WiFi passwords using upgraded Agent Tesla malware |
PCMag FakeLogin
Kan, M. (2019, October 24). Hackers Try to Phish United Nations Staffers With Fake Login Pages. Retrieved October 20, 2020.
Internal MISP references
UUID f652524c-7950-4a8a-9860-0e658a9581d8 which can be used as unique global reference for PCMag FakeLogin in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-10-24T00:00:00Z |
| source | MITRE |
| title | Hackers Try to Phish United Nations Staffers With Fake Login Pages |
Krebs-Bazaar
Brian Krebs. (2016, October 31). Hackforums Shutters Booter Service Bazaar. Retrieved May 15, 2017.
Internal MISP references
UUID b46efda2-18e0-451e-b945-28421c2d5274 which can be used as unique global reference for Krebs-Bazaar in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-15T00:00:00Z |
| date_published | 2016-10-31T00:00:00Z |
| source | MITRE |
| title | Hackforums Shutters Booter Service Bazaar |
BleepingComputer Molerats Dec 2020
Ilascu, I. (2020, December 14). Hacking group’s new malware abuses Google and Facebook services. Retrieved December 28, 2020.
Internal MISP references
UUID 307108c8-9c72-4f31-925b-0b9bd4b31e7b which can be used as unique global reference for BleepingComputer Molerats Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-28T00:00:00Z |
| date_published | 2020-12-14T00:00:00Z |
| source | MITRE |
| title | Hacking group’s new malware abuses Google and Facebook services |
Microsoft Hacking Team Breach
Microsoft Secure Team. (2016, June 1). Hacking Team Breach: A Cyber Jurassic Park. Retrieved March 5, 2019.
Internal MISP references
UUID 8daac742-6467-40db-9fe5-87efd2a96f09 which can be used as unique global reference for Microsoft Hacking Team Breach in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2016-06-01T00:00:00Z |
| source | MITRE |
| title | Hacking Team Breach: A Cyber Jurassic Park |
Intel HackingTeam UEFI Rootkit
Intel Security. (2005, July 16). HackingTeam's UEFI Rootkit Details. Retrieved March 20, 2017.
Internal MISP references
UUID 1c476cb2-8ce0-4559-8037-646d0ea09398 which can be used as unique global reference for Intel HackingTeam UEFI Rootkit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-20T00:00:00Z |
| date_published | 2005-07-16T00:00:00Z |
| source | MITRE |
| title | HackingTeam's UEFI Rootkit Details |
TrendMicro Hacking Team UEFI
Lin, P. (2015, July 13). Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems. Retrieved December 11, 2015.
Internal MISP references
UUID 24796535-d516-45e9-bcc7-8f03a3f3cd73 which can be used as unique global reference for TrendMicro Hacking Team UEFI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-11T00:00:00Z |
| date_published | 2015-07-13T00:00:00Z |
| source | MITRE |
| title | Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems |
TempertonDarkHotel
Temperton, J. (2015, August 10). Hacking Team zero-day used in new Darkhotel attacks. Retrieved March 9, 2017.
Internal MISP references
UUID 4de7960b-bd62-452b-9e64-b52a0d580858 which can be used as unique global reference for TempertonDarkHotel in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-09T00:00:00Z |
| date_published | 2015-08-10T00:00:00Z |
| source | MITRE |
| title | Hacking Team zero-day used in new Darkhotel attacks |
FireEye Hacking FIN4 Video Dec 2014
Vengerik, B. & Dennesen, K.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved January 15, 2019.
Internal MISP references
UUID 6dcfe3fb-c310-49cf-a657-f2cec65c5499 which can be used as unique global reference for FireEye Hacking FIN4 Video Dec 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-15T00:00:00Z |
| date_published | 2014-12-05T00:00:00Z |
| source | MITRE |
| title | Hacking the Street? FIN4 Likely Playing the Market |
FireEye Hacking FIN4 Dec 2014
Vengerik, B. et al.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved December 17, 2018.
Internal MISP references
UUID c3ac1c2a-21cc-42a9-a214-88f302371766 which can be used as unique global reference for FireEye Hacking FIN4 Dec 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-17T00:00:00Z |
| date_published | 2014-12-05T00:00:00Z |
| source | MITRE |
| title | Hacking the Street? FIN4 Likely Playing the Market |
Malwarebytes OSINT Leaky Buckets - Hioureas
Vasilios Hioureas. (2019, September 13). Hacking with AWS: incorporating leaky buckets into your OSINT workflow. Retrieved February 14, 2022.
Internal MISP references
UUID 67ebcf71-828e-4202-b842-f071140883f8 which can be used as unique global reference for Malwarebytes OSINT Leaky Buckets - Hioureas in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-14T00:00:00Z |
| date_published | 2019-09-13T00:00:00Z |
| source | MITRE |
| title | Hacking with AWS: incorporating leaky buckets into your OSINT workflow |
Microsoft HAFNIUM March 2020
MSTIC. (2021, March 2). HAFNIUM targeting Exchange Servers with 0-day exploits. Retrieved March 3, 2021.
Internal MISP references
UUID 6a986c46-79a3-49c6-94d2-d9b1f5db08f3 which can be used as unique global reference for Microsoft HAFNIUM March 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-03T00:00:00Z |
| date_published | 2021-03-02T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | HAFNIUM targeting Exchange Servers with 0-day exploits |
haking9 libpcap network sniffing
Luis Martin Garcia. (2008, February 1). Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security. Retrieved October 18, 2022.
Internal MISP references
UUID 2803d0b8-78ee-4b19-aad3-daf84cd292b5 which can be used as unique global reference for haking9 libpcap network sniffing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-18T00:00:00Z |
| date_published | 2008-02-01T00:00:00Z |
| source | MITRE |
| title | Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security |
FireEye APT29
FireEye Labs. (2015, July). HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Retrieved September 17, 2015.
Internal MISP references
UUID 78ead31e-7450-46e8-89cf-461ae1981994 which can be used as unique global reference for FireEye APT29 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-17T00:00:00Z |
| date_published | 2015-07-01T00:00:00Z |
| source | MITRE |
| title | HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group |
FireEye Hancitor
Anubhav, A., Jallepalli, D. (2016, September 23). Hancitor (AKA Chanitor) observed using multiple attack approaches. Retrieved August 13, 2020.
Internal MISP references
UUID 65a07c8c-5b29-445f-8f01-6e577df4ea62 which can be used as unique global reference for FireEye Hancitor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-13T00:00:00Z |
| date_published | 2016-09-23T00:00:00Z |
| source | MITRE |
| title | Hancitor (AKA Chanitor) observed using multiple attack approaches |
NCC Group Fivehands June 2021
Matthews, M. and Backhouse, W. (2021, June 15). Handy guide to a new Fivehands ransomware variant. Retrieved June 24, 2021.
Internal MISP references
UUID 33955c35-e8cd-4486-b1ab-6f992319c81c which can be used as unique global reference for NCC Group Fivehands June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-24T00:00:00Z |
| date_published | 2021-06-15T00:00:00Z |
| source | MITRE |
| title | Handy guide to a new Fivehands ransomware variant |
Apple Developer Doco Hardened Runtime
Apple Inc.. (2021, January 1). Hardened Runtime: Manage security protections and resource access for your macOS apps.. Retrieved March 24, 2021.
Internal MISP references
UUID b41de1e5-63ab-4556-a61f-3baca1873283 which can be used as unique global reference for Apple Developer Doco Hardened Runtime in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | Hardened Runtime: Manage security protections and resource access for your macOS apps. |
FireEye APT34 July 2019
Bromiley, M., et al.. (2019, July 18). Hard Pass: Declining APT34’s Invite to Join Their Professional Network. Retrieved August 26, 2019.
Internal MISP references
UUID 09a00ded-1afc-4555-894e-a151162796eb which can be used as unique global reference for FireEye APT34 July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-26T00:00:00Z |
| date_published | 2019-07-18T00:00:00Z |
| source | MITRE |
| title | Hard Pass: Declining APT34’s Invite to Join Their Professional Network |
GitHub Hashjacking
Dunning, J. (2016, August 1). Hashjacking. Retrieved December 21, 2017.
Internal MISP references
UUID d31f6612-c552-45e1-bf6b-889fe619ab5f which can be used as unique global reference for GitHub Hashjacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2016-08-01T00:00:00Z |
| source | MITRE |
| title | Hashjacking |
FireEye HawkEye Malware July 2017
Swapnil Patil, Yogesh Londhe. (2017, July 25). HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign. Retrieved June 18, 2019.
Internal MISP references
UUID 7ad228a8-5450-45ec-86fc-ea038f7c6ef7 which can be used as unique global reference for FireEye HawkEye Malware July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-18T00:00:00Z |
| date_published | 2017-07-25T00:00:00Z |
| source | MITRE |
| title | HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign |
Specter Ops - Cloud Credential Storage
Maddalena, C.. (2018, September 12). Head in the Clouds. Retrieved October 4, 2019.
Internal MISP references
UUID 95d6d1ce-ceba-48ee-88c4-0fb30058bd80 which can be used as unique global reference for Specter Ops - Cloud Credential Storage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2018-09-12T00:00:00Z |
| source | MITRE |
| title | Head in the Clouds |
Securelist Dtrack
Konstantin Zykov. (2019, September 23). Hello! My name is Dtrack. Retrieved January 20, 2021.
Internal MISP references
UUID 49bd8841-a4b5-4ced-adfa-0ad0c8625ccd which can be used as unique global reference for Securelist Dtrack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-20T00:00:00Z |
| date_published | 2019-09-23T00:00:00Z |
| source | MITRE |
| title | Hello! My name is Dtrack |
Securelist Dtrack2
KONSTANTIN ZYKOV. (2019, September 23). Hello! My name is Dtrack. Retrieved September 30, 2022.
Internal MISP references
UUID a011b68a-30e0-4204-9bf3-fa73f2a238b4 which can be used as unique global reference for Securelist Dtrack2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2019-09-23T00:00:00Z |
| source | MITRE |
| title | Hello! My name is Dtrack |
Baggett 2012
Baggett, M. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved December 4, 2014.
Internal MISP references
UUID 9b234329-5e05-4035-af38-dd8ab20fd68e which can be used as unique global reference for Baggett 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-04T00:00:00Z |
| date_published | 2012-11-08T00:00:00Z |
| source | MITRE |
| title | Help eliminate unquoted path vulnerabilities |
Help eliminate unquoted path
Mark Baggett. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved November 8, 2012.
Internal MISP references
UUID 23ad5a8c-cbe1-4f40-8757-f1784a4003a1 which can be used as unique global reference for Help eliminate unquoted path in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2012-11-08T00:00:00Z |
| date_published | 2012-11-08T00:00:00Z |
| source | MITRE |
| title | Help eliminate unquoted path vulnerabilities |
Default VBS macros Blocking
Kellie Eickmeyer. (2022, February 7). Helping users stay safe: Blocking internet macros by default in Office. Retrieved February 7, 2022.
Internal MISP references
UUID d86883dd-3766-4971-91c7-b205ed13cc37 which can be used as unique global reference for Default VBS macros Blocking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-07T00:00:00Z |
| date_published | 2022-02-07T00:00:00Z |
| source | MITRE |
| title | Helping users stay safe: Blocking internet macros by default in Office |
Twitter CMSTP Usage Jan 2018
Carr, N. (2018, January 31). Here is some early bad cmstp.exe... Retrieved April 11, 2018.
Internal MISP references
UUID 836621f3-83e1-4c55-8e3b-740fc9ba1e46 which can be used as unique global reference for Twitter CMSTP Usage Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-01-31T00:00:00Z |
| source | MITRE |
| title | Here is some early bad cmstp.exe.. |
ESET Hermetic Wiper February 2022
ESET. (2022, February 24). HermeticWiper: New data wiping malware hits Ukraine. Retrieved March 25, 2022.
Internal MISP references
UUID 07ef66e8-195b-4afe-a518-ce9e77220038 which can be used as unique global reference for ESET Hermetic Wiper February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-02-24T00:00:00Z |
| source | MITRE |
| title | HermeticWiper: New data wiping malware hits Ukraine |
SentinelOne Hermetic Wiper February 2022
Guerrero-Saade, J. (2022, February 23). HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine. Retrieved March 25, 2022.
Internal MISP references
UUID 96825555-1936-4ee3-bb25-423dc16a9116 which can be used as unique global reference for SentinelOne Hermetic Wiper February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-02-23T00:00:00Z |
| source | MITRE |
| title | HermeticWiper |
Dragos Hexane
Dragos. (n.d.). Hexane. Retrieved October 27, 2019.
Internal MISP references
UUID 11838e67-5032-4352-ad1f-81ba0398a14f which can be used as unique global reference for Dragos Hexane in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-27T00:00:00Z |
| source | MITRE |
| title | Hexane |
Sourceforge Heyoka 2022
Sourceforge. (n.d.). Heyoka POC Exfiltration Tool. Retrieved October 11, 2022.
Internal MISP references
UUID f6677391-cb7a-4abc-abb7-3a8cd47fbc90 which can be used as unique global reference for Sourceforge Heyoka 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-11T00:00:00Z |
| source | MITRE |
| title | Heyoka POC Exfiltration Tool |
Hh.exe - LOLBAS Project
LOLBAS. (2018, May 25). Hh.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4e09bfcf-f5be-46c5-9ebf-8742ac8d1edc which can be used as unique global reference for Hh.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Hh.exe |
CrowdStrike BloodHound April 2018
Red Team Labs. (2018, April 24). Hidden Administrative Accounts: BloodHound to the Rescue. Retrieved October 28, 2020.
Internal MISP references
UUID fa99f290-e42c-4311-9f6d-c519c9ab89fe which can be used as unique global reference for CrowdStrike BloodHound April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-28T00:00:00Z |
| date_published | 2018-04-24T00:00:00Z |
| source | MITRE |
| title | Hidden Administrative Accounts: BloodHound to the Rescue |
McAfee Bankshot
Sherstobitoff, R. (2018, March 08). Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant. Retrieved May 18, 2018.
Internal MISP references
UUID c748dc6c-8c19-4a5c-840f-3d47955a6c78 which can be used as unique global reference for McAfee Bankshot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-18T00:00:00Z |
| date_published | 2018-03-08T00:00:00Z |
| source | MITRE |
| title | Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant |
Pfammatter - Hidden Inbox Rules
Damian Pfammatter. (2018, September 17). Hidden Inbox Rules in Microsoft Exchange. Retrieved October 12, 2021.
Internal MISP references
UUID 8a00b664-5a75-4365-9069-a32e0ed20a80 which can be used as unique global reference for Pfammatter - Hidden Inbox Rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2018-09-17T00:00:00Z |
| source | MITRE |
| title | Hidden Inbox Rules in Microsoft Exchange |
Intezer HiddenWasp Map 2019
Sanmillan, I. (2019, May 29). HiddenWasp Malware Stings Targeted Linux Systems. Retrieved June 24, 2019.
Internal MISP references
UUID dfef8451-031b-42a6-8b78-d25950cc9d23 which can be used as unique global reference for Intezer HiddenWasp Map 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-24T00:00:00Z |
| date_published | 2019-05-29T00:00:00Z |
| source | MITRE |
| title | HiddenWasp Malware Stings Targeted Linux Systems |
Apple Support Hide a User Account
Apple. (2020, November 30). Hide a user account in macOS. Retrieved December 10, 2021.
Internal MISP references
UUID e901df3b-76a6-41a5-9083-b28065e75aa2 which can be used as unique global reference for Apple Support Hide a User Account in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-10T00:00:00Z |
| date_published | 2020-11-30T00:00:00Z |
| source | MITRE |
| title | Hide a user account in macOS |
Malwarebytes Wow6432Node 2016
Arntz, P. (2016, March 30). Hiding in Plain Sight. Retrieved August 3, 2020.
Internal MISP references
UUID d4eba34c-d76b-45b4-bcaf-0f13459daaad which can be used as unique global reference for Malwarebytes Wow6432Node 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-03T00:00:00Z |
| date_published | 2016-03-30T00:00:00Z |
| source | MITRE |
| title | Hiding in Plain Sight |
FireEye APT17
FireEye Labs/FireEye Threat Intelligence. (2015, May 14). Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic. Retrieved January 22, 2016.
Internal MISP references
UUID a303f97a-72dd-4833-bac7-a421addc3242 which can be used as unique global reference for FireEye APT17 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-22T00:00:00Z |
| date_published | 2015-05-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic |
Crowdstrike Hiding in Plain Sight 2018
Crowdstrike. (2018, July 18). Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises. Retrieved January 19, 2020.
Internal MISP references
UUID 8612fb31-5806-47ca-ba43-265a590b61fb which can be used as unique global reference for Crowdstrike Hiding in Plain Sight 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-19T00:00:00Z |
| date_published | 2018-07-18T00:00:00Z |
| source | MITRE |
| title | Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises |
Hiding Malicious Code with Module Stomping
Aliz Hammond. (2019, August 15). Hiding Malicious Code with "Module Stomping": Part 1. Retrieved July 14, 2022.
Internal MISP references
UUID 88983d22-980d-4442-858a-3b70ec485b94 which can be used as unique global reference for Hiding Malicious Code with Module Stomping in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| date_published | 2019-08-15T00:00:00Z |
| source | MITRE |
| title | Hiding Malicious Code with "Module Stomping": Part 1 |
SpectorOps Hiding Reg Jul 2017
Reitz, B. (2017, July 14). Hiding Registry keys with PSReflect. Retrieved August 9, 2018.
Internal MISP references
UUID 877a5ae4-ec5f-4f53-b69d-ba74ff9e1619 which can be used as unique global reference for SpectorOps Hiding Reg Jul 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-09T00:00:00Z |
| date_published | 2017-07-14T00:00:00Z |
| source | MITRE |
| title | Hiding Registry keys with PSReflect |
FireEye SUNBURST Backdoor December 2020
FireEye. (2020, December 13). Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. Retrieved January 4, 2021.
Internal MISP references
UUID d006ed03-a8af-4887-9356-3481d81d43e4 which can be used as unique global reference for FireEye SUNBURST Backdoor December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-04T00:00:00Z |
| date_published | 2020-12-13T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor |
Redirectors_Domain_Fronting
Mudge, R. (2017, February 6). High-reputation Redirectors and Domain Fronting. Retrieved July 11, 2022.
Internal MISP references
UUID 42c81d97-b6ee-458e-bff3-e8c4de882cd6 which can be used as unique global reference for Redirectors_Domain_Fronting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-11T00:00:00Z |
| date_published | 2017-02-06T00:00:00Z |
| source | MITRE |
| title | High-reputation Redirectors and Domain Fronting |
Synack Secure Kernel Extension Broken
Wardle, P. (2017, September 8). High Sierra’s ‘Secure Kernel Extension Loading’ is Broken. Retrieved April 6, 2018.
Internal MISP references
UUID 647f6be8-fe95-4045-8778-f7d7ff00c96c which can be used as unique global reference for Synack Secure Kernel Extension Broken in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2017-09-08T00:00:00Z |
| source | MITRE |
| title | High Sierra’s ‘Secure Kernel Extension Loading’ is Broken |
Unit 42 Hildegard Malware
Chen, J. et al. (2021, February 3). Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes. Retrieved April 5, 2021.
Internal MISP references
UUID 0941cf0e-75d8-4c96-bc42-c99d809e75f9 which can be used as unique global reference for Unit 42 Hildegard Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-05T00:00:00Z |
| date_published | 2021-02-03T00:00:00Z |
| source | MITRE |
| title | Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes |
Drakonia HInvoke
drakonia. (2022, August 10). HInvoke and avoiding PInvoke. Retrieved August 22, 2022.
Internal MISP references
UUID 11d936fd-aba0-4eed-8007-aca71c340c59 which can be used as unique global reference for Drakonia HInvoke in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-22T00:00:00Z |
| date_published | 2022-08-10T00:00:00Z |
| source | MITRE |
| title | HInvoke and avoiding PInvoke |
microsoft_services_registry_tree
Microsoft. (2021, August 5). HKLM\SYSTEM\CurrentControlSet\Services Registry Tree. Retrieved August 25, 2021.
Internal MISP references
UUID 171cfdf1-d91c-4df3-831e-89b6237e3c8b which can be used as unique global reference for microsoft_services_registry_tree in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-25T00:00:00Z |
| date_published | 2021-08-05T00:00:00Z |
| source | MITRE |
| title | HKLM\SYSTEM\CurrentControlSet\Services Registry Tree |
Microsoft CurrentControlSet Services
Microsoft. (2017, April 20). HKLM\SYSTEM\CurrentControlSet\Services Registry Tree. Retrieved March 16, 2020.
Internal MISP references
UUID cb9b5391-773f-4b56-8c41-d4f548c7b835 which can be used as unique global reference for Microsoft CurrentControlSet Services in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-16T00:00:00Z |
| date_published | 2017-04-20T00:00:00Z |
| source | MITRE |
| title | HKLM\SYSTEM\CurrentControlSet\Services Registry Tree |
Accenture Hogfish April 2018
Accenture Security. (2018, April 23). Hogfish Redleaves Campaign. Retrieved July 2, 2018.
Internal MISP references
UUID c8e9fee1-9981-499f-a62f-ffe59f4bb1e7 which can be used as unique global reference for Accenture Hogfish April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-02T00:00:00Z |
| date_published | 2018-04-23T00:00:00Z |
| source | MITRE |
| title | Hogfish Redleaves Campaign |
Proofpoint Router Malvertising
Kafeine. (2016, December 13). Home Routers Under Attack via Malvertising on Windows, Android Devices. Retrieved January 16, 2019.
Internal MISP references
UUID b964139f-7c02-451d-8d22-a87975e60aa2 which can be used as unique global reference for Proofpoint Router Malvertising in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-16T00:00:00Z |
| date_published | 2016-12-13T00:00:00Z |
| source | MITRE |
| title | Home Routers Under Attack via Malvertising on Windows, Android Devices |
Trustwave Honeypot SkidMap 2023
Radoslaw Zdonczyk. (2023, July 30). Honeypot Recon: New Variant of SkidMap Targeting Redis. Retrieved September 29, 2023.
Internal MISP references
UUID 300505ae-bb7a-503d-84c5-9ff021eb6f3a which can be used as unique global reference for Trustwave Honeypot SkidMap 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-29T00:00:00Z |
| date_published | 2023-07-30T00:00:00Z |
| source | MITRE |
| title | Honeypot Recon: New Variant of SkidMap Targeting Redis |
Microsoft Hook Overview
Microsoft. (n.d.). Hooks Overview. Retrieved December 12, 2017.
Internal MISP references
UUID 54997a52-f78b-4af4-8916-787bcb215ce1 which can be used as unique global reference for Microsoft Hook Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| source | MITRE |
| title | Hooks Overview |
SpectorOps Host-Based Jul 2017
Atkinson, J. (2017, July 18). Host-based Threat Modeling & Indicator Design. Retrieved March 21, 2018.
Internal MISP references
UUID 5fbf3a1d-eac2-44b8-a0a9-70feca168647 which can be used as unique global reference for SpectorOps Host-Based Jul 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-21T00:00:00Z |
| date_published | 2017-07-18T00:00:00Z |
| source | MITRE |
| title | Host-based Threat Modeling & Indicator Design |
Crowdstrike AWS User Federation Persistence
Vaishnav Murthy and Joel Eng. (2023, January 30). How Adversaries Can Persist with AWS User Federation. Retrieved March 10, 2023.
Internal MISP references
UUID 8c4f806c-b6f2-5bde-8525-05da6692e59c which can be used as unique global reference for Crowdstrike AWS User Federation Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-10T00:00:00Z |
| date_published | 2023-01-30T00:00:00Z |
| source | MITRE |
| title | How Adversaries Can Persist with AWS User Federation |
Andy Greenberg June 2017
Andy Greenberg. (2017, June 28). How an Entire Nation Became Russia's Test Lab for Cyberwar. Retrieved September 27, 2023.
Internal MISP references
UUID 6a013c48-3b58-5b87-9af5-0b7d01f27c48 which can be used as unique global reference for Andy Greenberg June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2017-06-28T00:00:00Z |
| source | MITRE |
| title | How an Entire Nation Became Russia's Test Lab for Cyberwar |
Symantec Digital Certificates
Shinotsuka, H. (2013, February 22). How Attackers Steal Private Keys from Digital Certificates. Retrieved March 31, 2016.
Internal MISP references
UUID 4b4f0171-827d-45c3-8c89-66ea801e77e8 which can be used as unique global reference for Symantec Digital Certificates in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-31T00:00:00Z |
| date_published | 2013-02-22T00:00:00Z |
| source | MITRE |
| title | How Attackers Steal Private Keys from Digital Certificates |
ADSecurity Silver Tickets
Sean Metcalf. (2015, November 17). How Attackers Use Kerberos Silver Tickets to Exploit Systems. Retrieved February 27, 2020.
Internal MISP references
UUID 5185560e-b8f0-4c40-8c90-cb12348a0f7f which can be used as unique global reference for ADSecurity Silver Tickets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-27T00:00:00Z |
| date_published | 2015-11-17T00:00:00Z |
| source | MITRE |
| title | How Attackers Use Kerberos Silver Tickets to Exploit Systems |
Amazon S3 Security, 2019
Amazon. (2019, May 17). How can I secure the files in my Amazon S3 bucket?. Retrieved October 4, 2019.
Internal MISP references
UUID 4c434ca5-2544-45e0-82d9-71343d8aa960 which can be used as unique global reference for Amazon S3 Security, 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2019-05-17T00:00:00Z |
| source | MITRE |
| title | How can I secure the files in my Amazon S3 bucket? |
Microsoft Connection Manager Oct 2009
Microsoft. (2009, October 8). How Connection Manager Works. Retrieved April 11, 2018.
Internal MISP references
UUID 0b0880a8-82cc-4e23-afd9-95d099c753a4 which can be used as unique global reference for Microsoft Connection Manager Oct 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2009-10-08T00:00:00Z |
| source | MITRE |
| title | How Connection Manager Works |
dns_changer_trojans
Abendan, O. (2012, June 14). How DNS Changer Trojans Direct Users to Threats. Retrieved October 28, 2021.
Internal MISP references
UUID 082a0fde-d9f9-45f2-915d-f14c77b62254 which can be used as unique global reference for dns_changer_trojans in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-28T00:00:00Z |
| date_published | 2012-06-14T00:00:00Z |
| source | MITRE |
| title | How DNS Changer Trojans Direct Users to Threats |
Entrust Enable CAPI2 Aug 2017
Entrust Datacard. (2017, August 16). How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server?. Retrieved January 31, 2018.
Internal MISP references
UUID ad6dfcab-792a-4b4d-8ada-aa418e2ea1aa which can be used as unique global reference for Entrust Enable CAPI2 Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| date_published | 2017-08-16T00:00:00Z |
| source | MITRE |
| title | How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server? |
Apple Culprit Access
rjben. (2012, May 30). How do you find the culprit when unauthorized access to a computer is a problem?. Retrieved August 3, 2022.
Internal MISP references
UUID 9254d3f5-7fc1-4710-b885-b0ddb3a3dca9 which can be used as unique global reference for Apple Culprit Access in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-03T00:00:00Z |
| date_published | 2012-05-30T00:00:00Z |
| source | MITRE |
| title | How do you find the culprit when unauthorized access to a computer is a problem? |
DOJ FIN7 Aug 2018
Department of Justice. (2018, August 01). HOW FIN7 ATTACKED AND STOLE DATA. Retrieved August 24, 2018.
Internal MISP references
UUID 6a588eff-2b79-41c3-9834-613a628a0355 which can be used as unique global reference for DOJ FIN7 Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-24T00:00:00Z |
| date_published | 2018-08-01T00:00:00Z |
| source | MITRE |
| title | HOW FIN7 ATTACKED AND STOLE DATA |
Charles McLellan March 2016
Charles McLellan. (2016, March 4). How hackers attacked Ukraine's power grid: Implications for Industrial IoT security. Retrieved September 27, 2023.
Internal MISP references
UUID a9156c24-42ad-5f15-a18e-2382f84d702e which can be used as unique global reference for Charles McLellan March 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2016-03-04T00:00:00Z |
| source | MITRE |
| title | How hackers attacked Ukraine's power grid: Implications for Industrial IoT security |
Cyware Social Media
Cyware Hacker News. (2019, October 2). How Hackers Exploit Social Media To Break Into Your Company. Retrieved October 20, 2020.
Internal MISP references
UUID e6136a63-81fe-4363-8d98-f7d1e85a0f2b which can be used as unique global reference for Cyware Social Media in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-10-02T00:00:00Z |
| source | MITRE |
| title | How Hackers Exploit Social Media To Break Into Your Company |
malware_hides_service
Lawrence Abrams. (2004, September 10). How Malware hides and is installed as a Service. Retrieved August 30, 2021.
Internal MISP references
UUID c5982f65-1782-452a-9667-a8732d31e89a which can be used as unique global reference for malware_hides_service in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-30T00:00:00Z |
| date_published | 2004-09-10T00:00:00Z |
| source | MITRE |
| title | How Malware hides and is installed as a Service |
S1 macOs Persistence
Stokes, P. (2019, July 17). How Malware Persists on macOS. Retrieved March 27, 2020.
Internal MISP references
UUID ce952a0d-9c0d-4a51-9564-7cc5d9e43e2c which can be used as unique global reference for S1 macOs Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-27T00:00:00Z |
| date_published | 2019-07-17T00:00:00Z |
| source | MITRE |
| title | How Malware Persists on macOS |
sentinelone macos persist Jun 2019
Stokes, Phil. (2019, June 17). HOW MALWARE PERSISTS ON MACOS. Retrieved September 10, 2019.
Internal MISP references
UUID 81a49043-cac5-40e0-a626-fd242d21c56d which can be used as unique global reference for sentinelone macos persist Jun 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-10T00:00:00Z |
| date_published | 2019-06-17T00:00:00Z |
| source | MITRE |
| title | HOW MALWARE PERSISTS ON MACOS |
Kaspersky Autofill
Golubev, S. (n.d.). How malware steals autofill data from browsers. Retrieved March 28, 2023.
Internal MISP references
UUID 561ff84d-17ce-511c-af0c-059310f3c129 which can be used as unique global reference for Kaspersky Autofill in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| source | MITRE |
| title | How malware steals autofill data from browsers |
TheEclecticLightCompany apple notarization
How Notarization Works. (2020, August 28). How notarization works. Retrieved September 13, 2021.
Internal MISP references
UUID 80c840ab-782a-4f15-bc7b-2d2ab4e51702 which can be used as unique global reference for TheEclecticLightCompany apple notarization in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2020-08-28T00:00:00Z |
| source | MITRE |
| title | How notarization works |
SentinelOne AppleScript
Phil Stokes. (2020, March 16). How Offensive Actors Use AppleScript For Attacking macOS. Retrieved July 17, 2020.
Internal MISP references
UUID bb6aafcb-ed30-404a-a9d9-b90503a0ec7c which can be used as unique global reference for SentinelOne AppleScript in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-17T00:00:00Z |
| date_published | 2020-03-16T00:00:00Z |
| source | MITRE |
| title | How Offensive Actors Use AppleScript For Attacking macOS |
SecureWorld - How Secure Is Your Slack Channel - Dec 2021
Drew Todd. (2021, December 28). How Secure Is Your Slack Channel?. Retrieved May 31, 2022.
Internal MISP references
UUID 78199414-7b5e-45d8-8bda-d6f5a7c3988b which can be used as unique global reference for SecureWorld - How Secure Is Your Slack Channel - Dec 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-31T00:00:00Z |
| date_published | 2021-12-28T00:00:00Z |
| source | MITRE |
| title | How Secure Is Your Slack Channel? |
Windows OS Hub RDP
Windows OS Hub. (2021, November 10). How to Allow Multiple RDP Sessions in Windows 10 and 11?. Retrieved March 28, 2022.
Internal MISP references
UUID 335480f8-8f40-4da7-b083-6a4b158496c1 which can be used as unique global reference for Windows OS Hub RDP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-28T00:00:00Z |
| date_published | 2021-11-10T00:00:00Z |
| source | MITRE |
| title | How to Allow Multiple RDP Sessions in Windows 10 and 11? |
Xpn Argue Like Cobalt 2019
Chester, A. (2019, January 28). How to Argue like Cobalt Strike. Retrieved November 19, 2021.
Internal MISP references
UUID 724464f6-1a86-46e3-9a81-192b136c73ba which can be used as unique global reference for Xpn Argue Like Cobalt 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-19T00:00:00Z |
| date_published | 2019-01-28T00:00:00Z |
| source | MITRE |
| title | How to Argue like Cobalt Strike |
Seqrite DoubleExtension
Seqrite. (n.d.). How to avoid dual attack and vulnerable files with double extension?. Retrieved July 27, 2021.
Internal MISP references
UUID 77af0be9-174a-4330-8122-d0bd0c754973 which can be used as unique global reference for Seqrite DoubleExtension in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-27T00:00:00Z |
| source | MITRE |
| title | How to avoid dual attack and vulnerable files with double extension? |
BOA Telephone Scams
Bank of America. (n.d.). How to avoid telephone scams. Retrieved September 8, 2023.
Internal MISP references
UUID ee1abe19-f38b-5127-8377-f13f57f2abcb which can be used as unique global reference for BOA Telephone Scams in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| source | MITRE |
| title | How to avoid telephone scams |
bypass_webproxy_filtering
Fehrman, B. (2017, April 13). How to Bypass Web-Proxy Filtering. Retrieved September 20, 2019.
Internal MISP references
UUID fab84597-99a0-4560-8c8c-11fd8c01d5fa which can be used as unique global reference for bypass_webproxy_filtering in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-20T00:00:00Z |
| date_published | 2017-04-13T00:00:00Z |
| source | MITRE |
| title | How to Bypass Web-Proxy Filtering |
Systemd Remote Control
Aaron Kili. (2018, January 16). How to Control Systemd Services on Remote Linux Server. Retrieved July 26, 2021.
Internal MISP references
UUID 0461b58e-400e-4e3e-b7c4-eed7a9b0fdd6 which can be used as unique global reference for Systemd Remote Control in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-26T00:00:00Z |
| date_published | 2018-01-16T00:00:00Z |
| source | MITRE |
| title | How to Control Systemd Services on Remote Linux Server |
Microsoft Admin Shares
Microsoft. (n.d.). How to create and delete hidden or administrative shares on client computers. Retrieved November 20, 2014.
Internal MISP references
UUID 68d23cb0-b812-4d77-a3aa-34e24a923a50 which can be used as unique global reference for Microsoft Admin Shares in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-20T00:00:00Z |
| source | MITRE |
| title | How to create and delete hidden or administrative shares on client computers |
Delpy Mimikatz Crendential Manager
Delpy, B. (2017, December 12). howto ~ credential manager saved credentials. Retrieved November 23, 2020.
Internal MISP references
UUID 24c6027b-e0d2-4c0c-83af-4536a631ea85 which can be used as unique global reference for Delpy Mimikatz Crendential Manager in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-23T00:00:00Z |
| date_published | 2017-12-12T00:00:00Z |
| source | MITRE |
| title | howto ~ credential manager saved credentials |
Stealthbits Overpass-the-Hash
Warren, J. (2019, February 26). How to Detect Overpass-the-Hash Attacks. Retrieved February 4, 2021.
Internal MISP references
UUID e0bf051c-21ab-4454-a6b0-31ae29b6e162 which can be used as unique global reference for Stealthbits Overpass-the-Hash in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-04T00:00:00Z |
| date_published | 2019-02-26T00:00:00Z |
| source | MITRE |
| title | How to Detect Overpass-the-Hash Attacks |
Stealthbits Detect PtT 2019
Jeff Warren. (2019, February 19). How to Detect Pass-the-Ticket Attacks. Retrieved February 27, 2020.
Internal MISP references
UUID 5bdb759e-949d-4470-a4e4-925b6579da54 which can be used as unique global reference for Stealthbits Detect PtT 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-27T00:00:00Z |
| date_published | 2019-02-19T00:00:00Z |
| source | MITRE |
| title | How to Detect Pass-the-Ticket Attacks |
WindowsIR Anti-Forensic Techniques
Carvey, H. (2013, July 23). HowTo: Determine/Detect the use of Anti-Forensics Techniques. Retrieved June 3, 2016.
Internal MISP references
UUID 646211a7-77be-4e5a-bd02-eeb70d67113d which can be used as unique global reference for WindowsIR Anti-Forensic Techniques in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2013-07-23T00:00:00Z |
| source | MITRE |
| title | HowTo: Determine/Detect the use of Anti-Forensics Techniques |
Microsoft Disable Autorun
Microsoft. (n.d.). How to disable the Autorun functionality in Windows. Retrieved April 20, 2016.
Internal MISP references
UUID 64bcc943-29be-4dd8-92c8-8a5dd94cbda4 which can be used as unique global reference for Microsoft Disable Autorun in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| source | MITRE |
| title | How to disable the Autorun functionality in Windows |
Superuser Linux Password Policies
Matutiae, M. (2014, August 6). How to display password policy information for a user (Ubuntu)?. Retrieved April 5, 2018.
Internal MISP references
UUID c0bbc881-594a-408c-86a2-211ce6279231 which can be used as unique global reference for Superuser Linux Password Policies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-05T00:00:00Z |
| date_published | 2014-08-06T00:00:00Z |
| source | MITRE |
| title | How to display password policy information for a user (Ubuntu)? |
Confluence Linux Command Line
Confluence Support. (2021, September 8). How to enable command line audit logging in linux. Retrieved September 23, 2021.
Internal MISP references
UUID 9ac72e5a-0b00-4936-9a78-bf2694d956c9 which can be used as unique global reference for Confluence Linux Command Line in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2021-09-08T00:00:00Z |
| source | MITRE |
| title | How to enable command line audit logging in linux |
Atlassian Confluence Logging
Atlassian. (2018, January 9). How to Enable User Access Logging. Retrieved April 4, 2018.
Internal MISP references
UUID cd3ca4ce-c512-4612-94cc-3cf4d4dbba56 which can be used as unique global reference for Atlassian Confluence Logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-04T00:00:00Z |
| date_published | 2018-01-09T00:00:00Z |
| source | MITRE |
| title | How to Enable User Access Logging |
Remote Shell Execution in Python
Abdou Rockikz. (2020, July). How to Execute Shell Commands in a Remote Machine in Python. Retrieved July 26, 2021.
Internal MISP references
UUID 4ea54256-42f9-4b35-8f9e-e595ab9be9ce which can be used as unique global reference for Remote Shell Execution in Python in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-26T00:00:00Z |
| date_published | 2020-07-01T00:00:00Z |
| source | MITRE |
| title | How to Execute Shell Commands in a Remote Machine in Python |
Find Wi-Fi Password on Mac
Ruslana Lishchuk. (2021, March 26). How to Find a Saved Wi-Fi Password on a Mac. Retrieved September 8, 2023.
Internal MISP references
UUID 695f3d20-7a46-5a4a-aef0-0a05a5e35304 which can be used as unique global reference for Find Wi-Fi Password on Mac in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| date_published | 2021-03-26T00:00:00Z |
| source | MITRE |
| title | How to Find a Saved Wi-Fi Password on a Mac |
Microsoft Web Root OCT 2016
Microsoft. (2016, October 20). How to: Find the Web Application Root. Retrieved July 27, 2018.
Internal MISP references
UUID bce1230a-5303-4e58-97c9-3e65ecd714d3 which can be used as unique global reference for Microsoft Web Root OCT 2016 in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-27T00:00:00Z |
| date_published | 2016-10-20T00:00:00Z |
| source | MITRE |
| title | How to: Find the Web Application Root |
Microsoft Replication ACL
Microsoft. (n.d.). How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account. Retrieved December 4, 2017.
Internal MISP references
UUID 1b17e5ec-6f09-4668-949a-59be2d1f1b65 which can be used as unique global reference for Microsoft Replication ACL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| source | MITRE |
| title | How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account |
Hide GDM User Accounts
Ji Mingkui. (2021, June 17). How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen. Retrieved March 15, 2022.
Internal MISP references
UUID 88c3c460-3792-4881-ae7d-031c8901610d which can be used as unique global reference for Hide GDM User Accounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-15T00:00:00Z |
| date_published | 2021-06-17T00:00:00Z |
| source | MITRE |
| title | How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen |
Elastic COM Hijacking
Ewing, P. Strom, B. (2016, September 15). How to Hunt: Detecting Persistence & Evasion with the COM. Retrieved September 15, 2016.
Internal MISP references
UUID bb325d97-5f69-4645-82d8-fdd6badecd9d which can be used as unique global reference for Elastic COM Hijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-15T00:00:00Z |
| date_published | 2016-09-15T00:00:00Z |
| source | MITRE |
| title | How to Hunt: Detecting Persistence & Evasion with the COM |
Elastic Masquerade Ball
Ewing, P. (2016, October 31). How to Hunt: The Masquerade Ball. Retrieved October 31, 2016.
Internal MISP references
UUID 29c17b60-f947-4482-afa6-c80ca5819d10 which can be used as unique global reference for Elastic Masquerade Ball in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-10-31T00:00:00Z |
| date_published | 2016-10-31T00:00:00Z |
| source | MITRE |
| title | How to Hunt: The Masquerade Ball |
Linux Loadable Kernel Module Insert and Remove LKMs
Henderson, B. (2006, September 24). How To Insert And Remove LKMs. Retrieved April 9, 2018.
Internal MISP references
UUID 044d0df8-61e4-4a29-8a24-0bd1227d4317 which can be used as unique global reference for Linux Loadable Kernel Module Insert and Remove LKMs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2006-09-24T00:00:00Z |
| source | MITRE |
| title | How To Insert And Remove LKMs |
DigiCert Install SSL Cert
DigiCert. (n.d.). How to Install an SSL Certificate. Retrieved April 19, 2021.
Internal MISP references
UUID a1d7d368-6092-4421-99de-44e458deee21 which can be used as unique global reference for DigiCert Install SSL Cert in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-19T00:00:00Z |
| source | MITRE |
| title | How to Install an SSL Certificate |
HowToGeek ShowExtension
Chris Hoffman. (2017, March 8). How to Make Windows Show File Extensions. Retrieved August 4, 2021.
Internal MISP references
UUID 51584201-40a4-4e39-ad23-14453e1eea46 which can be used as unique global reference for HowToGeek ShowExtension in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-04T00:00:00Z |
| date_published | 2017-03-08T00:00:00Z |
| source | MITRE |
| title | How to Make Windows Show File Extensions |
Microsoft RDP Removal
Microsoft. (2021, September 24). How to remove entries from the Remote Desktop Connection Computer box. Retrieved June 15, 2022.
Internal MISP references
UUID 367d3f80-9b13-44fa-938a-744a95518571 which can be used as unique global reference for Microsoft RDP Removal in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-15T00:00:00Z |
| date_published | 2021-09-24T00:00:00Z |
| source | MITRE |
| title | How to remove entries from the Remote Desktop Connection Computer box |
Startup Items Eclectic
hoakley. (2021, September 16). How to run an app or tool at startup. Retrieved October 5, 2021.
Internal MISP references
UUID 397be6f9-a109-4185-85f7-8d994fb31eaa which can be used as unique global reference for Startup Items Eclectic in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| date_published | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | How to run an app or tool at startup |
CrowdStrike Endpoint Security Testing Oct 2021
Radu Vlad, Liviu Arsene. (2021, October 15). How to Test Endpoint Security Efficacy and What to Expect. Retrieved March 7, 2024.
Internal MISP references
UUID 4cecfe1f-c1d2-4a71-ac17-0effd5f045df which can be used as unique global reference for CrowdStrike Endpoint Security Testing Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-07T00:00:00Z |
| date_published | 2021-10-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | How to Test Endpoint Security Efficacy and What to Expect |
Microsoft Disable VBA Jan 2020
Microsoft. (2020, January 23). How to turn off Visual Basic for Applications when you deploy Office. Retrieved September 17, 2020.
Internal MISP references
UUID 104db93c-c5cd-431c-ac79-d76cb1694d7c which can be used as unique global reference for Microsoft Disable VBA Jan 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-17T00:00:00Z |
| date_published | 2020-01-23T00:00:00Z |
| source | MITRE |
| title | How to turn off Visual Basic for Applications when you deploy Office |
Microsoft Regsvr32
Microsoft. (2015, August 14). How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages. Retrieved June 22, 2016.
Internal MISP references
UUID 723ec577-5ea8-4ced-b6c3-b7aaabe1d7e8 which can be used as unique global reference for Microsoft Regsvr32 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-22T00:00:00Z |
| date_published | 2015-08-14T00:00:00Z |
| source | MITRE |
| title | How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages |
Microsoft SAM
Microsoft. (2006, October 30). How to use the SysKey utility to secure the Windows Security Accounts Manager database. Retrieved August 3, 2016.
Internal MISP references
UUID bde9acb0-c1c3-44e1-b3b1-cfc0898baead which can be used as unique global reference for Microsoft SAM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2006-10-30T00:00:00Z |
| source | MITRE |
| title | How to use the SysKey utility to secure the Windows Security Accounts Manager database |
AWS Traffic Mirroring
Amazon Web Services. (n.d.). How Traffic Mirroring works. Retrieved March 17, 2022.
Internal MISP references
UUID 6b77a2f3-39b8-4574-8dee-cde7ba9debff which can be used as unique global reference for AWS Traffic Mirroring in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-17T00:00:00Z |
| source | MITRE |
| title | How Traffic Mirroring works |
Symantec Hydraq Persistence Jan 2010
Fitzgerald, P. (2010, January 26). How Trojan.Hydraq Stays On Your Computer. Retrieved February 22, 2018.
Internal MISP references
UUID b3ef4b78-2ed6-4cf4-afcc-4e4cb09d806a which can be used as unique global reference for Symantec Hydraq Persistence Jan 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-22T00:00:00Z |
| date_published | 2010-01-26T00:00:00Z |
| source | MITRE |
| title | How Trojan.Hydraq Stays On Your Computer |
Microsoft UAC Nov 2018
Montemayor, D. et al.. (2018, November 15). How User Account Control works. Retrieved June 3, 2019.
Internal MISP references
UUID abda4184-18f9-4799-9c1f-3ba484473e35 which can be used as unique global reference for Microsoft UAC Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-03T00:00:00Z |
| date_published | 2018-11-15T00:00:00Z |
| source | MITRE |
| title | How User Account Control works |
TechNet How UAC Works
Lich, B. (2016, May 31). How User Account Control Works. Retrieved June 3, 2016.
Internal MISP references
UUID bbf8d1a3-115e-4bc8-be43-47ce3b295d45 which can be used as unique global reference for TechNet How UAC Works in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2016-05-31T00:00:00Z |
| source | MITRE |
| title | How User Account Control Works |
PWC WellMess July 2020
PWC. (2020, July 16). How WellMess malware has been used to target COVID-19 vaccines. Retrieved September 24, 2020.
Internal MISP references
UUID 22794e37-3c55-444a-b659-e5a1a6bc2da0 which can be used as unique global reference for PWC WellMess July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-24T00:00:00Z |
| date_published | 2020-07-16T00:00:00Z |
| source | MITRE |
| title | How WellMess malware has been used to target COVID-19 vaccines |
Google Election Threats October 2020
Huntley, S. (2020, October 16). How We're Tackling Evolving Online Threats. Retrieved March 24, 2021.
Internal MISP references
UUID 8538a963-3e67-47fe-9afd-216b93a2be00 which can be used as unique global reference for Google Election Threats October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| date_published | 2020-10-16T00:00:00Z |
| source | MITRE |
| title | How We're Tackling Evolving Online Threats |
Microsoft Credential Guard April 2017
Lich, B., Tobin, J. (2017, April 5). How Windows Defender Credential Guard works. Retrieved November 27, 2017.
Internal MISP references
UUID aa52db88-5d03-42ae-b371-6210d7079a84 which can be used as unique global reference for Microsoft Credential Guard April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| date_published | 2017-04-05T00:00:00Z |
| source | MITRE |
| title | How Windows Defender Credential Guard works |
NPPSPY Video
Grzegorz Tworek. (2021, December 14). How winlogon.exe shares the cleartext password with custom DLLs. Retrieved March 30, 2023.
Internal MISP references
UUID 6533d5df-7388-5c59-8c63-0923de34b61d which can be used as unique global reference for NPPSPY Video in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2021-12-14T00:00:00Z |
| source | MITRE |
| title | How winlogon.exe shares the cleartext password with custom DLLs |
Cylance Sodinokibi July 2019
Cylance. (2019, July 3). hreat Spotlight: Sodinokibi Ransomware. Retrieved August 4, 2020.
Internal MISP references
UUID 3ad8def7-3a8a-49bb-8f47-dea2e570c99e which can be used as unique global reference for Cylance Sodinokibi July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2019-07-03T00:00:00Z |
| source | MITRE |
| title | hreat Spotlight: Sodinokibi Ransomware |
Wikipedia HTML Application
Wikipedia. (2017, October 14). HTML Application. Retrieved October 27, 2017.
Internal MISP references
UUID f1f76055-91f8-4977-9392-bed347e4f181 which can be used as unique global reference for Wikipedia HTML Application in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-27T00:00:00Z |
| date_published | 2017-10-14T00:00:00Z |
| source | MITRE |
| title | HTML Application |
MSDN HTML Applications
Microsoft. (n.d.). HTML Applications. Retrieved October 27, 2017.
Internal MISP references
UUID 2de103a8-8d72-40f9-b366-b908364dd090 which can be used as unique global reference for MSDN HTML Applications in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-27T00:00:00Z |
| source | MITRE |
| title | HTML Applications |
Microsoft HTML Help ActiveX
Microsoft. (n.d.). HTML Help ActiveX Control Overview. Retrieved October 3, 2018.
Internal MISP references
UUID ae5728bd-571a-451f-9ba3-3198067135b4 which can be used as unique global reference for Microsoft HTML Help ActiveX in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| source | MITRE |
| title | HTML Help ActiveX Control Overview |
Outlflank HTML Smuggling 2018
Hegt, S. (2018, August 14). HTML smuggling explained. Retrieved May 20, 2021.
Internal MISP references
UUID 9a99f431-4d15-47f8-a31b-4f98671cd95d which can be used as unique global reference for Outlflank HTML Smuggling 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-20T00:00:00Z |
| date_published | 2018-08-14T00:00:00Z |
| source | MITRE |
| title | HTML smuggling explained |
CrowdStrike Linux Rootkit
Kurtz, G. (2012, November 19). HTTP iframe Injecting Linux Rootkit. Retrieved December 21, 2017.
Internal MISP references
UUID eb3590bf-ff12-4ccd-bf9d-cf8eacd82135 which can be used as unique global reference for CrowdStrike Linux Rootkit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2012-11-19T00:00:00Z |
| source | MITRE |
| title | HTTP iframe Injecting Linux Rootkit |
Wikipedia HPKP
Wikipedia. (2017, February 28). HTTP Public Key Pinning. Retrieved March 31, 2017.
Internal MISP references
UUID 2da110e7-d3a8-433f-87c3-eb744adf811b which can be used as unique global reference for Wikipedia HPKP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-31T00:00:00Z |
| date_published | 2017-02-28T00:00:00Z |
| source | MITRE |
| title | HTTP Public Key Pinning |
Cobalt Strike Arguments 2019
Mudge, R. (2019, January 2). https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/. Retrieved November 19, 2021.
Internal MISP references
UUID e845f741-eabe-469b-97c1-f51a2aeb18b0 which can be used as unique global reference for Cobalt Strike Arguments 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-19T00:00:00Z |
| date_published | 2019-01-02T00:00:00Z |
| source | MITRE |
| title | https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/ |
Talos Discord Webhook Abuse
Nick Biasini, Edmund Brumaghin, Chris Neal, and Paul Eubanks. (2021, April 7). https://blog.talosintelligence.com/collab-app-abuse/. Retrieved July 20, 2023.
Internal MISP references
UUID affa93d8-5c8b-557d-80b4-1366df13d77a which can be used as unique global reference for Talos Discord Webhook Abuse in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-20T00:00:00Z |
| date_published | 2021-04-07T00:00:00Z |
| source | MITRE |
| title | https://blog.talosintelligence.com/collab-app-abuse/ |
Red Canary Emotet Feb 2019
Donohue, B.. (2019, February 13). https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/. Retrieved March 25, 2019.
Internal MISP references
UUID 132915dc-d906-4c23-b1e3-885af817b840 which can be used as unique global reference for Red Canary Emotet Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2019-02-13T00:00:00Z |
| source | MITRE |
| title | https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/ |
TechNet Removable Media Control
Microsoft. (2007, August 31). https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx. Retrieved April 20, 2016.
Internal MISP references
UUID db86cd0a-1188-4079-afed-1f986166a2e7 which can be used as unique global reference for TechNet Removable Media Control in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| date_published | 2007-08-31T00:00:00Z |
| source | MITRE |
| title | https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx |
Chromium HSTS
Chromium. (n.d.). HTTP Strict Transport Security. Retrieved May 24, 2023.
Internal MISP references
UUID 1ad03be3-d863-5a55-a371-42b6d3b7ed31 which can be used as unique global reference for Chromium HSTS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-24T00:00:00Z |
| source | MITRE |
| title | HTTP Strict Transport Security |
CISA AA20-301A Kimsuky
CISA, FBI, CNMF. (2020, October 27). https://us-cert.cisa.gov/ncas/alerts/aa20-301a. Retrieved November 4, 2020.
Internal MISP references
UUID 685aa213-7902-46fb-b90a-64be5c851f73 which can be used as unique global reference for CISA AA20-301A Kimsuky in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-04T00:00:00Z |
| date_published | 2020-10-27T00:00:00Z |
| source | MITRE |
| title | https://us-cert.cisa.gov/ncas/alerts/aa20-301a |
FireEye Targeted Attacks Middle East Banks
Singh, S., Yin, H. (2016, May 22). https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html. Retrieved April 5, 2018.
Internal MISP references
UUID fedb3a9d-4f9e-495c-ac92-d5457688608d which can be used as unique global reference for FireEye Targeted Attacks Middle East Banks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-05T00:00:00Z |
| date_published | 2016-05-22T00:00:00Z |
| source | MITRE |
| title | https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html |
Forbes Dyre May 2017
Brewster, T. (2017, May 4). https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a. Retrieved June 15, 2020.
Internal MISP references
UUID 8fb3ef2f-3652-4563-8921-2c601d1b9bc9 which can be used as unique global reference for Forbes Dyre May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2017-05-04T00:00:00Z |
| source | MITRE |
| title | https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a |
Microsoft Subscription Hijacking 2022
Dor Edry. (2022, August 24). Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps. Retrieved September 5, 2023.
Internal MISP references
UUID e5944e4c-76c6-55d1-97ec-8367b7f98c28 which can be used as unique global reference for Microsoft Subscription Hijacking 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-05T00:00:00Z |
| date_published | 2022-08-24T00:00:00Z |
| source | MITRE |
| title | Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps |
crowdstrike bpf socket filters
Jamie Harries. (2022, May 25). Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun. Retrieved October 18, 2022.
Internal MISP references
UUID f68a59a1-cb07-4f58-b755-25c91938b611 which can be used as unique global reference for crowdstrike bpf socket filters in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-18T00:00:00Z |
| date_published | 2022-05-25T00:00:00Z |
| source | MITRE |
| title | Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun |
Koczwara Beacon Hunting Sep 2021
Koczwara, M. (2021, September 7). Hunting Cobalt Strike C2 with Shodan. Retrieved October 12, 2021.
Internal MISP references
UUID e3984769-f6d7-43dd-8179-7df9d441512e which can be used as unique global reference for Koczwara Beacon Hunting Sep 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2021-09-07T00:00:00Z |
| source | MITRE |
| title | Hunting Cobalt Strike C2 with Shodan |
Fireeye Hunting COM June 2019
Hamilton, C. (2019, June 4). Hunting COM Objects. Retrieved June 10, 2019.
Internal MISP references
UUID 84311e46-cea1-486a-a737-c4a4946ab837 which can be used as unique global reference for Fireeye Hunting COM June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-10T00:00:00Z |
| date_published | 2019-06-04T00:00:00Z |
| source | MITRE |
| title | Hunting COM Objects |
Berba hunting linux systemd
Pepe Berba. (2022, January 30). Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron. Retrieved March 20, 2023.
Internal MISP references
UUID 7dfd6a67-3935-506a-8661-1caa7eb508e2 which can be used as unique global reference for Berba hunting linux systemd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-20T00:00:00Z |
| date_published | 2022-01-30T00:00:00Z |
| source | MITRE |
| title | Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron |
Elastic HuntingNMemory June 2017
Desimone, J. (2017, June 13). Hunting in Memory. Retrieved December 7, 2017.
Internal MISP references
UUID 8cd58716-4ff1-4ba2-b980-32c52cf7dee8 which can be used as unique global reference for Elastic HuntingNMemory June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-07T00:00:00Z |
| date_published | 2017-06-13T00:00:00Z |
| source | MITRE |
| title | Hunting in Memory |
LogPoint Hunting LockBit
LogPoint. (n.d.). Hunting LockBit Variations using Logpoint. Retrieved May 19, 2023.
Internal MISP references
UUID 22aa7792-6296-4f16-826f-d0f1c55ddb2a which can be used as unique global reference for LogPoint Hunting LockBit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Hunting LockBit Variations using Logpoint |
Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023
FBI et al. (2023, May 9). Hunting Russian Intelligence “Snake” Malware. Retrieved June 8, 2023.
Internal MISP references
UUID 1931b80a-effb-59ec-acae-c0f17efb8cad which can be used as unique global reference for Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-08T00:00:00Z |
| date_published | 2023-05-09T00:00:00Z |
| source | MITRE |
| title | Hunting Russian Intelligence “Snake” Malware |
Falcon Sandbox smp: 28553b3a9d
Hybrid Analysis. (2018, July 11). HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7. Retrieved September 8, 2023.
Internal MISP references
UUID f27ab4cb-1666-501a-aa96-537d2b2d1f08 which can be used as unique global reference for Falcon Sandbox smp: 28553b3a9d in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| date_published | 2018-07-11T00:00:00Z |
| source | MITRE |
| title | HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7 |
Wikipedia Hypervisor
Wikipedia. (2016, May 23). Hypervisor. Retrieved June 11, 2016.
Internal MISP references
UUID 1a6ae877-ef30-4d40-abd0-fde308f1a1f0 which can be used as unique global reference for Wikipedia Hypervisor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-11T00:00:00Z |
| date_published | 2016-05-23T00:00:00Z |
| source | MITRE |
| title | Hypervisor |
FireEye ADFS
Bierstock, D., Baker, A. (2019, March 21). I am AD FS and So Can You. Retrieved December 17, 2020.
Internal MISP references
UUID 6891eaf4-6857-4106-860c-1708d2a3bd33 which can be used as unique global reference for FireEye ADFS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2019-03-21T00:00:00Z |
| source | MITRE |
| title | I am AD FS and So Can You |
AWS EKS IAM Roles for Service Accounts
Amazon Web Services. (n.d.). IAM roles for service accounts. Retrieved July 14, 2023.
Internal MISP references
UUID b2452f0e-93b0-55b7-add8-8338d171f0bf which can be used as unique global reference for AWS EKS IAM Roles for Service Accounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-14T00:00:00Z |
| source | MITRE |
| title | IAM roles for service accounts |
Kaspersky IAmTheKing October 2020
Ivan Kwiatkowski, Pierre Delcher, Felix Aime. (2020, October 15). IAmTheKing and the SlothfulMedia malware family. Retrieved October 15, 2020.
Internal MISP references
UUID fe4050f3-1a73-4e98-9bf1-e8fb73a23b7a which can be used as unique global reference for Kaspersky IAmTheKing October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| date_published | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | IAmTheKing and the SlothfulMedia malware family |
Amazon IAM Groups
Amazon. (n.d.). IAM user groups. Retrieved October 13, 2021.
Internal MISP references
UUID 16f6b02a-912b-42c6-8d32-4e4f11fa70ec which can be used as unique global reference for Amazon IAM Groups in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | IAM user groups |
CrowdStrike IceApple May 2022
CrowdStrike. (2022, May). ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK. Retrieved June 27, 2022.
Internal MISP references
UUID 325988b8-1c7d-4296-83d6-bfcbe533b75e which can be used as unique global reference for CrowdStrike IceApple May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-27T00:00:00Z |
| date_published | 2022-05-01T00:00:00Z |
| source | MITRE |
| title | ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK |
ICIT China's Espionage Jul 2016
Scott, J. and Spaniel, D. (2016, July 28). ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts. Retrieved June 7, 2018.
Internal MISP references
UUID 1a824860-6978-454d-963a-a56414a4312b which can be used as unique global reference for ICIT China's Espionage Jul 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-07T00:00:00Z |
| date_published | 2016-07-28T00:00:00Z |
| source | MITRE |
| title | ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts |
CISA ICS Advisory ICSA-10-272-01
CISA. (2010, September 10). ICS Advisory (ICSA-10-272-01). Retrieved December 7, 2020.
Internal MISP references
UUID 25b3c18c-e017-4773-91dd-b489220d4fcb which can be used as unique global reference for CISA ICS Advisory ICSA-10-272-01 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-07T00:00:00Z |
| date_published | 2010-09-10T00:00:00Z |
| source | MITRE |
| title | ICS Advisory (ICSA-10-272-01) |
US-CERT Ukraine Feb 2016
US-CERT. (2016, February 25). ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure. Retrieved June 10, 2020.
Internal MISP references
UUID 403ea040-8c08-423f-99cb-d7e7852c16e4 which can be used as unique global reference for US-CERT Ukraine Feb 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2016-02-25T00:00:00Z |
| source | MITRE |
| title | ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure |
Dragos Threat Report 2020
Dragos. (n.d.). ICS Cybersecurity Year in Review 2020. Retrieved February 25, 2021.
Internal MISP references
UUID 8bb3147c-3178-4449-9978-f1248b1bcb0a which can be used as unique global reference for Dragos Threat Report 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-25T00:00:00Z |
| source | MITRE |
| title | ICS Cybersecurity Year in Review 2020 |
Cisco Advisory SNMP v3 Authentication Vulnerabilities
Cisco. (2008, June 10). Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities. Retrieved October 19, 2020.
Internal MISP references
UUID ed7897e5-21f0-49fa-9b26-c397eaebc88a which can be used as unique global reference for Cisco Advisory SNMP v3 Authentication Vulnerabilities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2008-06-10T00:00:00Z |
| source | MITRE |
| title | Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities |
Resource and Data Forks
Flylib. (n.d.). Identifying Resource and Data Forks. Retrieved October 12, 2021.
Internal MISP references
UUID b8eaf053-40e0-414e-a89e-409dbf218554 which can be used as unique global reference for Resource and Data Forks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| source | MITRE |
| title | Identifying Resource and Data Forks |
AWS Identity Federation
Amazon. (n.d.). Identity Federation in AWS. Retrieved March 13, 2020.
Internal MISP references
UUID b55ac071-483b-4802-895f-ea4eaac1de92 which can be used as unique global reference for AWS Identity Federation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| source | MITRE |
| title | Identity Federation in AWS |
Microsoft GetNCCChanges
Microsoft. (n.d.). IDL_DRSGetNCChanges (Opnum 3). Retrieved December 4, 2017.
Internal MISP references
UUID 410570e4-b578-4838-a25d-f03d92fcf3cb which can be used as unique global reference for Microsoft GetNCCChanges in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| source | MITRE |
| title | IDL_DRSGetNCChanges (Opnum 3) |
Ie4uinit.exe - LOLBAS Project
LOLBAS. (2018, May 25). Ie4uinit.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 01f9a368-5933-47a1-85a9-e5883a5ca266 which can be used as unique global reference for Ie4uinit.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ie4uinit.exe |
Ieadvpack.dll - LOLBAS Project
LOLBAS. (2018, May 25). Ieadvpack.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 79943a49-23d6-499b-a022-7c2f8bd68aee which can be used as unique global reference for Ieadvpack.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ieadvpack.dll |
iediagcmd.exe - LOLBAS Project
LOLBAS. (2022, March 29). iediagcmd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID de238a18-2275-497e-adcf-453a016a24c4 which can be used as unique global reference for iediagcmd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-03-29T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | iediagcmd.exe |
Wikipedia 802.1x
Wikipedia. (2018, March 30). IEEE 802.1X. Retrieved April 11, 2018.
Internal MISP references
UUID 5d382527-ffbd-486e-adbe-d60508567281 which can be used as unique global reference for Wikipedia 802.1x in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-03-30T00:00:00Z |
| source | MITRE |
| title | IEEE 802.1X |
Ieexec.exe - LOLBAS Project
LOLBAS. (2018, May 25). Ieexec.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 91f31525-585d-4b71-83d7-9b7c2feacd34 which can be used as unique global reference for Ieexec.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ieexec.exe |
Ieframe.dll - LOLBAS Project
LOLBAS. (2018, May 25). Ieframe.dll. Retrieved December 4, 2023.
Internal MISP references
UUID aab9c80d-1f1e-47ba-954d-65e7400054df which can be used as unique global reference for Ieframe.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ieframe.dll |
Wikipedia Ifconfig
Wikipedia. (2016, January 26). ifconfig. Retrieved April 17, 2016.
Internal MISP references
UUID 7bb238d4-4571-4cd0-aab2-76797570724a which can be used as unique global reference for Wikipedia Ifconfig in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-17T00:00:00Z |
| date_published | 2016-01-26T00:00:00Z |
| source | MITRE |
| title | ifconfig |
EFF Manul Aug 2016
Galperin, E., Et al.. (2016, August). I Got a Letter From the Government the Other Day.... Retrieved April 25, 2018.
Internal MISP references
UUID 311a3863-3897-4ddf-a251-d0467a56675f which can be used as unique global reference for EFF Manul Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-25T00:00:00Z |
| date_published | 2016-08-01T00:00:00Z |
| source | MITRE |
| title | I Got a Letter From the Government the Other Day... |
IIS Backdoor 2011
Julien. (2011, February 2). IIS Backdoor. Retrieved June 3, 2021.
Internal MISP references
UUID fd450382-cca0-40c4-8144-cc90a3b0011b which can be used as unique global reference for IIS Backdoor 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-03T00:00:00Z |
| date_published | 2011-02-02T00:00:00Z |
| source | MITRE |
| title | IIS Backdoor |
Microsoft IIS Modules Overview 2007
Microsoft. (2007, November 24). IIS Modules Overview. Retrieved June 17, 2021.
Internal MISP references
UUID c8db6bfd-3a08-43b3-b33b-91a32e9bd694 which can be used as unique global reference for Microsoft IIS Modules Overview 2007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-17T00:00:00Z |
| date_published | 2007-11-24T00:00:00Z |
| source | MITRE |
| title | IIS Modules Overview |
Ilasm.exe - LOLBAS Project
LOLBAS. (2020, March 17). Ilasm.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 347a1f01-02ce-488e-9100-862971c1833f which can be used as unique global reference for Ilasm.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-03-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ilasm.exe |
anomali-rocke-tactics
Anomali Threat Research. (2019, October 15). Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect. Retrieved December 17, 2020.
Internal MISP references
UUID 2308c5ca-04a4-43c5-b92b-ffa6a60ae3a9 which can be used as unique global reference for anomali-rocke-tactics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2019-10-15T00:00:00Z |
| source | MITRE |
| title | Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect |
Microsoft Dev Blog IFEO Mar 2010
Shanbhag, M. (2010, March 24). Image File Execution Options (IFEO). Retrieved December 18, 2017.
Internal MISP references
UUID 4c62c2cb-bee2-4fc0-aa81-65d66e71a5c2 which can be used as unique global reference for Microsoft Dev Blog IFEO Mar 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2010-03-24T00:00:00Z |
| source | MITRE |
| title | Image File Execution Options (IFEO) |
IMEWDBLD.exe - LOLBAS Project
LOLBAS. (2020, March 5). IMEWDBLD.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9d1d6bc1-61cf-4465-b3cb-b6af36769027 which can be used as unique global reference for IMEWDBLD.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-03-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | IMEWDBLD.exe |
Imminent Unit42 Dec2019
Unit 42. (2019, December 2). Imminent Monitor – a RAT Down Under. Retrieved May 5, 2020.
Internal MISP references
UUID 28f858c6-4c00-4c0c-bb27-9e000ba22690 which can be used as unique global reference for Imminent Unit42 Dec2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-05T00:00:00Z |
| date_published | 2019-12-02T00:00:00Z |
| source | MITRE |
| title | Imminent Monitor – a RAT Down Under |
Core Security Impacket
Core Security. (n.d.). Impacket. Retrieved November 2, 2017.
Internal MISP references
UUID 9b88d7d6-5cf3-40d5-b624-ddf01508cb95 which can be used as unique global reference for Core Security Impacket in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-02T00:00:00Z |
| source | MITRE |
| title | Impacket |
Impacket Tools
SecureAuth. (n.d.). Retrieved January 15, 2019.
Internal MISP references
UUID cdaf72ce-e8f7-42ae-b815-14a7fd47e292 which can be used as unique global reference for Impacket Tools in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-15T00:00:00Z |
| source | MITRE |
| title | Impacket Tools |
EK Impeding Malware Analysis
Song, C., et al. (2012, August 7). Impeding Automated Malware Analysis with Environment-sensitive Malware. Retrieved January 18, 2019.
Internal MISP references
UUID c3e6c8da-1399-419c-96f5-7dade6fccd29 which can be used as unique global reference for EK Impeding Malware Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-18T00:00:00Z |
| date_published | 2012-08-07T00:00:00Z |
| source | MITRE |
| title | Impeding Automated Malware Analysis with Environment-sensitive Malware |
Microsoft Impersonation and EWS in Exchange
Microsoft. (2022, September 13). Impersonation and EWS in Exchange. Retrieved July 10, 2023.
Internal MISP references
UUID d7755dbd-0b38-5776-b63a-d792a4d027a4 which can be used as unique global reference for Microsoft Impersonation and EWS in Exchange in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-10T00:00:00Z |
| date_published | 2022-09-13T00:00:00Z |
| source | MITRE |
| title | Impersonation and EWS in Exchange |
Microsoft Implementing CPL
M. (n.d.). Implementing Control Panel Items. Retrieved January 18, 2018.
Internal MISP references
UUID 63c5c654-e885-4427-a644-068f4057f35f which can be used as unique global reference for Microsoft Implementing CPL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-18T00:00:00Z |
| source | MITRE |
| title | Implementing Control Panel Items |
TechNet Least Privilege
Microsoft. (2016, April 16). Implementing Least-Privilege Administrative Models. Retrieved June 3, 2016.
Internal MISP references
UUID 21e595be-d028-4013-b3d0-811c08581709 which can be used as unique global reference for TechNet Least Privilege in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2016-04-16T00:00:00Z |
| source | MITRE |
| title | Implementing Least-Privilege Administrative Models |
Dragos IT ICS Ransomware
Slowik, J.. (2019, April 10). Implications of IT Ransomware for ICS Environments. Retrieved January 28, 2021.
Internal MISP references
UUID 60187301-8d70-4023-8e6d-59cbb1468f0d which can be used as unique global reference for Dragos IT ICS Ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-28T00:00:00Z |
| date_published | 2019-04-10T00:00:00Z |
| source | MITRE |
| title | Implications of IT Ransomware for ICS Environments |
Microsoft SolarWinds Steps
Lambert, J. (2020, December 13). Important steps for customers to protect themselves from recent nation-state cyberattacks. Retrieved December 17, 2020.
Internal MISP references
UUID 33e84eb1-4835-404b-8c1a-40695c04cdb4 which can be used as unique global reference for Microsoft SolarWinds Steps in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2020-12-13T00:00:00Z |
| source | MITRE |
| title | Important steps for customers to protect themselves from recent nation-state cyberattacks |
White House Imposing Costs RU Gov April 2021
White House. (2021, April 15). Imposing Costs for Harmful Foreign Activities by the Russian Government. Retrieved April 16, 2021.
Internal MISP references
UUID c2bf9e2f-cd0a-411d-84bc-61454a369c6b which can be used as unique global reference for White House Imposing Costs RU Gov April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-16T00:00:00Z |
| date_published | 2021-04-15T00:00:00Z |
| source | MITRE |
| title | Imposing Costs for Harmful Foreign Activities by the Russian Government |
Malicious Driver Reporting Center
Azure Edge and Platform Security Team & Microsoft 365 Defender Research Team. (2021, December 8). Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center. Retrieved April 6, 2022.
Internal MISP references
UUID fde77ea9-2b4d-40d7-99c5-433bfdbcb994 which can be used as unique global reference for Malicious Driver Reporting Center in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-06T00:00:00Z |
| date_published | 2021-12-08T00:00:00Z |
| source | MITRE |
| title | Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center |
Unit 42 Inception November 2018
Lancaster, T. (2018, November 5). Inception Attackers Target Europe with Year-old Office Vulnerability. Retrieved May 8, 2020.
Internal MISP references
UUID 5cb98fce-f386-4878-b69c-5c6440ad689c which can be used as unique global reference for Unit 42 Inception November 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-08T00:00:00Z |
| date_published | 2018-11-05T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Inception Attackers Target Europe with Year-old Office Vulnerability |
Symantec Inception Framework March 2018
Symantec. (2018, March 14). Inception Framework: Alive and Well, and Hiding Behind Proxies. Retrieved May 8, 2020.
Internal MISP references
UUID 166f5c44-7d8c-45d5-8d9f-3b8bd21a2af3 which can be used as unique global reference for Symantec Inception Framework March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-08T00:00:00Z |
| date_published | 2018-03-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Inception Framework: Alive and Well, and Hiding Behind Proxies |
Expel AWS Attacker
Brian Bahtiarian, David Blanton, Britton Manahan and Kyle Pellett. (2022, April 5). Incident report: From CLI to console, chasing an attacker in AWS. Retrieved April 7, 2022.
Internal MISP references
UUID 089f6f4e-370c-49cb-a35c-c80be0fd39de which can be used as unique global reference for Expel AWS Attacker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-07T00:00:00Z |
| date_published | 2022-04-05T00:00:00Z |
| source | MITRE |
| title | Incident report: From CLI to console, chasing an attacker in AWS |
Dark Reading Microsoft 365 Attacks 2021
Kelly Sheridan. (2021, August 5). Incident Responders Explore Microsoft 365 Attacks in the Wild. Retrieved March 17, 2023.
Internal MISP references
UUID f26d3aa4-6966-53c4-b9d1-848420377eae which can be used as unique global reference for Dark Reading Microsoft 365 Attacks 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2021-08-05T00:00:00Z |
| source | MITRE |
| title | Incident Responders Explore Microsoft 365 Attacks in the Wild |
U.S. CISA Increased Truebot Activity July 6 2023
Cybersecurity and Infrastructure Security Agency. (2023, July 6). Increased Truebot Activity Infects U.S. and Canada Based Networks. Retrieved July 6, 2023.
Internal MISP references
UUID 6f9b8f72-c55f-4268-903e-1f8a82efa5bb which can be used as unique global reference for U.S. CISA Increased Truebot Activity July 6 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-06T00:00:00Z |
| date_published | 2023-07-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Increased Truebot Activity Infects U.S. and Canada Based Networks |
Increasing Linux kernel integrity
Boelen, M. (2015, October 7). Increase kernel integrity with disabled Linux kernel modules loading. Retrieved June 4, 2020.
Internal MISP references
UUID 23b12551-0bec-4f7d-8468-f372a8ba521b which can be used as unique global reference for Increasing Linux kernel integrity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-04T00:00:00Z |
| date_published | 2015-10-07T00:00:00Z |
| source | MITRE |
| title | Increase kernel integrity with disabled Linux kernel modules loading |
TechNet Scheduling Priority
Microsoft. (2013, May 8). Increase scheduling priority. Retrieved December 18, 2017.
Internal MISP references
UUID b785ceda-fea9-4e96-87d8-38cfd1f8b5bd which can be used as unique global reference for TechNet Scheduling Priority in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2013-05-08T00:00:00Z |
| source | MITRE |
| title | Increase scheduling priority |
Revil Independence Day
Loman, M. et al. (2021, July 4). Independence Day: REvil uses supply chain exploit to attack hundreds of businesses. Retrieved September 30, 2021.
Internal MISP references
UUID d7c4f03e-7dc0-4196-866b-c1a8eb943f77 which can be used as unique global reference for Revil Independence Day in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-30T00:00:00Z |
| date_published | 2021-07-04T00:00:00Z |
| source | MITRE |
| title | Independence Day: REvil uses supply chain exploit to attack hundreds of businesses |
Fortinet Agent Tesla June 2017
Zhang, X. (2017, June 28). In-Depth Analysis of A New Variant of .NET Malware AgentTesla. Retrieved November 5, 2018.
Internal MISP references
UUID 24e5c321-c418-4010-b158-0ada2dbb4f7f which can be used as unique global reference for Fortinet Agent Tesla June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2017-06-28T00:00:00Z |
| source | MITRE |
| title | In-Depth Analysis of A New Variant of .NET Malware AgentTesla |
NCC Group Team9 June 2020
Pantazopoulos, N. (2020, June 2). In-depth analysis of the new Team9 malware family. Retrieved December 1, 2020.
Internal MISP references
UUID 0ea8f87d-e19d-438d-b05b-30f2ccd0ea3b which can be used as unique global reference for NCC Group Team9 June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-01T00:00:00Z |
| date_published | 2020-06-02T00:00:00Z |
| source | MITRE |
| title | In-depth analysis of the new Team9 malware family |
Trend Micro APT Attack Tools
Wilhoit, K. (2013, March 4). In-Depth Look: APT Attack Tools of the Trade. Retrieved December 2, 2015.
Internal MISP references
UUID dac5cda3-97bc-4e38-b54f-554a75a18c5b which can be used as unique global reference for Trend Micro APT Attack Tools in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-02T00:00:00Z |
| date_published | 2013-03-04T00:00:00Z |
| source | MITRE |
| title | In-Depth Look: APT Attack Tools of the Trade |
Symantec Suckfly May 2016
DiMaggio, J. (2016, May 17). Indian organizations targeted in Suckfly attacks. Retrieved August 3, 2016.
Internal MISP references
UUID 59fd16cd-426f-472d-a5df-e7c1484a6481 which can be used as unique global reference for Symantec Suckfly May 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-05-17T00:00:00Z |
| source | MITRE |
| title | Indian organizations targeted in Suckfly attacks |
Joint CSA AvosLocker Mar 2022
FBI, FinCEN, Treasury. (2022, March 17). Indicators of Compromise Associated with AvosLocker Ransomware. Retrieved January 11, 2023.
Internal MISP references
UUID 8ad57a0d-d74f-5802-ab83-4ddac1beb083 which can be used as unique global reference for Joint CSA AvosLocker Mar 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-11T00:00:00Z |
| date_published | 2022-03-17T00:00:00Z |
| source | MITRE |
| title | Indicators of Compromise Associated with AvosLocker Ransomware |
FBI Flash Diavol January 2022
FBI. (2022, January 19). Indicators of Compromise Associated with Diavol. Retrieved March 9, 2022.
Internal MISP references
UUID a1691741-9ecd-4b20-8cc9-b9bdfc1592b5 which can be used as unique global reference for FBI Flash Diavol January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-09T00:00:00Z |
| date_published | 2022-01-19T00:00:00Z |
| source | MITRE |
| title | Indicators of Compromise Associated with Diavol |
FBI Ragnar Locker 2020
FBI. (2020, November 19). Indicators of Compromise Associated with Ragnar Locker Ransomware. Retrieved April 1, 2021.
Internal MISP references
UUID 38b9b8a3-6fd3-4650-9192-14ee3f302705 which can be used as unique global reference for FBI Ragnar Locker 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2020-11-19T00:00:00Z |
| source | MITRE |
| title | Indicators of Compromise Associated with Ragnar Locker Ransomware |
FBI FLASH APT39 September 2020
FBI. (2020, September 17). Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07. Retrieved December 10, 2020.
Internal MISP references
UUID 76869199-e9fa-41b4-b045-41015e6daaec which can be used as unique global reference for FBI FLASH APT39 September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-10T00:00:00Z |
| date_published | 2020-09-17T00:00:00Z |
| source | MITRE |
| title | Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07 |
US District Court Indictment GRU Oct 2018
Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.
Internal MISP references
UUID 56aeab4e-b046-4426-81a8-c3b2323492f0 which can be used as unique global reference for US District Court Indictment GRU Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-01T00:00:00Z |
| date_published | 2018-10-03T00:00:00Z |
| source | MITRE |
| title | Indictment - United States vs Aleksei Sergeyevich Morenets, et al. |
Checkpoint IndigoZebra July 2021
CheckPoint Research. (2021, July 1). IndigoZebra APT continues to attack Central Asia with evolving tools. Retrieved September 24, 2021.
Internal MISP references
UUID cf4a8c8c-eab1-421f-b313-344aed03b42d which can be used as unique global reference for Checkpoint IndigoZebra July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-24T00:00:00Z |
| date_published | 2021-07-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | IndigoZebra APT continues to attack Central Asia with evolving tools |
HackerNews IndigoZebra July 2021
Lakshmanan, R.. (2021, July 1). IndigoZebra APT Hacking Campaign Targets the Afghan Government. Retrieved September 24, 2021.
Internal MISP references
UUID fcf8265a-3084-4162-87d0-9e77c0a5cff0 which can be used as unique global reference for HackerNews IndigoZebra July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-24T00:00:00Z |
| date_published | 2021-07-01T00:00:00Z |
| source | MITRE |
| title | IndigoZebra APT Hacking Campaign Targets the Afghan Government |
Check Point Meteor Aug 2021
Check Point Research Team. (2021, August 14). Indra - Hackers Behind Recent Attacks on Iran. Retrieved February 17, 2022.
Internal MISP references
UUID bb79207f-3ab4-4b86-8b1c-d587724efb7c which can be used as unique global reference for Check Point Meteor Aug 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-17T00:00:00Z |
| date_published | 2021-08-14T00:00:00Z |
| source | MITRE |
| title | Indra - Hackers Behind Recent Attacks on Iran |
Crowdstrike EvilCorp March 2021
Podlosky, A., Feeley, B. (2021, March 17). INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions. Retrieved September 15, 2021.
Internal MISP references
UUID 4b77d313-ef3c-4d2f-bfde-609fa59a8f55 which can be used as unique global reference for Crowdstrike EvilCorp March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-15T00:00:00Z |
| date_published | 2021-03-17T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions |
Industroyer2 ESET April 2022
ESET. (2022, April 12). Industroyer2: Industroyer reloaded. Retrieved March 30, 2023.
Internal MISP references
UUID 3ec01405-3240-5679-924f-f1194bca9a72 which can be used as unique global reference for Industroyer2 ESET April 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2022-04-12T00:00:00Z |
| source | MITRE |
| title | Industroyer2: Industroyer reloaded |
Industroyer2 Blackhat ESET
Anton Cherepanov, Robert Lipovsky. (2022, August). Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid. Retrieved April 6, 2023.
Internal MISP references
UUID d9e8ca96-8646-5dd9-bede-56305385b2e4 which can be used as unique global reference for Industroyer2 Blackhat ESET in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-04-06T00:00:00Z |
| date_published | 2022-08-01T00:00:00Z |
| source | MITRE |
| title | Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid |
Industroyer2 Mandiant April 2022
Daniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker. (2022, April 25). INDUSTROYER.V2: Old Malware Learns New Tricks. Retrieved March 30, 2023.
Internal MISP references
UUID 48edeadc-f1e7-5fda-be96-1c41f78fc65a which can be used as unique global reference for Industroyer2 Mandiant April 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2022-04-25T00:00:00Z |
| source | MITRE |
| title | INDUSTROYER.V2: Old Malware Learns New Tricks |
Sixdub PowerPick Jan 2016
Warner, J.. (2015, January 6). Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies. Retrieved December 8, 2018.
Internal MISP references
UUID 52190592-5809-4e7b-a19c-fc87b245025c which can be used as unique global reference for Sixdub PowerPick Jan 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-08T00:00:00Z |
| date_published | 2015-01-06T00:00:00Z |
| source | MITRE |
| title | Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies |
Infdefaultinstall.exe - LOLBAS Project
LOLBAS. (2018, May 25). Infdefaultinstall.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5e83d17c-dbdd-4a6c-a395-4f921b68ebec which can be used as unique global reference for Infdefaultinstall.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Infdefaultinstall.exe |
Trend Micro Exposed Docker APIs
Oliveira, A. (2019, May 30). Infected Containers Target Docker via Exposed APIs. Retrieved April 6, 2021.
Internal MISP references
UUID 24ae5092-42ea-4c83-bdf7-c0e5026d9559 which can be used as unique global reference for Trend Micro Exposed Docker APIs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-06T00:00:00Z |
| date_published | 2019-05-30T00:00:00Z |
| source | MITRE |
| title | Infected Containers Target Docker via Exposed APIs |
SentinelOne MacMa Nov 2021
Stokes, P. (2021, November 15). Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma. Retrieved June 30, 2022.
Internal MISP references
UUID 5033e741-834c-49d6-bc89-f64b9508f8b5 which can be used as unique global reference for SentinelOne MacMa Nov 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-30T00:00:00Z |
| date_published | 2021-11-15T00:00:00Z |
| source | MITRE |
| title | Infect If Needed |
SANS Information Security Reading Room Securing SNMP Securing SNMP
Michael Stump. (2003). Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3). Retrieved October 19, 2020.
Internal MISP references
UUID 616c9177-ca57-45f3-a613-d6450a94697d which can be used as unique global reference for SANS Information Security Reading Room Securing SNMP Securing SNMP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2003-01-01T00:00:00Z |
| source | MITRE |
| title | Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3) |
Symantec Catchamas April 2018
Balanza, M. (2018, April 02). Infostealer.Catchamas. Retrieved July 10, 2018.
Internal MISP references
UUID 155cc2df-adf4-4b5f-a377-272947e5757e which can be used as unique global reference for Symantec Catchamas April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-10T00:00:00Z |
| date_published | 2018-04-02T00:00:00Z |
| source | MITRE |
| title | Infostealer.Catchamas |
TrendMicro Ursnif File Dec 2014
Caragay, R. (2014, December 11). Info-Stealing File Infector Hits US, UK. Retrieved June 5, 2019.
Internal MISP references
UUID 889a21f2-e00b-44c2-aa8c-a33f5615678a which can be used as unique global reference for TrendMicro Ursnif File Dec 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-05T00:00:00Z |
| date_published | 2014-12-11T00:00:00Z |
| source | MITRE |
| title | Info-Stealing File Infector Hits US, UK |
ThreatConnect Infrastructure Dec 2020
ThreatConnect. (2020, December 15). Infrastructure Research and Hunting: Boiling the Domain Ocean. Retrieved October 12, 2021.
Internal MISP references
UUID 96d479df-d312-4af7-a47d-2597a66291f1 which can be used as unique global reference for ThreatConnect Infrastructure Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2020-12-15T00:00:00Z |
| source | MITRE |
| title | Infrastructure Research and Hunting: Boiling the Domain Ocean |
Init Man Page
Kerrisk, M. (2021, March 22). INIT_MODULE(2). Retrieved September 28, 2021.
Internal MISP references
UUID ab9c01ad-905e-4f73-b64f-1c6a5fb9a375 which can be used as unique global reference for Init Man Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2021-03-22T00:00:00Z |
| source | MITRE |
| title | INIT_MODULE(2) |
Proofpoint RTF Injection
Raggi, M. (2021, December 1). Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors . Retrieved December 9, 2021.
Internal MISP references
UUID 8deb6edb-293f-4b9d-882a-541675864eb5 which can be used as unique global reference for Proofpoint RTF Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-09T00:00:00Z |
| date_published | 2021-12-01T00:00:00Z |
| source | MITRE |
| title | Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors |
HighTech Bridge Inline Hooking Sept 2011
Mariani, B. (2011, September 6). Inline Hooking in Windows. Retrieved December 12, 2017.
Internal MISP references
UUID 39ad1769-3dfb-4572-ab82-1e0c4f869ec8 which can be used as unique global reference for HighTech Bridge Inline Hooking Sept 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2011-09-06T00:00:00Z |
| source | MITRE |
| title | Inline Hooking in Windows |
Stuart ELF Memory
Stuart. (2018, March 31). In-Memory-Only ELF Execution (Without tmpfs). Retrieved October 4, 2021.
Internal MISP references
UUID 402745e1-a65a-4fa1-a86d-99b37221095c which can be used as unique global reference for Stuart ELF Memory in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2018-03-31T00:00:00Z |
| source | MITRE |
| title | In-Memory-Only ELF Execution (Without tmpfs) |
ASERT InnaputRAT April 2018
ASERT Team. (2018, April 04). Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files. Retrieved July 9, 2018.
Internal MISP references
UUID 29c6575f-9e47-48cb-8162-15280002a6d5 which can be used as unique global reference for ASERT InnaputRAT April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-09T00:00:00Z |
| date_published | 2018-04-04T00:00:00Z |
| source | MITRE |
| title | Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files |
Microsoft Holmium June 2020
Microsoft Threat Protection Intelligence Team. (2020, June 18). Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint. Retrieved June 22, 2020.
Internal MISP references
UUID c249bfcf-25c4-4502-b5a4-17783d581163 which can be used as unique global reference for Microsoft Holmium June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-22T00:00:00Z |
| date_published | 2020-06-18T00:00:00Z |
| source | MITRE |
| title | Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint |
RiskIQ British Airways September 2018
Klijnsma, Y. (2018, September 11). Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims. Retrieved September 9, 2020.
Internal MISP references
UUID f6c0f295-c034-4957-8cd9-e2f4b89b5671 which can be used as unique global reference for RiskIQ British Airways September 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-09T00:00:00Z |
| date_published | 2018-09-11T00:00:00Z |
| source | MITRE |
| title | Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims |
Arbor AnnualDoSreport Jan 2018
Philippe Alcoy, Steinthor Bjarnason, Paul Bowen, C.F. Chui, Kirill Kasavchnko, and Gary Sockrider of Netscout Arbor. (2018, January). Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report. Retrieved April 22, 2019.
Internal MISP references
UUID cede4c72-718b-48c2-8a59-1f91555f6cf6 which can be used as unique global reference for Arbor AnnualDoSreport Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2018-01-01T00:00:00Z |
| source | MITRE |
| title | Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report |
FireEye APT33 Sept 2017
O'Leary, J., et al. (2017, September 20). Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved February 15, 2018.
Internal MISP references
UUID 70610469-db0d-45ab-a790-6e56309a39ec which can be used as unique global reference for FireEye APT33 Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-09-20T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware |
Installer Package Scripting Rich Trouton
Rich Trouton. (2019, August 9). Installer Package Scripting: Making your deployments easier, one ! at a time. Retrieved September 27, 2022.
Internal MISP references
UUID 7a877b67-ac4b-4d82-860a-75b5f0b8daae which can be used as unique global reference for Installer Package Scripting Rich Trouton in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-27T00:00:00Z |
| date_published | 2019-08-09T00:00:00Z |
| source | MITRE |
| title | Installer Package Scripting: Making your deployments easier, one ! at a time |
Microsoft Install Password Filter n.d
Microsoft. (n.d.). Installing and Registering a Password Filter DLL. Retrieved November 21, 2017.
Internal MISP references
UUID 6e440b5d-e09a-4d65-b874-2c5babaa609d which can be used as unique global reference for Microsoft Install Password Filter n.d in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| source | MITRE |
| title | Installing and Registering a Password Filter DLL |
Microsoft Unsigned Driver Apr 2017
Microsoft. (2017, April 20). Installing an Unsigned Driver during Development and Test. Retrieved April 22, 2021.
Internal MISP references
UUID 5964ff2e-0860-4e00-8103-89ba6466314c which can be used as unique global reference for Microsoft Unsigned Driver Apr 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| date_published | 2017-04-20T00:00:00Z |
| source | MITRE |
| title | Installing an Unsigned Driver during Development and Test |
LOLBAS Installutil
LOLBAS. (n.d.). Installutil.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 7dfb2c45-862a-4c25-a65a-55abea4b0e44 which can be used as unique global reference for LOLBAS Installutil in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Installutil.exe |
MSDN InstallUtil
Microsoft. (n.d.). Installutil.exe (Installer Tool). Retrieved July 1, 2016.
Internal MISP references
UUID 54d962fc-4ca6-4f5f-b383-ec87d711a764 which can be used as unique global reference for MSDN InstallUtil in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-01T00:00:00Z |
| source | MITRE |
| title | Installutil.exe (Installer Tool) |
AWS Instance Identity Documents
Amazon. (n.d.). Instance identity documents. Retrieved April 2, 2021.
Internal MISP references
UUID efff0080-59fc-4ba7-ac91-771358f68405 which can be used as unique global reference for AWS Instance Identity Documents in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-02T00:00:00Z |
| source | MITRE |
| title | Instance identity documents |
AWS Instance Metadata API
AWS. (n.d.). Instance Metadata and User Data. Retrieved July 18, 2019.
Internal MISP references
UUID 54a17f92-d73d-469f-87b3-34fb633bd9ed which can be used as unique global reference for AWS Instance Metadata API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-18T00:00:00Z |
| source | MITRE |
| title | Instance Metadata and User Data |
RedLock Instance Metadata API 2018
Higashi, Michael. (2018, May 15). Instance Metadata API: A Modern Day Trojan Horse. Retrieved July 16, 2019.
Internal MISP references
UUID f85fa206-d5bf-41fc-a521-01ad6281bee7 which can be used as unique global reference for RedLock Instance Metadata API 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-16T00:00:00Z |
| date_published | 2018-05-15T00:00:00Z |
| source | MITRE |
| title | Instance Metadata API: A Modern Day Trojan Horse |
Nick Tyrer GitHub
Tyrer, N. (n.d.). Instructions. Retrieved August 10, 2020.
Internal MISP references
UUID f4f89926-71eb-4130-a644-8240d2bab721 which can be used as unique global reference for Nick Tyrer GitHub in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-10T00:00:00Z |
| source | MITRE |
| title | Instructions |
Intel Hardware-based Security Technologies
Intel. (2013). Intel Hardware-based Security Technologies for Intelligent Retail Devices. Retrieved May 19, 2020.
Internal MISP references
UUID bffb9e71-ba97-4010-9ad7-29eb330a350c which can be used as unique global reference for Intel Hardware-based Security Technologies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-19T00:00:00Z |
| date_published | 2013-01-01T00:00:00Z |
| source | MITRE |
| title | Intel Hardware-based Security Technologies for Intelligent Retail Devices |
Microsoft ISAPI Extension All Incoming 2017
Microsoft. (2017, June 16). Intercepting All Incoming IIS Requests. Retrieved June 3, 2021.
Internal MISP references
UUID 7d182eee-eaa8-4b6f-803d-8eb64e338663 which can be used as unique global reference for Microsoft ISAPI Extension All Incoming 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-03T00:00:00Z |
| date_published | 2017-06-16T00:00:00Z |
| source | MITRE |
| title | Intercepting All Incoming IIS Requests |
Clymb3r Function Hook Passwords Sept 2013
Bialek, J. (2013, September 15). Intercepting Password Changes With Function Hooking. Retrieved November 21, 2017.
Internal MISP references
UUID 4889912b-4512-45c7-83d3-70ae47c5a4a0 which can be used as unique global reference for Clymb3r Function Hook Passwords Sept 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2013-09-15T00:00:00Z |
| source | MITRE |
| title | Intercepting Password Changes With Function Hooking |
Microsoft ICMP
Microsoft. (n.d.). Internet Control Message Protocol (ICMP) Basics. Retrieved December 1, 2014.
Internal MISP references
UUID 47612548-dad1-4bf3-aa6f-a53aefa06f6a which can be used as unique global reference for Microsoft ICMP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-01T00:00:00Z |
| source | MITRE |
| title | Internet Control Message Protocol (ICMP) Basics |
Linux IPC
N/A. (2021, April 1). Inter Process Communication (IPC). Retrieved March 11, 2022.
Internal MISP references
UUID 05293061-ce09-49b5-916a-bb7353acfdfa which can be used as unique global reference for Linux IPC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-11T00:00:00Z |
| date_published | 2021-04-01T00:00:00Z |
| source | MITRE |
| title | Inter Process Communication (IPC) |
HackerNews - 3 SaaS App Cyber Attacks - April 2022
Hananel Livneh. (2022, April 7). Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022. Retrieved May 31, 2022.
Internal MISP references
UUID e4ff75cd-b8fd-4fba-a2da-379a073003ab which can be used as unique global reference for HackerNews - 3 SaaS App Cyber Attacks - April 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-31T00:00:00Z |
| date_published | 2022-04-07T00:00:00Z |
| source | MITRE |
| title | Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022 |
RedCanary Mockingbird May 2020
Lambert, T. (2020, May 7). Introducing Blue Mockingbird. Retrieved May 26, 2020.
Internal MISP references
UUID 596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0 which can be used as unique global reference for RedCanary Mockingbird May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| date_published | 2020-05-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Introducing Blue Mockingbird |
Fidelis Hi-Zor
Fidelis Threat Research Team. (2016, January 27). Introducing Hi-Zor RAT. Retrieved March 24, 2016.
Internal MISP references
UUID 0c9ff201-283a-4527-8cb8-6f0d05a4f724 which can be used as unique global reference for Fidelis Hi-Zor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2016-01-27T00:00:00Z |
| source | MITRE |
| title | Introducing Hi-Zor RAT |
Roadtools
Dirk-jan Mollema. (2020, April 16). Introducing ROADtools - The Azure AD exploration framework. Retrieved January 31, 2022.
Internal MISP references
UUID 803f3512-1831-4535-8b16-b89fae20f944 which can be used as unique global reference for Roadtools in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-31T00:00:00Z |
| date_published | 2020-04-16T00:00:00Z |
| source | MITRE |
| title | Introducing ROADtools - The Azure AD exploration framework |
Talos ROKRAT
Mercer, W., Rascagneres, P. (2017, April 03). Introducing ROKRAT. Retrieved May 21, 2018.
Internal MISP references
UUID 1bd78a2f-2bc6-426f-ac9f-16bf3fdf4cdf which can be used as unique global reference for Talos ROKRAT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-21T00:00:00Z |
| date_published | 2017-04-03T00:00:00Z |
| source | MITRE |
| title | Introducing ROKRAT |
Microsoft Open XML July 2017
Microsoft. (2014, July 9). Introducing the Office (2007) Open XML File Formats. Retrieved July 20, 2018.
Internal MISP references
UUID 8145f894-6477-4629-81de-1dd26070ee0a which can be used as unique global reference for Microsoft Open XML July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-20T00:00:00Z |
| date_published | 2014-07-09T00:00:00Z |
| source | MITRE |
| title | Introducing the Office (2007) Open XML File Formats |
Securelist WhiteBear Aug 2017
Kaspersky Lab's Global Research & Analysis Team. (2017, August 30). Introducing WhiteBear. Retrieved September 21, 2017.
Internal MISP references
UUID 44626060-3d9b-480e-b4ea-7dac27878e5e which can be used as unique global reference for Securelist WhiteBear Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-21T00:00:00Z |
| date_published | 2017-08-30T00:00:00Z |
| source | MITRE |
| title | Introducing WhiteBear |
MalwareBytes ADS July 2015
Arntz, P. (2015, July 22). Introduction to Alternate Data Streams. Retrieved March 21, 2018.
Internal MISP references
UUID b552cf89-1880-48de-9088-c755c38821c1 which can be used as unique global reference for MalwareBytes ADS July 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-21T00:00:00Z |
| date_published | 2015-07-22T00:00:00Z |
| source | MITRE |
| title | Introduction to Alternate Data Streams |
Apple AppleScript
Apple. (2016, January 25). Introduction to AppleScript Language Guide. Retrieved March 28, 2020.
Internal MISP references
UUID b23abcb8-3004-4a42-8ada-58cdbd65e171 which can be used as unique global reference for Apple AppleScript in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-28T00:00:00Z |
| date_published | 2016-01-25T00:00:00Z |
| source | MITRE |
| title | Introduction to AppleScript Language Guide |
Microsoft Outlook Files
Microsoft. (n.d.). Introduction to Outlook Data Files (.pst and .ost). Retrieved February 19, 2020.
Internal MISP references
UUID 29f4cc6b-1fa5-434d-ab4f-6bb169e2287a which can be used as unique global reference for Microsoft Outlook Files in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-19T00:00:00Z |
| source | MITRE |
| title | Introduction to Outlook Data Files (.pst and .ost) |
Microsoft Intro Print Processors
Microsoft. (2023, June 26). Introduction to print processors. Retrieved September 27, 2023.
Internal MISP references
UUID ba04b0d0-1c39-5f48-824c-110ee7affbf3 which can be used as unique global reference for Microsoft Intro Print Processors in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2023-06-26T00:00:00Z |
| source | MITRE |
| title | Introduction to print processors |
Microsoft Services
Microsoft. (2017, March 30). Introduction to Windows Service Applications. Retrieved September 28, 2021.
Internal MISP references
UUID 444c8983-47ef-45b4-a3a6-5566f4fa2732 which can be used as unique global reference for Microsoft Services in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2017-03-30T00:00:00Z |
| source | MITRE |
| title | Introduction to Windows Service Applications |
Red Canary NETWIRE January 2020
Lambert, T. (2020, January 29). Intro to Netwire. Retrieved January 7, 2021.
Internal MISP references
UUID 563249e1-edda-48fc-ac90-f198dd71619e which can be used as unique global reference for Red Canary NETWIRE January 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-07T00:00:00Z |
| date_published | 2020-01-29T00:00:00Z |
| source | MITRE |
| title | Intro to Netwire |
Discord Intro to Webhooks
D. (n.d.). Intro to Webhooks. Retrieved July 20, 2023.
Internal MISP references
UUID bf5b3773-29cc-539a-a0f0-a6d1d63dee2d which can be used as unique global reference for Discord Intro to Webhooks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-20T00:00:00Z |
| source | MITRE |
| title | Intro to Webhooks |
GitHub Inveigh
Robertson, K. (2015, April 2). Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. Retrieved March 11, 2019.
Internal MISP references
UUID cca306e5-f9da-4782-a06f-ba3ad70e34ca which can be used as unique global reference for GitHub Inveigh in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-11T00:00:00Z |
| date_published | 2015-04-02T00:00:00Z |
| source | MITRE |
| title | Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool |
Summit Route Malicious AMIs
Piper, S.. (2018, September 24). Investigating Malicious AMIs. Retrieved March 30, 2021.
Internal MISP references
UUID e93e16fc-4ae4-4f1f-9d80-dc48c1c30e25 which can be used as unique global reference for Summit Route Malicious AMIs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| date_published | 2018-09-24T00:00:00Z |
| source | MITRE |
| title | Investigating Malicious AMIs |
inv_ps_attacks
Hastings, M. (2014, July 16). Investigating PowerShell Attacks. Retrieved December 1, 2021.
Internal MISP references
UUID 07d9d2c6-dd79-42a5-9024-ba0e66b1913b which can be used as unique global reference for inv_ps_attacks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-01T00:00:00Z |
| date_published | 2014-07-16T00:00:00Z |
| source | MITRE |
| title | Investigating PowerShell Attacks |
Kazanciyan 2014
Kazanciyan, R. & Hastings, M. (2014). Defcon 22 Presentation. Investigating PowerShell Attacks [slides]. Retrieved November 3, 2014.
Internal MISP references
UUID bd3f04cd-04ef-41f0-9a15-d9f0a3ed1db9 which can be used as unique global reference for Kazanciyan 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-03T00:00:00Z |
| source | MITRE |
| title | Investigating PowerShell Attacks [slides] |
Beek Use of VHD Dec 2020
Beek, C. (2020, December 3). Investigating the Use of VHD Files By Cybercriminals. Retrieved February 22, 2021.
Internal MISP references
UUID 7a1131ab-e4b1-4569-8e28-3650312cc804 which can be used as unique global reference for Beek Use of VHD Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2020-12-03T00:00:00Z |
| source | MITRE |
| title | Investigating the Use of VHD Files By Cybercriminals |
ESET InvisiMole June 2018
Hromcová, Z. (2018, June 07). InvisiMole: Surprisingly equipped spyware, undercover since 2013. Retrieved July 10, 2018.
Internal MISP references
UUID 629fa1d8-06cb-405c-a2f7-c511b54cd727 which can be used as unique global reference for ESET InvisiMole June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-10T00:00:00Z |
| date_published | 2018-06-07T00:00:00Z |
| source | MITRE |
| title | InvisiMole: Surprisingly equipped spyware, undercover since 2013 |
ESET InvisiMole June 2020
Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE HIDDEN PART OF THE STORY. Retrieved July 16, 2020.
Internal MISP references
UUID d10cfda8-8fd8-4ada-8c61-dba6065b0bac which can be used as unique global reference for ESET InvisiMole June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-16T00:00:00Z |
| date_published | 2020-06-01T00:00:00Z |
| source | MITRE |
| title | INVISIMOLE: THE HIDDEN PART OF THE STORY |
GitHub OmerYa Invisi-Shell
Yair, O. (2019, August 19). Invisi-Shell. Retrieved June 24, 2020.
Internal MISP references
UUID 26c1b8f4-ff59-409e-b616-04eee38a8a9f which can be used as unique global reference for GitHub OmerYa Invisi-Shell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| date_published | 2019-08-19T00:00:00Z |
| source | MITRE |
| title | Invisi-Shell |
Invoke-DOSfuscation
Bohannon, D. (2018, March 19). Invoke-DOSfuscation. Retrieved March 17, 2023.
Internal MISP references
UUID d2f7fe4a-1a3a-5b26-8247-4f05c96974bf which can be used as unique global reference for Invoke-DOSfuscation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2018-03-19T00:00:00Z |
| source | MITRE |
| title | Invoke-DOSfuscation |
PowerSploit Invoke Kerberoast
Schroeder, W. & Hart M. (2016, October 31). Invoke-Kerberoast. Retrieved March 23, 2018.
Internal MISP references
UUID 8db88e6f-3d45-4896-87e9-75b24c8628f3 which can be used as unique global reference for PowerSploit Invoke Kerberoast in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-23T00:00:00Z |
| date_published | 2016-10-31T00:00:00Z |
| source | MITRE |
| title | Invoke-Kerberoast |
Empire InvokeKerberoast Oct 2016
EmpireProject. (2016, October 31). Invoke-Kerberoast.ps1. Retrieved March 22, 2018.
Internal MISP references
UUID a358bf8f-166e-4726-adfd-415e953d4ffe which can be used as unique global reference for Empire InvokeKerberoast Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-22T00:00:00Z |
| date_published | 2016-10-31T00:00:00Z |
| source | MITRE |
| title | Invoke-Kerberoast.ps1 |
Github PowerSploit Ninjacopy
Bialek, J. (2015, December 16). Invoke-NinjaCopy.ps1. Retrieved June 2, 2016.
Internal MISP references
UUID e92aed6b-348b-4dab-8292-fee0698e4a85 which can be used as unique global reference for Github PowerSploit Ninjacopy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-02T00:00:00Z |
| date_published | 2015-12-16T00:00:00Z |
| source | MITRE |
| title | Invoke-NinjaCopy.ps1 |
Invoke-Obfuscation
Bohannon, D. (2016, September 24). Invoke-Obfuscation. Retrieved March 17, 2023.
Internal MISP references
UUID 4cc6a80f-d758-524b-9519-5b839d4918bd which can be used as unique global reference for Invoke-Obfuscation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2016-09-24T00:00:00Z |
| source | MITRE |
| title | Invoke-Obfuscation |
GitHub Invoke-Obfuscation
Bohannon, D.. (2017, March 13). Invoke-Obfuscation - PowerShell Obfuscator. Retrieved June 18, 2017.
Internal MISP references
UUID 956b3d80-4e19-4cab-a65f-ad86f233aa12 which can be used as unique global reference for GitHub Invoke-Obfuscation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-18T00:00:00Z |
| date_published | 2017-03-13T00:00:00Z |
| source | MITRE |
| title | Invoke-Obfuscation - PowerShell Obfuscator |
GitHub PSImage
Barrett Adams . (n.d.). Invoke-PSImage . Retrieved September 30, 2022.
Internal MISP references
UUID 449c873c-c5af-45b8-8bd7-505d2181a05c which can be used as unique global reference for GitHub PSImage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| source | MITRE |
| title | Invoke-PSImage |
GitHub Invoke-PSImage
Adams, B. (2017, December 17). Invoke-PSImage. Retrieved April 10, 2018.
Internal MISP references
UUID dd210b79-bd5f-4282-9542-4d1ae2f16438 which can be used as unique global reference for GitHub Invoke-PSImage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-10T00:00:00Z |
| date_published | 2017-12-17T00:00:00Z |
| source | MITRE |
| title | Invoke-PSImage |
Wikipedia Xen
Xen. (n.d.). In Wikipedia. Retrieved November 13, 2014.
Internal MISP references
UUID 4ce05edd-da25-4559-8489-b78cdd2c0f3d which can be used as unique global reference for Wikipedia Xen in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-13T00:00:00Z |
| source | MITRE |
| title | In Wikipedia |
TechNet Ipconfig
Microsoft. (n.d.). Ipconfig. Retrieved April 17, 2016.
Internal MISP references
UUID 8a6e6f59-70fb-48bf-96d2-318dd92df995 which can be used as unique global reference for TechNet Ipconfig in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-17T00:00:00Z |
| source | MITRE |
| title | Ipconfig |
cisco_ip_ssh_pubkey_ch_cmd
Cisco. (2021, August 23). ip ssh pubkey-chain. Retrieved July 13, 2022.
Internal MISP references
UUID c6ffe974-f304-598c-bc4d-5da607c73802 which can be used as unique global reference for cisco_ip_ssh_pubkey_ch_cmd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2021-08-23T00:00:00Z |
| source | MITRE |
| title | ip ssh pubkey-chain |
Symantec Chafer Dec 2015
Symantec Security Response. (2015, December 7). Iran-based attackers use back door threats to spy on Middle Eastern targets. Retrieved April 17, 2019.
Internal MISP references
UUID 0a6166a3-5649-4117-97f4-7b8b5b559929 which can be used as unique global reference for Symantec Chafer Dec 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2015-12-07T00:00:00Z |
| source | MITRE |
| title | Iran-based attackers use back door threats to spy on Middle Eastern targets |
CISA AA20-259A Iran-Based Actor September 2020
CISA. (2020, September 15). Iran-Based Threat Actor Exploits VPN Vulnerabilities. Retrieved December 21, 2020.
Internal MISP references
UUID 1bbc9446-9214-4fcd-bc7c-bf528370b4f8 which can be used as unique global reference for CISA AA20-259A Iran-Based Actor September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| date_published | 2020-09-15T00:00:00Z |
| source | MITRE |
| title | Iran-Based Threat Actor Exploits VPN Vulnerabilities |
U.S. CISA Iran Voter Data November 3 2020
Cybersecurity and Infrastructure Security Agency. (2020, November 3). Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data. Retrieved October 25, 2023.
Internal MISP references
UUID be89be75-c33f-4c58-8bf0-979c1debaad7 which can be used as unique global reference for U.S. CISA Iran Voter Data November 3 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| date_published | 2020-11-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data |
ClearSky MuddyWater June 2019
ClearSky. (2019, June). Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal. Retrieved May 14, 2020.
Internal MISP references
UUID 9789d60b-a417-42dc-b690-24ccb77b8658 which can be used as unique global reference for ClearSky MuddyWater June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-14T00:00:00Z |
| date_published | 2019-06-01T00:00:00Z |
| source | MITRE |
| title | Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal |
Talos MuddyWater Jan 2022
Malhortra, A and Ventura, V. (2022, January 31). Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables. Retrieved June 22, 2022.
Internal MISP references
UUID a2d79c6a-16d6-4dbd-b8a5-845dcc36212d which can be used as unique global reference for Talos MuddyWater Jan 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-22T00:00:00Z |
| date_published | 2022-01-31T00:00:00Z |
| source | MITRE |
| title | Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables |
BitDefender Chafer May 2020
Rusu, B. (2020, May 21). Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia. Retrieved May 22, 2020.
Internal MISP references
UUID 24ea6a5d-2593-4639-8616-72988bf2fa07 which can be used as unique global reference for BitDefender Chafer May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-22T00:00:00Z |
| date_published | 2020-05-21T00:00:00Z |
| source | MITRE |
| title | Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia |
DHS CISA AA22-055A MuddyWater February 2022
FBI, CISA, CNMF, NCSC-UK. (2022, February 24). Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks. Retrieved September 27, 2022.
Internal MISP references
UUID e76570e1-43ab-4819-80bc-895ede67a205 which can be used as unique global reference for DHS CISA AA22-055A MuddyWater February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-27T00:00:00Z |
| date_published | 2022-02-24T00:00:00Z |
| source | MITRE |
| title | Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks |
U.S. CISA Advisory November 25 2022
Cybersecurity and Infrastructure Security Agency. (2022, November 25). Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. Retrieved October 25, 2023.
Internal MISP references
UUID daae1f54-8471-4620-82d5-023d04144acd which can be used as unique global reference for U.S. CISA Advisory November 25 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| date_published | 2022-11-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester |
U.S. CISA Iranian Government Actors November 19 2021
Cybersecurity and Infrastructure Security Agency. (2021, November 19). Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities. Retrieved October 25, 2023.
Internal MISP references
UUID d7014279-bc6a-43d4-953a-a6bc1d97a13b which can be used as unique global reference for U.S. CISA Iranian Government Actors November 19 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| date_published | 2021-11-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities |
NEWSCASTER2014
Lennon, M. (2014, May 29). Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation. Retrieved March 1, 2017.
Internal MISP references
UUID 9abb4bbb-bad3-4d22-b235-c8a35465f2ce which can be used as unique global reference for NEWSCASTER2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2014-05-29T00:00:00Z |
| source | MITRE |
| title | Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation |
CYBERCOM Iranian Intel Cyber January 2022
Cyber National Mission Force. (2022, January 12). Iranian intel cyber suite of malware uses open source tools. Retrieved September 30, 2022.
Internal MISP references
UUID 671e1559-c7dc-4cb4-a9a1-21776f2ae56a which can be used as unique global reference for CYBERCOM Iranian Intel Cyber January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2022-01-12T00:00:00Z |
| source | MITRE |
| title | Iranian intel cyber suite of malware uses open source tools |
U.S. CISA IRGC Actors September 14 2022
Cybersecurity and Infrastructure Security Agency. (2022, September 14). Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. Retrieved October 25, 2023.
Internal MISP references
UUID 728b20b0-f702-4dbe-afea-50270648a3a2 which can be used as unique global reference for U.S. CISA IRGC Actors September 14 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-25T00:00:00Z |
| date_published | 2022-09-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations |
Secureworks Cobalt Gypsy Feb 2017
Counter Threat Unit Research Team. (2017, February 15). Iranian PupyRAT Bites Middle Eastern Organizations. Retrieved December 27, 2017.
Internal MISP references
UUID f9de25b4-5539-4a33-84b5-f26a84544859 which can be used as unique global reference for Secureworks Cobalt Gypsy Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-27T00:00:00Z |
| date_published | 2017-02-15T00:00:00Z |
| source | MITRE |
| title | Iranian PupyRAT Bites Middle Eastern Organizations |
ClearSky OilRig Jan 2017
ClearSky Cybersecurity. (2017, January 5). Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford. Retrieved May 3, 2017.
Internal MISP references
UUID f19f9ad4-bb31-443b-9c26-87946469a0c3 which can be used as unique global reference for ClearSky OilRig Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-03T00:00:00Z |
| date_published | 2017-01-05T00:00:00Z |
| source | MITRE |
| title | Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford |
FireEye MuddyWater Mar 2018
Singh, S. et al.. (2018, March 13). Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign. Retrieved April 11, 2018.
Internal MISP references
UUID 82cddfa6-9463-49bb-8bdc-0c7d6b0e1472 which can be used as unique global reference for FireEye MuddyWater Mar 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2018-03-13T00:00:00Z |
| source | MITRE |
| title | Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign |
Check Point APT34 April 2021
Check Point. (2021, April 8). Iran’s APT34 Returns with an Updated Arsenal. Retrieved May 5, 2021.
Internal MISP references
UUID 593e8f9f-88ec-4bdc-90c3-1a320fa8a041 which can be used as unique global reference for Check Point APT34 April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-05T00:00:00Z |
| date_published | 2021-04-08T00:00:00Z |
| source | MITRE |
| title | Iran’s APT34 Returns with an Updated Arsenal |
Dark Reading APT39 JAN 2019
Higgins, K. (2019, January 30). Iran Ups its Traditional Cyber Espionage Tradecraft. Retrieved May 22, 2020.
Internal MISP references
UUID b310dfa4-f4ee-4a0c-82af-b0fdef1a1f58 which can be used as unique global reference for Dark Reading APT39 JAN 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-22T00:00:00Z |
| date_published | 2019-01-30T00:00:00Z |
| source | MITRE |
| title | Iran Ups its Traditional Cyber Espionage Tradecraft |
U.S. CISA IRGC-Affiliated PLC Activity December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 1). IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities. Retrieved December 5, 2023.
Internal MISP references
UUID 51a18523-5276-4a67-8644-2bc6997d043c which can be used as unique global reference for U.S. CISA IRGC-Affiliated PLC Activity December 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-05T00:00:00Z |
| date_published | 2023-12-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities |
Secureworks IRON HEMLOCK Profile
Secureworks CTU. (n.d.). IRON HEMLOCK. Retrieved February 22, 2022.
Internal MISP references
UUID 36191a48-4661-42ea-b194-2915c9b184f3 which can be used as unique global reference for Secureworks IRON HEMLOCK Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-22T00:00:00Z |
| source | MITRE |
| title | IRON HEMLOCK |
Secureworks IRON HUNTER Profile
Secureworks CTU. (n.d.). IRON HUNTER. Retrieved February 22, 2022.
Internal MISP references
UUID af5cb7da-61e0-49dc-8132-c019ce5ea6d3 which can be used as unique global reference for Secureworks IRON HUNTER Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-22T00:00:00Z |
| source | MITRE |
| title | IRON HUNTER |
Secureworks IRON LIBERTY
Secureworks. (n.d.). IRON LIBERTY. Retrieved October 15, 2020.
Internal MISP references
UUID b82ba824-4543-41ec-a686-6479d5f67b4d which can be used as unique global reference for Secureworks IRON LIBERTY in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | IRON LIBERTY |
Unit 42 IronNetInjector February 2021
Reichel, D. (2021, February 19). IronNetInjector: Turla’s New Malware Loading Tool. Retrieved February 24, 2021.
Internal MISP references
UUID f04c89f7-d951-4ebc-a5e4-2cc69476c43f which can be used as unique global reference for Unit 42 IronNetInjector February 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-24T00:00:00Z |
| date_published | 2021-02-19T00:00:00Z |
| source | MITRE |
| title | IronNetInjector: Turla’s New Malware Loading Tool |
Secureworks IRON RITUAL Profile
Secureworks CTU. (n.d.). IRON RITUAL. Retrieved February 24, 2022.
Internal MISP references
UUID c1ff66d6-3ea3-4347-8a8b-447cd8b48dab which can be used as unique global reference for Secureworks IRON RITUAL Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-24T00:00:00Z |
| source | MITRE |
| title | IRON RITUAL |
Trend Micro Iron Tiger April 2021
Lunghi, D. and Lu, K. (2021, April 9). Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware. Retrieved November 12, 2021.
Internal MISP references
UUID d0890d4f-e7ca-4280-a54e-d147f6dd72aa which can be used as unique global reference for Trend Micro Iron Tiger April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-12T00:00:00Z |
| date_published | 2021-04-09T00:00:00Z |
| source | MITRE |
| title | Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware |
Lunghi Iron Tiger Linux
Daniel Lunghi. (2023, March 1). Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting. Retrieved March 20, 2023.
Internal MISP references
UUID 1acc2a21-4456-5fbc-9732-87550cea8b53 which can be used as unique global reference for Lunghi Iron Tiger Linux in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-20T00:00:00Z |
| date_published | 2023-03-01T00:00:00Z |
| source | MITRE |
| title | Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting |
Secureworks IRON TILDEN Profile
Secureworks CTU. (n.d.). IRON TILDEN. Retrieved February 24, 2022.
Internal MISP references
UUID 45969d87-02c1-4074-b708-59f4c3e39426 which can be used as unique global reference for Secureworks IRON TILDEN Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-24T00:00:00Z |
| source | MITRE |
| title | IRON TILDEN |
Secureworks IRON TWILIGHT Profile
Secureworks CTU. (n.d.). IRON TWILIGHT. Retrieved February 28, 2022.
Internal MISP references
UUID 2fc5b9dc-3745-4760-b116-5cc5abb9101d which can be used as unique global reference for Secureworks IRON TWILIGHT Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-28T00:00:00Z |
| source | MITRE |
| title | IRON TWILIGHT |
Secureworks IRON TWILIGHT Active Measures March 2017
Secureworks CTU. (2017, March 30). IRON TWILIGHT Supports Active Measures. Retrieved February 28, 2022.
Internal MISP references
UUID 0d28c882-5175-4bcf-9c82-e6c4394326b6 which can be used as unique global reference for Secureworks IRON TWILIGHT Active Measures March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-28T00:00:00Z |
| date_published | 2017-03-30T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | IRON TWILIGHT Supports Active Measures |
Secureworks IRON VIKING
Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.
Internal MISP references
UUID 900753b3-c5a2-4fb5-ab7b-d38df867077b which can be used as unique global reference for Secureworks IRON VIKING in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2020-05-01T00:00:00Z |
| source | MITRE |
| title | IRON VIKING Threat Profile |
ESET Hermetic Wizard March 2022
ESET. (2022, March 1). IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine. Retrieved April 10, 2022.
Internal MISP references
UUID e0337ce9-2ca9-4877-b116-8c4d9d864df0 which can be used as unique global reference for ESET Hermetic Wizard March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-10T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine |
Microsoft ISAPICGIRestriction 2016
Microsoft. (2016, September 26). ISAPI/CGI Restrictions
Internal MISP references
UUID 7d42501b-5a6e-4916-aa58-64ce6c00501e which can be used as unique global reference for Microsoft ISAPICGIRestriction 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-03T00:00:00Z |
| date_published | 2016-09-26T00:00:00Z |
| source | MITRE |
| title | ISAPI/CGI Restrictions |
Microsoft ISAPI Extension Overview 2017
Microsoft. (2017, June 16). ISAPI Extension Overview. Retrieved June 3, 2021.
Internal MISP references
UUID d00a692f-b990-4757-8acd-56818462ac0c which can be used as unique global reference for Microsoft ISAPI Extension Overview 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-03T00:00:00Z |
| date_published | 2017-06-16T00:00:00Z |
| source | MITRE |
| title | ISAPI Extension Overview |
Microsoft ISAPI Filter Overview 2017
Microsoft. (2017, June 16). ISAPI Filter Overview. Retrieved June 3, 2021.
Internal MISP references
UUID 2fdbf1ba-0480-4d70-9981-3b5967656472 which can be used as unique global reference for Microsoft ISAPI Filter Overview 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-03T00:00:00Z |
| date_published | 2017-06-16T00:00:00Z |
| source | MITRE |
| title | ISAPI Filter Overview |
iSight Sandworm Oct 2014
Ward, S.. (2014, October 14). iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign. Retrieved June 10, 2020.
Internal MISP references
UUID 31262b8d-27fb-4976-9d53-4fb39b5b835a which can be used as unique global reference for iSight Sandworm Oct 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2014-10-14T00:00:00Z |
| source | MITRE |
| title | iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign |
CrySyS Blog TeamSpy
CrySyS Lab. (2013, March 20). TeamSpy – Obshie manevri. Ispolzovat’ tolko s razreshenija S-a. Retrieved April 11, 2018.
Internal MISP references
UUID f21ea3e2-7983-44d2-b78f-80d84bbc4f52 which can be used as unique global reference for CrySyS Blog TeamSpy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| source | MITRE |
| title | Ispolzovat’ tolko s razreshenija S-a |
NYTStuxnet
William J. Broad, John Markoff, and David E. Sanger. (2011, January 15). Israeli Test on Worm Called Crucial in Iran Nuclear Delay. Retrieved March 1, 2017.
Internal MISP references
UUID 38b0cf78-88d0-487f-b2b0-81264f457dd0 which can be used as unique global reference for NYTStuxnet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2011-01-15T00:00:00Z |
| source | MITRE |
| title | Israeli Test on Worm Called Crucial in Iran Nuclear Delay |
Microsoft Issues with BITS July 2011
Microsoft. (2011, July 19). Issues with BITS. Retrieved January 12, 2018.
Internal MISP references
UUID c67ddc5e-9e6c-40c0-9876-ee191cda7658 which can be used as unique global reference for Microsoft Issues with BITS July 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| date_published | 2011-07-19T00:00:00Z |
| source | MITRE |
| title | Issues with BITS |
Ready.gov IT DRP
Ready.gov. (n.d.). IT Disaster Recovery Plan. Retrieved March 15, 2019.
Internal MISP references
UUID 66da7fcb-421b-4e2f-b575-222f465d5901 which can be used as unique global reference for Ready.gov IT DRP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-15T00:00:00Z |
| source | MITRE |
| title | IT Disaster Recovery Plan |
Security Intelligence ITG08 April 2020
Villadsen, O. (2020, April 7). ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework. Retrieved October 8, 2020.
Internal MISP references
UUID 32569f59-14fb-4581-8a42-3bf49fb189e9 which can be used as unique global reference for Security Intelligence ITG08 April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-08T00:00:00Z |
| date_published | 2020-04-07T00:00:00Z |
| source | MITRE |
| title | ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework |
Talos Frankenstein June 2019
Adamitis, D. et al. (2019, June 4). It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign. Retrieved May 11, 2020.
Internal MISP references
UUID a6faa495-db01-43e8-9db3-d446570802bc which can be used as unique global reference for Talos Frankenstein June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-11T00:00:00Z |
| date_published | 2019-06-04T00:00:00Z |
| source | MITRE |
| title | It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign |
AdSecurity Forging Trust Tickets
Metcalf, S. (2015, July 15). It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts. Retrieved February 14, 2019.
Internal MISP references
UUID 09d3ccc1-cd8a-4675-88c0-84110f5b8e8b which can be used as unique global reference for AdSecurity Forging Trust Tickets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-14T00:00:00Z |
| date_published | 2015-07-15T00:00:00Z |
| source | MITRE |
| title | It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts |
It’s Always DarkGate Before the Dawn
Micah Babinski. (2020, October 16). It’s Always DarkGate Before the Dawn. Retrieved October 20, 2023.
Internal MISP references
UUID 0c7c6dfa-2ba9-4f74-aeca-d97dd3a3a1cc which can be used as unique global reference for It’s Always DarkGate Before the Dawn in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2020-10-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | It’s Always DarkGate Before the Dawn |
CitizenLab KeyBoy Nov 2016
Hulcoop, A., et al. (2016, November 17). It’s Parliamentary KeyBoy and the targeting of the Tibetan Community. Retrieved June 13, 2019.
Internal MISP references
UUID a9394372-3981-4f41-ad66-9db343e773b1 which can be used as unique global reference for CitizenLab KeyBoy Nov 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-13T00:00:00Z |
| date_published | 2016-11-17T00:00:00Z |
| source | MITRE |
| title | It’s Parliamentary KeyBoy and the targeting of the Tibetan Community |
Twitter ItsReallyNick Status Update APT32 PubPrn
Carr, N. (2017, December 22). ItsReallyNick Status Update. Retrieved April 9, 2018.
Internal MISP references
UUID 2ca502a2-664c-4b85-9d6c-1bc96dfb8332 which can be used as unique global reference for Twitter ItsReallyNick Status Update APT32 PubPrn in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2017-12-22T00:00:00Z |
| source | MITRE |
| title | ItsReallyNick Status Update |
Trend Micro IXESHE 2012
Sancho, D., et al. (2012, May 22). IXESHE An APT Campaign. Retrieved June 7, 2019.
Internal MISP references
UUID fcea0121-cd45-4b05-8c3f-f8dad8c790b3 which can be used as unique global reference for Trend Micro IXESHE 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-07T00:00:00Z |
| date_published | 2012-05-22T00:00:00Z |
| source | MITRE |
| title | IXESHE An APT Campaign |
James TermServ DLL
James. (2019, July 14). @James_inthe_box. Retrieved March 28, 2022.
Internal MISP references
UUID 5a9e4f0f-83d6-4f18-a358-a9ad450c2734 which can be used as unique global reference for James TermServ DLL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-28T00:00:00Z |
| date_published | 2019-07-14T00:00:00Z |
| source | MITRE |
| title | @James_inthe_box |
Symantec Cicada November 2020
Symantec. (2020, November 17). Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign. Retrieved December 17, 2020.
Internal MISP references
UUID 28a7bbd8-d664-4234-9311-2befe0238b5b which can be used as unique global reference for Symantec Cicada November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2020-11-17T00:00:00Z |
| source | MITRE |
| title | Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign |
Carbon Black JCry May 2019
Lee, S.. (2019, May 14). JCry Ransomware. Retrieved June 18, 2019.
Internal MISP references
UUID deb97163-323a-493a-9c73-b41c8c5e5cd1 which can be used as unique global reference for Carbon Black JCry May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-18T00:00:00Z |
| date_published | 2019-05-14T00:00:00Z |
| source | MITRE |
| title | JCry Ransomware |
ClearSky CopyKittens March 2017
ClearSky Cyber Security. (2017, March 30). Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten. Retrieved August 21, 2017.
Internal MISP references
UUID f5a42615-0e4e-4d43-937d-05d2efe636cf which can be used as unique global reference for ClearSky CopyKittens March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-08-21T00:00:00Z |
| date_published | 2017-03-30T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten |
Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb
Joe Sandbox. (n.d.). Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.
Internal MISP references
UUID c2a10cde-2c20-4090-9e8d-ca60edf07a2e which can be used as unique global reference for Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb |
Joe Slowik August 2019
Joe Slowik. (2019, August 15) CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack. Retrieved October 22, 2019
Internal MISP references
UUID 7297ee41-b26e-5762-8b0f-7dcdf780f86a which can be used as unique global reference for Joe Slowik August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-22T00:00:00Z |
| source | MITRE |
| title | Joe Slowik August 2019 |
US District Court of DC Phosphorus Complaint 2019
US District Court of DC. (2019, March 14). MICROSOFT CORPORATION v. JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS. Retrieved March 8, 2021.
Internal MISP references
UUID 8f73a709-fb7e-4d9e-9743-4ba39ea26ea8 which can be used as unique global reference for US District Court of DC Phosphorus Complaint 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-08T00:00:00Z |
| source | MITRE |
| title | JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS |
NCSC Joint Report Public Tools
The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.
Internal MISP references
UUID 601d88c5-4789-4fa8-a9ab-abc8137f061c which can be used as unique global reference for NCSC Joint Report Public Tools in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-11T00:00:00Z |
| date_published | 2018-10-11T00:00:00Z |
| source | MITRE |
| title | Joint report on publicly available hacking tools |
USG Joint Statement SolarWinds January 2021
FBI, CISA, ODNI, NSA. (2022, January 5). Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA). Retrieved March 26, 2023.
Internal MISP references
UUID 336a6549-a95d-5763-bbaf-5ef0d3141800 which can be used as unique global reference for USG Joint Statement SolarWinds January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-26T00:00:00Z |
| date_published | 2022-01-05T00:00:00Z |
| source | MITRE |
| title | Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) |
Jsc.exe - LOLBAS Project
LOLBAS. (2019, May 31). Jsc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ae25ff74-05eb-46d7-9c60-4c149b7c7f1f which can be used as unique global reference for Jsc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-05-31T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Jsc.exe |
Juniper Netscreen of the Dead
Graeme Neilson . (2009, August). Juniper Netscreen of the Dead. Retrieved October 20, 2020.
Internal MISP references
UUID 3b87bd85-c6dd-4bd9-9427-33b5bd84db4a which can be used as unique global reference for Juniper Netscreen of the Dead in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2009-08-01T00:00:00Z |
| source | MITRE |
| title | Juniper Netscreen of the Dead |
Microsoft PS JEA
Microsoft. (2022, November 17). Just Enough Administration. Retrieved March 27, 2023.
Internal MISP references
UUID 09c99ca2-5f10-5f78-9ba3-5e0e79ce8d96 which can be used as unique global reference for Microsoft PS JEA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-27T00:00:00Z |
| date_published | 2022-11-17T00:00:00Z |
| source | MITRE |
| title | Just Enough Administration |
U.S. Justice Department GRU Botnet February 2024
Office of Public Affairs. (2024, February 15). Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). Retrieved February 29, 2024.
Internal MISP references
UUID 26a554dc-39c0-4638-902d-7e84fe01b961 which can be used as unique global reference for U.S. Justice Department GRU Botnet February 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-29T00:00:00Z |
| date_published | 2024-02-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU) |
Azure AD Recon
Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved February 1, 2022.
Internal MISP references
UUID 16565eaf-44fb-44f4-b490-40dc1160ff2b which can be used as unique global reference for Azure AD Recon in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-01T00:00:00Z |
| date_published | 2020-06-13T00:00:00Z |
| source | MITRE |
| title | Just looking: Azure Active Directory reconnaissance as an outsider |
Azure Active Directory Reconnaisance
Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved May 27, 2022.
Internal MISP references
UUID 42dad2a3-5b33-4be4-a19b-58a27fb3ee5d which can be used as unique global reference for Azure Active Directory Reconnaisance in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2020-06-13T00:00:00Z |
| source | MITRE |
| title | Just looking: Azure Active Directory reconnaissance as an outsider |
intezer-kaiji-malware
Paul Litvak. (2020, May 4). Kaiji: New Chinese Linux malware turning to Golang. Retrieved December 17, 2020.
Internal MISP references
UUID ef1fbb40-da6f-41d0-a44a-9ff444e2ad89 which can be used as unique global reference for intezer-kaiji-malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2020-05-04T00:00:00Z |
| source | MITRE |
| title | Kaiji: New Chinese Linux malware turning to Golang |
Kali Redsnarf
NCC Group PLC. (2016, November 1). Kali Redsnarf. Retrieved December 11, 2017.
Internal MISP references
UUID 459fcde2-7ac3-4640-a5bc-cd8750e54962 which can be used as unique global reference for Kali Redsnarf in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-11T00:00:00Z |
| date_published | 2016-11-01T00:00:00Z |
| source | MITRE |
| title | Kali Redsnarf |
TrustedSignal Service Failure
Hull, D. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.
Internal MISP references
UUID 58d5bc0b-8548-4c3a-8302-e07df3b961ff which can be used as unique global reference for TrustedSignal Service Failure in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-10T00:00:00Z |
| date_published | 2014-05-03T00:00:00Z |
| source | MITRE |
| title | Kansa: Service related collectors and analysis |
Kansa Service related collectors
Hull, D.. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.
Internal MISP references
UUID d854f84a-4d70-4ef4-9197-d8f5396feabb which can be used as unique global reference for Kansa Service related collectors in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-10T00:00:00Z |
| date_published | 2014-05-03T00:00:00Z |
| source | MITRE |
| title | Kansa: Service related collectors and analysis |
CISA Karakurt 2022
Cybersecurity Infrastructure and Defense Agency. (2022, June 2). Karakurt Data Extortion Group. Retrieved March 10, 2023.
Internal MISP references
UUID 5a9a79fa-532b-582b-9741-cb732803cd22 which can be used as unique global reference for CISA Karakurt 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-10T00:00:00Z |
| date_published | 2022-06-02T00:00:00Z |
| source | MITRE |
| title | Karakurt Data Extortion Group |
Kaspersky Lab SynAck May 2018
Bettencourt, J. (2018, May 7). Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique. Retrieved May 24, 2018.
Internal MISP references
UUID bbb9bcb5-cd44-4dcb-a7e5-f6c4cf93f74f which can be used as unique global reference for Kaspersky Lab SynAck May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-24T00:00:00Z |
| date_published | 2018-05-07T00:00:00Z |
| source | MITRE |
| title | Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique |
Unit 42 Kazuar May 2017
Levene, B, et al. (2017, May 03). Kazuar: Multiplatform Espionage Backdoor with API Access. Retrieved July 17, 2018.
Internal MISP references
UUID 07e64ee6-3d3e-49e4-bb06-ff5897e26ea9 which can be used as unique global reference for Unit 42 Kazuar May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-17T00:00:00Z |
| date_published | 2017-05-03T00:00:00Z |
| source | MITRE |
| title | Kazuar: Multiplatform Espionage Backdoor with API Access |
Citizen Lab Stealth Falcon May 2016
Marczak, B. and Scott-Railton, J.. (2016, May 29). Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents. Retrieved June 8, 2016.
Internal MISP references
UUID 11f46b1e-a141-4d25-bff0-e955251be7f5 which can be used as unique global reference for Citizen Lab Stealth Falcon May 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-08T00:00:00Z |
| date_published | 2016-05-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents |
Github KeeThief
Lee, C., Schoreder, W. (n.d.). KeeThief. Retrieved February 8, 2021.
Internal MISP references
UUID 3b6231fb-5b52-4a3a-a21f-0881901d0037 which can be used as unique global reference for Github KeeThief in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-08T00:00:00Z |
| source | MITRE |
| title | KeeThief |
Kekeo
Benjamin Delpy. (n.d.). Kekeo. Retrieved October 4, 2021.
Internal MISP references
UUID 0b69f0f5-dd4a-4926-9369-8253a0c3ddea which can be used as unique global reference for Kekeo in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| source | MITRE |
| title | Kekeo |
Harmj0y Kerberoast Nov 2016
Schroeder, W. (2016, November 1). Kerberoasting Without Mimikatz. Retrieved March 23, 2018.
Internal MISP references
UUID 6f1f8bc3-421e-46ff-88e3-48fcc6f7b76a which can be used as unique global reference for Harmj0y Kerberoast Nov 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-23T00:00:00Z |
| date_published | 2016-11-01T00:00:00Z |
| source | MITRE |
| title | Kerberoasting Without Mimikatz |
ADSecurity Kerberos Ring Decoder
Sean Metcalf. (2014, September 12). Kerberos, Active Directory’s Secret Decoder Ring. Retrieved February 27, 2020.
Internal MISP references
UUID 5f78a554-2d5c-49af-8c6c-6e10f9aec997 which can be used as unique global reference for ADSecurity Kerberos Ring Decoder in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-27T00:00:00Z |
| date_published | 2014-09-12T00:00:00Z |
| source | MITRE |
| title | Kerberos, Active Directory’s Secret Decoder Ring |
macOS kerberos framework MIT
Massachusetts Institute of Technology. (2007, October 27). Kerberos for Macintosh Preferences Documentation. Retrieved October 6, 2021.
Internal MISP references
UUID 8e09346b-03ce-4627-a365-f2f63089d1e0 which can be used as unique global reference for macOS kerberos framework MIT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-06T00:00:00Z |
| date_published | 2007-10-27T00:00:00Z |
| source | MITRE |
| title | Kerberos for Macintosh Preferences Documentation |
Microsoft Kerberos Golden Ticket
Microsoft. (2015, March 24). Kerberos Golden Ticket Check (Updated). Retrieved February 27, 2020.
Internal MISP references
UUID 2d8790db-b088-40d0-be99-acd3e695c7a6 which can be used as unique global reference for Microsoft Kerberos Golden Ticket in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-27T00:00:00Z |
| date_published | 2015-03-24T00:00:00Z |
| source | MITRE |
| title | Kerberos Golden Ticket Check (Updated) |
CERT-EU Golden Ticket Protection
Abolins, D., Boldea, C., Socha, K., Soria-Machado, M. (2016, April 26). Kerberos Golden Ticket Protection. Retrieved July 13, 2017.
Internal MISP references
UUID 268f9cfa-71f4-4cb1-96f3-c61e71892d30 which can be used as unique global reference for CERT-EU Golden Ticket Protection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-13T00:00:00Z |
| date_published | 2016-04-26T00:00:00Z |
| source | MITRE |
| title | Kerberos Golden Ticket Protection |
AdSecurity Kerberos GT Aug 2015
Metcalf, S. (2015, August 7). Kerberos Golden Tickets are Now More Golden. Retrieved December 1, 2017.
Internal MISP references
UUID aac51d49-9a72-4456-8539-8a5f5d0ef7d7 which can be used as unique global reference for AdSecurity Kerberos GT Aug 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-01T00:00:00Z |
| date_published | 2015-08-07T00:00:00Z |
| source | MITRE |
| title | Kerberos Golden Tickets are Now More Golden |
ADSecurity Kerberos and KRBTGT
Sean Metcalf. (2014, November 10). Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account. Retrieved January 30, 2020.
Internal MISP references
UUID 6e61f3e1-35e6-44f4-9bc4-60b2bcb71b15 which can be used as unique global reference for ADSecurity Kerberos and KRBTGT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-30T00:00:00Z |
| date_published | 2014-11-10T00:00:00Z |
| source | MITRE |
| title | Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account |
Microsoft Kerberos Preauth 2014
Sanyal, M.. (2014, March 18). Kerberos Pre-Authentication: Why It Should Not Be Disabled. Retrieved August 25, 2020.
Internal MISP references
UUID 328953ed-93c7-46c0-9a05-53dc44d294fe which can be used as unique global reference for Microsoft Kerberos Preauth 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-25T00:00:00Z |
| date_published | 2014-03-18T00:00:00Z |
| source | MITRE |
| title | Kerberos Pre-Authentication: Why It Should Not Be Disabled |
Linux Kerberos Tickets
Trevor Haskell. (2020, April 1). Kerberos Tickets on Linux Red Teams. Retrieved October 4, 2021.
Internal MISP references
UUID 5aea042f-4eb1-4092-89be-3db695053470 which can be used as unique global reference for Linux Kerberos Tickets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2020-04-01T00:00:00Z |
| source | MITRE |
| title | Kerberos Tickets on Linux Red Teams |
Kernel Self Protection Project
Kernel.org. (2020, February 6). Kernel Self-Protection. Retrieved June 4, 2020.
Internal MISP references
UUID b75466f2-c20e-4c4a-b71b-e91fb39cfcd3 which can be used as unique global reference for Kernel Self Protection Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-04T00:00:00Z |
| date_published | 2020-02-06T00:00:00Z |
| source | MITRE |
| title | Kernel Self-Protection |
Rapid7 KeyBoy Jun 2013
Guarnieri, C., Schloesser M. (2013, June 7). KeyBoy, Targeted Attacks against Vietnam and India. Retrieved June 14, 2019.
Internal MISP references
UUID e549add8-1dfd-40d6-8974-35e1a38a707b which can be used as unique global reference for Rapid7 KeyBoy Jun 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-14T00:00:00Z |
| date_published | 2013-06-07T00:00:00Z |
| source | MITRE |
| title | KeyBoy, Targeted Attacks against Vietnam and India |
Keychain Items Apple Dev API
Apple. (n.d.). Keychain Items. Retrieved April 12, 2022.
Internal MISP references
UUID 4e499819-b910-4c07-a8b4-a7d40f2c0ac4 which can be used as unique global reference for Keychain Items Apple Dev API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-12T00:00:00Z |
| source | MITRE |
| title | Keychain Items |
Keychain Services Apple
Apple. (n.d.). Keychain Services. Retrieved April 11, 2022.
Internal MISP references
UUID 0754f48d-dad8-480c-953c-256be4dfcfc3 which can be used as unique global reference for Keychain Services Apple in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-11T00:00:00Z |
| source | MITRE |
| title | Keychain Services |
Wikipedia keychain
Wikipedia. (n.d.). Keychain (software). Retrieved July 5, 2017.
Internal MISP references
UUID 8aac5356-31cb-4e0b-a766-9aa07d977acd which can be used as unique global reference for Wikipedia keychain in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| source | MITRE |
| title | Keychain (software) |
Keyctl-unmask
Mark Manning. (2020, July 23). Keyctl-unmask: "Going Florida" on The State Of Containerizing Linux Keyrings. Retrieved July 6, 2022.
Internal MISP references
UUID 75db8c88-e547-4d1b-8f22-6ace2b3d7ad4 which can be used as unique global reference for Keyctl-unmask in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-06T00:00:00Z |
| date_published | 2020-07-23T00:00:00Z |
| source | MITRE |
| title | Keyctl-unmask: "Going Florida" on The State Of Containerizing Linux Keyrings |
Google Cloud Encryption Key Rotation
Google. (n.d.). Key rotation. Retrieved October 18, 2019.
Internal MISP references
UUID 4ba76434-f5ca-4a1d-b111-9292f6debfdb which can be used as unique global reference for Google Cloud Encryption Key Rotation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-18T00:00:00Z |
| source | MITRE |
| title | Key rotation |
KillDisk Ransomware
Catalin Cimpanu. (2016, December 29). KillDisk Disk-Wiping Malware Adds Ransomware Component. Retrieved January 12, 2021.
Internal MISP references
UUID 9d22f13d-af6d-47b5-93ed-5e4b85b94978 which can be used as unique global reference for KillDisk Ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-12T00:00:00Z |
| date_published | 2016-12-29T00:00:00Z |
| source | MITRE |
| title | KillDisk Disk-Wiping Malware Adds Ransomware Component |
Trend Micro KillDisk 1
Fernando Merces, Byron Gelera, Martin Co. (2018, June 7). KillDisk Variant Hits Latin American Finance Industry. Retrieved January 12, 2021.
Internal MISP references
UUID 8ae31db0-2744-4366-9747-55fc4679dbf5 which can be used as unique global reference for Trend Micro KillDisk 1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-12T00:00:00Z |
| date_published | 2018-06-07T00:00:00Z |
| source | MITRE |
| title | KillDisk Variant Hits Latin American Finance Industry |
Trend Micro KillDisk 2
Gilbert Sison, Rheniel Ramos, Jay Yaneza, Alfredo Oliveira. (2018, January 15). KillDisk Variant Hits Latin American Financial Groups. Retrieved January 12, 2021.
Internal MISP references
UUID 62d9a4c9-e669-4dd4-a584-4f3e3e54f97f which can be used as unique global reference for Trend Micro KillDisk 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-12T00:00:00Z |
| date_published | 2018-01-15T00:00:00Z |
| source | MITRE |
| title | KillDisk Variant Hits Latin American Financial Groups |
Killing IOS diversity myth
Ang Cui, Jatin Kataria, Salvatore J. Stolfo. (2011, August). Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design. Retrieved October 20, 2020.
Internal MISP references
UUID 19d7ccc6-76ed-4b12-af50-f810fbc22037 which can be used as unique global reference for Killing IOS diversity myth in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2011-08-01T00:00:00Z |
| source | MITRE |
| title | Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design |
Killing the myth of Cisco IOS rootkits
Sebastian 'topo' Muñiz. (2008, May). Killing the myth of Cisco IOS rootkits. Retrieved October 20, 2020.
Internal MISP references
UUID 538070d6-fbdb-4cc9-8ddf-c331e4375cfb which can be used as unique global reference for Killing the myth of Cisco IOS rootkits in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2008-05-01T00:00:00Z |
| source | MITRE |
| title | Killing the myth of Cisco IOS rootkits |
Vedere Labs Killnet 2022
Vedere Labs. (2022, June 2). Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group. Retrieved October 9, 2023.
Internal MISP references
UUID 628a9288-ae87-4deb-92ce-081ba88c15be which can be used as unique global reference for Vedere Labs Killnet 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-09T00:00:00Z |
| date_published | 2022-06-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group |
Flashpoint Glossary Killnet
Flashpoint. (n.d.). Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective. Retrieved October 10, 2023.
Internal MISP references
UUID 502cc03b-350b-4e2d-9436-364c43a0a203 which can be used as unique global reference for Flashpoint Glossary Killnet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective |
Malwarebytes Kimsuky June 2021
Jazi, H. (2021, June 1). Kimsuky APT continues to target South Korean government using AppleSeed backdoor. Retrieved June 10, 2021.
Internal MISP references
UUID 9a497c56-f1d3-4889-8c1a-14b013f14668 which can be used as unique global reference for Malwarebytes Kimsuky June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-10T00:00:00Z |
| date_published | 2021-06-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Kimsuky APT continues to target South Korean government using AppleSeed backdoor |
VirusBulletin Kimsuky October 2019
Kim, J. et al. (2019, October). KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING. Retrieved November 2, 2020.
Internal MISP references
UUID e9a8db17-8b10-44c2-a0e1-88e6bcfb67f1 which can be used as unique global reference for VirusBulletin Kimsuky October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-02T00:00:00Z |
| date_published | 2019-10-01T00:00:00Z |
| source | MITRE |
| title | KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING |
EST Kimsuky April 2019
Alyac. (2019, April 3). Kimsuky Organization Steals Operation Stealth Power. Retrieved August 13, 2019.
Internal MISP references
UUID 8e52db6b-5ac3-448a-93f6-96a21787a346 which can be used as unique global reference for EST Kimsuky April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-13T00:00:00Z |
| date_published | 2019-04-03T00:00:00Z |
| source | MITRE |
| title | Kimsuky Organization Steals Operation Stealth Power |
ThreatConnect Kimsuky September 2020
ThreatConnect. (2020, September 28). Kimsuky Phishing Operations Putting In Work. Retrieved October 30, 2020.
Internal MISP references
UUID 45d64462-2bed-46e8-ac52-9d4914608a93 which can be used as unique global reference for ThreatConnect Kimsuky September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-30T00:00:00Z |
| date_published | 2020-09-28T00:00:00Z |
| source | MITRE |
| title | Kimsuky Phishing Operations Putting In Work |
BRI Kimsuky April 2019
BRI. (2019, April). Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America. Retrieved October 7, 2019.
Internal MISP references
UUID b72dd3a1-62ca-4a05-96a8-c4bddb17db50 which can be used as unique global reference for BRI Kimsuky April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-07T00:00:00Z |
| date_published | 2019-04-01T00:00:00Z |
| source | MITRE |
| title | Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America |
Microsoft Klist
Microsoft. (2021, March 3). klist. Retrieved October 14, 2021.
Internal MISP references
UUID f500340f-23fc-406a-97ef-0de787ef8cec which can be used as unique global reference for Microsoft Klist in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-14T00:00:00Z |
| date_published | 2021-03-03T00:00:00Z |
| source | MITRE |
| title | klist |
FireEye Know Your Enemy FIN8 Aug 2016
Elovitz, S. & Ahl, I. (2016, August 18). Know Your Enemy: New Financially-Motivated & Spear-Phishing Group. Retrieved February 26, 2018.
Internal MISP references
UUID 0119687c-b46b-4b5f-a6d8-affa14258392 which can be used as unique global reference for FireEye Know Your Enemy FIN8 Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-26T00:00:00Z |
| date_published | 2016-08-18T00:00:00Z |
| source | MITRE |
| title | Know Your Enemy: New Financially-Motivated & Spear-Phishing Group |
Github Koadic
Magius, J., et al. (2017, July 19). Koadic. Retrieved June 18, 2018.
Internal MISP references
UUID 54cbf1bd-9aed-4f82-8c15-6e88dd5d8d64 which can be used as unique global reference for Github Koadic in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-18T00:00:00Z |
| date_published | 2017-07-19T00:00:00Z |
| source | MITRE |
| title | Koadic |
ESET Kobalos Feb 2021
M.Leveille, M., Sanmillan, I. (2021, February 2). Kobalos – A complex Linux threat to high performance computing infrastructure. Retrieved August 24, 2021.
Internal MISP references
UUID 883a9417-f7f6-4aa6-8708-8c320d4e0a7a which can be used as unique global reference for ESET Kobalos Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| date_published | 2021-02-02T00:00:00Z |
| source | MITRE |
| title | Kobalos – A complex Linux threat to high performance computing infrastructure |
Talos Konni May 2017
Rascagneres, P. (2017, May 03). KONNI: A Malware Under The Radar For Years. Retrieved November 5, 2018.
Internal MISP references
UUID 4cb69c58-4e47-4fb9-9eef-8a0b5447a553 which can be used as unique global reference for Talos Konni May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2017-05-03T00:00:00Z |
| source | MITRE |
| title | KONNI: A Malware Under The Radar For Years |
Malwarebytes KONNI Evolves Jan 2022
Santos, R. (2022, January 26). KONNI evolves into stealthier RAT. Retrieved April 13, 2022.
Internal MISP references
UUID 5dbb84dc-a991-4fa7-8528-639b1430ca02 which can be used as unique global reference for Malwarebytes KONNI Evolves Jan 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-13T00:00:00Z |
| date_published | 2022-01-26T00:00:00Z |
| source | MITRE |
| title | KONNI evolves into stealthier RAT |
Talos Group123
Mercer, W., Rascagneres, P. (2018, January 16). Korea In The Crosshairs. Retrieved May 21, 2018.
Internal MISP references
UUID bf8b2bf0-cca3-437b-a640-715f9cc945f7 which can be used as unique global reference for Talos Group123 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-21T00:00:00Z |
| date_published | 2018-01-16T00:00:00Z |
| source | MITRE |
| title | Korea In The Crosshairs |
Kube Kubectl
kubernetes. (n.d.). kubectl. Retrieved October 13, 2021.
Internal MISP references
UUID 5aae1cd7-4e24-40a5-90d8-1f6431851a8f which can be used as unique global reference for Kube Kubectl in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | kubectl |
Kubernetes Kubelet
The Kubernetes Authors. (n.d.). Kubelet. Retrieved March 29, 2021.
Internal MISP references
UUID 57527fb9-d076-4ce1-afb5-e7bdb9c9d74c which can be used as unique global reference for Kubernetes Kubelet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Kubelet |
Kubernetes CronJob
The Kubernetes Authors. (n.d.). Kubernetes CronJob. Retrieved March 29, 2021.
Internal MISP references
UUID 354d242c-227e-4827-b559-dc1650d37acd which can be used as unique global reference for Kubernetes CronJob in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Kubernetes CronJob |
Kubernetes Hardening Guide
National Security Agency, Cybersecurity and Infrastructure Security Agency. (2022, March). Kubernetes Hardening Guide. Retrieved April 1, 2022.
Internal MISP references
UUID e423b14c-dd39-4b36-9b95-96efbcaf0a12 which can be used as unique global reference for Kubernetes Hardening Guide in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | Kubernetes Hardening Guide |
Kubernetes Jobs
The Kubernetes Authors. (n.d.). Kubernetes Jobs. Retrieved March 30, 2021.
Internal MISP references
UUID 21a4388d-dbf8-487b-a2a2-67927b099e4a which can be used as unique global reference for Kubernetes Jobs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | Kubernetes Jobs |
Kubernetes Dashboard
The Kubernetes Authors. (n.d.). Kubernetes Web UI (Dashboard). Retrieved March 29, 2021.
Internal MISP references
UUID 02f23351-df83-4aae-a0bd-614ed91bc683 which can be used as unique global reference for Kubernetes Dashboard in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Kubernetes Web UI (Dashboard) |
Intezer App Service Phishing
Paul Litvak. (2020, October 8). Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure. Retrieved August 18, 2022.
Internal MISP references
UUID e86abbd9-f349-4d90-8ec9-899fe1637f94 which can be used as unique global reference for Intezer App Service Phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-18T00:00:00Z |
| date_published | 2020-10-08T00:00:00Z |
| source | MITRE |
| title | Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure |
Alintanahin 2014
Alintanahin, K. (2014, March 13). Kunming Attack Leads to Gh0st RAT Variant. Retrieved November 12, 2014.
Internal MISP references
UUID 1c5ee0d2-4d6c-4a5f-9790-79bfb7abc53f which can be used as unique global reference for Alintanahin 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-03-13T00:00:00Z |
| source | MITRE |
| title | Kunming Attack Leads to Gh0st RAT Variant |
Wits End and Shady PowerShell Profiles
DeRyke, A.. (2019, June 7). Lab Notes: Persistence and Privilege Elevation using the Powershell Profile. Retrieved July 8, 2019.
Internal MISP references
UUID 8fcbd99a-1fb8-4ca3-9efd-a98734d4397d which can be used as unique global reference for Wits End and Shady PowerShell Profiles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-08T00:00:00Z |
| date_published | 2019-06-07T00:00:00Z |
| source | MITRE |
| title | Lab Notes: Persistence and Privilege Elevation using the Powershell Profile |
NCC Group LAPSUS Apr 2022
Brown, D., et al. (2022, April 28). LAPSUS$: Recent techniques, tactics and procedures. Retrieved December 22, 2022.
Internal MISP references
UUID d2e7c69d-8a10-51ca-af7b-22d08f4dfe45 which can be used as unique global reference for NCC Group LAPSUS Apr 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-12-22T00:00:00Z |
| date_published | 2022-04-28T00:00:00Z |
| source | MITRE |
| title | LAPSUS$: Recent techniques, tactics and procedures |
BBC LAPSUS Apr 2022
BBC. (2022, April 1). LAPSUS: Two UK Teenagers Charged with Hacking for Gang. Retrieved June 9, 2022.
Internal MISP references
UUID 6c9f4312-6c9d-401c-b20f-12ce50c94a96 which can be used as unique global reference for BBC LAPSUS Apr 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-09T00:00:00Z |
| date_published | 2022-04-01T00:00:00Z |
| source | MITRE |
| title | LAPSUS: Two UK Teenagers Charged with Hacking for Gang |
Enigma Excel DCOM Sept 2017
Nelson, M. (2017, September 11). Lateral Movement using Excel.Application and DCOM. Retrieved November 21, 2017.
Internal MISP references
UUID 953dc856-d906-4d87-a421-4e708f30208c which can be used as unique global reference for Enigma Excel DCOM Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-09-11T00:00:00Z |
| source | MITRE |
| title | Lateral Movement using Excel.Application and DCOM |
Enigma Outlook DCOM Lateral Movement Nov 2017
Nelson, M. (2017, November 16). Lateral Movement using Outlook's CreateObject Method and DotNetToJScript. Retrieved November 21, 2017.
Internal MISP references
UUID 48c8b8c4-1ce2-4fbc-a95d-dc8b39304200 which can be used as unique global reference for Enigma Outlook DCOM Lateral Movement Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-11-16T00:00:00Z |
| source | MITRE |
| title | Lateral Movement using Outlook's CreateObject Method and DotNetToJScript |
Enigma MMC20 COM Jan 2017
Nelson, M. (2017, January 5). Lateral Movement using the MMC20 Application COM Object. Retrieved November 21, 2017.
Internal MISP references
UUID ecc1023d-ef37-46e3-8dce-8fd5bb6a10dc which can be used as unique global reference for Enigma MMC20 COM Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-01-05T00:00:00Z |
| source | MITRE |
| title | Lateral Movement using the MMC20 Application COM Object |
Enigma DCOM Lateral Movement Jan 2017
Nelson, M. (2017, January 23). Lateral Movement via DCOM: Round 2. Retrieved November 21, 2017.
Internal MISP references
UUID 62a14d3b-c61b-4c96-ad28-0519745121e3 which can be used as unique global reference for Enigma DCOM Lateral Movement Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-01-23T00:00:00Z |
| source | MITRE |
| title | Lateral Movement via DCOM: Round 2 |
Jacobsen 2014
Jacobsen, K. (2014, May 16). Lateral Movement with PowerShell[slides]. Retrieved November 12, 2014.
Internal MISP references
UUID f9ca049c-5cab-4d80-a84b-1695365871e3 which can be used as unique global reference for Jacobsen 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-05-16T00:00:00Z |
| source | MITRE |
| title | Lateral Movement with PowerShell[slides] |
Launchctl Man
SS64. (n.d.). launchctl. Retrieved March 28, 2020.
Internal MISP references
UUID 26bd50ba-c359-4804-b574-7ec731b37fa6 which can be used as unique global reference for Launchctl Man in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-28T00:00:00Z |
| source | MITRE |
| title | launchctl |
LaunchDaemon Hijacking
Bradley Kemp. (2021, May 10). LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions. Retrieved July 26, 2021.
Internal MISP references
UUID 51d1e4d9-265a-48ca-834b-4daa1f386bb4 which can be used as unique global reference for LaunchDaemon Hijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-26T00:00:00Z |
| date_published | 2021-05-10T00:00:00Z |
| source | MITRE |
| title | LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions |
launchd Keywords for plists
Dennis German. (2020, November 20). launchd Keywords for plists. Retrieved October 7, 2021.
Internal MISP references
UUID 1bcd2a93-93e7-48d8-ad25-6f09e94123aa which can be used as unique global reference for launchd Keywords for plists in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-07T00:00:00Z |
| date_published | 2020-11-20T00:00:00Z |
| source | MITRE |
| title | launchd Keywords for plists |
Launch Services Apple Developer
Apple. (n.d.). Launch Services. Retrieved October 5, 2021.
Internal MISP references
UUID 9973ceb1-2fee-451b-a512-c544671ee9fd which can be used as unique global reference for Launch Services Apple Developer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| source | MITRE |
| title | Launch Services |
Launch Service Keys Developer Apple
Apple. (2018, June 4). Launch Services Keys. Retrieved October 5, 2021.
Internal MISP references
UUID d75fd3e6-c1cd-4555-b131-80e34f51f09d which can be used as unique global reference for Launch Service Keys Developer Apple in MISP communities and other software using the MISP galaxy
External references
- https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/LaunchServicesKeys.html#//apple_ref/doc/uid/TP40009250-SW1
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| date_published | 2018-06-04T00:00:00Z |
| source | MITRE |
| title | Launch Services Keys |
Launch-VsDevShell.ps1 - LOLBAS Project
LOLBAS. (2022, June 13). Launch-VsDevShell.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 6e81ff6a-a386-495e-bd4b-cf698b02bce8 which can be used as unique global reference for Launch-VsDevShell.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-06-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Launch-VsDevShell.ps1 |
MalwareBytes Lazarus-Andariel Conceals Code April 2021
Jazi, H. (2021, April 19). Lazarus APT conceals malicious code within BMP image to drop its RAT . Retrieved September 29, 2021.
Internal MISP references
UUID c531a8dc-ea08-46db-a6d4-754bd1b9d545 which can be used as unique global reference for MalwareBytes Lazarus-Andariel Conceals Code April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2021-04-19T00:00:00Z |
| source | MITRE |
| title | Lazarus APT conceals malicious code within BMP image to drop its RAT |
Lazarus RATANKBA
Lei, C., et al. (2018, January 24). Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More. Retrieved May 22, 2018.
Internal MISP references
UUID e3f9853f-29b0-4219-a488-a6ecfa16b09f which can be used as unique global reference for Lazarus RATANKBA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-22T00:00:00Z |
| date_published | 2018-01-24T00:00:00Z |
| source | MITRE |
| title | Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More |
ATT Lazarus TTP Evolution
Fernando Martinez. (2021, July 6). Lazarus campaign TTPs and evolution. Retrieved September 22, 2021.
Internal MISP references
UUID 594c59ff-c4cb-4164-a62d-120e282b2538 which can be used as unique global reference for ATT Lazarus TTP Evolution in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-07-06T00:00:00Z |
| source | MITRE |
| title | Lazarus campaign TTPs and evolution |
TrendMicro Lazarus Nov 2018
Trend Micro. (2018, November 20). Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America. Retrieved December 3, 2018.
Internal MISP references
UUID 4c697316-c13a-4243-be18-c0e059e4168c which can be used as unique global reference for TrendMicro Lazarus Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-03T00:00:00Z |
| date_published | 2018-11-20T00:00:00Z |
| source | MITRE |
| title | Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America |
F-Secure Lazarus Cryptocurrency Aug 2020
F-Secure Labs. (2020, August 18). Lazarus Group Campaign Targeting the Cryptocurrency Vertical. Retrieved September 1, 2020.
Internal MISP references
UUID f7facaae-e768-42eb-8e0e-2bfd0a636076 which can be used as unique global reference for F-Secure Lazarus Cryptocurrency Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-01T00:00:00Z |
| date_published | 2020-08-18T00:00:00Z |
| source | MITRE |
| title | Lazarus Group Campaign Targeting the Cryptocurrency Vertical |
Lazarus KillDisk
Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.
Internal MISP references
UUID 6f931476-29e6-4bba-ba1b-37ab742f4b49 which can be used as unique global reference for Lazarus KillDisk in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-17T00:00:00Z |
| date_published | 2018-04-03T00:00:00Z |
| source | MITRE |
| title | Lazarus KillDisks Central American casino |
ESET Lazarus KillDisk April 2018
Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.
Internal MISP references
UUID 454704b7-9ede-4d30-acfd-2cf16a89bcb3 which can be used as unique global reference for ESET Lazarus KillDisk April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-17T00:00:00Z |
| date_published | 2018-04-03T00:00:00Z |
| source | MITRE |
| title | Lazarus KillDisks Central American casino |
McAfee Lazarus Resurfaces Feb 2018
Sherstobitoff, R. (2018, February 12). Lazarus Resurfaces, Targets Global Banks and Bitcoin Users. Retrieved February 19, 2018.
Internal MISP references
UUID 4e4cb57d-764a-4233-8fc6-d049a1caabe9 which can be used as unique global reference for McAfee Lazarus Resurfaces Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-19T00:00:00Z |
| date_published | 2018-02-12T00:00:00Z |
| source | MITRE |
| title | Lazarus Resurfaces, Targets Global Banks and Bitcoin Users |
Kaspersky ThreatNeedle Feb 2021
Vyacheslav Kopeytsev and Seongsu Park. (2021, February 25). Lazarus targets defense industry with ThreatNeedle. Retrieved October 27, 2021.
Internal MISP references
UUID ba6a5fcc-9391-42c0-8b90-57b729525f41 which can be used as unique global reference for Kaspersky ThreatNeedle Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-27T00:00:00Z |
| date_published | 2021-02-25T00:00:00Z |
| source | MITRE |
| title | Lazarus targets defense industry with ThreatNeedle |
Kaspersky Lazarus Under The Hood Blog 2017
GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved April 17, 2019.
Internal MISP references
UUID a1e1ab6a-8db0-4593-95ec-78784607dfa0 which can be used as unique global reference for Kaspersky Lazarus Under The Hood Blog 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2017-04-03T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Lazarus Under the Hood |
Kaspersky Lazarus Under The Hood APR 2017
GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved October 3, 2018.
Internal MISP references
UUID 312b30b1-3bd6-46ea-8f77-504f442499bc which can be used as unique global reference for Kaspersky Lazarus Under The Hood APR 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| date_published | 2017-04-03T00:00:00Z |
| source | MITRE |
| title | Lazarus Under the Hood |
Secureworks Emotet Nov 2018
Mclellan, M.. (2018, November 19). Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader. Retrieved March 25, 2019.
Internal MISP references
UUID 1ef76c14-f796-409a-9542-762f1e72f9b7 which can be used as unique global reference for Secureworks Emotet Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2018-11-19T00:00:00Z |
| source | MITRE |
| title | Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader |
MalwareBytes LazyScripter Feb 2021
Jazi, H. (2021, February). LazyScripter: From Empire to double RAT. Retrieved November 24, 2021.
Internal MISP references
UUID 078837a7-82cd-4e26-9135-43b612e911fe which can be used as unique global reference for MalwareBytes LazyScripter Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-24T00:00:00Z |
| date_published | 2021-02-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | LazyScripter: From Empire to double RAT |
Ldifde.exe - LOLBAS Project
LOLBAS. (2022, August 31). Ldifde.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 45d41df9-328c-4ea3-b0fb-fc9f43bdabe5 which can be used as unique global reference for Ldifde.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-08-31T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ldifde.exe |
Ldifde Microsoft
Microsoft. (2016, August 31). Ldifde Microsoft. Retrieved July 11, 2023.
Internal MISP references
UUID c47ed0e0-f3e3-41de-9ea7-64fe4e343d9d which can be used as unique global reference for Ldifde Microsoft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-11T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ldifde Microsoft |
Symantec Leafminer July 2018
Symantec Security Response. (2018, July 25). Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions. Retrieved August 28, 2018.
Internal MISP references
UUID 01130af7-a2d4-435e-8790-49933e041451 which can be used as unique global reference for Symantec Leafminer July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-28T00:00:00Z |
| date_published | 2018-07-25T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions |
Proofpoint TA505 Mar 2018
Proofpoint Staff. (2018, March 7). Leaked Ammyy Admin Source Code Turned into Malware. Retrieved May 28, 2019.
Internal MISP references
UUID 44e48c77-59dd-4851-8455-893513b7cf45 which can be used as unique global reference for Proofpoint TA505 Mar 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-28T00:00:00Z |
| date_published | 2018-03-07T00:00:00Z |
| source | MITRE |
| title | Leaked Ammyy Admin Source Code Turned into Malware |
Medium DnsTunneling
Galobardes, R. (2018, October 30). Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it). Retrieved March 15, 2020.
Internal MISP references
UUID f31de733-406c-4348-b3fe-bdc30d707277 which can be used as unique global reference for Medium DnsTunneling in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-15T00:00:00Z |
| date_published | 2018-10-30T00:00:00Z |
| source | MITRE |
| title | Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it) |
Learn XPC Exploitation
Wojciech Reguła. (2020, June 29). Learn XPC exploitation. Retrieved October 12, 2021.
Internal MISP references
UUID da995792-b78b-4db5-85d8-99fda96c6826 which can be used as unique global reference for Learn XPC Exploitation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2020-06-29T00:00:00Z |
| source | MITRE |
| title | Learn XPC exploitation |
ClearSky Lebanese Cedar Jan 2021
ClearSky Cyber Security. (2021, January). “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers. Retrieved February 10, 2021.
Internal MISP references
UUID 53944d48-caa9-4912-b42d-94a3789ed15b which can be used as unique global reference for ClearSky Lebanese Cedar Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-10T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers |
Mandiant UNC3313 Feb 2022
Tomcik, R. et al. (2022, February 24). Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity. Retrieved August 18, 2022.
Internal MISP references
UUID ac1a1262-1254-4ab2-a940-2d08b6558e9e which can be used as unique global reference for Mandiant UNC3313 Feb 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-18T00:00:00Z |
| date_published | 2022-02-24T00:00:00Z |
| source | MITRE |
| title | Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity |
LemonDuck
Manoj Ahuje. (2022, April 21). LemonDuck Targets Docker for Cryptomining Operations. Retrieved June 30, 2022.
Internal MISP references
UUID 3a7ea56a-3b19-4b69-a206-6eb7c4ae609d which can be used as unique global reference for LemonDuck in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-30T00:00:00Z |
| date_published | 2022-04-21T00:00:00Z |
| source | MITRE |
| title | LemonDuck Targets Docker for Cryptomining Operations |
Twitter Leoloobeek Scheduled Task
Loobeek, L. (2017, December 8). leoloobeek Status. Retrieved December 12, 2017.
Internal MISP references
UUID efdbaba5-1713-4ae1-bb82-4b4706f03b87 which can be used as unique global reference for Twitter Leoloobeek Scheduled Task in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2017-12-08T00:00:00Z |
| source | MITRE |
| title | leoloobeek Status |
Let's Encrypt FAQ
Let's Encrypt. (2020, April 23). Let's Encrypt FAQ. Retrieved October 15, 2020.
Internal MISP references
UUID 96e1ccb9-bd5c-4716-8848-4c30e6eac4ad which can be used as unique global reference for Let's Encrypt FAQ in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| date_published | 2020-04-23T00:00:00Z |
| source | MITRE |
| title | Let's Encrypt FAQ |
OSX Malware Detection
Patrick Wardle. (2016, February 29). Let's Play Doctor: Practical OS X Malware Detection & Analysis. Retrieved July 10, 2017.
Internal MISP references
UUID 0df0e28a-3c0b-4418-9f5a-77fffe37ac8a which can be used as unique global reference for OSX Malware Detection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-10T00:00:00Z |
| date_published | 2016-02-29T00:00:00Z |
| source | MITRE |
| title | Let's Play Doctor: Practical OS X Malware Detection & Analysis |
xorrior emond Jan 2018
Ross, Chris. (2018, January 17). Leveraging Emond on macOS For Persistence. Retrieved September 10, 2019.
Internal MISP references
UUID b49649ec-28f0-4d30-ab6c-13b12fca36e8 which can be used as unique global reference for xorrior emond Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-10T00:00:00Z |
| date_published | 2018-01-17T00:00:00Z |
| source | MITRE |
| title | Leveraging Emond on macOS For Persistence |
Cyberreason DCOM DDE Lateral Movement Nov 2017
Tsukerman, P. (2017, November 8). Leveraging Excel DDE for lateral movement via DCOM. Retrieved November 21, 2017.
Internal MISP references
UUID 6edb3d7d-6b74-4dc4-a866-b81b19810f97 which can be used as unique global reference for Cyberreason DCOM DDE Lateral Movement Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-11-08T00:00:00Z |
| source | MITRE |
| title | Leveraging Excel DDE for lateral movement via DCOM |
Proofpoint Leviathan Oct 2017
Axel F, Pierre T. (2017, October 16). Leviathan: Espionage actor spearphishes maritime and defense targets. Retrieved February 15, 2018.
Internal MISP references
UUID f8c2b67b-c097-4b48-8d95-266a45b7dd4d which can be used as unique global reference for Proofpoint Leviathan Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | Leviathan: Espionage actor spearphishes maritime and defense targets |
LIBC
Kerrisk, M. (2016, December 12). libc(7) — Linux manual page. Retrieved June 25, 2020.
Internal MISP references
UUID a3fe6ea5-c443-473a-bb13-b4fd8f4923fd which can be used as unique global reference for LIBC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2016-12-12T00:00:00Z |
| source | MITRE |
| title | libc(7) — Linux manual page |
libzip
D. Baron, T. Klausner. (2020). libzip. Retrieved February 20, 2020.
Internal MISP references
UUID e7008738-101c-4903-a9fc-b0bd28d66069 which can be used as unique global reference for libzip in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-20T00:00:00Z |
| date_published | 2020-01-01T00:00:00Z |
| source | MITRE |
| title | libzip |
Symantec Darkmoon Sept 2014
Payet, L. (2014, September 19). Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign. Retrieved September 13, 2018.
Internal MISP references
UUID 3362a507-03c3-4236-b484-8144248b5cac which can be used as unique global reference for Symantec Darkmoon Sept 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-13T00:00:00Z |
| date_published | 2014-09-19T00:00:00Z |
| source | MITRE |
| title | Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign |
Wikipedia LLMNR
Wikipedia. (2016, July 7). Link-Local Multicast Name Resolution. Retrieved November 17, 2017.
Internal MISP references
UUID e06d8b82-f61d-49fc-8120-b6d9e5864cc8 which can be used as unique global reference for Wikipedia LLMNR in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| date_published | 2016-07-07T00:00:00Z |
| source | MITRE |
| title | Link-Local Multicast Name Resolution |
IzyKnows auditd threat detection 2022
IzySec. (2022, January 26). Linux auditd for Threat Detection. Retrieved September 29, 2023.
Internal MISP references
UUID 8a2f5c37-df28-587e-81b8-4bf7bb796854 which can be used as unique global reference for IzyKnows auditd threat detection 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-29T00:00:00Z |
| date_published | 2022-01-26T00:00:00Z |
| source | MITRE |
| title | Linux auditd for Threat Detection |
Fysbis Dr Web Analysis
Doctor Web. (2014, November 21). Linux.BackDoor.Fysbis.1. Retrieved December 7, 2017.
Internal MISP references
UUID f1eb4818-fda6-46f2-9d5a-5469a5ed44fc which can be used as unique global reference for Fysbis Dr Web Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-07T00:00:00Z |
| date_published | 2014-11-21T00:00:00Z |
| source | MITRE |
| title | Linux.BackDoor.Fysbis.1 |
GDSecurity Linux injection
McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved December 20, 2017.
Internal MISP references
UUID 834966eb-d07a-42ea-83db-d6e71b39214c which can be used as unique global reference for GDSecurity Linux injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-09-05T00:00:00Z |
| source | MITRE |
| title | Linux Based Inter-Process Code Injection Without Ptrace(2) |
GDS Linux Injection
McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved February 21, 2020.
Internal MISP references
UUID 3e7f5991-25b4-43e9-9f0b-a5c668fb0657 which can be used as unique global reference for GDS Linux Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2017-09-05T00:00:00Z |
| source | MITRE |
| title | Linux Based Inter-Process Code Injection Without Ptrace(2) |
Linux/Cdorked.A We Live Security Analysis
Pierre-Marc Bureau. (2013, April 26). Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole. Retrieved September 10, 2017.
Internal MISP references
UUID f76fce2e-2884-4b50-a7d7-55f08b84099c which can be used as unique global reference for Linux/Cdorked.A We Live Security Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-10T00:00:00Z |
| date_published | 2013-04-26T00:00:00Z |
| source | MITRE |
| title | Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole |
Avast Linux Trojan Cron Persistence
Threat Intelligence Team. (2015, January 6). Linux DDoS Trojan hiding itself with an embedded rootkit. Retrieved January 8, 2018.
Internal MISP references
UUID 148fe0e1-8487-4d49-8966-f14e144372f5 which can be used as unique global reference for Avast Linux Trojan Cron Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-08T00:00:00Z |
| date_published | 2015-01-06T00:00:00Z |
| source | MITRE |
| title | Linux DDoS Trojan hiding itself with an embedded rootkit |
BH Linux Inject
Colgan, T. (2015, August 15). Linux-Inject. Retrieved February 21, 2020.
Internal MISP references
UUID bdbb2a83-fc3b-439f-896a-75bffada4d51 which can be used as unique global reference for BH Linux Inject in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2015-08-15T00:00:00Z |
| source | MITRE |
| title | Linux-Inject |
PAM Backdoor
zephrax. (2018, August 3). linux-pam-backdoor. Retrieved June 25, 2020.
Internal MISP references
UUID da1ffaf1-39f9-4516-8c04-4a4301e13585 which can be used as unique global reference for PAM Backdoor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2018-08-03T00:00:00Z |
| source | MITRE |
| title | linux-pam-backdoor |
Linux Password and Shadow File Formats
The Linux Documentation Project. (n.d.). Linux Password and Shadow File Formats. Retrieved February 19, 2020.
Internal MISP references
UUID 7c574609-4b0d-44e7-adc3-8a3d67e10e9f which can be used as unique global reference for Linux Password and Shadow File Formats in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-19T00:00:00Z |
| source | MITRE |
| title | Linux Password and Shadow File Formats |
nixCraft - John the Ripper
Vivek Gite. (2014, September 17). Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool). Retrieved February 19, 2020.
Internal MISP references
UUID 5e093b21-8bbd-4ad4-9fe2-cbb04207f1d3 which can be used as unique global reference for nixCraft - John the Ripper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-19T00:00:00Z |
| date_published | 2014-09-17T00:00:00Z |
| source | MITRE |
| title | Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool) |
Polop Linux PrivEsc Gitbook
Carlos Polop. (2023, March 5). Linux Privilege Escalation. Retrieved March 31, 2023.
Internal MISP references
UUID a73a2819-61bd-5bd2-862d-5eeed344909f which can be used as unique global reference for Polop Linux PrivEsc Gitbook in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-31T00:00:00Z |
| date_published | 2023-03-05T00:00:00Z |
| source | MITRE |
| title | Linux Privilege Escalation |
setuid man page
Michael Kerrisk. (2017, September 15). Linux Programmer's Manual. Retrieved September 21, 2018.
Internal MISP references
UUID c07e9d6c-18f2-4246-a265-9bec7d833bba which can be used as unique global reference for setuid man page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-21T00:00:00Z |
| date_published | 2017-09-15T00:00:00Z |
| source | MITRE |
| title | Linux Programmer's Manual |
Man LD.SO
Kerrisk, M. (2020, June 13). Linux Programmer's Manual. Retrieved June 15, 2020.
Internal MISP references
UUID a8a16cf6-0482-4e98-a39a-496491f985df which can be used as unique global reference for Man LD.SO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2020-06-13T00:00:00Z |
| source | MITRE |
| title | Linux Programmer's Manual |
Uninformed Needle
skape. (2003, January 19). Linux x86 run-time process manipulation. Retrieved December 20, 2017.
Internal MISP references
UUID 5ac2d917-756f-48d0-ab32-648b45a29083 which can be used as unique global reference for Uninformed Needle in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2003-01-19T00:00:00Z |
| source | MITRE |
| title | Linux x86 run-time process manipulation |
List Blobs
Microsoft - List Blobs. (n.d.). Retrieved October 4, 2021.
Internal MISP references
UUID f9aa697a-83dd-4bae-bc11-006be51ce477 which can be used as unique global reference for List Blobs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| source | MITRE |
| title | List Blobs |
ListObjectsV2
Amazon - ListObjectsV2. Retrieved October 4, 2021.
Internal MISP references
UUID 727c2077-f922-4314-908a-356c42564181 which can be used as unique global reference for ListObjectsV2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| source | MITRE |
| title | ListObjectsV2 |
Wikipedia File Header Signatures
Wikipedia. (2016, March 31). List of file signatures. Retrieved April 22, 2016.
Internal MISP references
UUID 00de69c8-78b1-4de3-a4dc-f5be3dbca212 which can be used as unique global reference for Wikipedia File Header Signatures in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-22T00:00:00Z |
| date_published | 2016-03-31T00:00:00Z |
| source | MITRE |
| title | List of file signatures |
Wikipedia OSI
Wikipedia. (n.d.). List of network protocols (OSI model). Retrieved December 4, 2014.
Internal MISP references
UUID d1080030-12c7-4223-92ab-fb764acf111d which can be used as unique global reference for Wikipedia OSI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-04T00:00:00Z |
| source | MITRE |
| title | List of network protocols (OSI model) |
AWS List Roles
Amazon. (n.d.). List Roles. Retrieved August 11, 2020.
Internal MISP references
UUID 42ff02f9-45d0-466b-a5fa-e19c8187b529 which can be used as unique global reference for AWS List Roles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-11T00:00:00Z |
| source | MITRE |
| title | List Roles |
Google Cloud Secrets
Google Cloud. (n.d.). List secrets and view secret details. Retrieved September 25, 2023.
Internal MISP references
UUID 4a9e631d-3588-5585-b00a-316a934e6009 which can be used as unique global reference for Google Cloud Secrets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-25T00:00:00Z |
| source | MITRE |
| title | List secrets and view secret details |
Peripheral Discovery Linux
Shahriar Shovon. (2018, March). List USB Devices Linux. Retrieved March 11, 2022.
Internal MISP references
UUID 427b3a1b-88ea-4027-bae6-7fb45490b81d which can be used as unique global reference for Peripheral Discovery Linux in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-11T00:00:00Z |
| date_published | 2018-03-01T00:00:00Z |
| source | MITRE |
| title | List USB Devices Linux |
AWS List Users
Amazon. (n.d.). List Users. Retrieved August 11, 2020.
Internal MISP references
UUID 517e3d27-36da-4810-b256-3f47147b36e3 which can be used as unique global reference for AWS List Users in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-11T00:00:00Z |
| source | MITRE |
| title | List Users |
Sophos PowerShell command audit
jak. (2020, June 27). Live Discover - PowerShell command audit. Retrieved August 21, 2020.
Internal MISP references
UUID 441f289c-7fdc-4cf1-9379-960be75c7202 which can be used as unique global reference for Sophos PowerShell command audit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-21T00:00:00Z |
| date_published | 2020-06-27T00:00:00Z |
| source | MITRE |
| title | Live Discover - PowerShell command audit |
Dell TG-1314
Dell SecureWorks Counter Threat Unit Special Operations Team. (2015, May 28). Living off the Land. Retrieved January 26, 2016.
Internal MISP references
UUID 79fc7568-b6ff-460b-9200-56d7909ed157 which can be used as unique global reference for Dell TG-1314 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-26T00:00:00Z |
| date_published | 2015-05-28T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Living off the Land |
Symantec Living off the Land
Wueest, C., Anand, H. (2017, July). Living off the land and fileless attack techniques. Retrieved April 10, 2018.
Internal MISP references
UUID 4bad4659-f501-4eb6-b3ca-0359e3ba824e which can be used as unique global reference for Symantec Living off the Land in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-10T00:00:00Z |
| date_published | 2017-07-01T00:00:00Z |
| source | MITRE |
| title | Living off the land and fileless attack techniques |
LOLBAS Main Site
LOLBAS. (n.d.). Living Off The Land Binaries and Scripts (and also Libraries). Retrieved February 10, 2020.
Internal MISP references
UUID 615f6fa5-3059-49fc-9fa4-5ca0aeff4331 which can be used as unique global reference for LOLBAS Main Site in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-10T00:00:00Z |
| source | MITRE |
| title | Living Off The Land Binaries and Scripts (and also Libraries) |
LOLBAS Project
Oddvar Moe et al. (2022, February). Living Off The Land Binaries, Scripts and Libraries. Retrieved March 7, 2022.
Internal MISP references
UUID 14b1d3ab-8508-4946-9913-17e667956064 which can be used as unique global reference for LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-07T00:00:00Z |
| date_published | 2022-02-01T00:00:00Z |
| source | MITRE |
| title | Living Off The Land Binaries, Scripts and Libraries |
FireEye 2019 Apple Remote Desktop
Jake Nicastro, Willi Ballenthin. (2019, October 9). Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil. Retrieved August 16, 2021.
Internal MISP references
UUID bbc72952-988e-4c3c-ab5e-75b64e9e33f5 which can be used as unique global reference for FireEye 2019 Apple Remote Desktop in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-16T00:00:00Z |
| date_published | 2019-10-09T00:00:00Z |
| source | MITRE |
| title | Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil |
LKM loading kernel restrictions
Pingios, A.. (2018, February 7). LKM loading kernel restrictions. Retrieved June 4, 2020.
Internal MISP references
UUID 10ccae99-c6f5-4b83-89c9-06a9e35280fc which can be used as unique global reference for LKM loading kernel restrictions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-04T00:00:00Z |
| date_published | 2018-02-07T00:00:00Z |
| source | MITRE |
| title | LKM loading kernel restrictions |
Rapid7 LLMNR Spoofer
Francois, R. (n.d.). LLMNR Spoofer. Retrieved November 17, 2017.
Internal MISP references
UUID 229b04b6-98ca-4e6f-9917-a26cfe0a7f0d which can be used as unique global reference for Rapid7 LLMNR Spoofer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| source | MITRE |
| title | LLMNR Spoofer |
Wikipedia Loadable Kernel Module
Wikipedia. (2018, March 17). Loadable kernel module. Retrieved April 9, 2018.
Internal MISP references
UUID e6d9f967-4f45-44d2-8a19-69741745f917 which can be used as unique global reference for Wikipedia Loadable Kernel Module in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2018-03-17T00:00:00Z |
| source | MITRE |
| title | Loadable kernel module |
Microsoft LoadLibrary
Microsoft. (2018, December 5). LoadLibraryA function (libloaderapi.h). Retrieved September 28, 2021.
Internal MISP references
UUID dfaf5bfa-61a7-45f8-a50e-0d8bc6cb2189 which can be used as unique global reference for Microsoft LoadLibrary in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2018-12-05T00:00:00Z |
| source | MITRE |
| title | LoadLibraryA function (libloaderapi.h) |
Microsoft Local Accounts Feb 2019
Microsoft. (2018, December 9). Local Accounts. Retrieved February 11, 2019.
Internal MISP references
UUID 6ae7487c-cb61-4f10-825f-4ef9ef050b7c which can be used as unique global reference for Microsoft Local Accounts Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-11T00:00:00Z |
| date_published | 2018-12-09T00:00:00Z |
| source | MITRE |
| title | Local Accounts |
Sternsecurity LLMNR-NBTNS
Sternstein, J. (2013, November). Local Network Attacks: LLMNR and NBT-NS Poisoning. Retrieved November 17, 2017.
Internal MISP references
UUID 422a6043-78c2-43ef-8e87-7d7a8878f94a which can be used as unique global reference for Sternsecurity LLMNR-NBTNS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| date_published | 2013-11-01T00:00:00Z |
| source | MITRE |
| title | Local Network Attacks: LLMNR and NBT-NS Poisoning |
Sophos Geolocation 2016
Wisniewski, C. (2016, May 3). Location-based threats: How cybercriminals target you based on where you live. Retrieved April 1, 2021.
Internal MISP references
UUID a3b7540d-20cc-4d94-8321-9fd730486f8c which can be used as unique global reference for Sophos Geolocation 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2016-05-03T00:00:00Z |
| source | MITRE |
| title | Location-based threats: How cybercriminals target you based on where you live |
VMWare LockBit 3.0 October 2022
Dana Behling. (2022, October 15). LockBit 3.0 Ransomware Unlocked. Retrieved May 19, 2023.
Internal MISP references
UUID b625f291-0152-468c-a130-ec8fb0c6ad21 which can be used as unique global reference for VMWare LockBit 3.0 October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| date_published | 2022-10-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | LockBit 3.0 Ransomware Unlocked |
Sentinel Labs LockBit 3.0 July 2022
Jim Walter, Aleksandar Milenkoski. (2022, July 21). LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques. Retrieved May 19, 2023.
Internal MISP references
UUID 9a73b140-b483-4274-a134-ed1bb15ac31c which can be used as unique global reference for Sentinel Labs LockBit 3.0 July 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| date_published | 2022-07-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | LockBit 3.0 Update |
Cary Esentutl
Cary, M. (2018, December 6). Locked File Access Using ESENTUTL.exe. Retrieved September 5, 2019.
Internal MISP references
UUID aa1211c6-e490-444a-8aab-7626e0700dd0 which can be used as unique global reference for Cary Esentutl in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-05T00:00:00Z |
| date_published | 2018-12-06T00:00:00Z |
| source | MITRE |
| title | Locked File Access Using ESENTUTL.exe |
Group IB Ransomware September 2020
Group IB. (2020, September). LOCK LIKE A PRO. Retrieved September 27, 2021.
Internal MISP references
UUID 52d0e16f-9a20-442f-9a17-686e51d7e32b which can be used as unique global reference for Group IB Ransomware September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| date_published | 2020-09-01T00:00:00Z |
| source | MITRE |
| title | LOCK LIKE A PRO |
AWS Cloud Trail Backup API
Amazon. (2020). Logging AWS Backup API Calls with AWS CloudTrail. Retrieved April 27, 2020.
Internal MISP references
UUID 17222170-5454-4a7d-804b-23753ec841eb which can be used as unique global reference for AWS Cloud Trail Backup API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-27T00:00:00Z |
| date_published | 2020-01-01T00:00:00Z |
| source | MITRE |
| title | Logging AWS Backup API Calls with AWS CloudTrail |
AWS Logging IAM Calls
AWS. (n.d.). Logging IAM and AWS STS API calls with AWS CloudTrail. Retrieved April 1, 2022.
Internal MISP references
UUID 2aa0682b-f553-4c2b-ae9e-112310bcb8d0 which can be used as unique global reference for AWS Logging IAM Calls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| source | MITRE |
| title | Logging IAM and AWS STS API calls with AWS CloudTrail |
Login Items AE
Apple. (n.d.). Login Items AE. Retrieved October 4, 2021.
Internal MISP references
UUID d15943dd-d11c-4af2-a3ac-9ebe168a7526 which can be used as unique global reference for Login Items AE in MISP communities and other software using the MISP galaxy
External references
- https://developer.apple.com/library/archive/samplecode/LoginItemsAE/Introduction/Intro.html#//apple_ref/doc/uid/DTS10003788
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| source | MITRE |
| title | Login Items AE |
LoginWindowScripts Apple Dev
Apple. (n.d.). LoginWindowScripts. Retrieved April 1, 2022.
Internal MISP references
UUID 340eb8df-cc22-4b59-8dca-32ec52fd6818 which can be used as unique global reference for LoginWindowScripts Apple Dev in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| source | MITRE |
| title | LoginWindowScripts |
LogMeIn Homepage
LogMeIn. (n.d.). LogMeIn Homepage. Retrieved November 16, 2023.
Internal MISP references
UUID e113b544-82ad-4099-ab4e-7fc8b78f54bd which can be used as unique global reference for LogMeIn Homepage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | LogMeIn Homepage |
ESET LoJax Sept 2018
ESET. (2018, September). LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group. Retrieved July 2, 2019.
Internal MISP references
UUID bb938fea-2b2e-41d3-a55c-40ea34c00d21 which can be used as unique global reference for ESET LoJax Sept 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-02T00:00:00Z |
| date_published | 2018-09-01T00:00:00Z |
| source | MITRE |
| title | LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group |
Morphisec Lokibot April 2020
Cheruku, H. (2020, April 15). LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE. Retrieved May 14, 2020.
Internal MISP references
UUID e938bab1-7dc1-4a78-b1e2-ab2aa0a83eb0 which can be used as unique global reference for Morphisec Lokibot April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-14T00:00:00Z |
| date_published | 2020-04-15T00:00:00Z |
| source | MITRE |
| title | LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE |
t1105_lolbas
LOLBAS. (n.d.). LOLBAS Mapped to T1105. Retrieved March 11, 2022.
Internal MISP references
UUID 80e649f5-6c74-4d66-a452-4f4cd51501da which can be used as unique global reference for t1105_lolbas in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-11T00:00:00Z |
| source | MITRE |
| title | LOLBAS Mapped to T1105 |
Qualys LolZarus
Pradhan, A. (2022, February 8). LolZarus: Lazarus Group Incorporating Lolbins into Campaigns. Retrieved March 22, 2022.
Internal MISP references
UUID 784f1f5a-f7f2-45e8-84bd-b600f2b74b33 which can be used as unique global reference for Qualys LolZarus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-22T00:00:00Z |
| date_published | 2022-02-08T00:00:00Z |
| source | MITRE |
| title | LolZarus: Lazarus Group Incorporating Lolbins into Campaigns |
Bitdefender Trickbot C2 infra Nov 2020
Liviu Arsene, Radu Tudorica. (2020, November 23). TrickBot is Dead. Long Live TrickBot!. Retrieved September 28, 2021.
Internal MISP references
UUID 1a281862-efc8-4566-8d06-ba463e22225d which can be used as unique global reference for Bitdefender Trickbot C2 infra Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| source | MITRE |
| title | Long Live TrickBot! |
Proofpoint LookBack Malware Aug 2019
Raggi, M. Schwarz, D.. (2019, August 1). LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards. Retrieved February 25, 2021.
Internal MISP references
UUID 77887f82-7815-4a91-8c8a-f77dc8a9ba53 which can be used as unique global reference for Proofpoint LookBack Malware Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-25T00:00:00Z |
| date_published | 2019-08-01T00:00:00Z |
| source | MITRE |
| title | LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards |
Fidelis DarkComet
Fidelis Cybersecurity. (2015, August 4). Looking at the Sky for a DarkComet. Retrieved April 5, 2016.
Internal MISP references
UUID 6043b34d-dec3-415b-8329-05f698f320e3 which can be used as unique global reference for Fidelis DarkComet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-05T00:00:00Z |
| date_published | 2015-08-04T00:00:00Z |
| source | MITRE |
| title | Looking at the Sky for a DarkComet |
BlackHat Process Doppelgänging Dec 2017
Liberman, T. & Kogan, E. (2017, December 7). Lost in Transaction: Process Doppelgänging. Retrieved December 20, 2017.
Internal MISP references
UUID b0752c3a-1777-4209-938d-5382de6a49f5 which can be used as unique global reference for BlackHat Process Doppelgänging Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-12-07T00:00:00Z |
| source | MITRE |
| title | Lost in Transaction: Process Doppelgänging |
ESET LoudMiner June 2019
Malik, M. (2019, June 20). LoudMiner: Cross-platform mining in cracked VST software. Retrieved May 18, 2020.
Internal MISP references
UUID f1e4ff9e-cb6c-46cc-898e-5f170bb5f634 which can be used as unique global reference for ESET LoudMiner June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-18T00:00:00Z |
| date_published | 2019-06-20T00:00:00Z |
| source | MITRE |
| title | LoudMiner: Cross-platform mining in cracked VST software |
GitHub Mimikatz Issue 92 June 2017
Warren, J. (2017, June 22). lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92. Retrieved December 4, 2017.
Internal MISP references
UUID 099c3492-1813-4874-9901-e24b081f7e12 which can be used as unique global reference for GitHub Mimikatz Issue 92 June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE |
| title | lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92 |
lsmod man
Kerrisk, M. (2022, December 18). lsmod(8) — Linux manual page. Retrieved March 28, 2023.
Internal MISP references
UUID c2f88274-9da4-5d24-b68d-302ee5990dd5 which can be used as unique global reference for lsmod man in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| date_published | 2022-12-18T00:00:00Z |
| source | MITRE |
| title | lsmod(8) — Linux manual page |
Unit 42 Lucifer June 2020
Hsu, K. et al. (2020, June 24). Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices. Retrieved November 16, 2020.
Internal MISP references
UUID 3977a87a-2eab-4a67-82b2-10c9dc7e4554 which can be used as unique global reference for Unit 42 Lucifer June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-16T00:00:00Z |
| date_published | 2020-06-24T00:00:00Z |
| source | MITRE |
| title | Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices |
Securelist LuckyMouse June 2018
Legezo, D. (2018, June 13). LuckyMouse hits national data center to organize country-level waterholing campaign. Retrieved August 18, 2018.
Internal MISP references
UUID f974708b-598c-46a9-aac9-c5fbdd116c2a which can be used as unique global reference for Securelist LuckyMouse June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-18T00:00:00Z |
| date_published | 2018-06-13T00:00:00Z |
| source | MITRE |
| title | LuckyMouse hits national data center to organize country-level waterholing campaign |
lucr-3: Getting SaaS-y in the cloud
Ian Ahl. (2023, September 20). LUCR-3: Scattered Spider Getting SaaS-y In The Cloud. Retrieved September 20, 2023.
Internal MISP references
UUID 033e7c95-cded-5e51-9a9f-1c6038b0509f which can be used as unique global reference for lucr-3: Getting SaaS-y in the cloud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-20T00:00:00Z |
| date_published | 2023-09-20T00:00:00Z |
| source | MITRE |
| title | LUCR-3: Scattered Spider Getting SaaS-y In The Cloud |
Permiso Scattered Spider 2023
Ian Ahl. (2023, September 20). LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD. Retrieved September 25, 2023.
Internal MISP references
UUID 020b97ab-466d-52e6-b1f1-6f9f8ffdabf0 which can be used as unique global reference for Permiso Scattered Spider 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-25T00:00:00Z |
| date_published | 2023-09-20T00:00:00Z |
| source | MITRE |
| title | LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD |
Kaspersky LuminousMoth July 2021
Lechtik, M, and etl. (2021, July 14). LuminousMoth APT: Sweeping attacks for the chosen few. Retrieved October 20, 2022.
Internal MISP references
UUID e21c6931-fba8-52b0-b6f0-1c8222881fbd which can be used as unique global reference for Kaspersky LuminousMoth July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-20T00:00:00Z |
| date_published | 2021-07-14T00:00:00Z |
| source | MITRE |
| title | LuminousMoth APT: Sweeping attacks for the chosen few |
Bitdefender LuminousMoth July 2021
Botezatu, B and etl. (2021, July 21). LuminousMoth - PlugX, File Exfiltration and Persistence Revisited. Retrieved October 20, 2022.
Internal MISP references
UUID 6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3 which can be used as unique global reference for Bitdefender LuminousMoth July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-20T00:00:00Z |
| date_published | 2021-07-21T00:00:00Z |
| source | MITRE |
| title | LuminousMoth - PlugX, File Exfiltration and Persistence Revisited |
Unit42 Luna Moth
Kristopher Russo. (n.d.). Luna Moth Callback Phishing Campaign. Retrieved February 2, 2023.
Internal MISP references
UUID ec52bcc9-6a56-5b94-8534-23c8e7ce740f which can be used as unique global reference for Unit42 Luna Moth in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-02T00:00:00Z |
| source | MITRE |
| title | Luna Moth Callback Phishing Campaign |
sygnia Luna Month
Oren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag. (n.d.). LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS. Retrieved February 2, 2023.
Internal MISP references
UUID 3e1c2a64-8446-538d-a148-2de87991955a which can be used as unique global reference for sygnia Luna Month in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-02T00:00:00Z |
| source | MITRE |
| title | LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS |
Zscaler Lyceum DnsSystem June 2022
Shivtarkar, N. and Kumar, A. (2022, June 9). Lyceum .NET DNS Backdoor. Retrieved June 23, 2022.
Internal MISP references
UUID eb78de14-8044-4466-8954-9ca44a17e895 which can be used as unique global reference for Zscaler Lyceum DnsSystem June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-23T00:00:00Z |
| date_published | 2022-06-09T00:00:00Z |
| source | MITRE |
| title | Lyceum .NET DNS Backdoor |
Kaspersky Lyceum October 2021
Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022.
Internal MISP references
UUID b3d13a82-c24e-4b47-b47a-7221ad449859 which can be used as unique global reference for Kaspersky Lyceum October 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-14T00:00:00Z |
| date_published | 2021-10-01T00:00:00Z |
| source | MITRE |
| title | LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST |
CoinTicker 2019
Thomas Reed. (2018, October 29). Mac cryptocurrency ticker app installs backdoors. Retrieved April 23, 2019.
Internal MISP references
UUID 99c53143-6f93-44c9-a874-c1b9e4506fb4 which can be used as unique global reference for CoinTicker 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-10-29T00:00:00Z |
| source | MITRE |
| title | Mac cryptocurrency ticker app installs backdoors |
ESET Machete July 2019
ESET. (2019, July). MACHETE JUST GOT SHARPER Venezuelan government institutions under attack. Retrieved September 13, 2019.
Internal MISP references
UUID 408d5e33-fcb6-4d21-8be9-7aa5a8bd3385 which can be used as unique global reference for ESET Machete July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-13T00:00:00Z |
| date_published | 2019-07-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | MACHETE JUST GOT SHARPER Venezuelan government institutions under attack |
synack 2016 review
Patrick Wardle. (2017, January 1). Mac Malware of 2016. Retrieved September 21, 2018.
Internal MISP references
UUID 9845ef95-bcc5-4430-8008-1e4a28e13c33 which can be used as unique global reference for synack 2016 review in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-21T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | Mac Malware of 2016 |
objsee mac malware 2017
Patrick Wardle. (n.d.). Mac Malware of 2017. Retrieved September 21, 2018.
Internal MISP references
UUID 08227ae5-4086-4c31-83d9-459c3a097754 which can be used as unique global reference for objsee mac malware 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-21T00:00:00Z |
| source | MITRE |
| title | Mac Malware of 2017 |
Unit 42 Mac Crypto Cookies January 2019
Chen, Y., Hu, W., Xu, Z., et. al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved October 14, 2019.
Internal MISP references
UUID 0a88e730-8ed2-4983-8f11-2cb2e4abfe3e which can be used as unique global reference for Unit 42 Mac Crypto Cookies January 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-14T00:00:00Z |
| date_published | 2019-01-31T00:00:00Z |
| source | MITRE |
| title | Mac Malware Steals Cryptocurrency Exchanges’ Cookies |
Unit42 CookieMiner Jan 2019
Chen, y., et al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved July 22, 2020.
Internal MISP references
UUID 4605c51d-b36e-4c29-abda-2a97829f6019 which can be used as unique global reference for Unit42 CookieMiner Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-22T00:00:00Z |
| date_published | 2019-01-31T00:00:00Z |
| source | MITRE |
| title | Mac Malware Steals Cryptocurrency Exchanges’ Cookies |
MacKeeper Bundlore Apr 2019
Sushko, O. (2019, April 17). macOS Bundlore: Mac Virus Bypassing macOS Security Features. Retrieved June 30, 2020.
Internal MISP references
UUID 4d631c9a-4fd5-43a4-8b78-4219bd371e87 which can be used as unique global reference for MacKeeper Bundlore Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-30T00:00:00Z |
| date_published | 2019-04-17T00:00:00Z |
| source | MITRE |
| title | macOS Bundlore: Mac Virus Bypassing macOS Security Features |
MalwareUnicorn macOS Dylib Injection MachO
Amanda Rousseau. (2020, April 4). MacOS Dylib Injection Workshop. Retrieved March 29, 2021.
Internal MISP references
UUID 61aae3a4-317e-4117-a02a-27885709fb07 which can be used as unique global reference for MalwareUnicorn macOS Dylib Injection MachO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| date_published | 2020-04-04T00:00:00Z |
| source | MITRE |
| title | MacOS Dylib Injection Workshop |
macOS Hierarchical File System Overview
Tenon. (n.d.). Retrieved October 12, 2021.
Internal MISP references
UUID 4b8b110a-fc40-4094-a70d-15530bc05fec which can be used as unique global reference for macOS Hierarchical File System Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| source | MITRE |
| title | macOS Hierarchical File System Overview |
Add List Remove Login Items Apple Script
kaloprominat. (2013, July 30). macos: manage add list remove login items apple script. Retrieved October 5, 2021.
Internal MISP references
UUID 13773d75-6fc1-4289-bf45-6ee147279052 which can be used as unique global reference for Add List Remove Login Items Apple Script in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| date_published | 2013-07-30T00:00:00Z |
| source | MITRE |
| title | macos: manage add list remove login items apple script |
macOS MS office sandbox escape
Cedric Owens. (2021, May 22). macOS MS Office Sandbox Brain Dump. Retrieved August 20, 2021.
Internal MISP references
UUID 759e81c1-a250-440e-8b52-178bcf5451b9 which can be used as unique global reference for macOS MS office sandbox escape in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-20T00:00:00Z |
| date_published | 2021-05-22T00:00:00Z |
| source | MITRE |
| title | macOS MS Office Sandbox Brain Dump |
MDSec macOS JXA and VSCode
Dominic Chell. (2021, January 1). macOS Post-Exploitation Shenanigans with VSCode Extensions. Retrieved April 20, 2021.
Internal MISP references
UUID 979cac34-d447-4e42-b17e-8ab2630bcfec which can be used as unique global reference for MDSec macOS JXA and VSCode in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-20T00:00:00Z |
| date_published | 2021-01-01T00:00:00Z |
| source | MITRE |
| title | macOS Post-Exploitation Shenanigans with VSCode Extensions |
SentinelOne macOS Red Team
Phil Stokes. (2019, December 5). macOS Red Team: Calling Apple APIs Without Building Binaries. Retrieved July 17, 2020.
Internal MISP references
UUID 4b05bd7c-22a3-4168-850c-8168700b17ba which can be used as unique global reference for SentinelOne macOS Red Team in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-17T00:00:00Z |
| date_published | 2019-12-05T00:00:00Z |
| source | MITRE |
| title | macOS Red Team: Calling Apple APIs Without Building Binaries |
Lockboxx ARD 2019
Dan Borges. (2019, July 21). MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol). Retrieved September 10, 2021.
Internal MISP references
UUID 159f8495-5354-4b93-84cb-a25e56fcff3e which can be used as unique global reference for Lockboxx ARD 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-10T00:00:00Z |
| date_published | 2019-07-21T00:00:00Z |
| source | MITRE |
| title | MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol) |
nixCraft macOS PATH variables
Vivek Gite. (2023, August 22). MacOS – Set / Change $PATH Variable Command. Retrieved September 28, 2023.
Internal MISP references
UUID 83daecf1-8708-56da-aaad-1e7e95c4ea43 which can be used as unique global reference for nixCraft macOS PATH variables in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-28T00:00:00Z |
| date_published | 2023-08-22T00:00:00Z |
| source | MITRE |
| title | MacOS – Set / Change $PATH Variable Command |
SensePost MacroLess DDE Oct 2017
Stalmans, E., El-Sherei, S. (2017, October 9). Macro-less Code Exec in MSWord. Retrieved November 21, 2017.
Internal MISP references
UUID 1036fbbb-f731-458a-b38c-42431612c0ad which can be used as unique global reference for SensePost MacroLess DDE Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-10-09T00:00:00Z |
| source | MITRE |
| title | Macro-less Code Exec in MSWord |
Macro Malware Targets Macs
Yerko Grbic. (2017, February 14). Macro Malware Targets Macs. Retrieved July 8, 2017.
Internal MISP references
UUID d63f3f6a-4486-48a4-b2f8-c2a8d571731a which can be used as unique global reference for Macro Malware Targets Macs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-08T00:00:00Z |
| date_published | 2017-02-14T00:00:00Z |
| source | MITRE |
| title | Macro Malware Targets Macs |
alientvault macspy
PETER EWANE. (2017, June 9). MacSpy: OS X RAT as a Service. Retrieved September 21, 2018.
Internal MISP references
UUID 80bb8646-1eb0-442a-aa51-ee3efaf75915 which can be used as unique global reference for alientvault macspy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-21T00:00:00Z |
| date_published | 2017-06-09T00:00:00Z |
| source | MITRE |
| title | MacSpy: OS X RAT as a Service |
reed thiefquest ransomware analysis
Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 22, 2021.
Internal MISP references
UUID 47b49df4-34f1-4a89-9983-e8bc19aadf8c which can be used as unique global reference for reed thiefquest ransomware analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-22T00:00:00Z |
| date_published | 2020-07-07T00:00:00Z |
| source | MITRE |
| title | Mac ThiefQuest malware may not be ransomware after all |
Reed thiefquest fake ransom
Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 18, 2021.
Internal MISP references
UUID b265ef93-c1fb-440d-a9e0-89cf25a3de05 which can be used as unique global reference for Reed thiefquest fake ransom in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-18T00:00:00Z |
| date_published | 2020-07-07T00:00:00Z |
| source | MITRE |
| title | Mac ThiefQuest malware may not be ransomware after all |
Objective See Green Lambert for OSX Oct 2021
Sandvik, Runa. (2021, October 1). Made In America: Green Lambert for OS X. Retrieved March 21, 2022.
Internal MISP references
UUID fad94973-eafa-4fdb-b7aa-22c21d894f81 which can be used as unique global reference for Objective See Green Lambert for OSX Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-21T00:00:00Z |
| date_published | 2021-10-01T00:00:00Z |
| source | MITRE |
| title | Made In America: Green Lambert for OS X |
Trend Micro FIN6 October 2019
Chen, J. (2019, October 10). Magecart Card Skimmers Injected Into Online Shops. Retrieved September 9, 2020.
Internal MISP references
UUID edb9395d-c8a2-46a5-8bf4-91b1d8fe6e3b which can be used as unique global reference for Trend Micro FIN6 October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-09T00:00:00Z |
| date_published | 2019-10-10T00:00:00Z |
| source | MITRE |
| title | Magecart Card Skimmers Injected Into Online Shops |
Unit 42 Magic Hound Feb 2017
Lee, B. and Falcone, R. (2017, February 15). Magic Hound Campaign Attacks Saudi Targets. Retrieved December 27, 2017.
Internal MISP references
UUID f1ef9868-3ddb-4289-aa92-481c35517920 which can be used as unique global reference for Unit 42 Magic Hound Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-27T00:00:00Z |
| date_published | 2017-02-15T00:00:00Z |
| source | MITRE |
| title | Magic Hound Campaign Attacks Saudi Targets |
AMD Magic Packet
AMD. (1995, November 1). Magic Packet Technical White Paper. Retrieved February 17, 2021.
Internal MISP references
UUID 06d36dea-e13d-48c4-b6d6-0c175c379f5b which can be used as unique global reference for AMD Magic Packet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-17T00:00:00Z |
| date_published | 1995-11-01T00:00:00Z |
| source | MITRE |
| title | Magic Packet Technical White Paper |
MagicWeb
Microsoft Threat Intelligence Center, Microsoft Detection and Response Team, Microsoft 365 Defender Research Team . (2022, August 24). MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone. Retrieved September 28, 2022.
Internal MISP references
UUID 5b728693-37e8-4100-ac82-b70945113e07 which can be used as unique global reference for MagicWeb in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2022-08-24T00:00:00Z |
| source | MITRE |
| title | MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone |
FireEye FIN7 Oct 2019
Carr, N, et all. (2019, October 10). Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques. Retrieved October 11, 2019.
Internal MISP references
UUID df8886d1-fbd7-4c24-8ab1-6261923dee96 which can be used as unique global reference for FireEye FIN7 Oct 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-11T00:00:00Z |
| date_published | 2019-10-10T00:00:00Z |
| source | MITRE |
| title | Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques |
Microsoft Mail Flow Rules 2023
Microsoft. (2023, February 22). Mail flow rules (transport rules) in Exchange Online. Retrieved March 13, 2023.
Internal MISP references
UUID 421093d7-6ac8-5ebc-9a04-1c65bdce0980 which can be used as unique global reference for Microsoft Mail Flow Rules 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2023-02-22T00:00:00Z |
| source | MITRE |
| title | Mail flow rules (transport rules) in Exchange Online |
GitHub MailSniper
Bullock, B., . (2018, November 20). MailSniper. Retrieved October 4, 2019.
Internal MISP references
UUID 50595548-b0c6-49d1-adab-43c8969ae716 which can be used as unique global reference for GitHub MailSniper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2018-11-20T00:00:00Z |
| source | MITRE |
| title | MailSniper |
mailx man page
Michael Kerrisk. (2021, August 27). mailx(1p) — Linux manual page. Retrieved June 10, 2022.
Internal MISP references
UUID 6813a1a2-fbe0-4809-aad7-734997e59bea which can be used as unique global reference for mailx man page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-10T00:00:00Z |
| date_published | 2021-08-27T00:00:00Z |
| source | MITRE |
| title | mailx(1p) — Linux manual page |
enigma0x3 normal.dotm
Nelson, M. (2014, January 23). Maintaining Access with normal.dotm. Retrieved July 3, 2017.
Internal MISP references
UUID b8339d48-699d-4043-8197-1f0435a8dca5 which can be used as unique global reference for enigma0x3 normal.dotm in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2014-01-23T00:00:00Z |
| source | MITRE |
| title | Maintaining Access with normal.dotm |
NetSPI Startup Stored Procedures
Sutherland, S. (2016, March 7). Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures. Retrieved July 8, 2019.
Internal MISP references
UUID afe89472-ac42-4a0d-b398-5ed6a5dee74f which can be used as unique global reference for NetSPI Startup Stored Procedures in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-08T00:00:00Z |
| date_published | 2016-03-07T00:00:00Z |
| source | MITRE |
| title | Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures |
Makecab.exe - LOLBAS Project
LOLBAS. (2018, May 25). Makecab.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6473e36b-b5ad-4254-b46d-38c53ccbe446 which can be used as unique global reference for Makecab.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Makecab.exe |
Infoblox Lokibot January 2019
Hoang, M. (2019, January 31). Malicious Activity Report: Elements of Lokibot Infostealer. Retrieved May 15, 2020.
Internal MISP references
UUID 17ab0f84-a062-4c4f-acf9-e0b8f81c3cda which can be used as unique global reference for Infoblox Lokibot January 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-15T00:00:00Z |
| date_published | 2019-01-31T00:00:00Z |
| source | MITRE |
| title | Malicious Activity Report: Elements of Lokibot Infostealer |
U.S. CISA PaperCut May 2023
Cybersecurity and Infrastructure Security Agency. (2023, May 11). Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. Retrieved May 17, 2023.
Internal MISP references
UUID b5ef2b97-7cc7-470b-ae97-a45dc4af32a6 which can be used as unique global reference for U.S. CISA PaperCut May 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-17T00:00:00Z |
| date_published | 2023-05-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG |
GoBotKR
Zuzana Hromcová. (2019, July 8). Malicious campaign targets South Korean users with backdoor‑laced torrents. Retrieved March 31, 2022.
Internal MISP references
UUID 7d70675c-5520-4c81-8880-912ce918c4b5 which can be used as unique global reference for GoBotKR in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-31T00:00:00Z |
| date_published | 2019-07-08T00:00:00Z |
| source | MITRE |
| title | Malicious campaign targets South Korean users with backdoor‑laced torrents |
ICEBRG Chrome Extensions
De Tore, M., Warner, J. (2018, January 15). MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES. Retrieved January 17, 2018.
Internal MISP references
UUID 459bfd4a-7a9b-4d65-b574-acb221428dad which can be used as unique global reference for ICEBRG Chrome Extensions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-17T00:00:00Z |
| date_published | 2018-01-15T00:00:00Z |
| source | MITRE |
| title | MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES |
McAfee Malicious Doc Targets Pyeongchang Olympics
Saavedra-Morales, J., Sherstobitoff, R. (2018, January 6). Malicious Document Targets Pyeongchang Olympics. Retrieved April 10, 2018.
Internal MISP references
UUID e6b5c261-86c1-4b6b-8a5e-c6a454554588 which can be used as unique global reference for McAfee Malicious Doc Targets Pyeongchang Olympics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-10T00:00:00Z |
| date_published | 2018-01-06T00:00:00Z |
| source | MITRE |
| title | Malicious Document Targets Pyeongchang Olympics |
Fortinet Fareit
Salvio, J., Joven, R. (2016, December 16). Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware. Retrieved December 27, 2016.
Internal MISP references
UUID d06223d7-2d86-41c6-af23-50865a1810c0 which can be used as unique global reference for Fortinet Fareit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-12-27T00:00:00Z |
| date_published | 2016-12-16T00:00:00Z |
| source | MITRE |
| title | Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware |
Microsoft OAuth Spam 2022
Microsoft. (2023, September 22). Malicious OAuth applications abuse cloud email services to spread spam. Retrieved March 13, 2023.
Internal MISP references
UUID 086c06a0-3960-5fa8-b034-cef37a3aee90 which can be used as unique global reference for Microsoft OAuth Spam 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2023-09-22T00:00:00Z |
| source | MITRE |
| title | Malicious OAuth applications abuse cloud email services to spread spam |
Zscaler Kasidet
Yadav, A., et al. (2016, January 29). Malicious Office files dropping Kasidet and Dridex. Retrieved March 24, 2016.
Internal MISP references
UUID 63077223-4711-4c1e-9fb2-3995c7e03cf2 which can be used as unique global reference for Zscaler Kasidet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2016-01-29T00:00:00Z |
| source | MITRE |
| title | Malicious Office files dropping Kasidet and Dridex |
SilentBreak Outlook Rules
Landers, N. (2015, December 4). Malicious Outlook Rules. Retrieved February 4, 2019.
Internal MISP references
UUID a2ad0658-7c12-4f58-b7bf-6300eacb4a8f which can be used as unique global reference for SilentBreak Outlook Rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-04T00:00:00Z |
| date_published | 2015-12-04T00:00:00Z |
| source | MITRE |
| title | Malicious Outlook Rules |
Webroot PHP 2011
Brandt, Andrew. (2011, February 22). Malicious PHP Scripts on the Rise. Retrieved October 3, 2018.
Internal MISP references
UUID 6d0da707-2328-4b43-a112-570c1fd5dec1 which can be used as unique global reference for Webroot PHP 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| date_published | 2011-02-22T00:00:00Z |
| source | MITRE |
| title | Malicious PHP Scripts on the Rise |
CISA ComRAT Oct 2020
CISA. (2020, October 29). Malware Analysis Report (AR20-303A). Retrieved December 9, 2020.
Internal MISP references
UUID 6ba168aa-ca07-4856-911f-fa48da54e471 which can be used as unique global reference for CISA ComRAT Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-09T00:00:00Z |
| date_published | 2020-10-29T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (AR20-303A) |
Malware Analysis Report ComRAT
CISA. (2020, October 29). Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT. Retrieved September 30, 2022.
Internal MISP references
UUID 9d81e2c8-09d5-4542-9c60-13a22a5a0073 which can be used as unique global reference for Malware Analysis Report ComRAT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2020-10-29T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT |
CISA Zebrocy Oct 2020
CISA. (2020, October 29). Malware Analysis Report (AR20-303B). Retrieved December 9, 2020.
Internal MISP references
UUID b7518c4d-6c10-43d2-8e57-d354fb8d4a99 which can be used as unique global reference for CISA Zebrocy Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-09T00:00:00Z |
| date_published | 2020-10-29T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (AR20-303B) |
CISA Supernova Jan 2021
CISA. (2021, January 27). Malware Analysis Report (AR21-027A). Retrieved February 22, 2021.
Internal MISP references
UUID ce300d75-8351-4d7c-b280-7d5fbe17f9bb which can be used as unique global reference for CISA Supernova Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2021-01-27T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (AR21-027A) |
UK NCSC Jaguar Tooth April 18 2023
National Cyber Security Centre. (2023, April 18). Malware Analysis Report: Jaguar Tooth. Retrieved August 23, 2023.
Internal MISP references
UUID 954e0cb9-9a93-4cac-af84-c6989b973fac which can be used as unique global reference for UK NCSC Jaguar Tooth April 18 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-23T00:00:00Z |
| date_published | 2023-04-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Malware Analysis Report: Jaguar Tooth |
US-CERT SHARPKNOT June 2018
US-CERT. (2018, March 09). Malware Analysis Report (MAR) - 10135536.11.WHITE. Retrieved June 13, 2018.
Internal MISP references
UUID b6bb568f-de15-4ace-8075-c08e7835fea2 which can be used as unique global reference for US-CERT SHARPKNOT June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-13T00:00:00Z |
| date_published | 2018-03-09T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (MAR) - 10135536.11.WHITE |
US-CERT Bankshot Dec 2017
US-CERT. (2017, December 13). Malware Analysis Report (MAR) - 10135536-B. Retrieved July 17, 2018.
Internal MISP references
UUID af2a708d-f96f-49e7-9351-1ea703e614a0 which can be used as unique global reference for US-CERT Bankshot Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-17T00:00:00Z |
| date_published | 2017-12-13T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (MAR) - 10135536-B |
US-CERT Volgmer 2 Nov 2017
US-CERT. (2017, November 01). Malware Analysis Report (MAR) - 10135536-D. Retrieved July 16, 2018.
Internal MISP references
UUID a3a5c26c-0d57-4ffc-ae28-3fe828e08fcb which can be used as unique global reference for US-CERT Volgmer 2 Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-16T00:00:00Z |
| date_published | 2017-11-01T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (MAR) - 10135536-D |
US-CERT HARDRAIN March 2018
US-CERT. (2018, February 05). Malware Analysis Report (MAR) - 10135536-F. Retrieved June 11, 2018.
Internal MISP references
UUID ffc17fa5-e7d3-4592-b47b-e12ced0e62a4 which can be used as unique global reference for US-CERT HARDRAIN March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-11T00:00:00Z |
| date_published | 2018-02-05T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (MAR) - 10135536-F |
US-CERT BADCALL
US-CERT. (2018, February 06). Malware Analysis Report (MAR) - 10135536-G. Retrieved June 7, 2018.
Internal MISP references
UUID aeb4ff70-fa98-474c-8337-9e50d07ee378 which can be used as unique global reference for US-CERT BADCALL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-07T00:00:00Z |
| date_published | 2018-02-06T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (MAR) - 10135536-G |
CISA MAR SLOTHFULMEDIA October 2020
DHS/CISA, Cyber National Mission Force. (2020, October 1). Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA. Retrieved October 2, 2020.
Internal MISP references
UUID 57c3256c-0d24-4647-9037-fefe1c88ad61 which can be used as unique global reference for CISA MAR SLOTHFULMEDIA October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-02T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA |
Kroll RawPOS Jan 2017
Nesbit, B. and Ackerman, D. (2017, January). Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit. Retrieved October 4, 2017.
Internal MISP references
UUID cbbfffb9-c378-4e57-a2af-e76e6014ed57 which can be used as unique global reference for Kroll RawPOS Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-04T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit |
VMRay OSAMiner dynamic analysis 2021
VMRAY. (2021, January 14). Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection. Retrieved October 4, 2022.
Internal MISP references
UUID 47a5d32d-e6a5-46c2-898a-e45dc42371be which can be used as unique global reference for VMRay OSAMiner dynamic analysis 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-04T00:00:00Z |
| date_published | 2021-01-14T00:00:00Z |
| source | MITRE |
| title | Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection |
Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018
Catalin Cimpanu. (2018, July 10). Malware Found in Arch Linux AUR Package Repository. Retrieved April 23, 2019.
Internal MISP references
UUID 0654dabf-e885-45bf-8a8e-2b512ff4bf46 which can be used as unique global reference for Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-07-10T00:00:00Z |
| source | MITRE |
| title | Malware Found in Arch Linux AUR Package Repository |
Alperovitch Malware
Alperovitch, D. (2014, October 31). Malware-Free Intrusions. Retrieved November 4, 2014.
Internal MISP references
UUID b6635fd7-40ec-4481-bb0a-c1d3391854a7 which can be used as unique global reference for Alperovitch Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-04T00:00:00Z |
| date_published | 2014-10-31T00:00:00Z |
| source | MITRE |
| title | Malware-Free Intrusions |
Chrome Extension C2 Malware
Kjaer, M. (2016, July 18). Malware in the browser: how you might get hacked by a Chrome extension. Retrieved November 22, 2017.
Internal MISP references
UUID b0fdf9c7-614b-4269-ba3e-7d8b02aa8502 which can be used as unique global reference for Chrome Extension C2 Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| date_published | 2016-07-18T00:00:00Z |
| source | MITRE |
| title | Malware in the browser: how you might get hacked by a Chrome extension |
FireEye Kevin Mandia Guardrails
Shoorbajee, Z. (2018, June 1). Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries'. Retrieved January 17, 2019.
Internal MISP references
UUID 0c518eec-a94e-42a7-8eb7-527ae3e279b6 which can be used as unique global reference for FireEye Kevin Mandia Guardrails in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-17T00:00:00Z |
| source | MITRE |
| title | malware is more restrained than adversaries' |
TechRepublic M-Trends 2023
Karl Greenberg. (2023, April 20). Malware is proliferating, but detection measures bear fruit: Mandiant. Retrieved September 21, 2023.
Internal MISP references
UUID 1347e21e-e77d-464d-bbbe-dc4d3f2b07a1 which can be used as unique global reference for TechRepublic M-Trends 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| date_published | 2023-04-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Malware is proliferating, but detection measures bear fruit: Mandiant |
CTU BITS Malware June 2016
Counter Threat Unit Research Team. (2016, June 6). Malware Lingers with BITS. Retrieved January 12, 2018.
Internal MISP references
UUID db98b15c-399d-4a4c-8fa6-5a4ff38c3853 which can be used as unique global reference for CTU BITS Malware June 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| date_published | 2016-06-06T00:00:00Z |
| source | MITRE |
| title | Malware Lingers with BITS |
CyberBit System Calls
Gavriel, H. (2018, November 27). Malware Mitigation when Direct System Calls are Used. Retrieved September 29, 2021.
Internal MISP references
UUID c13cf528-2a7d-4a32-aee2-db5db2f30298 which can be used as unique global reference for CyberBit System Calls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2018-11-27T00:00:00Z |
| source | MITRE |
| title | Malware Mitigation when Direct System Calls are Used |
Malware Monday VBE
Bromiley, M. (2016, December 27). Malware Monday: VBScript and VBE Files. Retrieved March 17, 2023.
Internal MISP references
UUID 9b52a72b-938a-5eb6-a3b7-5a925657f0a3 which can be used as unique global reference for Malware Monday VBE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-17T00:00:00Z |
| date_published | 2016-12-27T00:00:00Z |
| source | MITRE |
| title | Malware Monday: VBScript and VBE Files |
Malware Persistence on OS X
Patrick Wardle. (2015). Malware Persistence on OS X Yosemite. Retrieved July 10, 2017.
Internal MISP references
UUID d4e3b066-c439-4284-ba28-3b8bd8ec270e which can be used as unique global reference for Malware Persistence on OS X in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-10T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | Malware Persistence on OS X Yosemite |
RSAC 2015 San Francisco Patrick Wardle
Wardle, P. (2015, April). Malware Persistence on OS X Yosemite. Retrieved April 6, 2018.
Internal MISP references
UUID 7e3f3dda-c407-4b06-a6b0-8b72c4dad6e6 which can be used as unique global reference for RSAC 2015 San Francisco Patrick Wardle in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2015-04-01T00:00:00Z |
| source | MITRE |
| title | Malware Persistence on OS X Yosemite |
FireEye Hijacking July 2010
Harbour, N. (2010, July 15). Malware Persistence without the Windows Registry. Retrieved November 17, 2020.
Internal MISP references
UUID 536f9987-f3b6-4d5f-8a6b-32a0c651500d which can be used as unique global reference for FireEye Hijacking July 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-17T00:00:00Z |
| date_published | 2010-07-15T00:00:00Z |
| source | MITRE |
| title | Malware Persistence without the Windows Registry |
Mondok Windows PiggyBack BITS May 2007
Mondok, M. (2007, May 11). Malware piggybacks on Windows’ Background Intelligent Transfer Service. Retrieved January 12, 2018.
Internal MISP references
UUID 7dd03a92-11b8-4b8a-9d34-082ecf09a6e4 which can be used as unique global reference for Mondok Windows PiggyBack BITS May 2007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| date_published | 2007-05-11T00:00:00Z |
| source | MITRE |
| title | Malware piggybacks on Windows’ Background Intelligent Transfer Service |
Conficker Nuclear Power Plant
Cimpanu, C. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved February 18, 2021.
Internal MISP references
UUID 83b8c3c4-d67a-48bd-8614-1c703a8d969b which can be used as unique global reference for Conficker Nuclear Power Plant in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-18T00:00:00Z |
| date_published | 2016-04-26T00:00:00Z |
| source | MITRE |
| title | Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary |
MMPC ISAPI Filter 2012
MMPC. (2012, October 3). Malware signed with the Adobe code signing certificate. Retrieved June 3, 2021.
Internal MISP references
UUID ef412bcd-54be-4972-888c-f5a2cdfb8d02 which can be used as unique global reference for MMPC ISAPI Filter 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-03T00:00:00Z |
| date_published | 2012-10-03T00:00:00Z |
| source | MITRE |
| title | Malware signed with the Adobe code signing certificate |
Leonardo Turla Penquin May 2020
Leonardo. (2020, May 29). MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64”. Retrieved March 11, 2021.
Internal MISP references
UUID 09d8bb54-6fa5-4842-98aa-6e9656a19092 which can be used as unique global reference for Leonardo Turla Penquin May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-11T00:00:00Z |
| date_published | 2020-05-29T00:00:00Z |
| source | MITRE |
| title | MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64” |
Malware System Language Check
Pierre-Marc Bureau. (2009, January 15). Malware Trying to Avoid Some Countries. Retrieved August 18, 2021.
Internal MISP references
UUID 3d4c5366-038a-453e-b803-a172b95da5f7 which can be used as unique global reference for Malware System Language Check in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-18T00:00:00Z |
| date_published | 2009-01-15T00:00:00Z |
| source | MITRE |
| title | Malware Trying to Avoid Some Countries |
JPCert TSCookie March 2018
Tomonaga, S. (2018, March 6). Malware “TSCookie”. Retrieved May 6, 2020.
Internal MISP references
UUID ff1717f7-0d2e-4947-87d7-44576affe9f8 which can be used as unique global reference for JPCert TSCookie March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-06T00:00:00Z |
| date_published | 2018-03-06T00:00:00Z |
| source | MITRE |
| title | Malware “TSCookie” |
Symantec BITS May 2007
Florio, E. (2007, May 9). Malware Update with Windows Update. Retrieved January 12, 2018.
Internal MISP references
UUID e5962c87-0d42-46c2-8757-91f264fc570f which can be used as unique global reference for Symantec BITS May 2007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| date_published | 2007-05-09T00:00:00Z |
| source | MITRE |
| title | Malware Update with Windows Update |
JPCert BlackTech Malware September 2019
Tomonaga, S.. (2019, September 18). Malware Used by BlackTech after Network Intrusion. Retrieved May 6, 2020.
Internal MISP references
UUID 26f44bde-f723-4854-8acc-3d95e5fa764a which can be used as unique global reference for JPCert BlackTech Malware September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-06T00:00:00Z |
| date_published | 2019-09-18T00:00:00Z |
| source | MITRE |
| title | Malware Used by BlackTech after Network Intrusion |
Unit 42 Rocke January 2019
Xingyu, J.. (2019, January 17). Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products. Retrieved May 26, 2020.
Internal MISP references
UUID facf686b-a5a9-4c85-bb46-f56a434d3d78 which can be used as unique global reference for Unit 42 Rocke January 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| date_published | 2019-01-17T00:00:00Z |
| source | MITRE |
| title | Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products |
Manage-bde.wsf - LOLBAS Project
LOLBAS. (2018, May 25). Manage-bde.wsf. Retrieved December 4, 2023.
Internal MISP references
UUID 74d5483e-2268-464c-a048-bb1f25bbfc4f which can be used as unique global reference for Manage-bde.wsf - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Manage-bde.wsf |
Microsoft Manage Device Identities
Microsoft. (2022, February 18). Manage device identities by using the Azure portal. Retrieved April 13, 2022.
Internal MISP references
UUID 91aa3a4a-a852-40db-b6ec-68504670cfa6 which can be used as unique global reference for Microsoft Manage Device Identities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-13T00:00:00Z |
| date_published | 2022-02-18T00:00:00Z |
| source | MITRE |
| title | Manage device identities by using the Azure portal |
Microsoft MOF May 2018
Satran, M. (2018, May 30). Managed Object Format (MOF). Retrieved January 24, 2020.
Internal MISP references
UUID 1d1da9ad-c995-4040-8103-b51af9d8bac3 which can be used as unique global reference for Microsoft MOF May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-24T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Managed Object Format (MOF) |
Microsoft Inbox Rules
Microsoft. (n.d.). Manage email messages by using rules. Retrieved June 11, 2021.
Internal MISP references
UUID 91ce21f7-4cd5-4a75-a533-45d052a11c5d which can be used as unique global reference for Microsoft Inbox Rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-11T00:00:00Z |
| source | MITRE |
| title | Manage email messages by using rules |
Google Cloud Just in Time Access 2023
Google Cloud. (n.d.). Manage just-in-time privileged access to projects. Retrieved September 21, 2023.
Internal MISP references
UUID 797c6051-9dff-531b-8438-d306bdf46720 which can be used as unique global reference for Google Cloud Just in Time Access 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| source | MITRE |
| title | Manage just-in-time privileged access to projects |
Microsoft Manage Mail Flow Rules 2023
Microsoft. (2023, February 22). Manage mail flow rules in Exchange Online. Retrieved March 13, 2023.
Internal MISP references
UUID 1d5d7353-7d9d-522a-a0aa-6f4aa0886ca1 which can be used as unique global reference for Microsoft Manage Mail Flow Rules 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2023-02-22T00:00:00Z |
| source | MITRE |
| title | Manage mail flow rules in Exchange Online |
Office 365 Partner Relationships
Microsoft. (2022, March 4). Manage partner relationships. Retrieved May 27, 2022.
Internal MISP references
UUID 3d794f31-c3b4-4e0b-8558-b944d6616676 which can be used as unique global reference for Office 365 Partner Relationships in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2022-03-04T00:00:00Z |
| source | MITRE |
| title | Manage partner relationships |
TechNet Trusted Publishers
Microsoft. (n.d.). Manage Trusted Publishers. Retrieved March 31, 2016.
Internal MISP references
UUID e355ae20-4ada-49f3-a097-744838d6ff7d which can be used as unique global reference for TechNet Trusted Publishers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-31T00:00:00Z |
| source | MITRE |
| title | Manage Trusted Publishers |
Microsoft Enable Cred Guard April 2017
Lich, B., Tobin, J., Hall, J. (2017, April 5). Manage Windows Defender Credential Guard. Retrieved November 27, 2017.
Internal MISP references
UUID dc95771b-db84-43ae-b9ee-6f0ef3f1c93d which can be used as unique global reference for Microsoft Enable Cred Guard April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| date_published | 2017-04-05T00:00:00Z |
| source | MITRE |
| title | Manage Windows Defender Credential Guard |
Outlook File Sizes
N. O'Bryan. (2018, May 30). Managing Outlook Cached Mode and OST File Sizes. Retrieved February 19, 2020.
Internal MISP references
UUID 6fbbb53f-cd4b-4ce1-942d-5cadb907cf86 which can be used as unique global reference for Outlook File Sizes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-19T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Managing Outlook Cached Mode and OST File Sizes |
Microsoft Managing WebDAV Security
Microsoft. (n.d.). Managing WebDAV Security (IIS 6.0). Retrieved December 21, 2017.
Internal MISP references
UUID eeb7cd82-b116-4989-b3fa-968a23f839f3 which can be used as unique global reference for Microsoft Managing WebDAV Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| source | MITRE |
| title | Managing WebDAV Security (IIS 6.0) |
Mandiant M Trends 2011
Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016.
Internal MISP references
UUID 563be052-29ac-4625-927d-84e475ef848e which can be used as unique global reference for Mandiant M Trends 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-10T00:00:00Z |
| date_published | 2011-01-27T00:00:00Z |
| source | MITRE |
| title | Mandiant M-Trends 2011 |
Mandiant M Trends 2016
Mandiant. (2016, February 25). Mandiant M-Trends 2016. Retrieved March 5, 2019.
Internal MISP references
UUID f769a3ac-4330-46b7-bed8-61697e22cd24 which can be used as unique global reference for Mandiant M Trends 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2016-02-25T00:00:00Z |
| source | MITRE |
| title | Mandiant M-Trends 2016 |
FireEye APT35 2018
Mandiant. (2018). Mandiant M-Trends 2018. Retrieved July 9, 2018.
Internal MISP references
UUID 71d3db50-4a20-4d8e-a640-4670d642205c which can be used as unique global reference for FireEye APT35 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-09T00:00:00Z |
| date_published | 2018-01-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Mandiant M-Trends 2018 |
Microsoft Manifests
Microsoft. (n.d.). Manifests. Retrieved December 5, 2014.
Internal MISP references
UUID e336dc02-c7bb-4046-93d9-17b9512fb731 which can be used as unique global reference for Microsoft Manifests in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| source | MITRE |
| title | Manifests |
MSDN Manifests
Microsoft. (n.d.). Manifests. Retrieved June 3, 2016.
Internal MISP references
UUID a29301fe-0e3c-4c6e-85c5-a30a6bcb9114 which can be used as unique global reference for MSDN Manifests in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| source | MITRE |
| title | Manifests |
Wikipedia Man in the Browser
Wikipedia. (2017, October 28). Man-in-the-browser. Retrieved January 10, 2018.
Internal MISP references
UUID f8975da7-4c50-4b3b-8ecb-c99c9b3bc20c which can be used as unique global reference for Wikipedia Man in the Browser in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-10T00:00:00Z |
| date_published | 2017-10-28T00:00:00Z |
| source | MITRE |
| title | Man-in-the-browser |
Kaspersky Encyclopedia MiTM
Kaspersky IT Encyclopedia. (n.d.). Man-in-the-middle attack. Retrieved September 1, 2023.
Internal MISP references
UUID 353a6eb9-54c5-5211-ad87-abf5d941e503 which can be used as unique global reference for Kaspersky Encyclopedia MiTM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-01T00:00:00Z |
| source | MITRE |
| title | Man-in-the-middle attack |
Rapid7 MiTM Basics
Rapid7. (n.d.). Man-in-the-Middle (MITM) Attacks. Retrieved March 2, 2020.
Internal MISP references
UUID 33b25966-0ab9-4cc6-9702-62263a23af9c which can be used as unique global reference for Rapid7 MiTM Basics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-02T00:00:00Z |
| source | MITRE |
| title | Man-in-the-Middle (MITM) Attacks |
mitm_tls_downgrade_att
praetorian Editorial Team. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved December 8, 2021.
Internal MISP references
UUID af907fe1-1e37-4f44-8ad4-fcc3826ee6fb which can be used as unique global reference for mitm_tls_downgrade_att in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-08T00:00:00Z |
| date_published | 2014-08-19T00:00:00Z |
| source | MITRE |
| title | Man-in-the-Middle TLS Protocol Downgrade Attack |
Praetorian TLS Downgrade Attack 2014
Praetorian. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved October 8, 2021.
Internal MISP references
UUID 4375602d-4b5f-476d-82f8-3cef84d3378e which can be used as unique global reference for Praetorian TLS Downgrade Attack 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-08T00:00:00Z |
| date_published | 2014-08-19T00:00:00Z |
| source | MITRE |
| title | Man-in-the-Middle TLS Protocol Downgrade Attack |
InsiderThreat ChangeNTLM July 2017
Warren, J. (2017, July 11). Manipulating User Passwords with Mimikatz. Retrieved December 4, 2017.
Internal MISP references
UUID 3bf24c68-fc98-4143-9dff-f54030c902fe which can be used as unique global reference for InsiderThreat ChangeNTLM July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| date_published | 2017-07-11T00:00:00Z |
| source | MITRE |
| title | Manipulating User Passwords with Mimikatz |
Kaspersky ManOnTheSide
Starikova, A. (2023, February 14). Man-on-the-side – peculiar attack. Retrieved September 1, 2023.
Internal MISP references
UUID 8ea545ac-cca6-5da5-8a93-6b07518fc9d4 which can be used as unique global reference for Kaspersky ManOnTheSide in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-01T00:00:00Z |
| date_published | 2023-02-14T00:00:00Z |
| source | MITRE |
| title | Man-on-the-side – peculiar attack |
CrowdStrike Manufacturing Threat July 2020
Falcon OverWatch Team. (2020, July 14). Manufacturing Industry in the Adversaries’ Crosshairs. Retrieved October 17, 2021.
Internal MISP references
UUID 5ed6a702-dcc5-4021-95cc-5b720dbd8774 which can be used as unique global reference for CrowdStrike Manufacturing Threat July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-17T00:00:00Z |
| date_published | 2020-07-14T00:00:00Z |
| source | MITRE |
| title | Manufacturing Industry in the Adversaries’ Crosshairs |
US-CERT TYPEFRAME June 2018
US-CERT. (2018, June 14). MAR-10135536-12 – North Korean Trojan: TYPEFRAME. Retrieved July 13, 2018.
Internal MISP references
UUID b89f20ad-39c4-480f-b02e-20f4e71f6b95 which can be used as unique global reference for US-CERT TYPEFRAME June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-13T00:00:00Z |
| date_published | 2018-06-14T00:00:00Z |
| source | MITRE |
| title | MAR-10135536-12 – North Korean Trojan: TYPEFRAME |
US-CERT KEYMARBLE Aug 2018
US-CERT. (2018, August 09). MAR-10135536-17 – North Korean Trojan: KEYMARBLE. Retrieved August 16, 2018.
Internal MISP references
UUID b30dd720-a85d-4bf5-84e1-394a27917ee7 which can be used as unique global reference for US-CERT KEYMARBLE Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-16T00:00:00Z |
| date_published | 2018-08-09T00:00:00Z |
| source | MITRE |
| title | MAR-10135536-17 – North Korean Trojan: KEYMARBLE |
US-CERT HOPLIGHT Apr 2019
US-CERT. (2019, April 10). MAR-10135536-8 – North Korean Trojan: HOPLIGHT. Retrieved April 19, 2019.
Internal MISP references
UUID e722b71b-9042-4143-a156-489783d86e0a which can be used as unique global reference for US-CERT HOPLIGHT Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| date_published | 2019-04-10T00:00:00Z |
| source | MITRE |
| title | MAR-10135536-8 – North Korean Trojan: HOPLIGHT |
US-CERT HOTCROISSANT February 2020
US-CERT. (2020, February 20). MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT. Retrieved May 1, 2020.
Internal MISP references
UUID db5c816a-2a23-4966-8f0b-4ec86cae45c9 which can be used as unique global reference for US-CERT HOTCROISSANT February 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-01T00:00:00Z |
| date_published | 2020-02-20T00:00:00Z |
| source | MITRE |
| title | MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT |
CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020
USG. (2020, May 12). MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE. Retrieved March 5, 2021.
Internal MISP references
UUID b9946fcc-592a-4c54-b504-4fe5050704df which can be used as unique global reference for CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-05T00:00:00Z |
| date_published | 2020-05-12T00:00:00Z |
| source | MITRE |
| title | MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE |
CISA MAR-10292089-1.v2 TAIDOOR August 2021
CISA, FBI, DOD. (2021, August). MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR. Retrieved August 24, 2021.
Internal MISP references
UUID 0ae18fda-cc88-49f4-8e85-7b63044579ea which can be used as unique global reference for CISA MAR-10292089-1.v2 TAIDOOR August 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| date_published | 2021-08-01T00:00:00Z |
| source | MITRE |
| title | MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR |
US-CERT BLINDINGCAN Aug 2020
US-CERT. (2020, August 19). MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN. Retrieved August 19, 2020.
Internal MISP references
UUID 0421788c-b807-4e19-897c-bfb4323feb16 which can be used as unique global reference for US-CERT BLINDINGCAN Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-19T00:00:00Z |
| date_published | 2020-08-19T00:00:00Z |
| source | MITRE |
| title | MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN |
CISA SoreFang July 2016
CISA. (2020, July 16). MAR-10296782-1.v1 – SOREFANG. Retrieved September 29, 2020.
Internal MISP references
UUID a87db09c-cadc-48fd-9634-8dd44bbd9009 which can be used as unique global reference for CISA SoreFang July 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-29T00:00:00Z |
| date_published | 2020-07-16T00:00:00Z |
| source | MITRE |
| title | MAR-10296782-1.v1 – SOREFANG |
CISA WellMess July 2020
CISA. (2020, July 16). MAR-10296782-2.v1 – WELLMESS. Retrieved September 24, 2020.
Internal MISP references
UUID 40e9eda2-51a2-4fd8-b0b1-7d2c6deca820 which can be used as unique global reference for CISA WellMess July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-24T00:00:00Z |
| date_published | 2020-07-16T00:00:00Z |
| source | MITRE |
| title | MAR-10296782-2.v1 – WELLMESS |
CISA WellMail July 2020
CISA. (2020, July 16). MAR-10296782-3.v1 – WELLMAIL. Retrieved September 29, 2020.
Internal MISP references
UUID 2f33b88a-a8dd-445b-a34f-e356b94bed35 which can be used as unique global reference for CISA WellMail July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-29T00:00:00Z |
| date_published | 2020-07-16T00:00:00Z |
| source | MITRE |
| title | MAR-10296782-3.v1 – WELLMAIL |
CISA EB Aug 2020
Cybersecurity and Infrastructure Security Agency. (2020, August 26). MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON. Retrieved March 18, 2021.
Internal MISP references
UUID a1b143f9-ca85-4c11-8909-49423c9ffeab which can be used as unique global reference for CISA EB Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-18T00:00:00Z |
| date_published | 2020-08-26T00:00:00Z |
| source | MITRE |
| title | MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON |
CISA HatMan
CISA. (2019, February 27). MAR-17-352-01 HatMan-Safety System Targeted Malware. Retrieved January 6, 2021.
Internal MISP references
UUID 0690fa53-fee4-43fa-afd5-61137fd7529e which can be used as unique global reference for CISA HatMan in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2019-02-27T00:00:00Z |
| source | MITRE |
| title | MAR-17-352-01 HatMan-Safety System Targeted Malware |
Outflank MotW 2020
Hegt, S. (2020, March 30). Mark-of-the-Web from a red team’s perspective. Retrieved February 22, 2021.
Internal MISP references
UUID 54d9c59f-800a-426f-90c8-0d1cb2bea1ea which can be used as unique global reference for Outflank MotW 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2020-03-30T00:00:00Z |
| source | MITRE |
| title | Mark-of-the-Web from a red team’s perspective |
Masquerads-Guardio
Tal, Nati. (2022, December 28). “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets. Retrieved February 21, 2023.
Internal MISP references
UUID e11492f4-f9a3-5489-b2bb-a28b19ef88b5 which can be used as unique global reference for Masquerads-Guardio in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-12-28T00:00:00Z |
| source | MITRE |
| title | “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets |
CNET Leaks
Ng, A. (2019, January 17). Massive breach leaks 773 million email addresses, 21 million passwords. Retrieved October 20, 2020.
Internal MISP references
UUID 46df3a49-e7c4-4169-b35c-0aecc78c31ea which can be used as unique global reference for CNET Leaks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-01-17T00:00:00Z |
| source | MITRE |
| title | Massive breach leaks 773 million email addresses, 21 million passwords |
ArsTechnica Great Firewall of China
Goodin, D.. (2015, March 31). Massive denial-of-service attack on GitHub tied to Chinese government. Retrieved April 19, 2019.
Internal MISP references
UUID 1a08d58f-bf91-4345-aa4e-2906d3ef365a which can be used as unique global reference for ArsTechnica Great Firewall of China in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| date_published | 2015-03-31T00:00:00Z |
| source | MITRE |
| title | Massive denial-of-service attack on GitHub tied to Chinese government |
Europol Cobalt Mar 2018
Europol. (2018, March 26). Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain. Retrieved October 10, 2018.
Internal MISP references
UUID f9d1f2ab-9e75-48ce-bcdf-b7119687feef which can be used as unique global reference for Europol Cobalt Mar 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-10T00:00:00Z |
| date_published | 2018-03-26T00:00:00Z |
| source | MITRE |
| title | Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain |
LOLBAS Mavinject
LOLBAS. (n.d.). Mavinject.exe. Retrieved September 22, 2021.
Internal MISP references
UUID 4ba7fa89-006b-4fbf-aa6c-6775842c97a4 which can be used as unique global reference for LOLBAS Mavinject in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| source | MITRE |
| title | Mavinject.exe |
Mavinject Functionality Deconstructed
Matt Graeber. (2018, May 29). mavinject.exe Functionality Deconstructed. Retrieved September 22, 2021.
Internal MISP references
UUID 17b055ba-5e59-4508-ba77-2519c03c6d65 which can be used as unique global reference for Mavinject Functionality Deconstructed in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2018-05-29T00:00:00Z |
| source | MITRE |
| title | mavinject.exe Functionality Deconstructed |
Sophos Maze VM September 2020
Brandt, A., Mackenzie, P.. (2020, September 17). Maze Attackers Adopt Ragnar Locker Virtual Machine Technique. Retrieved October 9, 2020.
Internal MISP references
UUID 9c4bbcbb-2c18-453c-8b02-0a0cd512c3f3 which can be used as unique global reference for Sophos Maze VM September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-09T00:00:00Z |
| date_published | 2020-09-17T00:00:00Z |
| source | MITRE |
| title | Maze Attackers Adopt Ragnar Locker Virtual Machine Technique |
mbed-crypto
ARMmbed. (2018, June 21). Mbed Crypto. Retrieved February 15, 2021.
Internal MISP references
UUID 324ba1b8-cc97-4d20-b25d-053b2462f3b2 which can be used as unique global reference for mbed-crypto in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-15T00:00:00Z |
| date_published | 2018-06-21T00:00:00Z |
| source | MITRE |
| title | Mbed Crypto |
McAfee REvil October 2019
Saavedra-Morales, J, et al. (2019, October 20). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo. Retrieved August 5, 2020.
Internal MISP references
UUID 288e94b3-a023-4b59-8b2a-25c469fb56a1 which can be used as unique global reference for McAfee REvil October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-05T00:00:00Z |
| date_published | 2019-10-20T00:00:00Z |
| source | MITRE |
| title | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo |
McAfee Sodinokibi October 2019
McAfee. (2019, October 2). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us. Retrieved August 4, 2020.
Internal MISP references
UUID 1bf961f2-dfa9-4ca3-9bf5-90c21755d783 which can be used as unique global reference for McAfee Sodinokibi October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2019-10-02T00:00:00Z |
| source | MITRE |
| title | McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us |
McAfee Sandworm November 2013
Li, H. (2013, November 5). McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office. Retrieved June 18, 2020.
Internal MISP references
UUID c90ecd26-ce29-4c1d-b739-357b6d42f399 which can be used as unique global reference for McAfee Sandworm November 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-18T00:00:00Z |
| date_published | 2013-11-05T00:00:00Z |
| source | MITRE |
| title | McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office |
McAfee Honeybee
Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
Internal MISP references
UUID e6f0f7b5-01fe-437f-a9c9-2ea054e7d69d which can be used as unique global reference for McAfee Honeybee in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-16T00:00:00Z |
| date_published | 2018-03-02T00:00:00Z |
| source | MITRE |
| title | McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups |
Secureworks MCMD July 2019
Secureworks. (2019, July 24). MCMD Malware Analysis. Retrieved August 13, 2020.
Internal MISP references
UUID f7364cfc-5a3b-4538-80d0-cae65f3c6592 which can be used as unique global reference for Secureworks MCMD July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-13T00:00:00Z |
| date_published | 2019-07-24T00:00:00Z |
| source | MITRE |
| title | MCMD Malware Analysis |
Purves Kextpocalypse 2
Richard Purves. (2017, November 9). MDM and the Kextpocalypse . Retrieved September 23, 2021.
Internal MISP references
UUID 57aeedda-2c32-404f-bead-fe6d213d7241 which can be used as unique global reference for Purves Kextpocalypse 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2017-11-09T00:00:00Z |
| source | MITRE |
| title | MDM and the Kextpocalypse |
MDSec Brute Ratel August 2022
Chell, D. PART 3: How I Met Your Beacon – Brute Ratel. Retrieved February 6, 2023.
Internal MISP references
UUID dfd12595-0056-5b4a-b753-624fac1bb3a6 which can be used as unique global reference for MDSec Brute Ratel August 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-06T00:00:00Z |
| source | MITRE |
| title | MDSec Brute Ratel August 2022 |
Secureworks NICKEL ACADEMY Dec 2017
Secureworks. (2017, December 15). Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies. Retrieved December 27, 2017.
Internal MISP references
UUID aa7393ad-0760-4f27-a068-17beba17bbe3 which can be used as unique global reference for Secureworks NICKEL ACADEMY Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-27T00:00:00Z |
| date_published | 2017-12-15T00:00:00Z |
| source | MITRE |
| title | Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies |
Cybereason Nocturnus MedusaLocker 2020
Cybereason Nocturnus. (2020, November 19). Cybereason vs. MedusaLocker Ransomware. Retrieved June 23, 2021.
Internal MISP references
UUID f7b41120-8455-409f-ad9c-815c2c43edfd which can be used as unique global reference for Cybereason Nocturnus MedusaLocker 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-23T00:00:00Z |
| source | MITRE |
| title | MedusaLocker Ransomware |
HC3 Analyst Note MedusaLocker Ransomware February 2023
Health Sector Cybersecurity Coordination Center (HC3). (2023, February 24). MedusaLocker Ransomware. Retrieved August 11, 2023.
Internal MISP references
UUID 49e314d6-5324-41e0-8bee-2b3e08d5e12f which can be used as unique global reference for HC3 Analyst Note MedusaLocker Ransomware February 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-11T00:00:00Z |
| date_published | 2023-02-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | MedusaLocker Ransomware |
Bleeping Computer Medusa Ransomware March 12 2023
Lawrence Abrams. (2023, March 12). Medusa ransomware gang picks up steam as it targets companies worldwide. Retrieved September 14, 2023.
Internal MISP references
UUID 21fe1d9e-17f1-49e2-b05f-78e9160f5414 which can be used as unique global reference for Bleeping Computer Medusa Ransomware March 12 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2023-03-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Medusa ransomware gang picks up steam as it targets companies worldwide |
CyberScoop Babuk February 2021
Lyngaas, S. (2021, February 4). Meet Babuk, a ransomware attacker blamed for the Serco breach. Retrieved August 11, 2021.
Internal MISP references
UUID 0a0aeacd-0976-4c84-b40d-5704afca9f0e which can be used as unique global reference for CyberScoop Babuk February 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-11T00:00:00Z |
| date_published | 2021-02-04T00:00:00Z |
| source | MITRE |
| title | Meet Babuk, a ransomware attacker blamed for the Serco breach |
CrowdStrike Stardust Chollima Profile April 2018
Meyers, Adam. (2018, April 6). Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA. Retrieved September 29, 2021.
Internal MISP references
UUID a0119ad4-ceea-4dba-bc08-a682085a9b27 which can be used as unique global reference for CrowdStrike Stardust Chollima Profile April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2018-04-06T00:00:00Z |
| source | MITRE |
| title | Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA |
CrowdStrike VOODOO BEAR
Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.
Internal MISP references
UUID ce07d409-292d-4e8e-b1af-bd5ba46c1b95 which can be used as unique global reference for CrowdStrike VOODOO BEAR in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-22T00:00:00Z |
| date_published | 2018-01-19T00:00:00Z |
| source | MITRE |
| title | Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR |
Crowdstrike MUSTANG PANDA June 2018
Meyers, A. (2018, June 15). Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA. Retrieved April 12, 2021.
Internal MISP references
UUID 35e72170-b1ec-49c9-aefe-a24fc4302fa6 which can be used as unique global reference for Crowdstrike MUSTANG PANDA June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-12T00:00:00Z |
| date_published | 2018-06-15T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA |
CrowdStrike VENOMOUS BEAR
Meyers, A. (2018, March 12). Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR. Retrieved May 16, 2018.
Internal MISP references
UUID ee400057-2b26-4464-96b4-484c9eb9d5c2 which can be used as unique global reference for CrowdStrike VENOMOUS BEAR in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-16T00:00:00Z |
| date_published | 2018-03-12T00:00:00Z |
| source | MITRE |
| title | Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR |
Crowdstrike Helix Kitten Nov 2018
Meyers, A. (2018, November 27). Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN. Retrieved December 18, 2018.
Internal MISP references
UUID 3fc0d7ad-6283-4cfd-b72f-5ce47594531e which can be used as unique global reference for Crowdstrike Helix Kitten Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-18T00:00:00Z |
| date_published | 2018-11-27T00:00:00Z |
| source | MITRE |
| title | Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN |
Cloudflare Memcrashed Feb 2018
Marek Majkowski of Cloudflare. (2018, February 27). Memcrashed - Major amplification attacks from UDP port 11211. Retrieved April 18, 2019.
Internal MISP references
UUID a2a0c1eb-20ad-4c40-a8cd-1732fdde7e19 which can be used as unique global reference for Cloudflare Memcrashed Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-18T00:00:00Z |
| date_published | 2018-02-27T00:00:00Z |
| source | MITRE |
| title | Memcrashed - Major amplification attacks from UDP port 11211 |
Github Mempdump
DiabloHorn. (2015, March 22). mempdump. Retrieved October 6, 2017.
Internal MISP references
UUID f830ed8b-33fa-4d1e-a66c-41f8c6aba69c which can be used as unique global reference for Github Mempdump in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-06T00:00:00Z |
| date_published | 2015-03-22T00:00:00Z |
| source | MITRE |
| title | mempdump |
Palo Alto menuPass Feb 2017
Miller-Osborn, J. and Grunzweig, J.. (2017, February 16). menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations. Retrieved March 1, 2017.
Internal MISP references
UUID ba4f7d65-73ec-4726-b1f6-f2443ffda5e7 which can be used as unique global reference for Palo Alto menuPass Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2017-02-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations |
FireEye MESSAGETAP October 2019
Leong, R., Perez, D., Dean, T. (2019, October 31). MESSAGETAP: Who’s Reading Your Text Messages?. Retrieved May 11, 2020.
Internal MISP references
UUID f56380e8-3cfa-407c-a493-7f9e50ba3867 which can be used as unique global reference for FireEye MESSAGETAP October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-11T00:00:00Z |
| date_published | 2019-10-31T00:00:00Z |
| source | MITRE |
| title | MESSAGETAP: Who’s Reading Your Text Messages? |
SentinelLabs Metador Technical Appendix Sept 2022
SentinelLabs. (2022, September 22). Metador Technical Appendix. Retrieved April 4, 2023.
Internal MISP references
UUID aa021076-e9c5-5428-a938-c10cfb6b7c97 which can be used as unique global reference for SentinelLabs Metador Technical Appendix Sept 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-04-04T00:00:00Z |
| date_published | 2022-09-22T00:00:00Z |
| source | MITRE |
| title | Metador Technical Appendix |
FireEye Metamorfo Apr 2018
Sierra, E., Iglesias, G.. (2018, April 24). Metamorfo Campaigns Targeting Brazilian Users. Retrieved July 30, 2020.
Internal MISP references
UUID fd220165-43c8-4aaf-9295-0a2b7a52929c which can be used as unique global reference for FireEye Metamorfo Apr 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-30T00:00:00Z |
| date_published | 2018-04-24T00:00:00Z |
| source | MITRE |
| title | Metamorfo Campaigns Targeting Brazilian Users |
Metasploit_Ref
Metasploit. (n.d.). Retrieved December 4, 2014.
Internal MISP references
UUID ab6ea6b3-3c71-4e69-9713-dae3e4446083 which can be used as unique global reference for Metasploit_Ref in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-04T00:00:00Z |
| source | MITRE |
| title | Metasploit_Ref |
Metasploit SSH Module
undefined. (n.d.). Retrieved April 12, 2019.
Internal MISP references
UUID e4ae69e5-67ba-4a3e-8101-5e7f073bd312 which can be used as unique global reference for Metasploit SSH Module in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-12T00:00:00Z |
| source | MITRE |
| title | Metasploit SSH Module |
Github Rapid7 Meterpreter Elevate
Rapid7. (2013, November 26). meterpreter/source/extensions/priv/server/elevate/. Retrieved July 8, 2018.
Internal MISP references
UUID 113dafad-8ede-424b-b727-66f71ea7806a which can be used as unique global reference for Github Rapid7 Meterpreter Elevate in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-08T00:00:00Z |
| date_published | 2013-11-26T00:00:00Z |
| source | MITRE |
| title | meterpreter/source/extensions/priv/server/elevate/ |
Methods of Mac Malware Persistence
Patrick Wardle. (2014, September). Methods of Malware Persistence on Mac OS X. Retrieved July 5, 2017.
Internal MISP references
UUID 44154472-2894-4161-b23f-46d1b1fd6772 which can be used as unique global reference for Methods of Mac Malware Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2014-09-01T00:00:00Z |
| source | MITRE |
| title | Methods of Malware Persistence on Mac OS X |
MFA Fatigue Attacks - PortSwigger
Jessica Haworth. (2022, February 16). MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications. Retrieved March 31, 2022.
Internal MISP references
UUID 1b7b0f00-71ba-4762-ae81-bce24591cff4 which can be used as unique global reference for MFA Fatigue Attacks - PortSwigger in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-31T00:00:00Z |
| date_published | 2022-02-16T00:00:00Z |
| source | MITRE |
| title | MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications |
Mftrace.exe - LOLBAS Project
LOLBAS. (2018, May 25). Mftrace.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b6d42cc9-1bf0-4389-8654-90b8d4e7ff49 which can be used as unique global reference for Mftrace.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Mftrace.exe |
Radware Micropsia July 2018
Tsarfaty, Y. (2018, July 25). Micropsia Malware. Retrieved November 13, 2018.
Internal MISP references
UUID 8771ed60-eecb-4e0c-b22c-0c26d30d4dec which can be used as unique global reference for Radware Micropsia July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2018-07-25T00:00:00Z |
| source | MITRE |
| title | Micropsia Malware |
Microsoft Midnight Blizzard January 19 2024
MSRC. (2024, January 19). Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard. Retrieved January 24, 2024.
Internal MISP references
UUID 91b48ddd-9e3f-4d36-a262-3b52145b3db2 which can be used as unique global reference for Microsoft Midnight Blizzard January 19 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-24T00:00:00Z |
| date_published | 2024-01-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard |
Microsoft ZINC disruption Dec 2017
Smith, B. (2017, December 19). Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats. Retrieved December 20, 2017.
Internal MISP references
UUID 99831838-fc8f-43fa-9c87-6ccdf5677c34 which can be used as unique global reference for Microsoft ZINC disruption Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-12-19T00:00:00Z |
| source | MITRE |
| title | Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats |
The Hacker News Microsoft DDoS June 19 2023
Ravie Lakshmanan. (2023, June 19). Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions. Retrieved October 10, 2023.
Internal MISP references
UUID 2ee27b55-b7a7-40a8-8c0b-5e28943cd273 which can be used as unique global reference for The Hacker News Microsoft DDoS June 19 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-06-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions |
Microsoft OAuth 2.0 Consent Phishing 2021
Microsoft 365 Defender Threat Intelligence Team. (2021, June 14). Microsoft delivers comprehensive solution to battle rise in consent phishing emails. Retrieved December 13, 2021.
Internal MISP references
UUID 393e44fe-cf52-4c39-a79f-f7cdd9d8e16a which can be used as unique global reference for Microsoft OAuth 2.0 Consent Phishing 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-13T00:00:00Z |
| date_published | 2021-06-14T00:00:00Z |
| source | MITRE |
| title | Microsoft delivers comprehensive solution to battle rise in consent phishing emails |
Microsoft Digital Defense FY20 Sept 2020
Microsoft . (2020, September 29). Microsoft Digital Defense Report FY20. Retrieved April 21, 2021.
Internal MISP references
UUID cdf74af5-ed71-4dfd-bc49-0ccfa40b65ea which can be used as unique global reference for Microsoft Digital Defense FY20 Sept 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-21T00:00:00Z |
| date_published | 2020-09-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Microsoft Digital Defense Report FY20 |
BleepingComputer DDE Disabled in Word Dec 2017
Cimpanu, C. (2017, December 15). Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks. Retrieved December 19, 2017.
Internal MISP references
UUID d6f93310-77b6-491e-ba9d-ec1faf8de7e4 which can be used as unique global reference for BleepingComputer DDE Disabled in Word Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| date_published | 2017-12-15T00:00:00Z |
| source | MITRE |
| title | Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks |
Microsoft DuplicateTokenEx
Microsoft TechNet. (n.d.). Retrieved April 25, 2017.
Internal MISP references
UUID 8a389e76-d43a-477c-aab4-301c7c55b439 which can be used as unique global reference for Microsoft DuplicateTokenEx in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-25T00:00:00Z |
| source | MITRE |
| title | Microsoft DuplicateTokenEx |
Red Canary HTA Abuse Part Deux
McCammon, K. (2015, August 14). Microsoft HTML Application (HTA) Abuse, Part Deux. Retrieved October 27, 2017.
Internal MISP references
UUID 39b1cb2f-a07b-49f2-bf2c-15f0c9b95772 which can be used as unique global reference for Red Canary HTA Abuse Part Deux in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-27T00:00:00Z |
| date_published | 2015-08-14T00:00:00Z |
| source | MITRE |
| title | Microsoft HTML Application (HTA) Abuse, Part Deux |
Microsoft HTML Help May 2018
Microsoft. (2018, May 30). Microsoft HTML Help 1.4. Retrieved October 3, 2018.
Internal MISP references
UUID f9daf15d-61ea-4cfa-a4e8-9d33d1acd28f which can be used as unique global reference for Microsoft HTML Help May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-03T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Microsoft HTML Help 1.4 |
Microsoft Identity Platform Access 2019
Cai, S., Flores, J., de Guzman, C., et. al.. (2019, August 27). Microsoft identity platform access tokens. Retrieved October 4, 2019.
Internal MISP references
UUID a39d976e-9b52-48f3-b5db-0ffd84ecd338 which can be used as unique global reference for Microsoft Identity Platform Access 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2019-08-27T00:00:00Z |
| source | MITRE |
| title | Microsoft identity platform access tokens |
Microsoft - Azure AD Identity Tokens - Aug 2019
Microsoft. (2019, August 29). Microsoft identity platform access tokens. Retrieved September 12, 2019.
Internal MISP references
UUID 44767d53-8cd7-44dd-a69d-8a7bebc1d87d which can be used as unique global reference for Microsoft - Azure AD Identity Tokens - Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| date_published | 2019-08-29T00:00:00Z |
| source | MITRE |
| title | Microsoft identity platform access tokens |
Microsoft - OAuth Code Authorization flow - June 2019
Microsoft. (n.d.). Microsoft identity platform and OAuth 2.0 authorization code flow. Retrieved September 12, 2019.
Internal MISP references
UUID a41c2123-8b8d-4f98-a535-e58e3e746b69 which can be used as unique global reference for Microsoft - OAuth Code Authorization flow - June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| source | MITRE |
| title | Microsoft identity platform and OAuth 2.0 authorization code flow |
Microsoft Identity Platform Protocols May 2019
Microsoft. (n.d.). Retrieved September 12, 2019.
Internal MISP references
UUID a99d2292-be39-4e55-a952-30c9d6a3d0a3 which can be used as unique global reference for Microsoft Identity Platform Protocols May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| source | MITRE |
| title | Microsoft Identity Platform Protocols May 2019 |
Microsoft ImpersonateLoggedOnUser
Microsoft TechNet. (n.d.). Retrieved April 25, 2017.
Internal MISP references
UUID 01f5176a-cce6-46e2-acce-a77b6bea7172 which can be used as unique global reference for Microsoft ImpersonateLoggedOnUser in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-25T00:00:00Z |
| source | MITRE |
| title | Microsoft ImpersonateLoggedOnUser |
Microsoft Internal Solorigate Investigation Blog
MSRC Team. (2021, February 18). Microsoft Internal Solorigate Investigation – Final Update. Retrieved May 14, 2021.
Internal MISP references
UUID 66cade99-0040-464c-98a6-bba57719f0a4 which can be used as unique global reference for Microsoft Internal Solorigate Investigation Blog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-14T00:00:00Z |
| date_published | 2021-02-18T00:00:00Z |
| source | MITRE |
| title | Microsoft Internal Solorigate Investigation – Final Update |
Microsoft LogonUser
Microsoft TechNet. (n.d.). Retrieved April 25, 2017.
Internal MISP references
UUID 08088ec0-5b48-4c32-b213-5e029e5f83ee which can be used as unique global reference for Microsoft LogonUser in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-25T00:00:00Z |
| source | MITRE |
| title | Microsoft LogonUser |
mmc_vulns
Boxiner, A., Vaknin, E. (2019, June 11). Microsoft Management Console (MMC) Vulnerabilities. Retrieved September 24, 2021.
Internal MISP references
UUID 7bcf1c90-6299-448b-92c3-a6702882936a which can be used as unique global reference for mmc_vulns in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-24T00:00:00Z |
| date_published | 2019-06-11T00:00:00Z |
| source | MITRE |
| title | Microsoft Management Console (MMC) Vulnerabilities |
Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project
LOLBAS. (2022, January 20). Microsoft.NodejsTools.PressAnyKey.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 25c46948-a648-4c3c-b442-e700df68fa20 which can be used as unique global reference for Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Microsoft.NodejsTools.PressAnyKey.exe |
FireEye FELIXROOT July 2018
Patil, S. (2018, June 26). Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign. Retrieved July 31, 2018.
Internal MISP references
UUID 501057e2-9a31-46fe-aaa0-427218682153 which can be used as unique global reference for FireEye FELIXROOT July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-31T00:00:00Z |
| date_published | 2018-06-26T00:00:00Z |
| source | MITRE |
| title | Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign |
Irongeek Sims BSides 2017
Stephen Sims. (2017, April 30). Microsoft Patch Analysis for Exploitation. Retrieved October 16, 2020.
Internal MISP references
UUID ce11568a-36a8-4da2-972f-9cd67cc337d8 which can be used as unique global reference for Irongeek Sims BSides 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| date_published | 2017-04-30T00:00:00Z |
| source | MITRE |
| title | Microsoft Patch Analysis for Exploitation |
Microsoft_rec_block_rules
Microsoft. (2021, August 23). Retrieved August 16, 2021.
Internal MISP references
UUID 8fbc12b4-dec6-4913-9103-b28b5c3395ee which can be used as unique global reference for Microsoft_rec_block_rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-16T00:00:00Z |
| source | MITRE |
| title | Microsoft_rec_block_rules |
Microsoft WDAC
Coulter, D. et al.. (2019, April 9). Microsoft recommended block rules. Retrieved August 12, 2021.
Internal MISP references
UUID 86955cd2-5980-44ba-aa7b-4b9f8e347730 which can be used as unique global reference for Microsoft WDAC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-12T00:00:00Z |
| date_published | 2019-04-09T00:00:00Z |
| source | MITRE |
| title | Microsoft recommended block rules |
Microsoft Driver Block Rules
Microsoft. (2020, October 15). Microsoft recommended driver block rules. Retrieved March 16, 2021.
Internal MISP references
UUID 2ad8414a-4490-4896-8266-556b8bdbb77f which can be used as unique global reference for Microsoft Driver Block Rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-16T00:00:00Z |
| date_published | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | Microsoft recommended driver block rules |
Microsoft driver block rules
Jordan Geurten et al. . (2022, March 29). Microsoft recommended driver block rules. Retrieved April 7, 2022.
Internal MISP references
UUID 9bb5c330-56bd-47e7-8414-729d8e6cb3b3 which can be used as unique global reference for Microsoft driver block rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-07T00:00:00Z |
| date_published | 2022-03-29T00:00:00Z |
| source | MITRE |
| title | Microsoft recommended driver block rules |
Microsoft Register-WmiEvent
Microsoft. (n.d.). Retrieved January 24, 2020.
Internal MISP references
UUID 6d75029f-f63c-4ca6-b5f9-cb41b698b32a which can be used as unique global reference for Microsoft Register-WmiEvent in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-24T00:00:00Z |
| source | MITRE |
| title | Microsoft Register-WmiEvent |
Microsoft DDoS Attacks Response June 2023
MSRC Team. (2023, June 16). Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks. Retrieved October 10, 2023.
Internal MISP references
UUID d64e941e-785b-4b23-a7d0-04f12024b033 which can be used as unique global reference for Microsoft DDoS Attacks Response June 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-06-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks |
Microsoft Security Advisory 2269637
Microsoft. (, May 23). Microsoft Security Advisory 2269637. Retrieved March 13, 2020.
Internal MISP references
UUID fa3d303e-bb1a-426d-9387-e92fc1ea75bc which can be used as unique global reference for Microsoft Security Advisory 2269637 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 1978-05-23T00:00:00Z |
| source | MITRE |
| title | Microsoft Security Advisory 2269637 |
Microsoft 2269637
Microsoft. (2010, August 22). Microsoft Security Advisory 2269637 Released. Retrieved December 5, 2014.
Internal MISP references
UUID ebb94db8-b1a3-4d61-97e6-9b787a742669 which can be used as unique global reference for Microsoft 2269637 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| date_published | 2010-08-22T00:00:00Z |
| source | MITRE |
| title | Microsoft Security Advisory 2269637 Released |
Microsoft DDE Advisory Nov 2017
Microsoft. (2017, November 8). Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields. Retrieved November 21, 2017.
Internal MISP references
UUID 955b0074-a1d6-40b5-9437-bd2548daf54c which can be used as unique global reference for Microsoft DDE Advisory Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-11-08T00:00:00Z |
| source | MITRE |
| title | Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields |
Microsoft WDigest Mit
Microsoft. (2014, May 13). Microsoft Security Advisory: Update to improve credentials protection and management. Retrieved June 8, 2020.
Internal MISP references
UUID 2a9149d7-ba39-47f2-8f23-7f3b175931f0 which can be used as unique global reference for Microsoft WDigest Mit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-08T00:00:00Z |
| date_published | 2014-05-13T00:00:00Z |
| source | MITRE |
| title | Microsoft Security Advisory: Update to improve credentials protection and management |
MS17-010 March 2017
Microsoft. (2017, March 14). Microsoft Security Bulletin MS17-010 - Critical. Retrieved August 17, 2017.
Internal MISP references
UUID 8088a624-d8c8-4d8e-99c2-a9da4a2f0117 which can be used as unique global reference for MS17-010 March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-08-17T00:00:00Z |
| date_published | 2017-03-14T00:00:00Z |
| source | MITRE |
| title | Microsoft Security Bulletin MS17-010 - Critical |
MSTIC GADOLINIUM September 2020
Ben Koehl, Joe Hannon. (2020, September 24). Microsoft Security - Detecting Empires in the Cloud. Retrieved August 24, 2021.
Internal MISP references
UUID ee352214-421f-4778-ac28-949142a8ef2a which can be used as unique global reference for MSTIC GADOLINIUM September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| date_published | 2020-09-24T00:00:00Z |
| source | MITRE |
| title | Microsoft Security - Detecting Empires in the Cloud |
Microsoft SIR Vol 19
Anthe, C. et al. (2015, October 19). Microsoft Security Intelligence Report Volume 19. Retrieved December 23, 2015.
Internal MISP references
UUID 050e0a70-19e6-4637-a3f7-b7cd788cca43 which can be used as unique global reference for Microsoft SIR Vol 19 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-23T00:00:00Z |
| date_published | 2015-10-19T00:00:00Z |
| source | MITRE |
| title | Microsoft Security Intelligence Report Volume 19 |
Microsoft SIR Vol 21
Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.
Internal MISP references
UUID 619b9cf8-7201-45de-9c36-834ccee356a9 which can be used as unique global reference for Microsoft SIR Vol 21 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| date_published | 2016-12-14T00:00:00Z |
| source | MITRE |
| title | Microsoft Security Intelligence Report Volume 21 |
Microsoft Threat Intelligence Tweet April 26 2023
MsftSecIntel. (2023, May 26). Microsoft Threat Intelligence Tweet April 26 2023. Retrieved June 16, 2023.
Internal MISP references
UUID 3b5a2349-e10c-422b-91e3-20e9033fdb60 which can be used as unique global reference for Microsoft Threat Intelligence Tweet April 26 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-16T00:00:00Z |
| date_published | 2023-05-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Microsoft Threat Intelligence Tweet April 26 2023 |
Microsoft Threat Intelligence Tweet August 17 2023
MsftSecIntel. (2023, August 17). Microsoft Threat Intelligence Tweet August 17 2023. Retrieved September 14, 2023.
Internal MISP references
UUID 8b0ebcb5-d531-4f49-aa2d-bceb5e491b3f which can be used as unique global reference for Microsoft Threat Intelligence Tweet August 17 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2023-08-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Microsoft Threat Intelligence Tweet August 17 2023 |
Microsoft Threat Intelligence Tweet May 18 2023
MsftSecIntel. (2023, May 18). Microsoft Threat Intelligence Tweet May 18 2023. Retrieved May 25, 2023.
Internal MISP references
UUID b41e9f89-cd88-4483-bb86-9d88c555a648 which can be used as unique global reference for Microsoft Threat Intelligence Tweet May 18 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-25T00:00:00Z |
| date_published | 2023-05-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Microsoft Threat Intelligence Tweet May 18 2023 |
Wikipedia Windows Library Files
Wikipedia. (2017, January 31). Microsoft Windows library files. Retrieved February 13, 2017.
Internal MISP references
UUID 9b6e2f38-6e5a-4e4f-ad84-97155be2c641 which can be used as unique global reference for Wikipedia Windows Library Files in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-13T00:00:00Z |
| date_published | 2017-01-31T00:00:00Z |
| source | MITRE |
| title | Microsoft Windows library files |
Proofpoint Cobalt June 2017
Mesa, M, et al. (2017, June 1). Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions. Retrieved October 10, 2018.
Internal MISP references
UUID c4922659-88b2-4311-9c9b-dc9b383d746a which can be used as unique global reference for Proofpoint Cobalt June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-10T00:00:00Z |
| date_published | 2017-06-01T00:00:00Z |
| source | MITRE |
| title | Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions |
Microsoft.Workflow.Compiler.exe - LOLBAS Project
LOLBAS. (2018, October 22). Microsoft.Workflow.Compiler.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 1e659b32-a06f-45dc-a1eb-03f1a42c55ef which can be used as unique global reference for Microsoft.Workflow.Compiler.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-10-22T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Microsoft.Workflow.Compiler.exe |
InfoSecurity Sandworm Oct 2014
Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.
Internal MISP references
UUID 05b3840d-162d-455f-a87b-229e83e5a031 which can be used as unique global reference for InfoSecurity Sandworm Oct 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-06T00:00:00Z |
| date_published | 2014-10-14T00:00:00Z |
| source | MITRE |
| title | Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers |
objective-see windtail1 dec 2018
Wardle, Patrick. (2018, December 20). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1). Retrieved October 3, 2019.
Internal MISP references
UUID 7a32c962-8050-45de-8b90-8644be5109d9 which can be used as unique global reference for objective-see windtail1 dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-03T00:00:00Z |
| date_published | 2018-12-20T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1) |
objective-see windtail2 jan 2019
Wardle, Patrick. (2019, January 15). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2). Retrieved October 3, 2019.
Internal MISP references
UUID e6bdc679-ee0c-4f34-b5bc-0d6a26485b36 which can be used as unique global reference for objective-see windtail2 jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-03T00:00:00Z |
| date_published | 2019-01-15T00:00:00Z |
| source | MITRE |
| title | Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2) |
CyberScoop BlackOasis Oct 2017
Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.
Internal MISP references
UUID a8224ad5-4688-4382-a3e7-1dd3ed74ebce which can be used as unique global reference for CyberScoop BlackOasis Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | Middle Eastern hacking group is using FinFisher malware to conduct international espionage |
Deply Mimikatz
Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.
Internal MISP references
UUID c92d890c-2839-433a-b458-f663e66e1c63 which can be used as unique global reference for Deply Mimikatz in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-29T00:00:00Z |
| source | MITRE |
| title | Mimikatz |
CG 2014
CG. (2014, May 20). Mimikatz Against Virtual Machine Memory Part 1. Retrieved November 12, 2014.
Internal MISP references
UUID 46836549-f7e9-45e1-8d89-4d25ba26dbd7 which can be used as unique global reference for CG 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-05-20T00:00:00Z |
| source | MITRE |
| title | Mimikatz Against Virtual Machine Memory Part 1 |
ADSecurity AD Kerberos Attacks
Metcalf, S. (2014, November 22). Mimikatz and Active Directory Kerberos Attacks. Retrieved June 2, 2016.
Internal MISP references
UUID 07ff57eb-1e23-433b-8da7-80f1caf7543e which can be used as unique global reference for ADSecurity AD Kerberos Attacks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-02T00:00:00Z |
| date_published | 2014-11-22T00:00:00Z |
| source | MITRE |
| title | Mimikatz and Active Directory Kerberos Attacks |
Harmj0y Mimikatz and DCSync
Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved August 7, 2017.
Internal MISP references
UUID 2afa76c1-caa1-4f16-9289-7abc7eb3a102 which can be used as unique global reference for Harmj0y Mimikatz and DCSync in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-08-07T00:00:00Z |
| date_published | 2015-09-22T00:00:00Z |
| source | MITRE |
| title | Mimikatz and DCSync and ExtraSids, Oh My |
Harmj0y DCSync Sept 2015
Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.
Internal MISP references
UUID 2a01a70c-28a8-444e-95a7-00a568d51ce6 which can be used as unique global reference for Harmj0y DCSync Sept 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| date_published | 2015-09-22T00:00:00Z |
| source | MITRE |
| title | Mimikatz and DCSync and ExtraSids, Oh My |
AdSecurity DCSync Sept 2015
Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved December 4, 2017.
Internal MISP references
UUID 856ed70b-29b0-4f56-b5ae-a98981a22eaf which can be used as unique global reference for AdSecurity DCSync Sept 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| date_published | 2015-09-25T00:00:00Z |
| source | MITRE |
| title | Mimikatz DCSync Usage, Exploitation, and Detection |
ADSecurity Mimikatz DCSync
Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved August 7, 2017.
Internal MISP references
UUID 61b0bb42-2ed6-413d-b331-0a84df12a87d which can be used as unique global reference for ADSecurity Mimikatz DCSync in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-08-07T00:00:00Z |
| date_published | 2015-09-25T00:00:00Z |
| source | MITRE |
| title | Mimikatz DCSync Usage, Exploitation, and Detection |
GitHub Mimikittenz July 2016
Jamieson O'Reilly (putterpanda). (2016, July 4). mimikittenz. Retrieved June 20, 2019.
Internal MISP references
UUID 2e0a95b2-3f9a-4638-9bc5-ff1f3ac2af4b which can be used as unique global reference for GitHub Mimikittenz July 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-20T00:00:00Z |
| date_published | 2016-07-04T00:00:00Z |
| source | MITRE |
| title | mimikittenz |
MimiPenguin GitHub May 2017
Gregal, H. (2017, May 12). MimiPenguin. Retrieved December 5, 2017.
Internal MISP references
UUID b10cd6cc-35ed-4eac-b213-110de28f33ef which can be used as unique global reference for MimiPenguin GitHub May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-05T00:00:00Z |
| date_published | 2017-05-12T00:00:00Z |
| source | MITRE |
| title | MimiPenguin |
Securelist Minidionis July 2015
Lozhkin, S.. (2015, July 16). Minidionis – one more APT with a usage of cloud drives. Retrieved April 5, 2017.
Internal MISP references
UUID af40a05e-02fb-4943-b3ff-9a292679e93d which can be used as unique global reference for Securelist Minidionis July 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-05T00:00:00Z |
| date_published | 2015-07-16T00:00:00Z |
| source | MITRE |
| title | Minidionis – one more APT with a usage of cloud drives |
mining_ruby_reversinglabs
Maljic, T. (2020, April 16). Mining for malicious Ruby gems. Retrieved October 15, 2022.
Internal MISP references
UUID ca2074d8-330b-544e-806f-ddee7b702631 which can be used as unique global reference for mining_ruby_reversinglabs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-15T00:00:00Z |
| date_published | 2020-04-16T00:00:00Z |
| source | MITRE |
| title | Mining for malicious Ruby gems |
lazgroup_idn_phishing
RISKIQ. (2017, December 20). Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry. Retrieved July 29, 2022.
Internal MISP references
UUID 83de363d-b575-4851-9c2d-a78f504cf754 which can be used as unique global reference for lazgroup_idn_phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-29T00:00:00Z |
| date_published | 2017-12-20T00:00:00Z |
| source | MITRE |
| title | Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry |
APT15 Intezer June 2018
Rosenberg, J. (2018, June 14). MirageFox: APT15 Resurfaces With New Tools Based On Old Ones. Retrieved September 21, 2018.
Internal MISP references
UUID 0110500c-bf67-43a5-97cb-16eb6c01040b which can be used as unique global reference for APT15 Intezer June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-21T00:00:00Z |
| date_published | 2018-06-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | MirageFox: APT15 Resurfaces With New Tools Based On Old Ones |
Slideshare Abusing SSH
Duarte, H., Morrison, B. (2012). (Mis)trusting and (ab)using ssh. Retrieved January 8, 2018.
Internal MISP references
UUID 4f63720a-50b6-4eef-826c-71ce8d6e4bb8 which can be used as unique global reference for Slideshare Abusing SSH in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-08T00:00:00Z |
| date_published | 2012-01-01T00:00:00Z |
| source | MITRE |
| title | (Mis)trusting and (ab)using ssh |
ACSC Email Spoofing
Australian Cyber Security Centre. (2012, December). Mitigating Spoofed Emails Using Sender Policy Framework. Retrieved October 19, 2020.
Internal MISP references
UUID 4e82a053-c881-4569-8efe-3ef40f6e25a0 which can be used as unique global reference for ACSC Email Spoofing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2012-12-01T00:00:00Z |
| source | MITRE |
| title | Mitigating Spoofed Emails Using Sender Policy Framework |
NSA Cyber Mitigating Web Shells
NSA Cybersecurity Directorate. (n.d.). Mitigating Web Shells. Retrieved July 22, 2021.
Internal MISP references
UUID cc40e8e8-5450-4340-a091-ae7e609778dc which can be used as unique global reference for NSA Cyber Mitigating Web Shells in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-22T00:00:00Z |
| source | MITRE |
| title | Mitigating Web Shells |
MIT ccache
Massachusetts Institute of Technology. (n.d.). MIT Kerberos Documentation: Credential Cache. Retrieved October 4, 2021.
Internal MISP references
UUID 6a1b4373-2304-420c-8733-e1eae71ff7b2 which can be used as unique global reference for MIT ccache in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| source | MITRE |
| title | MIT Kerberos Documentation: Credential Cache |
MITRE SE Guide 2014
The MITRE Corporation. (2014). MITRE Systems Engineering Guide. Retrieved April 6, 2018.
Internal MISP references
UUID 576f95bc-5cb9-473e-b026-19b864d1c26c which can be used as unique global reference for MITRE SE Guide 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | MITRE Systems Engineering Guide |
win_mmc
Microsoft. (2017, October 16). mmc. Retrieved September 20, 2021.
Internal MISP references
UUID 508373ef-2634-404f-99de-7a73cce68699 which can be used as unique global reference for win_mmc in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | mmc |
Mmc.exe - LOLBAS Project
LOLBAS. (2018, December 4). Mmc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 490b6769-e386-4a3d-972e-5a919cb2f6f5 which can be used as unique global reference for Mmc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-12-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Mmc.exe |
Trend Micro Bouncing Golf 2019
E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.
Internal MISP references
UUID b830fe30-0b53-4fc6-a172-7da930618725 which can be used as unique global reference for Trend Micro Bouncing Golf 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-27T00:00:00Z |
| date_published | 2019-06-28T00:00:00Z |
| source | MITRE |
| title | Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East |
ELF Injection May 2009
O'Neill, R. (2009, May). Modern Day ELF Runtime infection via GOT poisoning. Retrieved March 15, 2020.
Internal MISP references
UUID 3ca314d4-3fcf-4545-8ae9-4d8781d51295 which can be used as unique global reference for ELF Injection May 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-15T00:00:00Z |
| date_published | 2009-05-01T00:00:00Z |
| source | MITRE |
| title | Modern Day ELF Runtime infection via GOT poisoning |
Elastic Rules macOS launchctl 2022
Elastic Security 7.17. (2022, February 1). Modification of Environment Variable via Launchctl. Retrieved September 28, 2023.
Internal MISP references
UUID 04b0582e-357f-5f2a-8582-b3bf8f52c2a2 which can be used as unique global reference for Elastic Rules macOS launchctl 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-28T00:00:00Z |
| date_published | 2022-02-01T00:00:00Z |
| source | MITRE |
| title | Modification of Environment Variable via Launchctl |
modinfo man
Russell, R. (n.d.). modinfo(8) - Linux man page. Retrieved March 28, 2023.
Internal MISP references
UUID d4f2db5c-ef6d-556d-a5e2-f6738277fecd which can be used as unique global reference for modinfo man in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| source | MITRE |
| title | modinfo(8) - Linux man page |
hasherezade debug
hasherezade. (2021, June 30). Module 3 - Understanding and countering malware's evasion and self-defence. Retrieved April 1, 2022.
Internal MISP references
UUID 53b0c71d-c577-40e8-8a04-9de083e276a2 which can be used as unique global reference for hasherezade debug in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2021-06-30T00:00:00Z |
| source | MITRE |
| title | Module 3 - Understanding and countering malware's evasion and self-defence |
Microsoft Module Class
Microsoft. (n.d.). Module Class. Retrieved September 28, 2021.
Internal MISP references
UUID b051a38a-09c7-4280-a5b6-08067d81a2d8 which can be used as unique global reference for Microsoft Module Class in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| source | MITRE |
| title | Module Class |
GitHub Mimikatz kerberos Module
Deply, B., Le Toux, V.. (2016, June 5). module ~ kerberos. Retrieved March 17, 2020.
Internal MISP references
UUID b5eca224-bea1-48e8-acdc-e910d52560f1 which can be used as unique global reference for GitHub Mimikatz kerberos Module in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-17T00:00:00Z |
| date_published | 2016-06-05T00:00:00Z |
| source | MITRE |
| title | module ~ kerberos |
GitHub Mimikatz lsadump Module
Deply, B., Le Toux, V. (2016, June 5). module ~ lsadump. Retrieved August 7, 2017.
Internal MISP references
UUID e188ff4d-a983-4f5a-b9e1-3b0f9fd8df25 which can be used as unique global reference for GitHub Mimikatz lsadump Module in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-08-07T00:00:00Z |
| date_published | 2016-06-05T00:00:00Z |
| source | MITRE |
| title | module ~ lsadump |
Module Stomping for Shellcode Injection
Red Teaming Experiments. (n.d.). Module Stomping for Shellcode Injection. Retrieved July 14, 2022.
Internal MISP references
UUID 0f9b58e2-2a81-4b79-aad6-b36a844cf1c6 which can be used as unique global reference for Module Stomping for Shellcode Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| source | MITRE |
| title | Module Stomping for Shellcode Injection |
Linux Kernel Module Programming Guide
Pomerantz, O., Salzman, P. (2003, April 4). Modules vs Programs. Retrieved April 6, 2018.
Internal MISP references
UUID ceefe610-0b26-4307-806b-17313d570511 which can be used as unique global reference for Linux Kernel Module Programming Guide in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2003-04-04T00:00:00Z |
| source | MITRE |
| title | Modules vs Programs |
FOX-IT May 2016 Mofang
Yonathan Klijnsma. (2016, May 17). Mofang: A politically motivated information stealing adversary. Retrieved May 12, 2020.
Internal MISP references
UUID f1a08b1c-f7d5-4a91-b3b7-0f042b297842 which can be used as unique global reference for FOX-IT May 2016 Mofang in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-12T00:00:00Z |
| date_published | 2016-05-17T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Mofang: A politically motivated information stealing adversary |
Unit42 Molerat Mar 2020
Falcone, R., et al. (2020, March 3). Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations. Retrieved December 14, 2020.
Internal MISP references
UUID 328f1c87-c9dc-42d8-bb33-a17ad4d7f57e which can be used as unique global reference for Unit42 Molerat Mar 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-14T00:00:00Z |
| date_published | 2020-03-03T00:00:00Z |
| source | MITRE |
| title | Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations |
Cybereason Molerats Dec 2020
Cybereason Nocturnus Team. (2020, December 9). MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign. Retrieved December 22, 2020.
Internal MISP references
UUID 81a10a4b-c66f-4526-882c-184436807e1d which can be used as unique global reference for Cybereason Molerats Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-22T00:00:00Z |
| date_published | 2020-12-09T00:00:00Z |
| source | MITRE |
| title | MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign |
Azure - Monitor Logs
Microsoft. (2019, June 4). Monitor at scale by using Azure Monitor. Retrieved May 1, 2020.
Internal MISP references
UUID e16974cc-623e-4fa6-ac36-5f199d54bf55 which can be used as unique global reference for Azure - Monitor Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-01T00:00:00Z |
| date_published | 2019-06-04T00:00:00Z |
| source | MITRE |
| title | Monitor at scale by using Azure Monitor |
EventTracker File Permissions Feb 2014
Netsurion. (2014, February 19). Monitoring File Permission Changes with the Windows Security Log. Retrieved August 19, 2018.
Internal MISP references
UUID 91a4278e-ea52-4cd5-8c79-c73c690372a3 which can be used as unique global reference for EventTracker File Permissions Feb 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-19T00:00:00Z |
| date_published | 2014-02-19T00:00:00Z |
| source | MITRE |
| title | Monitoring File Permission Changes with the Windows Security Log |
Microsoft Silent Process Exit NOV 2017
Marshall, D. & Griffin, S. (2017, November 28). Monitoring Silent Process Exit. Retrieved June 27, 2018.
Internal MISP references
UUID 86896031-f654-4185-ba45-8c931903153b which can be used as unique global reference for Microsoft Silent Process Exit NOV 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-27T00:00:00Z |
| date_published | 2017-11-28T00:00:00Z |
| source | MITRE |
| title | Monitoring Silent Process Exit |
Windows Event Forwarding Payne
Payne, J. (2015, November 23). Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.). Retrieved February 1, 2016.
Internal MISP references
UUID 72798df8-0e12-46f5-acb0-2fe99bd8dbff which can be used as unique global reference for Windows Event Forwarding Payne in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-01T00:00:00Z |
| date_published | 2015-11-23T00:00:00Z |
| source | MITRE |
| title | Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.) |
GCP Monitoring Service Account Usage
Google Cloud. (2022, March 31). Monitor usage patterns for service accounts and keys . Retrieved April 1, 2022.
Internal MISP references
UUID d33115c5-ae47-4089-a6cb-4ef97effa722 which can be used as unique global reference for GCP Monitoring Service Account Usage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2022-03-31T00:00:00Z |
| source | MITRE |
| title | Monitor usage patterns for service accounts and keys |
Forcepoint Monsoon
Settle, A., et al. (2016, August 8). MONSOON - Analysis Of An APT Campaign. Retrieved September 22, 2016.
Internal MISP references
UUID ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e which can be used as unique global reference for Forcepoint Monsoon in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-22T00:00:00Z |
| date_published | 2016-08-08T00:00:00Z |
| source | MITRE |
| title | MONSOON - Analysis Of An APT Campaign |
Security Intelligence More Eggs Aug 2019
Villadsen, O.. (2019, August 29). More_eggs, Anyone? Threat Actor ITG08 Strikes Again. Retrieved September 16, 2019.
Internal MISP references
UUID f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3 which can be used as unique global reference for Security Intelligence More Eggs Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-16T00:00:00Z |
| date_published | 2019-08-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | More_eggs, Anyone? Threat Actor ITG08 Strikes Again |
ESET EvilNum July 2020
Porolli, M. (2020, July 9). More evil: A deep look at Evilnum and its toolset. Retrieved January 22, 2021.
Internal MISP references
UUID 6851b3f9-0239-40fc-ba44-34a775e9bd4e which can be used as unique global reference for ESET EvilNum July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-22T00:00:00Z |
| date_published | 2020-07-09T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | More evil: A deep look at Evilnum and its toolset |
Microsoft DLL Preloading
Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.
Internal MISP references
UUID 46aa7075-9f0a-461e-8519-5c4860208678 which can be used as unique global reference for Microsoft DLL Preloading in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| date_published | 2010-08-12T00:00:00Z |
| source | MITRE |
| title | More information about the DLL Preloading remote attack vector |
Microsoft More information about DLL
Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.
Internal MISP references
UUID 80289c7b-53c1-4aec-9436-04a43a82f769 which can be used as unique global reference for Microsoft More information about DLL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| date_published | 2010-08-12T00:00:00Z |
| source | MITRE |
| title | More information about the DLL Preloading remote attack vector |
aptsim
valsmith. (2012, September 21). More on APTSim. Retrieved September 28, 2017.
Internal MISP references
UUID c33ca45d-eeff-4a23-906c-99369047c7f5 which can be used as unique global reference for aptsim in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-28T00:00:00Z |
| date_published | 2012-09-21T00:00:00Z |
| source | MITRE |
| title | More on APTSim |
Washington Post WannaCry 2017
Dwoskin, E. and Adam, K. (2017, May 14). More than 150 countries affected by massive cyberattack, Europol says. Retrieved March 25, 2019.
Internal MISP references
UUID bbf9b08a-072c-4fb9-8c3c-cb6f91e8940c which can be used as unique global reference for Washington Post WannaCry 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2017-05-14T00:00:00Z |
| source | MITRE |
| title | More than 150 countries affected by massive cyberattack, Europol says |
ArsTechnica Intel
Goodin, D. & Salter, J. (2020, August 6). More than 20GB of Intel source code and proprietary data dumped online. Retrieved October 20, 2020.
Internal MISP references
UUID 99151b50-3dd8-47b5-a48f-2e3b450944e9 which can be used as unique global reference for ArsTechnica Intel in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-08-06T00:00:00Z |
| source | MITRE |
| title | More than 20GB of Intel source code and proprietary data dumped online |
Kaspersky Winnti April 2013
Kaspersky Lab's Global Research and Analysis Team. (2013, April 11). Winnti. More than just a game. Retrieved February 8, 2017.
Internal MISP references
UUID 2d4834b9-61c4-478e-919a-317d97cd2c36 which can be used as unique global reference for Kaspersky Winnti April 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-08T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | More than just a game |
polygot_icedID
Lim, M. (2022, September 27). More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID. Retrieved September 29, 2022.
Internal MISP references
UUID dcd65d74-4e7b-5ddd-8c72-700456981347 which can be used as unique global reference for polygot_icedID in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-29T00:00:00Z |
| date_published | 2022-09-27T00:00:00Z |
| source | MITRE |
| title | More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID |
CrowdStrike Deep Panda Web Shells
RYANJ. (2014, February 20). Mo’ Shells Mo’ Problems – Deep Panda Web Shells. Retrieved September 16, 2015.
Internal MISP references
UUID e9c47d8e-f732-45c9-bceb-26c5d564e781 which can be used as unique global reference for CrowdStrike Deep Panda Web Shells in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-16T00:00:00Z |
| date_published | 2014-02-20T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Mo’ Shells Mo’ Problems – Deep Panda Web Shells |
ESET MoustachedBouncer
Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 1, 2023.
Internal MISP references
UUID 6c85e925-d42b-590c-a424-14ebb49812bb which can be used as unique global reference for ESET MoustachedBouncer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-01T00:00:00Z |
| date_published | 2023-08-10T00:00:00Z |
| source | MITRE |
| title | MoustachedBouncer: Espionage against foreign diplomats in Belarus |
MoustachedBouncer ESET August 2023
Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 25, 2023.
Internal MISP references
UUID 9070f14b-5d5e-5f6d-bcac-628478e01242 which can be used as unique global reference for MoustachedBouncer ESET August 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-25T00:00:00Z |
| date_published | 2023-08-10T00:00:00Z |
| source | MITRE |
| title | MoustachedBouncer: Espionage against foreign diplomats in Belarus |
Progress Software MOVEit Transfer Critical Vulnerability
Progress Software. (2023, June 16). MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362). Retrieved July 28, 2023.
Internal MISP references
UUID 9f364e22-b73c-4f3a-902c-a3f0eb01a2b9 which can be used as unique global reference for Progress Software MOVEit Transfer Critical Vulnerability in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-28T00:00:00Z |
| date_published | 2023-06-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362) |
TechNet Moving Beyond EMET
Nunez, N. (2017, August 9). Moving Beyond EMET II – Windows Defender Exploit Guard. Retrieved March 12, 2018.
Internal MISP references
UUID da4fbddf-9398-43a9-888c-2c58e9fc9aaf which can be used as unique global reference for TechNet Moving Beyond EMET in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-12T00:00:00Z |
| date_published | 2017-08-09T00:00:00Z |
| source | MITRE |
| title | Moving Beyond EMET II – Windows Defender Exploit Guard |
ScriptingOSX zsh
Armin Briegel. (2019, June 5). Moving to zsh, part 2: Configuration Files. Retrieved February 25, 2021.
Internal MISP references
UUID 08b390aa-863b-420e-9b00-e168e3c756d8 which can be used as unique global reference for ScriptingOSX zsh in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-25T00:00:00Z |
| date_published | 2019-06-05T00:00:00Z |
| source | MITRE |
| title | Moving to zsh, part 2: Configuration Files |
Volatility Detecting Hooks Sept 2012
Volatility Labs. (2012, September 24). MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem. Retrieved December 12, 2017.
Internal MISP references
UUID e208c277-e477-4123-8c3c-313d55cdc1ea which can be used as unique global reference for Volatility Detecting Hooks Sept 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2012-09-24T00:00:00Z |
| source | MITRE |
| title | MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem |
Mozilla Firefox Installer DLL Hijack
Kugler, R. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.
Internal MISP references
UUID 920d1607-154e-4c74-b1eb-0d8299be536f which can be used as unique global reference for Mozilla Firefox Installer DLL Hijack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-10T00:00:00Z |
| date_published | 2012-11-20T00:00:00Z |
| source | MITRE |
| title | Mozilla Foundation Security Advisory 2012-98 |
mozilla_sec_adv_2012
Robert Kugler. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.
Internal MISP references
UUID cd720550-a0b5-4d1d-85dd-98da97f45b62 which can be used as unique global reference for mozilla_sec_adv_2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-10T00:00:00Z |
| date_published | 2012-11-20T00:00:00Z |
| source | MITRE |
| title | Mozilla Foundation Security Advisory 2012-98 |
MpCmdRun.exe - LOLBAS Project
LOLBAS. (2020, March 20). MpCmdRun.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2082d5ca-474f-4130-b275-c1ac5e30064c which can be used as unique global reference for MpCmdRun.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-03-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | MpCmdRun.exe |
TechNet MS14-019
Nagaraju, S. (2014, April 8). MS14-019 – Fixing a binary hijacking via .cmd or .bat file. Retrieved July 25, 2016.
Internal MISP references
UUID 2474e2ee-bbcd-4b7c-8c52-22112d22135f which can be used as unique global reference for TechNet MS14-019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-25T00:00:00Z |
| date_published | 2014-04-08T00:00:00Z |
| source | MITRE |
| title | MS14-019 – Fixing a binary hijacking via .cmd or .bat file |
SRD GPP
Security Research and Defense. (2014, May 13). MS14-025: An Update for Group Policy Preferences. Retrieved January 28, 2015.
Internal MISP references
UUID a15fff18-5d3f-4898-9e47-ec6ae7dda749 which can be used as unique global reference for SRD GPP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-01-28T00:00:00Z |
| date_published | 2014-05-13T00:00:00Z |
| source | MITRE |
| title | MS14-025: An Update for Group Policy Preferences |
MS14-025
Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved February 17, 2020.
Internal MISP references
UUID 7537c0bb-6f14-4a4a-94cc-98c6ed9e878f which can be used as unique global reference for MS14-025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-17T00:00:00Z |
| date_published | 2014-05-13T00:00:00Z |
| source | MITRE |
| title | MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege |
Microsoft MS14-025
Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved January 28, 2015.
Internal MISP references
UUID dbe32cbd-8c6e-483f-887c-ea2a5102cf65 which can be used as unique global reference for Microsoft MS14-025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-01-28T00:00:00Z |
| date_published | 2014-05-13T00:00:00Z |
| source | MITRE |
| title | MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege |
MSDN MSBuild
Microsoft. (n.d.). MSBuild1. Retrieved November 30, 2016.
Internal MISP references
UUID 9ad54187-84b0-47f9-af6e-c3753452e470 which can be used as unique global reference for MSDN MSBuild in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-30T00:00:00Z |
| source | MITRE |
| title | MSBuild1 |
LOLBAS Msbuild
LOLBAS. (n.d.). Msbuild.exe. Retrieved July 31, 2019.
Internal MISP references
UUID de8e0741-255b-4c41-ba50-248ac5acc325 which can be used as unique global reference for LOLBAS Msbuild in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Msbuild.exe |
Microsoft MSBuild Inline Tasks 2017
Microsoft. (2017, September 21). MSBuild inline tasks. Retrieved March 5, 2021.
Internal MISP references
UUID 2c638ca5-c7e2-4c4e-bb9c-e36d14899ca8 which can be used as unique global reference for Microsoft MSBuild Inline Tasks 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-05T00:00:00Z |
| date_published | 2017-09-21T00:00:00Z |
| source | MITRE |
| title | MSBuild inline tasks |
Msconfig.exe - LOLBAS Project
LOLBAS. (2018, May 25). Msconfig.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a073d2fc-d20d-4a52-944e-85ff89f04978 which can be used as unique global reference for Msconfig.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Msconfig.exe |
Msdeploy.exe - LOLBAS Project
LOLBAS. (2018, May 25). Msdeploy.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e563af9a-5e49-4612-a52b-31f22f76193c which can be used as unique global reference for Msdeploy.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Msdeploy.exe |
MSDN File Associations
Microsoft. (n.d.). Retrieved July 26, 2016.
Internal MISP references
UUID f62c8cc9-9c75-4b9a-a0b4-8fc55a94e207 which can be used as unique global reference for MSDN File Associations in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-26T00:00:00Z |
| source | MITRE |
| title | MSDN File Associations |
Microsoft DRSR Dec 2017
Microsoft. (2017, December 1). MS-DRSR Directory Replication Service (DRS) Remote Protocol. Retrieved December 4, 2017.
Internal MISP references
UUID 43b75a27-7875-4c24-b04d-54e1b60f3028 which can be used as unique global reference for Microsoft DRSR Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| date_published | 2017-12-01T00:00:00Z |
| source | MITRE |
| title | MS-DRSR Directory Replication Service (DRS) Remote Protocol |
Msdt.exe - LOLBAS Project
LOLBAS. (2018, May 25). Msdt.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3eb1750c-a2f2-4d68-b060-ceb32f44f5fe which can be used as unique global reference for Msdt.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Msdt.exe |
Msedge.exe - LOLBAS Project
LOLBAS. (2022, January 20). Msedge.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6169c12e-9753-4e48-8213-aff95b0f6a95 which can be used as unique global reference for Msedge.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Msedge.exe |
msedge_proxy.exe - LOLBAS Project
LOLBAS. (2023, August 18). msedge_proxy.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a6fd4727-e22f-4157-9a5f-1217cb876b32 which can be used as unique global reference for msedge_proxy.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-08-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | msedge_proxy.exe |
msedgewebview2.exe - LOLBAS Project
LOLBAS. (2023, June 15). msedgewebview2.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 8125ece7-10d1-4e79-8ea1-724fe46a3c97 which can be used as unique global reference for msedgewebview2.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-06-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | msedgewebview2.exe |
LOLBAS Mshta
LOLBAS. (n.d.). Mshta.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 915a4aef-800e-4c68-ad39-df67c3dbaf75 which can be used as unique global reference for LOLBAS Mshta in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Mshta.exe |
Mshtml.dll - LOLBAS Project
LOLBAS. (2018, May 25). Mshtml.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 1a135e0b-5a79-4a4c-bc70-fd8f3f84e1f0 which can be used as unique global reference for Mshtml.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Mshtml.dll |
Microsoft msiexec
Microsoft. (2017, October 15). msiexec. Retrieved January 24, 2020.
Internal MISP references
UUID 028a8dc6-08f6-4660-8b82-9d5483d15f72 which can be used as unique global reference for Microsoft msiexec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-24T00:00:00Z |
| date_published | 2017-10-15T00:00:00Z |
| source | MITRE |
| title | msiexec |
LOLBAS Msiexec
LOLBAS. (n.d.). Msiexec.exe. Retrieved April 18, 2019.
Internal MISP references
UUID 996cc7ea-0729-4c51-b9c3-b201ec32e984 which can be used as unique global reference for LOLBAS Msiexec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-18T00:00:00Z |
| source | MITRE |
| title | Msiexec.exe |
CIS Emotet Dec 2018
CIS. (2018, December 12). MS-ISAC Security Primer- Emotet. Retrieved March 25, 2019.
Internal MISP references
UUID e88ba993-d5c0-440f-af52-1f70f1579215 which can be used as unique global reference for CIS Emotet Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2018-12-12T00:00:00Z |
| source | MITRE |
| title | MS-ISAC Security Primer- Emotet |
Microsoft NRPC Dec 2017
Microsoft. (2017, December 1). MS-NRPC - Netlogon Remote Protocol. Retrieved December 6, 2017.
Internal MISP references
UUID 05cf36a3-ff04-4437-9209-376e9f27c009 which can be used as unique global reference for Microsoft NRPC Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-06T00:00:00Z |
| date_published | 2017-12-01T00:00:00Z |
| source | MITRE |
| title | MS-NRPC - Netlogon Remote Protocol |
MsoHtmEd.exe - LOLBAS Project
LOLBAS. (2022, July 24). MsoHtmEd.exe. Retrieved December 4, 2023.
Internal MISP references
UUID c39fdefa-4c54-48a9-8357-ffe4dca2a2f4 which can be used as unique global reference for MsoHtmEd.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-07-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | MsoHtmEd.exe |
Mspub.exe - LOLBAS Project
LOLBAS. (2022, August 2). Mspub.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 41eff63a-fef0-4b4b-86f7-0908150fcfcf which can be used as unique global reference for Mspub.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-08-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Mspub.exe |
Microsoft SAMR
Microsoft. (n.d.). MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport. Retrieved December 4, 2017.
Internal MISP references
UUID add907d8-06c1-481d-a27a-d077ecb32d0e which can be used as unique global reference for Microsoft SAMR in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| source | MITRE |
| title | MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport |
GitHub IAD Secure Host Baseline UAC Filtering
NSA IAD. (2017, January 24). MS Security Guide. Retrieved December 18, 2017.
Internal MISP references
UUID 15ad7216-df50-467f-a00b-687336898537 which can be used as unique global reference for GitHub IAD Secure Host Baseline UAC Filtering in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2017-01-24T00:00:00Z |
| source | MITRE |
| title | MS Security Guide |
msxsl.exe - LOLBAS Project
LOLBAS. (2018, May 25). msxsl.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 4e1ed0a8-60d0-45e2-9592-573b904811f8 which can be used as unique global reference for msxsl.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | msxsl.exe |
XSL Bypass Mar 2019
Singh, A. (2019, March 14). MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution. Retrieved August 2, 2019.
Internal MISP references
UUID e4e2cf48-47e0-45d8-afc2-a35635f7e880 which can be used as unique global reference for XSL Bypass Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-02T00:00:00Z |
| date_published | 2019-03-14T00:00:00Z |
| source | MITRE |
| title | MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution |
Mandiant M-Trends 2015
Mandiant. (2015, February 24). M-Trends 2015: A View from the Front Lines. Retrieved May 18, 2016.
Internal MISP references
UUID 067497eb-17d9-465f-a070-495575f420d7 which can be used as unique global reference for Mandiant M-Trends 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-05-18T00:00:00Z |
| date_published | 2015-02-24T00:00:00Z |
| source | MITRE |
| title | M-Trends 2015: A View from the Front Lines |
MTrends 2016
Mandiant. (2016, February). M-Trends 2016. Retrieved January 4, 2017.
Internal MISP references
UUID a4747b74-7266-439b-bb8a-bae7102b0d07 which can be used as unique global reference for MTrends 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-01-04T00:00:00Z |
| date_published | 2016-02-01T00:00:00Z |
| source | MITRE |
| title | M-Trends 2016 |
Mandiant M-Trends 2020
Mandiant. (2020, February). M-Trends 2020. Retrieved April 24, 2020.
Internal MISP references
UUID 83bc9b28-f8b3-4522-b9f1-f43bce3ae917 which can be used as unique global reference for Mandiant M-Trends 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-24T00:00:00Z |
| date_published | 2020-02-01T00:00:00Z |
| source | MITRE |
| title | M-Trends 2020 |
Accenture MUDCARP March 2019
Accenture iDefense Unit. (2019, March 5). Mudcarp's Focus on Submarine Technologies. Retrieved August 24, 2021.
Internal MISP references
UUID 811d433d-27a4-4411-8ec9-b3a173ba0033 which can be used as unique global reference for Accenture MUDCARP March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| date_published | 2019-03-05T00:00:00Z |
| source | MITRE |
| title | Mudcarp's Focus on Submarine Technologies |
Unit 42 MuddyWater Nov 2017
Lancaster, T.. (2017, November 14). Muddying the Water: Targeted Attacks in the Middle East. Retrieved March 15, 2018.
Internal MISP references
UUID dcdee265-2e46-4f40-95c7-6a2683edb23a which can be used as unique global reference for Unit 42 MuddyWater Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-15T00:00:00Z |
| date_published | 2017-11-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Muddying the Water: Targeted Attacks in the Middle East |
Securelist MuddyWater Oct 2018
Kaspersky Lab's Global Research & Analysis Team. (2018, October 10). MuddyWater expands operations. Retrieved November 2, 2018.
Internal MISP references
UUID d968546b-5b00-4a7b-9bff-57dfedd0125f which can be used as unique global reference for Securelist MuddyWater Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-02T00:00:00Z |
| date_published | 2018-10-10T00:00:00Z |
| source | MITRE |
| title | MuddyWater expands operations |
ClearSky MuddyWater Nov 2018
ClearSky Cyber Security. (2018, November). MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign. Retrieved November 29, 2018.
Internal MISP references
UUID a5f60f45-5df5-407d-9f68-bc5f7c42ee85 which can be used as unique global reference for ClearSky MuddyWater Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-29T00:00:00Z |
| date_published | 2018-11-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign |
TrendMicro POWERSTATS V3 June 2019
Lunghi, D. and Horejsi, J.. (2019, June 10). MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools. Retrieved May 14, 2020.
Internal MISP references
UUID bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7 which can be used as unique global reference for TrendMicro POWERSTATS V3 June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-14T00:00:00Z |
| date_published | 2019-06-10T00:00:00Z |
| source | MITRE |
| title | MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools |
NIST MFA
NIST. (n.d.). Multi-Factor Authentication (MFA). Retrieved January 30, 2020.
Internal MISP references
UUID 2f069bb2-3f59-409e-a337-7c69411c8b01 which can be used as unique global reference for NIST MFA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-30T00:00:00Z |
| source | MITRE |
| title | Multi-Factor Authentication (MFA) |
Talos Cobalt Group July 2018
Svajcer, V. (2018, July 31). Multiple Cobalt Personality Disorder. Retrieved September 5, 2018.
Internal MISP references
UUID 7cdfd0d1-f7e6-4625-91ff-f87f46f95864 which can be used as unique global reference for Talos Cobalt Group July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-05T00:00:00Z |
| date_published | 2018-07-31T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Multiple Cobalt Personality Disorder |
U.S. CISA Zoho Exploits September 7 2023
Cybersecurity and Infrastructure Security Agency. (2023, September 7). Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. Retrieved September 7, 2023.
Internal MISP references
UUID 6bb581e8-ed0e-41fe-bf95-49b5d11b4e6b which can be used as unique global reference for U.S. CISA Zoho Exploits September 7 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-07T00:00:00Z |
| date_published | 2023-09-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 |
CIS Multiple SMB Vulnerabilities
CIS. (2017, May 15). Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution. Retrieved April 3, 2018.
Internal MISP references
UUID 76d9da2c-1503-4105-b017-cb2b69298296 which can be used as unique global reference for CIS Multiple SMB Vulnerabilities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-05-15T00:00:00Z |
| source | MITRE |
| title | Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution |
GitHub Mauraena
Orrù, M., Trotta, G.. (2019, September 11). Muraena. Retrieved October 14, 2019.
Internal MISP references
UUID 578ecf62-b546-4f52-9d50-92557edf2dd4 which can be used as unique global reference for GitHub Mauraena in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-14T00:00:00Z |
| date_published | 2019-09-11T00:00:00Z |
| source | MITRE |
| title | Muraena |
Arbor Musical Chairs Feb 2018
Sabo, S. (2018, February 15). Musical Chairs Playing Tetris. Retrieved February 19, 2018.
Internal MISP references
UUID bddf44bb-7a0a-498b-9831-7b73cf9a582e which can be used as unique global reference for Arbor Musical Chairs Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-19T00:00:00Z |
| date_published | 2018-02-15T00:00:00Z |
| source | MITRE |
| title | Musical Chairs Playing Tetris |
Mythc Documentation
Thomas, C. (n.d.). Mythc Documentation. Retrieved March 25, 2022.
Internal MISP references
UUID de3091b4-663e-4d9e-9dde-51250749863d which can be used as unique global reference for Mythc Documentation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| source | MITRE |
| title | Mythc Documentation |
Mythic Github
Thomas, C. (2018, July 4). Mythic. Retrieved March 25, 2022.
Internal MISP references
UUID 20d0adf0-b832-4b03-995e-dfb56474ddcc which can be used as unique global reference for Mythic Github in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2018-07-04T00:00:00Z |
| source | MITRE |
| title | Mythic |
Crowdstrike Mythic Leopard Profile
Crowdstrike. (n.d.). Mythic Leopard. Retrieved October 6, 2021.
Internal MISP references
UUID efa5dc67-3364-4049-bb13-8b9e1b55f172 which can be used as unique global reference for Crowdstrike Mythic Leopard Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-06T00:00:00Z |
| source | MITRE |
| title | Mythic Leopard |
CheckPoint Naikon May 2020
CheckPoint. (2020, May 7). Naikon APT: Cyber Espionage Reloaded. Retrieved May 26, 2020.
Internal MISP references
UUID f080acab-a6a0-42e1-98ff-45e415393648 which can be used as unique global reference for CheckPoint Naikon May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| date_published | 2020-05-07T00:00:00Z |
| source | MITRE |
| title | Naikon APT: Cyber Espionage Reloaded |
Bitdefender Naikon April 2021
Vrabie, V. (2021, April 23). NAIKON – Traces from a Military Cyber-Espionage Operation. Retrieved June 29, 2021.
Internal MISP references
UUID 55660913-4c03-4360-bb8b-1cad94bd8d0e which can be used as unique global reference for Bitdefender Naikon April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-29T00:00:00Z |
| date_published | 2021-04-23T00:00:00Z |
| source | MITRE |
| title | NAIKON – Traces from a Military Cyber-Espionage Operation |
Microsoft Named Pipes
Microsoft. (2018, May 31). Named Pipes. Retrieved September 28, 2021.
Internal MISP references
UUID 09a3f7dd-5597-4a55-8408-a2f09f4efcd4 which can be used as unique global reference for Microsoft Named Pipes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Named Pipes |
fsecure NanHaiShu July 2016
F-Secure Labs. (2016, July). NANHAISHU RATing the South China Sea. Retrieved July 6, 2018.
Internal MISP references
UUID 41984650-a0ac-4445-80b6-7ceaf93bd135 which can be used as unique global reference for fsecure NanHaiShu July 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-06T00:00:00Z |
| date_published | 2016-07-01T00:00:00Z |
| source | MITRE |
| title | NANHAISHU RATing the South China Sea |
DigiTrust NanoCore Jan 2017
The DigiTrust Group. (2017, January 01). NanoCore Is Not Your Average RAT. Retrieved November 9, 2018.
Internal MISP references
UUID 6abac972-bbd0-4cd2-b3a7-25e7825ac134 which can be used as unique global reference for DigiTrust NanoCore Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-09T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | NanoCore Is Not Your Average RAT |
PaloAlto NanoCore Feb 2016
Kasza, A., Halfpop, T. (2016, February 09). NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails. Retrieved November 9, 2018.
Internal MISP references
UUID caa0a421-04b0-4ebc-b365-97082d69d33d which can be used as unique global reference for PaloAlto NanoCore Feb 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-09T00:00:00Z |
| date_published | 2016-02-09T00:00:00Z |
| source | MITRE |
| title | NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails |
Unit42 BabyShark Feb 2019
Unit 42. (2019, February 22). New BabyShark Malware Targets U.S. National Security Think Tanks. Retrieved October 7, 2019.
Internal MISP references
UUID 634404e3-e2c9-4872-a280-12d2be168cba which can be used as unique global reference for Unit42 BabyShark Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-07T00:00:00Z |
| source | MITRE |
| title | National Security Think Tanks |
National Vulnerability Database
National Vulnerability Database. (n.d.). National Vulnerability Database. Retrieved October 15, 2020.
Internal MISP references
UUID 9b42dcc6-a39c-4d74-adc3-135f9ceac5ba which can be used as unique global reference for National Vulnerability Database in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| source | MITRE |
| title | National Vulnerability Database |
NationsBuying
Nicole Perlroth and David E. Sanger. (2013, July 12). Nations Buying as Hackers Sell Flaws in Computer Code. Retrieved March 9, 2017.
Internal MISP references
UUID a3e224e7-fe22-48d6-9ff5-35900f06c060 which can be used as unique global reference for NationsBuying in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-09T00:00:00Z |
| date_published | 2013-07-12T00:00:00Z |
| source | MITRE |
| title | Nations Buying as Hackers Sell Flaws in Computer Code |
FireEye Maze May 2020
Kennelly, J., Goody, K., Shilko, J. (2020, May 7). Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents. Retrieved May 18, 2020.
Internal MISP references
UUID 02338a66-6820-4505-8239-a1f1fcc60d32 which can be used as unique global reference for FireEye Maze May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-18T00:00:00Z |
| date_published | 2020-05-07T00:00:00Z |
| source | MITRE |
| title | Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents |
Talos NavRAT May 2018
Mercer, W., Rascagneres, P. (2018, May 31). NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea. Retrieved June 11, 2018.
Internal MISP references
UUID f644ac27-a923-489b-944e-1ba89c609307 which can be used as unique global reference for Talos NavRAT May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-11T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea |
GitHub NBNSpoof
Nomex. (2014, February 7). NBNSpoof. Retrieved November 17, 2017.
Internal MISP references
UUID 4119091a-96f8-441c-b66f-ee0d9013d7ca which can be used as unique global reference for GitHub NBNSpoof in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| date_published | 2014-02-07T00:00:00Z |
| source | MITRE |
| title | NBNSpoof |
SecTools nbtscan June 2003
SecTools. (2003, June 11). NBTscan. Retrieved March 17, 2021.
Internal MISP references
UUID 505c9e8b-66e0-435c-835f-b4405ba91966 which can be used as unique global reference for SecTools nbtscan June 2003 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-17T00:00:00Z |
| date_published | 2003-06-11T00:00:00Z |
| source | MITRE |
| title | NBTscan |
Debian nbtscan Nov 2019
Bezroutchko, A. (2019, November 19). NBTscan man page. Retrieved March 17, 2021.
Internal MISP references
UUID 8d718be1-9695-4e61-a922-5162d88477c0 which can be used as unique global reference for Debian nbtscan Nov 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-17T00:00:00Z |
| date_published | 2019-11-19T00:00:00Z |
| source | MITRE |
| title | NBTscan man page |
TechNet Nbtstat
Microsoft. (n.d.). Nbtstat. Retrieved April 17, 2016.
Internal MISP references
UUID 1b1e6b08-fc2a-48f7-82bd-e3c1a7a0d97e which can be used as unique global reference for TechNet Nbtstat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-17T00:00:00Z |
| source | MITRE |
| title | Nbtstat |
NCSC Sandworm Feb 2020
NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.
Internal MISP references
UUID d876d037-9d24-44af-b8f0-5c1555632b91 which can be used as unique global reference for NCSC Sandworm Feb 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2020-02-20T00:00:00Z |
| source | MITRE |
| title | NCSC supports US advisory regarding GRU intrusion set Sandworm |
TechNet NetBIOS
Microsoft. (n.d.). NetBIOS Name Resolution. Retrieved November 17, 2017.
Internal MISP references
UUID f756ee2e-2e79-41df-bf9f-6492a9708663 which can be used as unique global reference for TechNet NetBIOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| source | MITRE |
| title | NetBIOS Name Resolution |
Microsoft Net
Microsoft. (2017, February 14). Net Commands On Windows Operating Systems. Retrieved March 19, 2020.
Internal MISP references
UUID a04320b9-0c6a-49f9-8b84-50587278cdfb which can be used as unique global reference for Microsoft Net in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-19T00:00:00Z |
| date_published | 2017-02-14T00:00:00Z |
| source | MITRE |
| title | Net Commands On Windows Operating Systems |
Savill 1999
Savill, J. (1999, March 4). Net.exe reference. Retrieved September 22, 2015.
Internal MISP references
UUID e814d4a5-b846-4d68-ac00-7021238d287a which can be used as unique global reference for Savill 1999 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-22T00:00:00Z |
| date_published | 1999-03-04T00:00:00Z |
| source | MITRE |
| title | Net.exe reference |
Microsoft Net Utility
Microsoft. (2006, October 18). Net.exe Utility. Retrieved September 22, 2015.
Internal MISP references
UUID 75998d1c-69c0-40d2-a64b-43ad8efa05da which can be used as unique global reference for Microsoft Net Utility in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-22T00:00:00Z |
| date_published | 2006-10-18T00:00:00Z |
| source | MITRE |
| title | Net.exe Utility |
TechNet Netsh Firewall
Microsoft. (2009, June 3). Netsh Commands for Windows Firewall. Retrieved April 20, 2016.
Internal MISP references
UUID 00fb3fa3-6f72-47ad-a950-f258a70485f2 which can be used as unique global reference for TechNet Netsh Firewall in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| date_published | 2009-06-03T00:00:00Z |
| source | MITRE |
| title | Netsh Commands for Windows Firewall |
Netsh.exe - LOLBAS Project
LOLBAS. (2019, December 24). Netsh.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6d76b28f-ab57-46bd-871d-1488212d3a8f which can be used as unique global reference for Netsh.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-12-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Netsh.exe |
Github Netsh Helper CS Beacon
Smeets, M. (2016, September 26). NetshHelperBeacon. Retrieved February 13, 2017.
Internal MISP references
UUID c3169722-9c32-4a38-a7fe-8d4b6e51ca36 which can be used as unique global reference for Github Netsh Helper CS Beacon in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-13T00:00:00Z |
| date_published | 2016-09-26T00:00:00Z |
| source | MITRE |
| title | NetshHelperBeacon |
TechNet Netstat
Microsoft. (n.d.). Netstat. Retrieved April 17, 2016.
Internal MISP references
UUID 84ac26d8-9c7c-4c8c-bf64-a9fb4578388c which can be used as unique global reference for TechNet Netstat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-17T00:00:00Z |
| source | MITRE |
| title | Netstat |
TechNet Net Time
Microsoft. (n.d.). Net time. Retrieved November 25, 2016.
Internal MISP references
UUID 83094489-791f-4925-879f-e79f67e4bf1f which can be used as unique global reference for TechNet Net Time in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-25T00:00:00Z |
| source | MITRE |
| title | Net time |
Technet Net Use
Microsoft. (n.d.). Net Use. Retrieved November 25, 2016.
Internal MISP references
UUID f761d4b6-8fc5-4037-aa34-7982c17f8bed which can be used as unique global reference for Technet Net Use in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-25T00:00:00Z |
| source | MITRE |
| title | Net Use |
TrendMicro Netwalker May 2020
Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020.
Internal MISP references
UUID ceda9ef6-e609-4a34-9db1-d2a3ebffb679 which can be used as unique global reference for TrendMicro Netwalker May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| date_published | 2020-05-18T00:00:00Z |
| source | MITRE |
| title | Netwalker Fileless Ransomware Injected via Reflective Loading |
Sophos Netwalker May 2020
Szappanos, G., Brandt, A.. (2020, May 27). Netwalker ransomware tools give insight into threat actor. Retrieved May 27, 2020.
Internal MISP references
UUID 721db562-6046-4f47-95a1-36a16f26f3d1 which can be used as unique global reference for Sophos Netwalker May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-27T00:00:00Z |
| date_published | 2020-05-27T00:00:00Z |
| source | MITRE |
| title | Netwalker ransomware tools give insight into threat actor |
McAfee Netwire Mar 2015
McAfee. (2015, March 2). Netwire RAT Behind Recent Targeted Attacks. Retrieved February 15, 2018.
Internal MISP references
UUID b02fbf00-f571-4507-941d-ac1d4a8310b0 which can be used as unique global reference for McAfee Netwire Mar 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2015-03-02T00:00:00Z |
| source | MITRE |
| title | Netwire RAT Behind Recent Targeted Attacks |
Windows Anonymous Enumeration of SAM Accounts
Microsoft. (2017, April 19). Network access: Do not allow anonymous enumeration of SAM accounts and shares. Retrieved May 20, 2020.
Internal MISP references
UUID 25e0244a-b829-4df9-a435-b6f9f1a2f0bc which can be used as unique global reference for Windows Anonymous Enumeration of SAM Accounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-20T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | Network access: Do not allow anonymous enumeration of SAM accounts and shares |
Microsoft Network access Credential Manager
Microsoft. (2016, August 31). Network access: Do not allow storage of passwords and credentials for network authentication. Retrieved November 23, 2020.
Internal MISP references
UUID e0d8c585-e898-43ba-8d46-201dbe52db56 which can be used as unique global reference for Microsoft Network access Credential Manager in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-23T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Network access: Do not allow storage of passwords and credentials for network authentication |
Microsoft NFS Overview
Microsoft. (2018, July 9). Network File System overview. Retrieved September 28, 2021.
Internal MISP references
UUID 1e49b346-d822-4f82-92db-2989313d07e9 which can be used as unique global reference for Microsoft NFS Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2018-07-09T00:00:00Z |
| source | MITRE |
| title | Network File System overview |
Network Provider API
Microsoft. (2021, January 7). Network Provider API. Retrieved March 30, 2023.
Internal MISP references
UUID b218434e-4233-5963-824e-50ee32d468ed which can be used as unique global reference for Network Provider API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2021-01-07T00:00:00Z |
| source | MITRE |
| title | Network Provider API |
Malware Bytes New AgentTesla variant steals WiFi credentials
Hossein Jazi. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved September 8, 2023.
Internal MISP references
UUID b61b7db6-ed0d-546d-b1e0-c2630530975b which can be used as unique global reference for Malware Bytes New AgentTesla variant steals WiFi credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| date_published | 2020-04-16T00:00:00Z |
| source | MITRE |
| title | New AgentTesla variant steals WiFi credentials |
Malwarebytes Agent Tesla April 2020
Jazi, H. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved May 19, 2020.
Internal MISP references
UUID 87f4fe4c-54cd-40a7-938b-6e6f6d2efbea which can be used as unique global reference for Malwarebytes Agent Tesla April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-19T00:00:00Z |
| date_published | 2020-04-16T00:00:00Z |
| source | MITRE |
| title | New AgentTesla variant steals WiFi credentials |
TrendMicro New Andariel Tactics July 2018
Chen, Joseph. (2018, July 16). New Andariel Reconnaissance Tactics Uncovered. Retrieved September 29, 2021.
Internal MISP references
UUID b667eb44-8c2f-4319-bc93-f03610214b8b which can be used as unique global reference for TrendMicro New Andariel Tactics July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2018-07-16T00:00:00Z |
| source | MITRE |
| title | New Andariel Reconnaissance Tactics Uncovered |
Unit 42 C0d0so0 Jan 2016
Grunzweig, J., Lee, B. (2016, January 22). New Attacks Linked to C0d0so0 Group. Retrieved August 2, 2018.
Internal MISP references
UUID c740fc1c-093e-4389-890e-1fd88a824df4 which can be used as unique global reference for Unit 42 C0d0so0 Jan 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-02T00:00:00Z |
| date_published | 2016-01-22T00:00:00Z |
| source | MITRE |
| title | New Attacks Linked to C0d0so0 Group |
Trend Micro Banking Malware Jan 2019
Salvio, J.. (2014, June 27). New Banking Malware Uses Network Sniffing for Data Theft. Retrieved March 25, 2019.
Internal MISP references
UUID 4fee21e3-1b8f-4e10-b077-b59e2df94633 which can be used as unique global reference for Trend Micro Banking Malware Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2014-06-27T00:00:00Z |
| source | MITRE |
| title | New Banking Malware Uses Network Sniffing for Data Theft |
IBM IcedID November 2017
Kessem, L., et al. (2017, November 13). New Banking Trojan IcedID Discovered by IBM X-Force Research. Retrieved July 14, 2020.
Internal MISP references
UUID fdc56361-24f4-4fa5-949e-02e61c4d3be8 which can be used as unique global reference for IBM IcedID November 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-14T00:00:00Z |
| date_published | 2017-11-13T00:00:00Z |
| source | MITRE |
| title | New Banking Trojan IcedID Discovered by IBM X-Force Research |
Minerva Labs Black Basta May 2022
Zargarov, N. (2022, May 2). New Black Basta Ransomware Hijacks Windows Fax Service. Retrieved March 7, 2023.
Internal MISP references
UUID 6358f7ed-41d6-56be-83bb-179e0a8b7873 which can be used as unique global reference for Minerva Labs Black Basta May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-05-02T00:00:00Z |
| source | MITRE |
| title | New Black Basta Ransomware Hijacks Windows Fax Service |
Google TAG Lazarus Jan 2021
Weidemann, A. (2021, January 25). New campaign targeting security researchers. Retrieved December 20, 2021.
Internal MISP references
UUID fb4b3427-353d-44c7-8dcd-d257324a83b2 which can be used as unique global reference for Google TAG Lazarus Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-20T00:00:00Z |
| date_published | 2021-01-25T00:00:00Z |
| source | MITRE |
| title | New campaign targeting security researchers |
Airbus Derusbi 2015
Perigaud, F. (2015, December 15). Newcomers in the Derusbi family. Retrieved December 20, 2017.
Internal MISP references
UUID 9b419a40-c20b-40dd-8627-9c1c786bf165 which can be used as unique global reference for Airbus Derusbi 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2015-12-15T00:00:00Z |
| source | MITRE |
| title | Newcomers in the Derusbi family |
Malwarebytes Crossrider Apr 2018
Reed, Thomas. (2018, April 24). New Crossrider variant installs configuration profiles on Macs. Retrieved September 6, 2019.
Internal MISP references
UUID 80530288-26a3-4c3e-ace1-47510df10fbd which can be used as unique global reference for Malwarebytes Crossrider Apr 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-06T00:00:00Z |
| date_published | 2018-04-24T00:00:00Z |
| source | MITRE |
| title | New Crossrider variant installs configuration profiles on Macs |
CyberBit Early Bird Apr 2018
Gavriel, H. & Erbesfeld, B. (2018, April 11). New ‘Early Bird’ Code Injection Technique Discovered. Retrieved May 24, 2018.
Internal MISP references
UUID 8ae4ec67-518e-46dd-872c-7e2a9ca4ef13 which can be used as unique global reference for CyberBit Early Bird Apr 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-24T00:00:00Z |
| date_published | 2018-04-11T00:00:00Z |
| source | MITRE |
| title | New ‘Early Bird’ Code Injection Technique Discovered |
Zscaler Molerats Campaign
Sahil Antil, Sudeep Singh. (2022, January 20). New espionage attack by Molerats APT targeting users in the Middle East. Retrieved October 10, 2023.
Internal MISP references
UUID 3b39e73e-229f-4ff4-bec3-d83e6364a66e which can be used as unique global reference for Zscaler Molerats Campaign in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | New espionage attack by Molerats APT targeting users in the Middle East |
CrowdStrike Wizard Spider March 2019
Feeley, B. and Stone-Gross, B. (2019, March 20). New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration. Retrieved June 15, 2020.
Internal MISP references
UUID d7001d6f-97a1-4155-8f74-3d878d4cbb27 which can be used as unique global reference for CrowdStrike Wizard Spider March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2019-03-20T00:00:00Z |
| source | MITRE |
| title | New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration |
Bleeping Computer Evil Corp mimics PayloadBin gang 2022
Abrams, L. (2021, June 6). New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions. Retrieved July 19, 2022.
Internal MISP references
UUID 5695d3a2-6b6c-433a-9254-d4a2e001a8be which can be used as unique global reference for Bleeping Computer Evil Corp mimics PayloadBin gang 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-19T00:00:00Z |
| source | Tidal Cyber |
| title | New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions |
TechNet Office Macro Security
Microsoft Malware Protection Center. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved July 3, 2017.
Internal MISP references
UUID f14f08c5-de51-4827-ba3a-f0598dfbe505 which can be used as unique global reference for TechNet Office Macro Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2016-03-22T00:00:00Z |
| source | MITRE |
| title | New feature in Office 2016 can block macros and help prevent infection |
Microsoft Block Office Macros
Windows Defender Research. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved April 11, 2018.
Internal MISP references
UUID 4d0f4d0a-b812-42f8-a52c-a1f5c69e6337 which can be used as unique global reference for Microsoft Block Office Macros in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2016-03-22T00:00:00Z |
| source | MITRE |
| title | New feature in Office 2016 can block macros and help prevent infection |
SolarWinds Sunburst Sunspot Update January 2021
Sudhakar Ramakrishna . (2021, January 11). New Findings From Our Investigation of SUNBURST. Retrieved January 13, 2021.
Internal MISP references
UUID 1be1b6e0-1b42-4d07-856b-b6321c17bb88 which can be used as unique global reference for SolarWinds Sunburst Sunspot Update January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-13T00:00:00Z |
| date_published | 2021-01-11T00:00:00Z |
| source | MITRE |
| title | New Findings From Our Investigation of SUNBURST |
BleepingComp Godlua JUL19
Gatlan, S. (2019, July 3). New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS. Retrieved March 15, 2020.
Internal MISP references
UUID fd862d10-79bc-489d-a552-118014d01648 which can be used as unique global reference for BleepingComp Godlua JUL19 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-15T00:00:00Z |
| date_published | 2019-07-03T00:00:00Z |
| source | MITRE |
| title | New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS |
HTML Smuggling Menlo Security 2020
Subramanian, K. (2020, August 18). New HTML Smuggling Attack Alert: Duri. Retrieved May 20, 2021.
Internal MISP references
UUID a9fc3502-66c2-4504-9886-458f8a803b5d which can be used as unique global reference for HTML Smuggling Menlo Security 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-20T00:00:00Z |
| date_published | 2020-08-18T00:00:00Z |
| source | MITRE |
| title | New HTML Smuggling Attack Alert: Duri |
Microsoft New-InboxRule
Microsoft. (n.d.). New-InboxRule. Retrieved June 7, 2021.
Internal MISP references
UUID 54fcfc36-e0d5-422f-8a45-eeb7fa077a93 which can be used as unique global reference for Microsoft New-InboxRule in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-07T00:00:00Z |
| source | MITRE |
| title | New-InboxRule |
AWS - IAM Console Best Practices
Moncur, Rob. (2020, July 5). New Information in the AWS IAM Console Helps You Follow IAM Best Practices. Retrieved August 4, 2020.
Internal MISP references
UUID dadae802-91a7-46d4-aacd-48f49f22854e which can be used as unique global reference for AWS - IAM Console Best Practices in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2020-07-05T00:00:00Z |
| source | MITRE |
| title | New Information in the AWS IAM Console Helps You Follow IAM Best Practices |
Trend Micro Ransomware February 2021
Centero, R. et al. (2021, February 5). New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker. Retrieved August 11, 2021.
Internal MISP references
UUID 64a86a3f-0160-4766-9ac1-7d287eb2c323 which can be used as unique global reference for Trend Micro Ransomware February 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-11T00:00:00Z |
| date_published | 2021-02-05T00:00:00Z |
| source | MITRE |
| title | New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker |
Avast CCleaner3 2018
Avast Threat Intelligence Team. (2018, March 8). New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities. Retrieved March 15, 2018.
Internal MISP references
UUID 1641553f-96e7-4829-8c77-d96388dac5c7 which can be used as unique global reference for Avast CCleaner3 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-15T00:00:00Z |
| date_published | 2018-03-08T00:00:00Z |
| source | MITRE |
| title | New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities |
amnesia malware
Claud Xiao, Cong Zheng, Yanhui Jia. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved February 19, 2018.
Internal MISP references
UUID 489a6c57-f64c-423b-a7bd-169fa36c4cdf which can be used as unique global reference for amnesia malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-19T00:00:00Z |
| date_published | 2017-04-06T00:00:00Z |
| source | MITRE |
| title | New IoT/Linux Malware Targets DVRs, Forms Botnet |
Tsunami
Claud Xiao and Cong Zheng. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved December 17, 2020.
Internal MISP references
UUID 95b5b03e-f160-47cf-920c-8f4f3d4114a3 which can be used as unique global reference for Tsunami in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2017-04-06T00:00:00Z |
| source | MITRE |
| title | New IoT/Linux Malware Targets DVRs, Forms Botnet |
ClearSky Siamesekitten August 2021
ClearSky Cyber Security . (2021, August). New Iranian Espionage Campaign By “Siamesekitten” - Lyceum. Retrieved June 6, 2022.
Internal MISP references
UUID 9485efce-8d54-4461-b64e-0d15e31fbf8c which can be used as unique global reference for ClearSky Siamesekitten August 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-06T00:00:00Z |
| date_published | 2021-08-01T00:00:00Z |
| source | MITRE |
| title | New Iranian Espionage Campaign By “Siamesekitten” - Lyceum |
Unit 42 NOKKI Sept 2018
Grunzweig, J., Lee, B. (2018, September 27). New KONNI Malware attacking Eurasia and Southeast Asia. Retrieved November 5, 2018.
Internal MISP references
UUID f3d3b9bc-4c59-4a1f-b602-e3e884661708 which can be used as unique global reference for Unit 42 NOKKI Sept 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2018-09-27T00:00:00Z |
| source | MITRE |
| title | New KONNI Malware attacking Eurasia and Southeast Asia |
Malwarebytes Higaisa 2020
Malwarebytes Threat Intelligence Team. (2020, June 4). New LNK attack tied to Higaisa APT discovered. Retrieved March 2, 2021.
Internal MISP references
UUID 6054e0ab-cf61-49ba-b7f5-58b304477451 which can be used as unique global reference for Malwarebytes Higaisa 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-02T00:00:00Z |
| date_published | 2020-06-04T00:00:00Z |
| source | MITRE |
| title | New LNK attack tied to Higaisa APT discovered |
Gallagher 2015
Gallagher, S.. (2015, August 5). Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”. Retrieved January 25, 2016.
Internal MISP references
UUID b1540c5c-0bbc-4b9d-9185-fae224ba31be which can be used as unique global reference for Gallagher 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-25T00:00:00Z |
| date_published | 2015-08-05T00:00:00Z |
| source | MITRE |
| title | Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes” |
FireEye TLS Nov 2017
Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved December 18, 2017.
Internal MISP references
UUID 9737055a-f583-448e-84d0-1d336c4da9a8 which can be used as unique global reference for FireEye TLS Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2017-11-28T00:00:00Z |
| source | MITRE |
| title | Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection |
FireEye Ursnif Nov 2017
Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved June 5, 2019.
Internal MISP references
UUID 32c0b9d2-9f31-4e49-8b3a-c63ff4fffa47 which can be used as unique global reference for FireEye Ursnif Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-05T00:00:00Z |
| date_published | 2017-11-28T00:00:00Z |
| source | MITRE |
| title | Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection |
Antiquated Mac Malware
Thomas Reed. (2017, January 18). New Mac backdoor using antiquated code. Retrieved July 5, 2017.
Internal MISP references
UUID 165edb01-2681-45a3-b76b-4eb7dee5dab9 which can be used as unique global reference for Antiquated Mac Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2017-01-18T00:00:00Z |
| source | MITRE |
| title | New Mac backdoor using antiquated code |
Trend Micro MacOS Backdoor November 2020
Magisa, L. (2020, November 27). New MacOS Backdoor Connected to OceanLotus Surfaces. Retrieved December 2, 2020.
Internal MISP references
UUID 43726cb8-a169-4594-9323-fad65b9bae97 which can be used as unique global reference for Trend Micro MacOS Backdoor November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-02T00:00:00Z |
| date_published | 2020-11-27T00:00:00Z |
| source | MITRE |
| title | New MacOS Backdoor Connected to OceanLotus Surfaces |
TrendMicro MacOS April 2018
Horejsi, J. (2018, April 04). New MacOS Backdoor Linked to OceanLotus Found. Retrieved November 13, 2018.
Internal MISP references
UUID e18ad1a7-1e7e-4aca-be9b-9ee12b41c147 which can be used as unique global reference for TrendMicro MacOS April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2018-04-04T00:00:00Z |
| source | MITRE |
| title | New MacOS Backdoor Linked to OceanLotus Found |
TrendMicro macOS Dacls May 2020
Mabutas, G. (2020, May 11). New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability. Retrieved August 10, 2020.
Internal MISP references
UUID 0ef8691d-48ae-4057-82ef-eb086c05e2b9 which can be used as unique global reference for TrendMicro macOS Dacls May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-10T00:00:00Z |
| date_published | 2020-05-11T00:00:00Z |
| source | MITRE |
| title | New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability |
OSX Malware Exploits MacKeeper
Sergei Shevchenko. (2015, June 4). New Mac OS Malware Exploits Mackeeper. Retrieved July 3, 2017.
Internal MISP references
UUID 8c4bcbc7-ff52-4f7b-a22e-98bf9cfb1040 which can be used as unique global reference for OSX Malware Exploits MacKeeper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2015-06-04T00:00:00Z |
| source | MITRE |
| title | New Mac OS Malware Exploits Mackeeper |
Carbon Black Shlayer Feb 2019
Carbon Black Threat Analysis Unit. (2019, February 12). New macOS Malware Variant of Shlayer (OSX) Discovered. Retrieved August 8, 2019.
Internal MISP references
UUID d8212691-4a6e-49bf-bc33-740850a1189a which can be used as unique global reference for Carbon Black Shlayer Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-08T00:00:00Z |
| date_published | 2019-02-12T00:00:00Z |
| source | MITRE |
| title | New macOS Malware Variant of Shlayer (OSX) Discovered |
Palo Alto Rover
Ray, V., Hayashi, K. (2016, February 29). New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.
Internal MISP references
UUID bbdf3f49-9875-4d41-986d-b693e82c77e1 which can be used as unique global reference for Palo Alto Rover in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-29T00:00:00Z |
| date_published | 2016-02-29T00:00:00Z |
| source | MITRE |
| title | New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan |
Palo Alto Reaver Nov 2017
Grunzweig, J. and Miller-Osborn, J. (2017, November 10). New Malware with Ties to SunOrcal Discovered. Retrieved November 16, 2017.
Internal MISP references
UUID 69fbe527-2ec4-457b-81b1-2eda65eb8442 which can be used as unique global reference for Palo Alto Reaver Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-16T00:00:00Z |
| date_published | 2017-11-10T00:00:00Z |
| source | MITRE |
| title | New Malware with Ties to SunOrcal Discovered |
Trend Micro Xbash Sept 2018
Trend Micro. (2018, September 19). New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet. Retrieved June 4, 2019.
Internal MISP references
UUID a4b37a24-b2a0-4fcb-9ec3-0d6b67e4e13b which can be used as unique global reference for Trend Micro Xbash Sept 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2018-09-19T00:00:00Z |
| source | MITRE |
| title | New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet |
MSRC Nobelium June 2021
MSRC. (2021, June 25). New Nobelium activity. Retrieved August 4, 2021.
Internal MISP references
UUID 1588799f-a5d2-46bc-978d-f10ed7ceb15c which can be used as unique global reference for MSRC Nobelium June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-04T00:00:00Z |
| date_published | 2021-06-25T00:00:00Z |
| source | MITRE |
| title | New Nobelium activity |
Symantec Orangeworm April 2018
Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.
Internal MISP references
UUID eee5efa1-bbc6-44eb-8fae-23002f351605 which can be used as unique global reference for Symantec Orangeworm April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-08T00:00:00Z |
| date_published | 2018-04-23T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia |
OSX.Dok Malware
Thomas Reed. (2017, July 7). New OSX.Dok malware intercepts web traffic. Retrieved July 10, 2017.
Internal MISP references
UUID 71d65081-dada-4a69-94c5-f1d8e4e151c1 which can be used as unique global reference for OSX.Dok Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-10T00:00:00Z |
| date_published | 2017-07-07T00:00:00Z |
| source | MITRE |
| title | New OSX.Dok malware intercepts web traffic |
OSX Keydnap malware
Marc-Etienne M.Leveille. (2016, July 6). New OSX/Keydnap malware is hungry for credentials. Retrieved July 3, 2017.
Internal MISP references
UUID d43e0dd1-0946-4f49-bcc7-3ef38445eac3 which can be used as unique global reference for OSX Keydnap malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2016-07-06T00:00:00Z |
| source | MITRE |
| title | New OSX/Keydnap malware is hungry for credentials |
Intego Shlayer Apr 2018
Vrijenhoek, Jay. (2018, April 24). New OSX/Shlayer Malware Variant Found Using a Dirty New Trick. Retrieved September 6, 2019.
Internal MISP references
UUID 3ca1254c-db51-4a5d-8242-ffd9e4481c22 which can be used as unique global reference for Intego Shlayer Apr 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-06T00:00:00Z |
| date_published | 2018-04-24T00:00:00Z |
| source | MITRE |
| title | New OSX/Shlayer Malware Variant Found Using a Dirty New Trick |
Cybereason Linux Exim Worm
Cybereason Nocturnus. (2019, June 13). New Pervasive Worm Exploiting Linux Exim Server Vulnerability. Retrieved June 24, 2020.
Internal MISP references
UUID 9523d8ae-d749-4c25-8c7b-df2d8c25c3c8 which can be used as unique global reference for Cybereason Linux Exim Worm in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| date_published | 2019-06-13T00:00:00Z |
| source | MITRE |
| title | New Pervasive Worm Exploiting Linux Exim Server Vulnerability |
Microsoft Prestige ransomware October 2022
MSTIC. (2022, October 14). New “Prestige” ransomware impacts organizations in Ukraine and Poland. Retrieved January 19, 2023.
Internal MISP references
UUID b57e1181-461b-5ada-a739-873ede1ec079 which can be used as unique global reference for Microsoft Prestige ransomware October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-19T00:00:00Z |
| date_published | 2022-10-14T00:00:00Z |
| source | MITRE |
| title | New “Prestige” ransomware impacts organizations in Ukraine and Poland |
Unit 42 MechaFlounder March 2019
Falcone, R. (2019, March 4). New Python-Based Payload MechaFlounder Used by Chafer. Retrieved May 27, 2020.
Internal MISP references
UUID 2263af27-9c30-4bf6-a204-2f148ebdd17c which can be used as unique global reference for Unit 42 MechaFlounder March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-27T00:00:00Z |
| date_published | 2019-03-04T00:00:00Z |
| source | MITRE |
| title | New Python-Based Payload MechaFlounder Used by Chafer |
Talos Nyetya June 2017
Chiu, A. (2016, June 27). New Ransomware Variant "Nyetya" Compromises Systems Worldwide. Retrieved March 26, 2019.
Internal MISP references
UUID c76e806c-b0e3-4ab9-ba6d-68a9f731f127 which can be used as unique global reference for Talos Nyetya June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-26T00:00:00Z |
| date_published | 2016-06-27T00:00:00Z |
| source | MITRE |
| title | New Ransomware Variant "Nyetya" Compromises Systems Worldwide |
Cyble Black Basta May 2022
Cyble. (2022, May 6). New ransomware variant targeting high-value organizations. Retrieved March 7, 2023.
Internal MISP references
UUID 18035aba-0ae3-58b8-b426-86c2e38a37ae which can be used as unique global reference for Cyble Black Basta May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-07T00:00:00Z |
| date_published | 2022-05-06T00:00:00Z |
| source | MITRE |
| title | New ransomware variant targeting high-value organizations |
Bleepingcomputer RAT malware 2020
Abrams, L. (2020, October 23). New RAT malware gets commands via Discord, has ransomware feature. Retrieved April 1, 2021.
Internal MISP references
UUID a587ea99-a951-4aa8-a3cf-a4822ae97490 which can be used as unique global reference for Bleepingcomputer RAT malware 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2020-10-23T00:00:00Z |
| source | MITRE |
| title | New RAT malware gets commands via Discord, has ransomware feature |
IBM ITG18 2020
Wikoff, A. Emerson, R. (2020, July 16). New Research Exposes Iranian Threat Group Operations. Retrieved March 8, 2021.
Internal MISP references
UUID 523b7a1e-88ef-4440-a7b3-3fd0b8d5e199 which can be used as unique global reference for IBM ITG18 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-08T00:00:00Z |
| date_published | 2020-07-16T00:00:00Z |
| source | MITRE |
| title | New Research Exposes Iranian Threat Group Operations |
new_rogue_DHCP_serv_malware
Irwin, Ullrich, J. (2009, March 16). new rogue-DHCP server malware. Retrieved January 14, 2022.
Internal MISP references
UUID 8e0a8a9a-9b1f-4141-b595-80b98daf6b68 which can be used as unique global reference for new_rogue_DHCP_serv_malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-14T00:00:00Z |
| date_published | 2009-03-16T00:00:00Z |
| source | MITRE |
| title | new rogue-DHCP server malware |
NCSC CISA Cyclops Blink Advisory February 2022
NCSC, CISA, FBI, NSA. (2022, February 23). New Sandworm malware Cyclops Blink replaces VPNFilter. Retrieved March 3, 2022.
Internal MISP references
UUID bee6cf85-5cb9-4000-b82e-9e15aebfbece which can be used as unique global reference for NCSC CISA Cyclops Blink Advisory February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-03T00:00:00Z |
| date_published | 2022-02-23T00:00:00Z |
| source | MITRE |
| title | New Sandworm malware Cyclops Blink replaces VPNFilter |
Eweek Newscaster and Charming Kitten May 2014
Kerner, S. (2014, May 29). Newscaster Threat Uses Social Media for Intelligence Gathering. Retrieved April 14, 2021.
Internal MISP references
UUID a3407cd2-d579-4d64-8f2e-162c31a99534 which can be used as unique global reference for Eweek Newscaster and Charming Kitten May 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| date_published | 2014-05-29T00:00:00Z |
| source | MITRE |
| title | Newscaster Threat Uses Social Media for Intelligence Gathering |
Deep Instinct TA505 Apr 2019
Vilkomir-Preisman, S. (2019, April 2). New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload. Retrieved May 28, 2019.
Internal MISP references
UUID 529524c0-123b-459c-bc6f-62aa45c228d1 which can be used as unique global reference for Deep Instinct TA505 Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-28T00:00:00Z |
| date_published | 2019-04-02T00:00:00Z |
| source | MITRE |
| title | New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload |
Janicab
Thomas. (2013, July 15). New signed malware called Janicab. Retrieved July 17, 2017.
Internal MISP references
UUID 1acc1a83-faac-41d3-a08b-cc3a539567fb which can be used as unique global reference for Janicab in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-17T00:00:00Z |
| date_published | 2013-07-15T00:00:00Z |
| source | MITRE |
| title | New signed malware called Janicab |
MSTIC NOBELIUM May 2021
Microsoft Threat Intelligence Center (MSTIC). (2021, May 27). New sophisticated email-based attack from NOBELIUM. Retrieved May 28, 2021.
Internal MISP references
UUID 047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d which can be used as unique global reference for MSTIC NOBELIUM May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-28T00:00:00Z |
| date_published | 2021-05-27T00:00:00Z |
| source | MITRE |
| title | New sophisticated email-based attack from NOBELIUM |
Microsoft Phosphorus Mar 2019
Burt, T. (2019, March 27). New steps to protect customers from hacking. Retrieved May 27, 2020.
Internal MISP references
UUID c55a112d-4b05-4c32-a5b3-480b12929115 which can be used as unique global reference for Microsoft Phosphorus Mar 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-27T00:00:00Z |
| date_published | 2019-03-27T00:00:00Z |
| source | MITRE |
| title | New steps to protect customers from hacking |
FireEye SUNSHUTTLE Mar 2021
Smith, L., Leathery, J., Read, B. (2021, March 4). New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452. Retrieved March 12, 2021.
Internal MISP references
UUID 1cdb8a1e-fbed-4db3-b273-5f8f45356dc1 which can be used as unique global reference for FireEye SUNSHUTTLE Mar 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-12T00:00:00Z |
| date_published | 2021-03-04T00:00:00Z |
| source | MITRE |
| title | New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 |
Blasco 2013
Blasco, J. (2013, March 21). New Sykipot developments [Blog]. Retrieved November 12, 2014.
Internal MISP references
UUID 46be6b77-ee2b-407e-bdd4-5a1183eda7f3 which can be used as unique global reference for Blasco 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2013-03-21T00:00:00Z |
| source | MITRE |
| title | New Sykipot developments [Blog] |
Malwarebytes Targeted Attack against Saudi Arabia
Malwarebytes Labs. (2017, March 27). New targeted attack against Saudi Arabia Government. Retrieved July 3, 2017.
Internal MISP references
UUID 735647f9-9cd4-4a20-8812-4671a3358e46 which can be used as unique global reference for Malwarebytes Targeted Attack against Saudi Arabia in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2017-03-27T00:00:00Z |
| source | MITRE |
| title | New targeted attack against Saudi Arabia Government |
FireEye APT34 Dec 2017
Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.
Internal MISP references
UUID 88f41728-08ad-4cd8-a418-895738d68b04 which can be used as unique global reference for FireEye APT34 Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-12-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit |
Unit 42 Cobalt Gang Oct 2018
Unit 42. (2018, October 25). New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed. Retrieved December 11, 2018.
Internal MISP references
UUID 8956f0e5-d07f-4063-bf60-f8b964d03e6d which can be used as unique global reference for Unit 42 Cobalt Gang Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-11T00:00:00Z |
| date_published | 2018-10-25T00:00:00Z |
| source | MITRE |
| title | New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed |
ESET TeleBots Oct 2018
Cherepanov, A., Lipovsky, R. (2018, October 11). New TeleBots backdoor: First evidence linking Industroyer to NotPetya. Retrieved November 27, 2018.
Internal MISP references
UUID 56372448-03f5-49b5-a2a9-384fbd49fefc which can be used as unique global reference for ESET TeleBots Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-27T00:00:00Z |
| date_published | 2018-10-11T00:00:00Z |
| source | MITRE |
| title | New TeleBots backdoor: First evidence linking Industroyer to NotPetya |
Unit 42 DarkHydrus July 2018
Falcone, R., et al. (2018, July 27). New Threat Actor Group DarkHydrus Targets Middle East Government. Retrieved August 2, 2018.
Internal MISP references
UUID 800279cf-e6f8-4721-818f-46e35ec7892a which can be used as unique global reference for Unit 42 DarkHydrus July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-02T00:00:00Z |
| date_published | 2018-07-27T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | New Threat Actor Group DarkHydrus Targets Middle East Government |
Bitdefender Trickbot March 2020
Tudorica, R., Maximciuc, A., Vatamanu, C. (2020, March 18). New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong. Retrieved March 15, 2021.
Internal MISP references
UUID 2ccdaded-97f6-47e2-b6c0-9a83e8a945d6 which can be used as unique global reference for Bitdefender Trickbot March 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-15T00:00:00Z |
| date_published | 2020-03-18T00:00:00Z |
| source | MITRE |
| title | New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong |
Malwarebytes Konni Aug 2021
Threat Intelligence Team. (2021, August 23). New variant of Konni malware used in campaign targetting Russia. Retrieved January 5, 2022.
Internal MISP references
UUID fb8c6402-ec18-414a-85f7-3d76eacbd890 which can be used as unique global reference for Malwarebytes Konni Aug 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-05T00:00:00Z |
| date_published | 2021-08-23T00:00:00Z |
| source | MITRE |
| title | New variant of Konni malware used in campaign targetting Russia |
Proofpoint Vega Credential Stealer May 2018
Proofpoint. (2018, May 10). New Vega Stealer shines brightly in targeted campaign . Retrieved June 18, 2019.
Internal MISP references
UUID c52fe62f-4df4-43b0-a126-2df07dc61fc0 which can be used as unique global reference for Proofpoint Vega Credential Stealer May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-18T00:00:00Z |
| date_published | 2018-05-10T00:00:00Z |
| source | MITRE |
| title | New Vega Stealer shines brightly in targeted campaign |
Proofpoint Azorult July 2018
Proofpoint. (2018, July 30). New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign. Retrieved November 29, 2018.
Internal MISP references
UUID a85c869a-3ba3-42c2-9460-d3d1f0874044 which can be used as unique global reference for Proofpoint Azorult July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-29T00:00:00Z |
| date_published | 2018-07-30T00:00:00Z |
| source | MITRE |
| title | New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign |
Avira Mustang Panda January 2020
Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021.
Internal MISP references
UUID bc7755a0-5ee3-477b-b8d7-67174a59d0e2 which can be used as unique global reference for Avira Mustang Panda January 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2020-01-31T00:00:00Z |
| source | MITRE |
| title | New wave of PlugX targets Hong Kong |
PaloAlto DNS Requests May 2016
Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved November 15, 2018.
Internal MISP references
UUID 6f08aa4e-c89f-4d3e-8f46-e856e21d2d50 which can be used as unique global reference for PaloAlto DNS Requests May 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-15T00:00:00Z |
| date_published | 2016-05-24T00:00:00Z |
| source | MITRE |
| title | New Wekby Attacks Use DNS Requests As Command and Control Mechanism |
Palo Alto DNS Requests
Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved August 17, 2016.
Internal MISP references
UUID 4a946c3f-ee0a-4649-8104-2bd9d90ebd49 which can be used as unique global reference for Palo Alto DNS Requests in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-17T00:00:00Z |
| date_published | 2016-05-24T00:00:00Z |
| source | MITRE |
| title | New Wekby Attacks Use DNS Requests As Command and Control Mechanism |
Unit42 Azorult Nov 2018
Yan, T., et al. (2018, November 21). New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit. Retrieved November 29, 2018.
Internal MISP references
UUID 44ceddf6-bcbf-4a60-bb92-f8cdc675d185 which can be used as unique global reference for Unit42 Azorult Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-29T00:00:00Z |
| date_published | 2018-11-21T00:00:00Z |
| source | MITRE |
| title | New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit |
FireEye Clandestine Fox
Chen, X., Scott, M., Caselden, D.. (2014, April 26). New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks. Retrieved January 14, 2016.
Internal MISP references
UUID fd536975-ff27-45fc-a07f-4b2128568df8 which can be used as unique global reference for FireEye Clandestine Fox in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2014-04-26T00:00:00Z |
| source | MITRE |
| title | New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks |
Twitter ItsReallyNick Platinum Masquerade
Carr, N.. (2018, October 25). Nick Carr Status Update. Retrieved April 22, 2019.
Internal MISP references
UUID 12eea502-cf70-474f-8127-352cacc37418 which can be used as unique global reference for Twitter ItsReallyNick Platinum Masquerade in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2018-10-25T00:00:00Z |
| source | MITRE |
| title | Nick Carr Status Update |
Twitter ItsReallyNick APT32 pubprn Masquerade
Carr, N.. (2017, December 26). Nick Carr Status Update APT32 pubprn. Retrieved April 22, 2019.
Internal MISP references
UUID 731865ea-2410-40ac-85cf-75f768edd08a which can be used as unique global reference for Twitter ItsReallyNick APT32 pubprn Masquerade in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2017-12-26T00:00:00Z |
| source | MITRE |
| title | Nick Carr Status Update APT32 pubprn |
Twitter ItsReallyNick APT41 EK
Carr, N. (2019, October 30). Nick Carr Status Update APT41 Environmental Keying. Retrieved June 23, 2020.
Internal MISP references
UUID e226a034-b79b-42bd-8115-2537f98e5d46 which can be used as unique global reference for Twitter ItsReallyNick APT41 EK in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| date_published | 2019-10-30T00:00:00Z |
| source | MITRE |
| title | Nick Carr Status Update APT41 Environmental Keying |
Twitter ItsReallyNick Masquerading Update
Carr, N.. (2018, October 25). Nick Carr Status Update Masquerading. Retrieved April 22, 2019.
Internal MISP references
UUID aca324b7-15f1-47b5-9c13-248d1b1a7fff which can be used as unique global reference for Twitter ItsReallyNick Masquerading Update in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2018-10-25T00:00:00Z |
| source | MITRE |
| title | Nick Carr Status Update Masquerading |
SecureWorks NICKEL GLADSTONE profile Sept 2021
SecureWorks. (2021, September 29). NICKEL GLADSTONE Threat Profile. Retrieved September 29, 2021.
Internal MISP references
UUID c78a8379-04a4-4558-820d-831ad4f267fd which can be used as unique global reference for SecureWorks NICKEL GLADSTONE profile Sept 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2021-09-29T00:00:00Z |
| source | MITRE |
| title | NICKEL GLADSTONE Threat Profile |
Microsoft NICKEL December 2021
MSTIC. (2021, December 6). NICKEL targeting government organizations across Latin America and Europe. Retrieved March 18, 2022.
Internal MISP references
UUID 29a46bb3-f514-4554-ad9c-35f9a5ad9870 which can be used as unique global reference for Microsoft NICKEL December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-18T00:00:00Z |
| date_published | 2021-12-06T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | NICKEL targeting government organizations across Latin America and Europe |
Nicolas Falliere, Liam O Murchu, Eric Chien February 2011
Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February) W32.Stuxnet Dossier (Version 1.4). Retrieved September 22, 2017
Internal MISP references
UUID a1b371c2-b2b1-5780-95c8-11f8c616dcf3 which can be used as unique global reference for Nicolas Falliere, Liam O Murchu, Eric Chien February 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-22T00:00:00Z |
| source | MITRE |
| title | Nicolas Falliere, Liam O Murchu, Eric Chien February 2011 |
ProofPoint Ursnif Aug 2016
Proofpoint Staff. (2016, August 25). Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality. Retrieved June 5, 2019.
Internal MISP references
UUID 4cef8c44-d440-4746-b3e8-c8e4d307273d which can be used as unique global reference for ProofPoint Ursnif Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-05T00:00:00Z |
| date_published | 2016-08-25T00:00:00Z |
| source | MITRE |
| title | Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality |
NirSoft Website
NirSoft. (n.d.). NirSoft Website. Retrieved March 6, 2024.
Internal MISP references
UUID 024e4e25-aab7-4231-bb4b-5e399d02d7b2 which can be used as unique global reference for NirSoft Website in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | NirSoft Website |
NIST Server Security July 2008
Scarfone, K. et al.. (2008, July). NIST Special Publication 800-123 - Guide to General Server Security. Retrieved July 26, 2018.
Internal MISP references
UUID 351a444e-2829-4584-83ea-de909e43ee72 which can be used as unique global reference for NIST Server Security July 2008 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-26T00:00:00Z |
| date_published | 2008-07-01T00:00:00Z |
| source | MITRE |
| title | NIST Special Publication 800-123 - Guide to General Server Security |
Netskope Nitol
Malik, A. (2016, October 14). Nitol Botnet makes a resurgence with evasive sandbox analysis technique. Retrieved September 30, 2021.
Internal MISP references
UUID 94b5ac75-1fd5-4cad-a604-2b09846eb975 which can be used as unique global reference for Netskope Nitol in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-30T00:00:00Z |
| date_published | 2016-10-14T00:00:00Z |
| source | MITRE |
| title | Nitol Botnet makes a resurgence with evasive sandbox analysis technique |
FireEye Njw0rm Aug 2013
Dawda, U. and Villeneuve, N. (2013, August 30). Njw0rm - Brother From the Same Mother. Retrieved June 4, 2019.
Internal MISP references
UUID 062c31b1-7c1e-487f-8340-11f4b3faabc4 which can be used as unique global reference for FireEye Njw0rm Aug 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2013-08-30T00:00:00Z |
| source | MITRE |
| title | Njw0rm - Brother From the Same Mother |
Nltest Manual
ss64. (n.d.). NLTEST.exe - Network Location Test. Retrieved February 14, 2019.
Internal MISP references
UUID 4bb113a8-7e2c-4656-86f4-c30b08705ffa which can be used as unique global reference for Nltest Manual in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-14T00:00:00Z |
| source | MITRE |
| title | NLTEST.exe - Network Location Test |
Nmap: the Network Mapper
Nmap. (n.d.). Nmap: the Network Mapper - Free Security Scanner. Retrieved September 7, 2023.
Internal MISP references
UUID 65f1bbaa-8ad1-4ad5-b726-660558d27efc which can be used as unique global reference for Nmap: the Network Mapper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Nmap: the Network Mapper - Free Security Scanner |
Microsoft Nobelium Admin Privileges
Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved January 31, 2022.
Internal MISP references
UUID aa315293-77a5-4ad9-b024-9af844edff9a which can be used as unique global reference for Microsoft Nobelium Admin Privileges in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-31T00:00:00Z |
| date_published | 2021-10-25T00:00:00Z |
| source | MITRE |
| title | NOBELIUM targeting delegated administrative privileges to facilitate broader attacks |
MSTIC Nobelium Oct 2021
Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved March 25, 2022.
Internal MISP references
UUID 7b6cc308-9871-47e5-9039-a9a7e66ce373 which can be used as unique global reference for MSTIC Nobelium Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2021-10-25T00:00:00Z |
| source | MITRE |
| title | NOBELIUM targeting delegated administrative privileges to facilitate broader attacks |
Symantec Noberus September 22 2022
Symantec Threat Hunter Team. (2022, September 22). Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics. Retrieved September 14, 2023.
Internal MISP references
UUID afd6808d-2c9f-4926-b7c6-ca9d3abdd923 which can be used as unique global reference for Symantec Noberus September 22 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2022-09-22T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics |
new_rust_based_ransomware
Symantec Threat Hunter Team. (2021, December 16). Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware. Retrieved January 14, 2022.
Internal MISP references
UUID 8206240f-c84e-442e-b025-f629e9cc8d91 which can be used as unique global reference for new_rust_based_ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-14T00:00:00Z |
| date_published | 2021-12-16T00:00:00Z |
| source | MITRE |
| title | Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware |
SentinelOne NobleBaron June 2021
Guerrero-Saade, J. (2021, June 1). NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks. Retrieved August 4, 2021.
Internal MISP references
UUID 98cf2bb0-f36c-45af-8d47-bf26aca3bb09 which can be used as unique global reference for SentinelOne NobleBaron June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-04T00:00:00Z |
| date_published | 2021-06-01T00:00:00Z |
| source | MITRE |
| title | NobleBaron |
NodeJS
OpenJS Foundation. (n.d.). Node.js. Retrieved June 23, 2020.
Internal MISP references
UUID af710d49-48f4-47f6-98c6-8d4a4568b020 which can be used as unique global reference for NodeJS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| source | MITRE |
| title | Node.js |
Mandiant No Easy Breach
Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved October 4, 2016.
Internal MISP references
UUID e7c49ce6-9c5d-483a-b476-8a48799df6fa which can be used as unique global reference for Mandiant No Easy Breach in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-10-04T00:00:00Z |
| date_published | 2016-09-27T00:00:00Z |
| source | MITRE |
| title | No Easy Breach DerbyCon 2016 |
ESET PipeMon May 2020
Tartare, M. et al. (2020, May 21). No “Game over” for the Winnti Group. Retrieved August 24, 2020.
Internal MISP references
UUID cbc09411-be18-4241-be69-b718a741ed8c which can be used as unique global reference for ESET PipeMon May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-24T00:00:00Z |
| date_published | 2020-05-21T00:00:00Z |
| source | MITRE |
| title | No “Game over” for the Winnti Group |
nohup Linux Man
Meyering, J. (n.d.). nohup(1). Retrieved August 30, 2023.
Internal MISP references
UUID f61dde91-3518-5a74-8eb8-bb3bae43e8fb which can be used as unique global reference for nohup Linux Man in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-30T00:00:00Z |
| source | MITRE |
| title | nohup(1) |
Unit 42 Nokki Oct 2018
Grunzweig, J. (2018, October 01). NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT. Retrieved November 5, 2018.
Internal MISP references
UUID 4eea6638-a71b-4d74-acc4-0fac82ef72f6 which can be used as unique global reference for Unit 42 Nokki Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2018-10-01T00:00:00Z |
| source | MITRE |
| title | NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT |
ESET Nomadic Octopus 2018
Cherepanov, A. (2018, October 4). Nomadic Octopus Cyber espionage in Central Asia. Retrieved October 13, 2021.
Internal MISP references
UUID 50dcb3f0-1461-453a-aab9-38c2e259173f which can be used as unique global reference for ESET Nomadic Octopus 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| date_published | 2018-10-04T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Nomadic Octopus Cyber espionage in Central Asia |
Malwarebytes Pony April 2016
hasherezade. (2016, April 11). No money, but Pony! From a mail to a trojan horse. Retrieved May 21, 2020.
Internal MISP references
UUID f8700002-5da6-4cb8-be62-34e421d2a573 which can be used as unique global reference for Malwarebytes Pony April 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-21T00:00:00Z |
| date_published | 2016-04-11T00:00:00Z |
| source | MITRE |
| title | No money, but Pony! From a mail to a trojan horse |
WithSecure Lazarus-NoPineapple Threat Intel Report 2023
Ruohonen, S. & Robinson, S. (2023, February 2). No Pineapple! -DPRK Targeting of Medical Research and Technology Sector. Retrieved July 10, 2023.
Internal MISP references
UUID 195922fa-a843-5cd3-a153-32f0b960dcb9 which can be used as unique global reference for WithSecure Lazarus-NoPineapple Threat Intel Report 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-10T00:00:00Z |
| date_published | 2023-02-02T00:00:00Z |
| source | MITRE |
| title | No Pineapple! -DPRK Targeting of Medical Research and Technology Sector |
xorrior chrome extensions macOS
Chris Ross. (2019, February 8). No Place Like Chrome. Retrieved April 27, 2021.
Internal MISP references
UUID 84bfd3a1-bda2-4821-ac52-6af8515e5879 which can be used as unique global reference for xorrior chrome extensions macOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-27T00:00:00Z |
| date_published | 2019-02-08T00:00:00Z |
| source | MITRE |
| title | No Place Like Chrome |
Cybernews Yanfeng Qilin November 2023
Stefanie Schappert. (2023, November 28). North American auto supplier Yanfeng claimed by Qilin ransom group. Retrieved November 30, 2023.
Internal MISP references
UUID 93c89ca5-1863-4ee2-9fff-258f94f655c4 which can be used as unique global reference for Cybernews Yanfeng Qilin November 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-30T00:00:00Z |
| date_published | 2023-11-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | North American auto supplier Yanfeng claimed by Qilin ransom group |
The Hacker News Lazarus Aug 2022
Lakshmanan, R. (2022, August 17). North Korea Hackers Spotted Targeting Job Seekers with macOS Malware. Retrieved April 10, 2023.
Internal MISP references
UUID 8ae38830-1547-5cc1-83a4-87c3a7c82aa6 which can be used as unique global reference for The Hacker News Lazarus Aug 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-04-10T00:00:00Z |
| date_published | 2022-08-17T00:00:00Z |
| source | MITRE |
| title | North Korea Hackers Spotted Targeting Job Seekers with macOS Malware |
Zdnet Kimsuky Group September 2020
Cimpanu, C. (2020, September 30). North Korea has tried to hack 11 officials of the UN Security Council. Retrieved November 4, 2020.
Internal MISP references
UUID 6253bbc5-4d7d-4b7e-bd6b-59bd6366dc50 which can be used as unique global reference for Zdnet Kimsuky Group September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-04T00:00:00Z |
| date_published | 2020-09-30T00:00:00Z |
| source | MITRE |
| title | North Korea has tried to hack 11 officials of the UN Security Council |
Volexity InkySquid BLUELIGHT August 2021
Cash, D., Grunzweig, J., Meltzer, M., Adair, S., Lancaster, T. (2021, August 17). North Korean APT InkySquid Infects Victims Using Browser Exploits. Retrieved September 30, 2021.
Internal MISP references
UUID 7e394434-364f-4e50-9a96-3e75dacc9866 which can be used as unique global reference for Volexity InkySquid BLUELIGHT August 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-30T00:00:00Z |
| date_published | 2021-08-17T00:00:00Z |
| source | MITRE |
| title | North Korean APT InkySquid Infects Victims Using Browser Exploits |
Talos Kimsuky Nov 2021
An, J and Malhotra, A. (2021, November 10). North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets. Retrieved December 29, 2021.
Internal MISP references
UUID 17927f0e-297a-45ec-8e1c-8a33892205dc which can be used as unique global reference for Talos Kimsuky Nov 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-29T00:00:00Z |
| date_published | 2021-11-10T00:00:00Z |
| source | MITRE |
| title | North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets |
Volexity InkySquid RokRAT August 2021
Cash, D., Grunzweig, J., Adair, S., Lancaster, T. (2021, August 25). North Korean BLUELIGHT Special: InkySquid Deploys RokRAT. Retrieved October 1, 2021.
Internal MISP references
UUID bff1667b-3f87-4653-bd17-b675e997baf1 which can be used as unique global reference for Volexity InkySquid RokRAT August 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-01T00:00:00Z |
| date_published | 2021-08-25T00:00:00Z |
| source | MITRE |
| title | North Korean BLUELIGHT Special: InkySquid Deploys RokRAT |
Lazarus APT January 2022
Saini, A. and Hossein, J. (2022, January 27). North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign. Retrieved January 27, 2022.
Internal MISP references
UUID fbd96014-16c3-4ad6-bb3f-f92d15efce13 which can be used as unique global reference for Lazarus APT January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-27T00:00:00Z |
| date_published | 2022-01-27T00:00:00Z |
| source | MITRE |
| title | North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign |
Github NoRunDll
gtworek. (2019, December 17). NoRunDll. Retrieved August 23, 2021.
Internal MISP references
UUID 72d4b682-ed19-4e0f-aeff-faa52b3a0439 which can be used as unique global reference for Github NoRunDll in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-23T00:00:00Z |
| date_published | 2019-12-17T00:00:00Z |
| source | MITRE |
| title | NoRunDll |
Crowdstrike TELCO BPO Campaign December 2022
Parisi, T. (2022, December 2). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved June 30, 2023.
Internal MISP references
UUID 382785e1-4ef3-506e-b74f-cd07df9ae46e which can be used as unique global reference for Crowdstrike TELCO BPO Campaign December 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-30T00:00:00Z |
| date_published | 2022-12-02T00:00:00Z |
| source | MITRE |
| title | Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies |
CrowdStrike Scattered Spider SIM Swapping December 22 2022
Tim Parisi. (2022, December 22). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved September 14, 2023.
Internal MISP references
UUID e48760ba-2752-4d30-8f99-152c81f63017 which can be used as unique global reference for CrowdStrike Scattered Spider SIM Swapping December 22 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2022-12-22T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies |
Sophos Dyreza April 2015
Ducklin, P. (2015, April 20). Notes from SophosLabs: Dyreza, the malware that discriminates against old computers. Retrieved June 16, 2020.
Internal MISP references
UUID 50f9aa49-dde5-42c9-ba5c-f42281a71b7e which can be used as unique global reference for Sophos Dyreza April 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-16T00:00:00Z |
| date_published | 2015-04-20T00:00:00Z |
| source | MITRE |
| title | Notes from SophosLabs: Dyreza, the malware that discriminates against old computers |
NIST Supply Chain 2012
Boyens, J,. Et al.. (2002, October). Notional Supply Chain Risk Management Practices for Federal Information Systems. Retrieved April 6, 2018.
Internal MISP references
UUID b3171abc-957c-4bd5-a18f-0d66bba396b9 which can be used as unique global reference for NIST Supply Chain 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2002-10-01T00:00:00Z |
| source | MITRE |
| title | Notional Supply Chain Risk Management Practices for Federal Information Systems |
eSentire FIN7 July 2021
eSentire. (2021, July 21). Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.. Retrieved September 20, 2021.
Internal MISP references
UUID 3976dd0e-7dee-4ae7-8c38-484b12ca233e which can be used as unique global reference for eSentire FIN7 July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2021-07-21T00:00:00Z |
| source | MITRE |
| title | Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc. |
Secureworks NotPetya June 2017
Counter Threat Research Team. (2017, June 28). NotPetya Campaign: What We Know About the Latest Global Ransomware Attack. Retrieved June 11, 2020.
Internal MISP references
UUID 3109e59c-ace2-4e5a-bba2-24b840a7af0d which can be used as unique global reference for Secureworks NotPetya June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-11T00:00:00Z |
| date_published | 2017-06-28T00:00:00Z |
| source | MITRE |
| title | NotPetya Campaign: What We Know About the Latest Global Ransomware Attack |
SensePost NotRuler
SensePost. (2017, September 21). NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange. Retrieved February 4, 2019.
Internal MISP references
UUID 1bafe35e-f99c-4aa9-8b2f-5a35970ec83b which can be used as unique global reference for SensePost NotRuler in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-04T00:00:00Z |
| date_published | 2017-09-21T00:00:00Z |
| source | MITRE |
| title | NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange |
FireEye APT29 Nov 2018
Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018.
Internal MISP references
UUID 30e769e0-4552-429b-b16e-27830d42edea which can be used as unique global reference for FireEye APT29 Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-27T00:00:00Z |
| date_published | 2018-11-19T00:00:00Z |
| source | MITRE |
| title | Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign |
NT API Windows
The NTinterlnals.net team. (n.d.). Nowak, T. Retrieved June 25, 2020.
Internal MISP references
UUID 306f7da7-caa2-40bf-a3db-e579c541eeb4 which can be used as unique global reference for NT API Windows in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| source | MITRE |
| title | Nowak, T |
Npcap: Windows Packet Capture Library & Driver
Npcap. (n.d.). Npcap: Windows Packet Capture Library & Driver. Retrieved September 7, 2023.
Internal MISP references
UUID c8dc5650-eb37-4bb6-b5b7-e6269c79785c which can be used as unique global reference for Npcap: Windows Packet Capture Library & Driver in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Npcap: Windows Packet Capture Library & Driver |
NPLogonNotify
Microsoft. (2021, October 21). NPLogonNotify function (npapi.h). Retrieved March 30, 2023.
Internal MISP references
UUID 1fda833e-e543-5e68-a0f5-8a4170dd632a which can be used as unique global reference for NPLogonNotify in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2021-10-21T00:00:00Z |
| source | MITRE |
| title | NPLogonNotify function (npapi.h) |
NPPSPY
Grzegorz Tworek. (2021, December 15). NPPSpy. Retrieved March 30, 2023.
Internal MISP references
UUID c12bfaf6-4d83-552e-912b-cc55bce85961 which can be used as unique global reference for NPPSPY in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2021-12-15T00:00:00Z |
| source | MITRE |
| title | NPPSpy |
ntdsutil.exe - LOLBAS Project
LOLBAS. (2020, January 10). ntdsutil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9d15ab80-86b7-4a69-ae3f-de017ca89f37 which can be used as unique global reference for ntdsutil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-01-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ntdsutil.exe |
Ntdsutil Microsoft
Microsoft. (2016, August 31). Ntdsutil Microsoft. Retrieved July 11, 2023.
Internal MISP references
UUID 34de2f08-0481-4894-80ef-86506d821cf0 which can be used as unique global reference for Ntdsutil Microsoft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-11T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ntdsutil Microsoft |
Microsoft NTFS File Attributes Aug 2010
Hughes, J. (2010, August 25). NTFS File Attributes. Retrieved March 21, 2018.
Internal MISP references
UUID dc4689d2-54b4-4310-ac10-6b234eedbc16 which can be used as unique global reference for Microsoft NTFS File Attributes Aug 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-21T00:00:00Z |
| date_published | 2010-08-25T00:00:00Z |
| source | MITRE |
| title | NTFS File Attributes |
NtQueryInformationProcess
Microsoft. (2021, November 23). NtQueryInformationProcess function (winternl.h). Retrieved February 4, 2022.
Internal MISP references
UUID 7b533ca9-9075-408d-b125-89bc7446ec8f which can be used as unique global reference for NtQueryInformationProcess in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-04T00:00:00Z |
| date_published | 2021-11-23T00:00:00Z |
| source | MITRE |
| title | NtQueryInformationProcess function (winternl.h) |
AsyncRAT GitHub
Nyan-x-Cat. (n.d.). NYAN-x-CAT / AsyncRAT-C-Sharp. Retrieved October 3, 2023.
Internal MISP references
UUID b40fc5d8-02fd-5683-88c3-592c6b06df1a which can be used as unique global reference for AsyncRAT GitHub in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-03T00:00:00Z |
| source | MITRE |
| title | NYAN-x-CAT / AsyncRAT-C-Sharp |
Joe Sec Nymaim
Joe Security. (2016, April 21). Nymaim - evading Sandboxes with API hammering. Retrieved September 30, 2021.
Internal MISP references
UUID fe6ac288-1c7c-4ec0-a709-c3ca56e5d088 which can be used as unique global reference for Joe Sec Nymaim in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-30T00:00:00Z |
| date_published | 2016-04-21T00:00:00Z |
| source | MITRE |
| title | Nymaim - evading Sandboxes with API hammering |
OWASP Fingerprinting
OWASP Wiki. (2018, February 16). OAT-004 Fingerprinting. Retrieved October 20, 2020.
Internal MISP references
UUID ec89a48b-3b00-4928-8450-d2fbd307817f which can be used as unique global reference for OWASP Fingerprinting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2018-02-16T00:00:00Z |
| source | MITRE |
| title | OAT-004 Fingerprinting |
OWASP Vuln Scanning
OWASP. (n.d.). OAT-014 Vulnerability Scanning. Retrieved October 20, 2020.
Internal MISP references
UUID 039c0947-1976-4eb8-bb26-4c74dceea7f0 which can be used as unique global reference for OWASP Vuln Scanning in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2018-02-16T00:00:00Z |
| source | MITRE |
| title | OAT-014 Vulnerability Scanning |
BlackHat API Packers
Choi, S. (2015, August 6). Obfuscated API Functions in Modern Packers. Retrieved August 22, 2022.
Internal MISP references
UUID fc4434c0-373b-42fe-a0f5-683c24fa329e which can be used as unique global reference for BlackHat API Packers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-22T00:00:00Z |
| date_published | 2015-08-06T00:00:00Z |
| source | MITRE |
| title | Obfuscated API Functions in Modern Packers |
FireEye Obfuscation June 2017
Bohannon, D. & Carr N. (2017, June 30). Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques. Retrieved February 12, 2018.
Internal MISP references
UUID 6d1089b7-0efe-4961-8abc-22a882895377 which can be used as unique global reference for FireEye Obfuscation June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-12T00:00:00Z |
| date_published | 2017-06-30T00:00:00Z |
| source | MITRE |
| title | Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques |
objective-see 2017 review
Patrick Wardle. (n.d.). Retrieved March 20, 2018.
Internal MISP references
UUID 26b757c8-25cd-42ef-bef2-eb7a28455d57 which can be used as unique global reference for objective-see 2017 review in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-20T00:00:00Z |
| source | MITRE |
| title | objective-see 2017 review |
Talos Oblique RAT March 2021
Malhotra, A. (2021, March 2). ObliqueRAT returns with new campaign using hijacked websites. Retrieved September 2, 2021.
Internal MISP references
UUID 20e13efb-4ca1-43b2-83a6-c852e03333d7 which can be used as unique global reference for Talos Oblique RAT March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-02T00:00:00Z |
| date_published | 2021-03-02T00:00:00Z |
| source | MITRE |
| title | ObliqueRAT returns with new campaign using hijacked websites |
IBM ITG07 June 2019
McMillen, D. Sperry, C. (2019, June 14). Observations of ITG07 Cyber Operations. Retrieved May 17, 2021.
Internal MISP references
UUID e2d453c3-efb4-44e5-8b60-6a98dd6c3341 which can be used as unique global reference for IBM ITG07 June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-17T00:00:00Z |
| date_published | 2019-06-14T00:00:00Z |
| source | MITRE |
| title | Observations of ITG07 Cyber Operations |
Palo Alto CVE-2015-3113 July 2015
Falcone, R. and Wartell, R.. (2015, July 27). Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved January 22, 2016.
Internal MISP references
UUID 0ab158b4-9085-481a-8458-40f7c752179f which can be used as unique global reference for Palo Alto CVE-2015-3113 July 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-22T00:00:00Z |
| date_published | 2015-07-27T00:00:00Z |
| source | MITRE |
| title | Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload |
Volexity OceanLotus Nov 2017
Lassalle, D., et al. (2017, November 6). OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society. Retrieved November 6, 2017.
Internal MISP references
UUID ed9f5545-377f-4a12-92e4-c0439cc5b037 which can be used as unique global reference for Volexity OceanLotus Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-06T00:00:00Z |
| date_published | 2017-11-06T00:00:00Z |
| source | MITRE |
| title | OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society |
Volexity Ocean Lotus November 2020
Adair, S. and Lancaster, T. (2020, November 6). OceanLotus: Extending Cyber Espionage Operations Through Fake Websites. Retrieved November 20, 2020.
Internal MISP references
UUID dbea2493-7e0a-47f0-88c1-5867f8bb1199 which can be used as unique global reference for Volexity Ocean Lotus November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-20T00:00:00Z |
| date_published | 2020-11-06T00:00:00Z |
| source | MITRE |
| title | OceanLotus: Extending Cyber Espionage Operations Through Fake Websites |
OceanLotus for OS X
Eddie Lee. (2016, February 17). OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update. Retrieved July 5, 2017.
Internal MISP references
UUID 6e9acc29-06af-4915-8e01-7dcccb204530 which can be used as unique global reference for OceanLotus for OS X in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2016-02-17T00:00:00Z |
| source | MITRE |
| title | OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update |
ESET OceanLotus macOS April 2019
Dumont, R.. (2019, April 9). OceanLotus: macOS malware update. Retrieved April 15, 2019.
Internal MISP references
UUID e97e479b-4e6d-40b5-94cb-eac06172c0f8 which can be used as unique global reference for ESET OceanLotus macOS April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-15T00:00:00Z |
| date_published | 2019-04-09T00:00:00Z |
| source | MITRE |
| title | OceanLotus: macOS malware update |
ESET OceanLotus
Foltýn, T. (2018, March 13). OceanLotus ships new backdoor using old tricks. Retrieved May 22, 2018.
Internal MISP references
UUID a7bcbaca-10c1-403a-9eb5-f111af1cbf6a which can be used as unique global reference for ESET OceanLotus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-22T00:00:00Z |
| date_published | 2018-03-13T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | OceanLotus ships new backdoor using old tricks |
Securelist Octopus Oct 2018
Kaspersky Lab's Global Research & Analysis Team. (2018, October 15). Octopus-infested seas of Central Asia. Retrieved November 14, 2018.
Internal MISP references
UUID 77407057-53f1-4fde-bc74-00f73d417f7d which can be used as unique global reference for Securelist Octopus Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-14T00:00:00Z |
| date_published | 2018-10-15T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Octopus-infested seas of Central Asia |
LOLBAS Odbcconf
LOLBAS. (n.d.). Odbcconf.exe. Retrieved March 7, 2019.
Internal MISP references
UUID febcaaec-b535-4347-a4c7-b3284b251897 which can be used as unique global reference for LOLBAS Odbcconf in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-07T00:00:00Z |
| source | MITRE |
| title | Odbcconf.exe |
Microsoft odbcconf.exe
Microsoft. (2017, January 18). ODBCCONF.EXE. Retrieved March 7, 2019.
Internal MISP references
UUID 9df74876-2abf-4ced-b986-36212225d795 which can be used as unique global reference for Microsoft odbcconf.exe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-07T00:00:00Z |
| date_published | 2017-01-18T00:00:00Z |
| source | MITRE |
| title | ODBCCONF.EXE |
GrimBlog UsernameEnum
GrimHacker. (2017, July 24). Office365 ActiveSync Username Enumeration. Retrieved December 9, 2021.
Internal MISP references
UUID cab25908-63da-484d-8c42-4451f46086e2 which can be used as unique global reference for GrimBlog UsernameEnum in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-09T00:00:00Z |
| date_published | 2017-07-24T00:00:00Z |
| source | MITRE |
| title | Office365 ActiveSync Username Enumeration |
GitHub Office 365 User Enumeration
gremwell. (2020, March 24). Office 365 User Enumeration. Retrieved May 27, 2022.
Internal MISP references
UUID 314fb591-d5f2-4f0c-ab0b-97977308b5dc which can be used as unique global reference for GitHub Office 365 User Enumeration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2020-03-24T00:00:00Z |
| source | MITRE |
| title | Office 365 User Enumeration |
GitHub Office-Crackros Aug 2016
Carr, N. (2016, August 14). OfficeCrackros. Retrieved February 12, 2018.
Internal MISP references
UUID 6298d7b0-c6f9-46dd-91f0-41ef0ad515a5 which can be used as unique global reference for GitHub Office-Crackros Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-12T00:00:00Z |
| date_published | 2016-08-14T00:00:00Z |
| source | MITRE |
| title | OfficeCrackros |
GlobalDotName Jun 2019
Shukrun, S. (2019, June 2). Office Templates and GlobalDotName - A Stealthy Office Persistence Technique. Retrieved August 26, 2019.
Internal MISP references
UUID f574182a-5d91-43c8-b560-e84a7e941c96 which can be used as unique global reference for GlobalDotName Jun 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-26T00:00:00Z |
| date_published | 2019-06-02T00:00:00Z |
| source | MITRE |
| title | Office Templates and GlobalDotName - A Stealthy Office Persistence Technique |
Microsoft VBA
Microsoft. (2019, June 11). Office VBA Reference. Retrieved June 23, 2020.
Internal MISP references
UUID ba0e3c5d-7934-4ece-b4a1-c03bc355f378 which can be used as unique global reference for Microsoft VBA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| date_published | 2019-06-11T00:00:00Z |
| source | MITRE |
| title | Office VBA Reference |
OfflineScannerShell.exe - LOLBAS Project
LOLBAS. (2021, August 16). OfflineScannerShell.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 8194442f-4f86-438e-bd0c-f4cbda0264b8 which can be used as unique global reference for OfflineScannerShell.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | OfflineScannerShell.exe |
Bitdefender Agent Tesla April 2020
Arsene, L. (2020, April 21). Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal. Retrieved May 19, 2020.
Internal MISP references
UUID e3d932fc-0148-43b9-bcc7-971dd7ba3bf8 which can be used as unique global reference for Bitdefender Agent Tesla April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-19T00:00:00Z |
| date_published | 2020-04-21T00:00:00Z |
| source | MITRE |
| title | Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal |
Palo Alto OilRig April 2017
Falcone, R.. (2017, April 27). OilRig Actors Provide a Glimpse into Development and Testing Efforts. Retrieved May 3, 2017.
Internal MISP references
UUID fb561cdd-03f6-4867-b5b5-7e4deb11f0d0 which can be used as unique global reference for Palo Alto OilRig April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-03T00:00:00Z |
| date_published | 2017-04-27T00:00:00Z |
| source | MITRE |
| title | OilRig Actors Provide a Glimpse into Development and Testing Efforts |
OilRig New Delivery Oct 2017
Falcone, R. and Lee, B. (2017, October 9). OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan. Retrieved January 8, 2018.
Internal MISP references
UUID f5f3e1e7-1d83-4ddc-a878-134cd0d268ce which can be used as unique global reference for OilRig New Delivery Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-08T00:00:00Z |
| date_published | 2017-10-09T00:00:00Z |
| source | MITRE |
| title | OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan |
Palo Alto OilRig Oct 2016
Grunzweig, J. and Falcone, R.. (2016, October 4). OilRig Malware Campaign Updates Toolset and Expands Targets. Retrieved May 3, 2017.
Internal MISP references
UUID 14bbb07b-caeb-4d17-8e54-047322a5930c which can be used as unique global reference for Palo Alto OilRig Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-03T00:00:00Z |
| date_published | 2016-10-04T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | OilRig Malware Campaign Updates Toolset and Expands Targets |
Unit 42 OilRig Sept 2018
Falcone, R., et al. (2018, September 04). OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE. Retrieved September 24, 2018.
Internal MISP references
UUID 84815940-b98a-4f5c-82fe-7d8bf2f51a09 which can be used as unique global reference for Unit 42 OilRig Sept 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-24T00:00:00Z |
| date_published | 2018-09-04T00:00:00Z |
| source | MITRE |
| title | OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE |
Unit42 RDAT July 2020
Falcone, R. (2020, July 22). OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory. Retrieved July 28, 2020.
Internal MISP references
UUID 2929baa5-ead7-4936-ab67-c4742afc473c which can be used as unique global reference for Unit42 RDAT July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-28T00:00:00Z |
| date_published | 2020-07-22T00:00:00Z |
| source | MITRE |
| title | OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory |
Unit 42 QUADAGENT July 2018
Lee, B., Falcone, R. (2018, July 25). OilRig Targets Technology Service Provider and Government Agency with QUADAGENT. Retrieved August 9, 2018.
Internal MISP references
UUID 320f49df-7b0a-4a6a-8542-17b0f56c94c9 which can be used as unique global reference for Unit 42 QUADAGENT July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-09T00:00:00Z |
| date_published | 2018-07-25T00:00:00Z |
| source | MITRE |
| title | OilRig Targets Technology Service Provider and Government Agency with QUADAGENT |
OilRig ISMAgent July 2017
Falcone, R. and Lee, B. (2017, July 27). OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group. Retrieved January 8, 2018.
Internal MISP references
UUID e42c60cb-7827-4896-96e9-1323d5973aac which can be used as unique global reference for OilRig ISMAgent July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-08T00:00:00Z |
| date_published | 2017-07-27T00:00:00Z |
| source | MITRE |
| title | OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group |
Unit 42 RGDoor Jan 2018
Falcone, R. (2018, January 25). OilRig uses RGDoor IIS Backdoor on Targets in the Middle East. Retrieved July 6, 2018.
Internal MISP references
UUID 94b37da6-f808-451e-8f2d-5df0e93358ca which can be used as unique global reference for Unit 42 RGDoor Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-06T00:00:00Z |
| date_published | 2018-01-25T00:00:00Z |
| source | MITRE |
| title | OilRig uses RGDoor IIS Backdoor on Targets in the Middle East |
Palo Alto OilRig Sep 2018
Wilhoit, K. and Falcone, R. (2018, September 12). OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government. Retrieved February 18, 2019.
Internal MISP references
UUID 2ec6eabe-92e2-454c-ba7b-b27fec5b428d which can be used as unique global reference for Palo Alto OilRig Sep 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2018-09-12T00:00:00Z |
| source | MITRE |
| title | OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government |
ESET Okrum July 2019
Hromcova, Z. (2019, July). OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY. Retrieved May 6, 2020.
Internal MISP references
UUID 197163a8-1a38-4edd-ba73-f44e7a329f41 which can be used as unique global reference for ESET Okrum July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-06T00:00:00Z |
| date_published | 2019-07-01T00:00:00Z |
| source | MITRE |
| title | OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY |
Talos Agent Tesla Oct 2018
Brumaghin, E., et al. (2018, October 15). Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox. Retrieved November 5, 2018.
Internal MISP references
UUID a7f38717-afbe-41c1-a404-bcb023c337e3 which can be used as unique global reference for Talos Agent Tesla Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2018-10-15T00:00:00Z |
| source | MITRE |
| title | Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox |
Securelist Malware Tricks April 2017
Ishimaru, S.. (2017, April 13). Old Malware Tricks To Bypass Detection in the Age of Big Data. Retrieved May 30, 2019.
Internal MISP references
UUID 3430ac9b-1621-42b4-9cc7-5ee60191051f which can be used as unique global reference for Securelist Malware Tricks April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-30T00:00:00Z |
| date_published | 2017-04-13T00:00:00Z |
| source | MITRE |
| title | Old Malware Tricks To Bypass Detection in the Age of Big Data |
Red Canary Verclsid.exe
Haag, M., Levan, K. (2017, April 6). Old Phishing Attacks Deploy a New Methodology: Verclsid.exe. Retrieved August 10, 2020.
Internal MISP references
UUID f64e934f-737d-4461-8158-ae855bc472c4 which can be used as unique global reference for Red Canary Verclsid.exe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-10T00:00:00Z |
| date_published | 2017-04-06T00:00:00Z |
| source | MITRE |
| title | Old Phishing Attacks Deploy a New Methodology: Verclsid.exe |
Talos Olympic Destroyer 2018
Mercer, W. and Rascagneres, P. (2018, February 12). Olympic Destroyer Takes Aim At Winter Olympics. Retrieved March 14, 2019.
Internal MISP references
UUID 25a2e179-7abd-4091-8af4-e9d2bf24ef11 which can be used as unique global reference for Talos Olympic Destroyer 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-14T00:00:00Z |
| date_published | 2018-02-12T00:00:00Z |
| source | MITRE |
| title | Olympic Destroyer Takes Aim At Winter Olympics |
Crowdstrike Pirate Panda April 2020
Busselen, M. (2020, April 7). On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations. Retrieved May 20, 2020.
Internal MISP references
UUID f71410b4-5f79-439a-ae9e-8965f9bc577f which can be used as unique global reference for Crowdstrike Pirate Panda April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-20T00:00:00Z |
| date_published | 2020-04-07T00:00:00Z |
| source | MITRE |
| title | On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations |
OneDriveStandaloneUpdater.exe - LOLBAS Project
LOLBAS. (2021, August 22). OneDriveStandaloneUpdater.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3d7dcd68-a7b2-438c-95bb-b7523a39c6f7 which can be used as unique global reference for OneDriveStandaloneUpdater.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-22T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | OneDriveStandaloneUpdater.exe |
chasing_avaddon_ransomware
Hernandez, A. S. Tarter, P. Ocamp, E. J. (2022, January 19). One Source to Rule Them All: Chasing AVADDON Ransomware. Retrieved January 26, 2022.
Internal MISP references
UUID c5aeed6b-2d5d-4d49-b05e-261d565808d9 which can be used as unique global reference for chasing_avaddon_ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-26T00:00:00Z |
| date_published | 2022-01-19T00:00:00Z |
| source | MITRE |
| title | One Source to Rule Them All: Chasing AVADDON Ransomware |
Onion Routing
Wikipedia. (n.d.). Onion Routing. Retrieved October 20, 2020.
Internal MISP references
UUID 0667caad-39cd-469b-91c0-1210c09e6041 which can be used as unique global reference for Onion Routing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Onion Routing |
FireEye FIN7 Aug 2018
Carr, N., et al. (2018, August 01). On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. Retrieved August 23, 2018.
Internal MISP references
UUID 54e5f23a-5ca6-4feb-8046-db2fb71b400a which can be used as unique global reference for FireEye FIN7 Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-23T00:00:00Z |
| date_published | 2018-08-01T00:00:00Z |
| source | MITRE |
| title | On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation |
OSX.FairyTale
Phile Stokes. (2018, September 20). On the Trail of OSX.FairyTale | Adware Playing at Malware. Retrieved August 24, 2021.
Internal MISP references
UUID 27f8ad45-53d2-48ba-b549-f7674cf9c2e7 which can be used as unique global reference for OSX.FairyTale in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| date_published | 2018-09-20T00:00:00Z |
| source | MITRE |
| title | On the Trail of OSX.FairyTale |
Unit 42 OopsIE! Feb 2018
Lee, B., Falcone, R. (2018, February 23). OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan. Retrieved July 16, 2018.
Internal MISP references
UUID d4c2bac0-e95c-46af-ae52-c93de3d92f19 which can be used as unique global reference for Unit 42 OopsIE! Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-16T00:00:00Z |
| date_published | 2018-02-23T00:00:00Z |
| source | MITRE |
| title | OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan |
Proofpoint ZeroT Feb 2017
Huss, D., et al. (2017, February 2). Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX. Retrieved April 5, 2018.
Internal MISP references
UUID 63787035-f136-43e1-b445-22853bbed92b which can be used as unique global reference for Proofpoint ZeroT Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-05T00:00:00Z |
| date_published | 2017-02-02T00:00:00Z |
| source | MITRE |
| title | Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX |
OpenConsole.exe - LOLBAS Project
LOLBAS. (2022, June 17). OpenConsole.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e597522a-68ac-4d7e-80c4-db1c66d2da04 which can be used as unique global reference for OpenConsole.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-06-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | OpenConsole.exe |
Open Login Items Apple
Apple. (n.d.). Open items automatically when you log in on Mac. Retrieved October 1, 2021.
Internal MISP references
UUID 46a480eb-52d1-44c9-8b44-7e516b27cf82 which can be used as unique global reference for Open Login Items Apple in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-01T00:00:00Z |
| source | MITRE |
| title | Open items automatically when you log in on Mac |
OpenSSH Project Page
OpenSSH. (2023, March 15). OpenSSH. Retrieved May 25, 2023.
Internal MISP references
UUID e5ca6811-cd22-4be5-a751-d23fb99d206e which can be used as unique global reference for OpenSSH Project Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-25T00:00:00Z |
| date_published | 2023-03-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | OpenSSH |
Operating with EmPyre
rvrsh3ll. (2016, May 18). Operating with EmPyre. Retrieved July 12, 2017.
Internal MISP references
UUID 459a4ad5-0e28-4bfc-a73e-b9dd516d516f which can be used as unique global reference for Operating with EmPyre in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-12T00:00:00Z |
| date_published | 2016-05-18T00:00:00Z |
| source | MITRE |
| title | Operating with EmPyre |
Windows AppleJeus GReAT
Global Research & Analysis Team, Kaspersky Lab (GReAT). (2018, August 23). Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware. Retrieved September 27, 2022.
Internal MISP references
UUID 336ea5f5-d8cc-4af5-9aa0-203e319b3c28 which can be used as unique global reference for Windows AppleJeus GReAT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-27T00:00:00Z |
| date_published | 2018-08-23T00:00:00Z |
| source | MITRE |
| title | Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware |
Novetta Blockbuster Destructive Malware
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Destructive Malware Report. Retrieved March 2, 2016.
Internal MISP references
UUID de278b77-52cb-4126-9341-5b32843ae9f1 which can be used as unique global reference for Novetta Blockbuster Destructive Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-02T00:00:00Z |
| date_published | 2016-02-24T00:00:00Z |
| source | MITRE |
| title | Operation Blockbuster: Destructive Malware Report |
Novetta Blockbuster Loaders
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Loaders, Installers and Uninstallers Report. Retrieved March 2, 2016.
Internal MISP references
UUID 5d3e2f36-3833-4203-9884-c3ff806da286 which can be used as unique global reference for Novetta Blockbuster Loaders in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-02T00:00:00Z |
| date_published | 2016-02-24T00:00:00Z |
| source | MITRE |
| title | Operation Blockbuster: Loaders, Installers and Uninstallers Report |
Novetta Blockbuster RATs
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report. Retrieved March 16, 2016.
Internal MISP references
UUID 80d88e80-b5a7-48b7-a999-96b06d082997 which can be used as unique global reference for Novetta Blockbuster RATs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-16T00:00:00Z |
| date_published | 2016-02-24T00:00:00Z |
| source | MITRE |
| title | Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report |
Novetta Blockbuster Tools
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Tools Report. Retrieved March 10, 2016.
Internal MISP references
UUID 6dd1b091-9ace-4e31-9845-3b1091147ecd which can be used as unique global reference for Novetta Blockbuster Tools in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-10T00:00:00Z |
| date_published | 2016-02-24T00:00:00Z |
| source | MITRE |
| title | Operation Blockbuster: Tools Report |
Novetta Blockbuster
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. Retrieved February 25, 2016.
Internal MISP references
UUID bde96b4f-5f98-4ce5-a507-4b05d192b6d7 which can be used as unique global reference for Novetta Blockbuster in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-25T00:00:00Z |
| date_published | 2016-02-24T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation Blockbuster: Unraveling the Long Thread of the Sony Attack |
FireEye Clandestine Wolf
Eng, E., Caselden, D.. (2015, June 23). Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign. Retrieved January 14, 2016.
Internal MISP references
UUID dbb779c4-4d75-4fb4-ad3a-7d1f0f74e26f which can be used as unique global reference for FireEye Clandestine Wolf in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2015-06-23T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign |
Cylance Cleaver
Cylance. (2014, December). Operation Cleaver. Retrieved September 14, 2017.
Internal MISP references
UUID f0b45225-3ec3-406f-bd74-87f24003761b which can be used as unique global reference for Cylance Cleaver in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-09-14T00:00:00Z |
| date_published | 2014-12-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation Cleaver |
PWC Cloud Hopper April 2017
PwC and BAE Systems. (2017, April). Operation Cloud Hopper. Retrieved April 5, 2017.
Internal MISP references
UUID fe741064-8cd7-428b-bdb9-9f2ab7e92489 which can be used as unique global reference for PWC Cloud Hopper April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-05T00:00:00Z |
| date_published | 2017-04-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation Cloud Hopper |
PWC Cloud Hopper Technical Annex April 2017
PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
Internal MISP references
UUID da6c8a72-c732-44d5-81ac-427898706eed which can be used as unique global reference for PWC Cloud Hopper Technical Annex April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-13T00:00:00Z |
| date_published | 2017-04-01T00:00:00Z |
| source | MITRE |
| title | Operation Cloud Hopper: Technical Annex |
Cybereason Cobalt Kitty 2017
Dahan, A. (2017). Operation Cobalt Kitty. Retrieved December 27, 2018.
Internal MISP references
UUID bf838a23-1620-4668-807a-4354083d69b1 which can be used as unique global reference for Cybereason Cobalt Kitty 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-27T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | Operation Cobalt Kitty |
Cybereason Oceanlotus May 2017
Dahan, A. (2017, May 24). OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP. Retrieved November 5, 2018.
Internal MISP references
UUID 1ef3025b-d4a9-49aa-b744-2dbea10a0abf which can be used as unique global reference for Cybereason Oceanlotus May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2017-05-24T00:00:00Z |
| source | MITRE |
| title | OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP |
Cybereason OperationCuckooBees May 2022
Cybereason Nocturnus. (2022, May 4). Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques. Retrieved September 22, 2022.
Internal MISP references
UUID fe3e2c7e-2287-406c-b717-cf7721b5843a which can be used as unique global reference for Cybereason OperationCuckooBees May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-22T00:00:00Z |
| date_published | 2022-05-04T00:00:00Z |
| source | MITRE |
| title | Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques |
Securelist ScarCruft Jun 2016
Raiu, C., and Ivanov, A. (2016, June 17). Operation Daybreak. Retrieved February 15, 2018.
Internal MISP references
UUID 04961952-9bac-48f3-adc7-40a3a2bcee84 which can be used as unique global reference for Securelist ScarCruft Jun 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2016-06-17T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation Daybreak |
FireEye Operation Double Tap
Moran, N., et al. (2014, November 21). Operation Double Tap. Retrieved January 14, 2016.
Internal MISP references
UUID 4b9af128-98da-48b6-95c7-8d27979c2ab1 which can be used as unique global reference for FireEye Operation Double Tap in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2014-11-21T00:00:00Z |
| source | MITRE |
| title | Operation Double Tap |
ClearSky Lazarus Aug 2020
ClearSky Research Team. (2020, August 13). Operation 'Dream Job' Widespread North Korean Espionage Campaign. Retrieved December 20, 2021.
Internal MISP references
UUID 2827e6e4-8163-47fb-9e22-b59e59cd338f which can be used as unique global reference for ClearSky Lazarus Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-20T00:00:00Z |
| date_published | 2020-08-13T00:00:00Z |
| source | MITRE |
| title | Operation 'Dream Job' Widespread North Korean Espionage Campaign |
Cylance Dust Storm
Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.
Internal MISP references
UUID 001dd53c-74e6-4add-aeb7-da76b0d2afe8 which can be used as unique global reference for Cylance Dust Storm in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-22T00:00:00Z |
| date_published | 2016-02-23T00:00:00Z |
| source | MITRE |
| title | Operation Dust Storm |
DustySky
ClearSky. (2016, January 7). Operation DustySky. Retrieved January 8, 2016.
Internal MISP references
UUID b9e0770d-f54a-4ada-abd1-65c45eee00fa which can be used as unique global reference for DustySky in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-08T00:00:00Z |
| date_published | 2016-01-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation DustySky |
DustySky2
ClearSky Cybersecurity. (2016, June 9). Operation DustySky - Part 2. Retrieved August 3, 2016.
Internal MISP references
UUID 4a3ecdec-254c-4eb4-9126-f540bb21dffe which can be used as unique global reference for DustySky2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-06-09T00:00:00Z |
| source | MITRE |
| title | Operation DustySky - Part 2 |
Trend Micro Tick November 2019
Chen, J. et al. (2019, November). Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data. Retrieved June 9, 2020.
Internal MISP references
UUID 93adbf0d-5f5e-498e-aca1-ed3eb11561e7 which can be used as unique global reference for Trend Micro Tick November 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-09T00:00:00Z |
| date_published | 2019-11-01T00:00:00Z |
| source | MITRE |
| title | Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data |
FireEye DeputyDog 9002 November 2013
Moran, N. et al.. (2013, November 10). Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method. Retrieved March 19, 2018.
Internal MISP references
UUID 68b5a913-b696-4ca5-89ed-63453023d2a2 which can be used as unique global reference for FireEye DeputyDog 9002 November 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2013-11-10T00:00:00Z |
| source | MITRE |
| title | Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method |
Volexity Exchange Marauder March 2021
Gruzweig, J. et al. (2021, March 2). Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities. Retrieved March 3, 2021.
Internal MISP references
UUID ef0626e9-281c-4770-b145-ffe36e18e369 which can be used as unique global reference for Volexity Exchange Marauder March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-03T00:00:00Z |
| date_published | 2021-03-02T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities |
ESET Dukes October 2019
Faou, M., Tartare, M., Dupuy, T. (2019, October). OPERATION GHOST. Retrieved September 23, 2020.
Internal MISP references
UUID fbc77b85-cc5a-4c65-956d-b8556974b4ef which can be used as unique global reference for ESET Dukes October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-23T00:00:00Z |
| date_published | 2019-10-01T00:00:00Z |
| source | MITRE |
| title | OPERATION GHOST |
IssueMakersLab Andariel GoldenAxe May 2017
IssueMakersLab. (2017, May 1). Operation GoldenAxe. Retrieved September 29, 2021.
Internal MISP references
UUID 10a21964-d31f-40af-bf32-5ccd7d8c99a2 which can be used as unique global reference for IssueMakersLab Andariel GoldenAxe May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2017-05-01T00:00:00Z |
| source | MITRE |
| title | Operation GoldenAxe |
ESET Operation Groundbait
Cherepanov, A.. (2016, May 17). Operation Groundbait: Analysis of a surveillance toolkit. Retrieved May 18, 2016.
Internal MISP references
UUID 218e69fd-558c-459b-9a57-ad2ee3e96296 which can be used as unique global reference for ESET Operation Groundbait in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-05-18T00:00:00Z |
| date_published | 2016-05-17T00:00:00Z |
| source | MITRE |
| title | Operation Groundbait: Analysis of a surveillance toolkit |
Operation Hangover May 2013
Fagerland, S., et al. (2013, May). Operation Hangover: Unveiling an Indian Cyberattack Infrastructure. Retrieved September 26, 2016.
Internal MISP references
UUID fd581c0c-d93e-4396-a372-99cde3cd0c7c which can be used as unique global reference for Operation Hangover May 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-26T00:00:00Z |
| date_published | 2013-05-01T00:00:00Z |
| source | MITRE |
| title | Operation Hangover: Unveiling an Indian Cyberattack Infrastructure |
ESET Lazarus Jun 2020
Breitenbacher, D and Osis, K. (2020, June 17). OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies. Retrieved December 20, 2021.
Internal MISP references
UUID b16a0141-dea3-4b34-8279-7bc1ce3d7052 which can be used as unique global reference for ESET Lazarus Jun 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-20T00:00:00Z |
| date_published | 2020-06-17T00:00:00Z |
| source | MITRE |
| title | OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies |
AhnLab Kimsuky Kabar Cobra Feb 2019
AhnLab. (2019, February 28). Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group. Retrieved September 29, 2021.
Internal MISP references
UUID 4035e871-9291-4d7f-9c5f-d8482d4dc8a7 which can be used as unique global reference for AhnLab Kimsuky Kabar Cobra Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2019-02-28T00:00:00Z |
| source | MITRE |
| title | Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group |
Villeneuve et al 2014
Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.
Internal MISP references
UUID 31504d92-6c4d-43f0-8548-ccc3aa05ba48 which can be used as unique global reference for Villeneuve et al 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs |
Mandiant Operation Ke3chang November 2014
Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.
Internal MISP references
UUID bb45cf96-ceae-4f46-a0f5-08cd89f699c9 which can be used as unique global reference for Mandiant Operation Ke3chang November 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs |
Cisco Operation Layover September 2021
Ventura, V. (2021, September 16). Operation Layover: How we tracked an attack on the aviation industry to five years of compromise. Retrieved September 15, 2023.
Internal MISP references
UUID f19b4bd5-99f9-54c0-bffe-cc9c052aea12 which can be used as unique global reference for Cisco Operation Layover September 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-15T00:00:00Z |
| date_published | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Operation Layover: How we tracked an attack on the aviation industry to five years of compromise |
Lotus Blossom Jun 2015
Falcone, R., et al.. (2015, June 16). Operation Lotus Blossom. Retrieved February 15, 2016.
Internal MISP references
UUID 46fdb8ca-b14d-43bd-a20f-cae7b26e56c6 which can be used as unique global reference for Lotus Blossom Jun 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-15T00:00:00Z |
| date_published | 2015-06-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation Lotus Blossom |
FireEye Operation Molerats
Villeneuve, N., Haq, H., Moran, N. (2013, August 23). OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY. Retrieved April 1, 2016.
Internal MISP references
UUID 6b24e4aa-e773-4ca3-8267-19e036dc1144 which can be used as unique global reference for FireEye Operation Molerats in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-01T00:00:00Z |
| date_published | 2013-08-23T00:00:00Z |
| source | MITRE |
| title | OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY |
McAfee Lazarus Nov 2020
Beek, C. (2020, November 5). Operation North Star: Behind The Scenes. Retrieved December 20, 2021.
Internal MISP references
UUID a283d229-3a2a-43ef-bcbe-aa6d41098b51 which can be used as unique global reference for McAfee Lazarus Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-20T00:00:00Z |
| date_published | 2020-11-05T00:00:00Z |
| source | MITRE |
| title | Operation North Star: Behind The Scenes |
McAfee Lazarus Jul 2020
Cashman, M. (2020, July 29). Operation North Star Campaign. Retrieved December 20, 2021.
Internal MISP references
UUID 43581a7d-d71a-4121-abb6-127483a49d12 which can be used as unique global reference for McAfee Lazarus Jul 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-20T00:00:00Z |
| date_published | 2020-07-29T00:00:00Z |
| source | MITRE |
| title | Operation North Star Campaign |
McAfee Oceansalt Oct 2018
Sherstobitoff, R., Malhotra, A. (2018, October 18). ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group. Retrieved November 30, 2018.
Internal MISP references
UUID 04b475ab-c7f6-4373-a4b0-04b5d8028f95 which can be used as unique global reference for McAfee Oceansalt Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-30T00:00:00Z |
| date_published | 2018-10-18T00:00:00Z |
| source | MITRE |
| title | ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group |
FireEye OpPoisonedHandover February 2016
Ned Moran, Mike Scott, Mike Oppenheim of FireEye. (2014, November 3). Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement. Retrieved April 18, 2019.
Internal MISP references
UUID 1d57b1c8-930b-4bcb-a51e-39020327cc5d which can be used as unique global reference for FireEye OpPoisonedHandover February 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-18T00:00:00Z |
| date_published | 2014-11-03T00:00:00Z |
| source | MITRE |
| title | Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement |
Operation Quantum Entanglement
Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 4, 2015.
Internal MISP references
UUID c94f9652-32c3-4975-a9c0-48f93bdfe790 which can be used as unique global reference for Operation Quantum Entanglement in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-11-04T00:00:00Z |
| date_published | 2014-09-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | OPERATION QUANTUM ENTANGLEMENT |
ProofPoint GoT 9002 Aug 2017
Huss, D. & Mesa, M. (2017, August 25). Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures. Retrieved March 19, 2018.
Internal MISP references
UUID b796f889-400c-440b-86b2-1588fd15f3ae which can be used as unique global reference for ProofPoint GoT 9002 Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2017-08-25T00:00:00Z |
| source | MITRE |
| title | Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures |
FireEye Op RussianDoll
FireEye Labs. (2015, April 18). Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack. Retrieved April 24, 2017.
Internal MISP references
UUID 6f5986b7-07ee-4bca-9cb1-248744e94d7f which can be used as unique global reference for FireEye Op RussianDoll in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-24T00:00:00Z |
| date_published | 2015-04-18T00:00:00Z |
| source | MITRE |
| title | Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack |
FireEye Operation Saffron Rose 2013
Villeneuve, N. et al.. (2013). OPERATION SAFFRON ROSE . Retrieved May 28, 2020.
Internal MISP references
UUID 2f4c0941-d14e-4eb8-828c-f1d9a1e14a95 which can be used as unique global reference for FireEye Operation Saffron Rose 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-28T00:00:00Z |
| date_published | 2013-01-01T00:00:00Z |
| source | MITRE |
| title | OPERATION SAFFRON ROSE |
Cylance Shaheen Nov 2018
Livelli, K, et al. (2018, November 12). Operation Shaheen. Retrieved May 1, 2019.
Internal MISP references
UUID 57802e46-e12c-4230-8d1c-08854a0de06a which can be used as unique global reference for Cylance Shaheen Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-01T00:00:00Z |
| date_published | 2018-11-12T00:00:00Z |
| source | MITRE |
| title | Operation Shaheen |
McAfee Sharpshooter December 2018
Sherstobitoff, R., Malhotra, A., et. al.. (2018, December 18). Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure. Retrieved May 14, 2020.
Internal MISP references
UUID 96b6d012-8620-4ef5-bf9a-5f88e465a495 which can be used as unique global reference for McAfee Sharpshooter December 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-14T00:00:00Z |
| date_published | 2018-12-18T00:00:00Z |
| source | MITRE |
| title | Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure |
Novetta-Axiom
Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.
Internal MISP references
UUID 0dd428b9-849b-4108-87b1-20050b86f420 which can be used as unique global reference for Novetta-Axiom in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation SMN: Axiom Threat Actor Group Report |
Cybereason Soft Cell June 2019
Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.
Internal MISP references
UUID 620b7353-0e58-4503-b534-9250a8f5ae3c which can be used as unique global reference for Cybereason Soft Cell June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-18T00:00:00Z |
| date_published | 2019-06-25T00:00:00Z |
| source | MITRE |
| title | Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers |
Azure AD Graph API
Microsoft. (2016, March 26). Operations overview | Graph API concepts. Retrieved June 18, 2020.
Internal MISP references
UUID fed0fef5-e366-4e24-9554-0599744cd1c6 which can be used as unique global reference for Azure AD Graph API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-18T00:00:00Z |
| date_published | 2016-03-26T00:00:00Z |
| source | MITRE |
| title | Operations overview |
ESET Operation Spalax Jan 2021
M. Porolli. (2021, January 21). Operation Spalax: Targeted malware attacks in Colombia. Retrieved September 16, 2022.
Internal MISP references
UUID b699dd10-7d3f-4542-bf8a-b3f0c747bd0e which can be used as unique global reference for ESET Operation Spalax Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-16T00:00:00Z |
| date_published | 2021-01-21T00:00:00Z |
| source | MITRE |
| title | Operation Spalax: Targeted malware attacks in Colombia |
Proofpoint TA453 July2021
Miller, J. et al. (2021, July 13). Operation SpoofedScholars: A Conversation with TA453. Retrieved August 18, 2021.
Internal MISP references
UUID a987872f-2176-437c-a38f-58676b7b12de which can be used as unique global reference for Proofpoint TA453 July2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-18T00:00:00Z |
| date_published | 2021-07-13T00:00:00Z |
| source | MITRE |
| title | Operation SpoofedScholars: A Conversation with TA453 |
Proofpoint Operation Transparent Tribe March 2016
Huss, D. (2016, March 1). Operation Transparent Tribe. Retrieved June 8, 2016.
Internal MISP references
UUID 8e39d0da-114f-4ae6-8130-ca1380077d6a which can be used as unique global reference for Proofpoint Operation Transparent Tribe March 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-08T00:00:00Z |
| date_published | 2016-03-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation Transparent Tribe |
TrendMicro TropicTrooper 2015
Alintanahin, K. (2015). Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers. Retrieved June 14, 2019.
Internal MISP references
UUID 65d1f980-1dc2-4d36-8148-2d8747a39883 which can be used as unique global reference for TrendMicro TropicTrooper 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-14T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers |
ClearSky and Trend Micro Operation Wilted Tulip July 2017
ClearSky and Trend Micro. (2017, July). Operation Wilted Tulip - Exposing a cyber espionage apparatus. Retrieved May 17, 2021.
Internal MISP references
UUID 696b12c6-ce1e-4e79-b781-43e0c70f9f2e which can be used as unique global reference for ClearSky and Trend Micro Operation Wilted Tulip July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-17T00:00:00Z |
| date_published | 2017-07-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Operation Wilted Tulip - Exposing a cyber espionage apparatus |
ClearSky Wilted Tulip July 2017
ClearSky Cyber Security and Trend Micro. (2017, July). Operation Wilted Tulip: Exposing a cyber espionage apparatus. Retrieved August 21, 2017.
Internal MISP references
UUID 50233005-8dc4-4e91-9477-df574271df40 which can be used as unique global reference for ClearSky Wilted Tulip July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-08-21T00:00:00Z |
| date_published | 2017-07-01T00:00:00Z |
| source | MITRE |
| title | Operation Wilted Tulip: Exposing a cyber espionage apparatus |
ESET Windigo Mar 2014
Bilodeau, O., Bureau, M., Calvet, J., Dorais-Joncas, A., Léveillé, M., Vanheuverzwijn, B. (2014, March 18). Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign. Retrieved February 10, 2021.
Internal MISP references
UUID 721cdb36-d3fc-4212-b324-6be2b5f9cb46 which can be used as unique global reference for ESET Windigo Mar 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-10T00:00:00Z |
| date_published | 2014-03-18T00:00:00Z |
| source | MITRE |
| title | Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign |
FoxIT Wocao December 2019
Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.
Internal MISP references
UUID aa3e31c7-71cd-4a3f-b482-9049c9abb631 which can be used as unique global reference for FoxIT Wocao December 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-08T00:00:00Z |
| date_published | 2019-12-19T00:00:00Z |
| source | MITRE |
| title | Operation Wocao: Shining a light on one of China’s hidden hacking groups |
TrendMicro Operation Woolen Goldfish March 2015
Cedric Pernet, Kenney Lu. (2015, March 19). Operation Woolen-Goldfish - When Kittens Go phishing. Retrieved April 21, 2021.
Internal MISP references
UUID 0f077c93-aeda-4c95-9996-c52812a31267 which can be used as unique global reference for TrendMicro Operation Woolen Goldfish March 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-21T00:00:00Z |
| date_published | 2015-03-19T00:00:00Z |
| source | MITRE |
| title | Operation Woolen-Goldfish - When Kittens Go phishing |
Bleeping Computer Op Sharpshooter March 2019
I. Ilascu. (2019, March 3). Op 'Sharpshooter' Connected to North Korea's Lazarus Group. Retrieved September 26, 2022.
Internal MISP references
UUID 84430646-6568-4288-8710-2827692a8862 which can be used as unique global reference for Bleeping Computer Op Sharpshooter March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-26T00:00:00Z |
| date_published | 2019-03-03T00:00:00Z |
| source | MITRE |
| title | Op 'Sharpshooter' Connected to North Korea's Lazarus Group |
Symantec Orangeworm IOCs April 2018
Symantec Security Response Attack Investigation Team. (2018, April 23). Orangeworm: Indicators of Compromise. Retrieved July 8, 2018.
Internal MISP references
UUID 293596ad-a13f-456b-8916-d1e1b1afe0da which can be used as unique global reference for Symantec Orangeworm IOCs April 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-08T00:00:00Z |
| date_published | 2018-04-23T00:00:00Z |
| source | MITRE |
| title | Orangeworm: Indicators of Compromise |
Symantec WastedLocker June 2020
Symantec Threat Intelligence. (2020, June 25). WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations. Retrieved May 20, 2021.
Internal MISP references
UUID 061d8f74-a202-4089-acae-687e4f96933b which can be used as unique global reference for Symantec WastedLocker June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-20T00:00:00Z |
| source | MITRE |
| title | Organizations |
Symantec Calisto July 2018
Pantig, J. (2018, July 30). OSX.Calisto. Retrieved September 7, 2018.
Internal MISP references
UUID cefef3d8-94f5-4d94-9689-6ed38702454f which can be used as unique global reference for Symantec Calisto July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-07T00:00:00Z |
| date_published | 2018-07-30T00:00:00Z |
| source | MITRE |
| title | OSX.Calisto |
Objective-See MacMa Nov 2021
Wardle, P. (2021, November 11). OSX.CDDS (OSX.MacMa). Retrieved June 30, 2022.
Internal MISP references
UUID 7240261e-d901-4a68-b6fc-deec308e8a50 which can be used as unique global reference for Objective-See MacMa Nov 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-30T00:00:00Z |
| date_published | 2021-11-11T00:00:00Z |
| source | MITRE |
| title | OSX.CDDS (OSX.MacMa) |
hexed osx.dok analysis 2019
fluffybunny. (2019, July 9). OSX.Dok Analysis. Retrieved October 4, 2021.
Internal MISP references
UUID 96f9d36a-01a5-418e-85f4-957e58d49c1b which can be used as unique global reference for hexed osx.dok analysis 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2019-07-09T00:00:00Z |
| source | MITRE |
| title | OSX.Dok Analysis |
malwarebyteslabs xcsset dubrobber
Thomas Reed. (2020, April 21). OSX.DubRobber. Retrieved October 5, 2021.
Internal MISP references
UUID 11ef576f-1bac-49e3-acba-85d70a42503e which can be used as unique global reference for malwarebyteslabs xcsset dubrobber in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| date_published | 2020-04-21T00:00:00Z |
| source | MITRE |
| title | OSX.DubRobber |
wardle evilquest partii
Patrick Wardle. (2020, July 3). OSX.EvilQuest Uncovered part ii: insidious capabilities. Retrieved March 21, 2021.
Internal MISP references
UUID 4fee237c-c2ec-47f5-b382-ec6bd4779281 which can be used as unique global reference for wardle evilquest partii in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-21T00:00:00Z |
| date_published | 2020-07-03T00:00:00Z |
| source | MITRE |
| title | OSX.EvilQuest Uncovered part ii: insidious capabilities |
wardle evilquest parti
Patrick Wardle. (2020, June 29). OSX.EvilQuest Uncovered part i: infection, persistence, and more!. Retrieved March 18, 2021.
Internal MISP references
UUID 1ebd91db-9b56-442f-bb61-9e154b5966ac which can be used as unique global reference for wardle evilquest parti in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-18T00:00:00Z |
| date_published | 2020-06-29T00:00:00Z |
| source | MITRE |
| title | OSX.EvilQuest Uncovered part i: infection, persistence, and more! |
eset_osx_flashback
ESET. (2012, January 1). OSX/Flashback. Retrieved April 19, 2022.
Internal MISP references
UUID ce6e5a21-0063-4356-a77a-5c5f9fd2cf5c which can be used as unique global reference for eset_osx_flashback in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-19T00:00:00Z |
| date_published | 2012-01-01T00:00:00Z |
| source | MITRE |
| title | OSX/Flashback |
CheckPoint Dok
Ofer Caspi. (2017, May 4). OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic. Retrieved October 5, 2021.
Internal MISP references
UUID 8c178fd8-db34-45c6-901a-a8b2c178d809 which can be used as unique global reference for CheckPoint Dok in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| date_published | 2017-05-04T00:00:00Z |
| source | MITRE |
| title | OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic |
Intego Shlayer Feb 2018
Long, Joshua. (2018, February 21). OSX/Shlayer: New Mac malware comes out of its shell. Retrieved August 28, 2019.
Internal MISP references
UUID 46eb883c-e203-4cd9-8f1c-c6ea12bc2742 which can be used as unique global reference for Intego Shlayer Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-28T00:00:00Z |
| date_published | 2018-02-21T00:00:00Z |
| source | MITRE |
| title | OSX/Shlayer: New Mac malware comes out of its shell |
SensePost Outlook Forms
Stalmans, E. (2017, April 28). Outlook Forms and Shells. Retrieved February 4, 2019.
Internal MISP references
UUID 5d91a713-2f05-43bd-9fef-aa3f51f4c45a which can be used as unique global reference for SensePost Outlook Forms in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-04T00:00:00Z |
| date_published | 2017-04-28T00:00:00Z |
| source | MITRE |
| title | Outlook Forms and Shells |
SensePost Outlook Home Page
Stalmans, E. (2017, October 11). Outlook Home Page – Another Ruler Vector. Retrieved February 4, 2019.
Internal MISP references
UUID d2758a4b-d326-45a7-9ebf-03efcd1832da which can be used as unique global reference for SensePost Outlook Home Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-04T00:00:00Z |
| date_published | 2017-10-11T00:00:00Z |
| source | MITRE |
| title | Outlook Home Page – Another Ruler Vector |
Outlook Today Home Page
Soutcast. (2018, September 14). Outlook Today Homepage Persistence. Retrieved February 5, 2019.
Internal MISP references
UUID cb7beffb-a955-40fd-b114-de6533efc80d which can be used as unique global reference for Outlook Today Home Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-05T00:00:00Z |
| date_published | 2018-09-14T00:00:00Z |
| source | MITRE |
| title | Outlook Today Homepage Persistence |
Recorded Future Beacon 2019
Recorded Future. (2019, June 20). Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers. Retrieved October 16, 2020.
Internal MISP references
UUID 4e554042-53bb-44d4-9acc-44c86329ac47 which can be used as unique global reference for Recorded Future Beacon 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| date_published | 2019-06-20T00:00:00Z |
| source | MITRE |
| title | Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers |
FireEye APT33 Guardrail
Ackerman, G., et al. (2018, December 21). OVERRULED: Containing a Potentially Destructive Adversary. Retrieved January 17, 2019.
Internal MISP references
UUID 4b4c9e72-eee1-4fa4-8dcb-501ec49882b0 which can be used as unique global reference for FireEye APT33 Guardrail in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-17T00:00:00Z |
| date_published | 2018-12-21T00:00:00Z |
| source | MITRE |
| title | OVERRULED: Containing a Potentially Destructive Adversary |
Kubernetes Cloud Native Security
Kubernetes. (n.d.). Overview of Cloud Native Security. Retrieved March 8, 2023.
Internal MISP references
UUID 55ee5bcc-ba56-58ac-9afb-2349aa75fe39 which can be used as unique global reference for Kubernetes Cloud Native Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| source | MITRE |
| title | Overview of Cloud Native Security |
Apple Dev Dynamic Libraries
Apple. (2012, July 23). Overview of Dynamic Libraries. Retrieved September 7, 2023.
Internal MISP references
UUID 39ffd162-4052-57ec-bd20-2fe6b8e6beab which can be used as unique global reference for Apple Dev Dynamic Libraries in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-07T00:00:00Z |
| date_published | 2012-07-23T00:00:00Z |
| source | MITRE |
| title | Overview of Dynamic Libraries |
Apple Doco Archive Dynamic Libraries
Apple Inc.. (2012, July 23). Overview of Dynamic Libraries. Retrieved March 24, 2021.
Internal MISP references
UUID e3b8cc52-2096-418c-b291-1bc76022961d which can be used as unique global reference for Apple Doco Archive Dynamic Libraries in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| date_published | 2012-07-23T00:00:00Z |
| source | MITRE |
| title | Overview of Dynamic Libraries |
Kubeflow Pipelines
The Kubeflow Authors. (n.d.). Overview of Kubeflow Pipelines. Retrieved March 29, 2021.
Internal MISP references
UUID 0b40474c-173c-4a8c-8cc7-bac2dcfcaedd which can be used as unique global reference for Kubeflow Pipelines in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Overview of Kubeflow Pipelines |
TechNet RDP Gateway
Microsoft. (n.d.). Overview of Remote Desktop Gateway. Retrieved June 6, 2016.
Internal MISP references
UUID 3e832a4f-b8e6-4c28-bb33-f2db817403b9 which can be used as unique global reference for TechNet RDP Gateway in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-06T00:00:00Z |
| source | MITRE |
| title | Overview of Remote Desktop Gateway |
CrowdStrike AQUATIC PANDA December 2021
Wiley, B. et al. (2021, December 29). OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt. Retrieved January 18, 2022.
Internal MISP references
UUID fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2 which can be used as unique global reference for CrowdStrike AQUATIC PANDA December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-18T00:00:00Z |
| date_published | 2021-12-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt |
OWASP Top 10 2017
OWASP. (2017, April 16). OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks. Retrieved February 12, 2019.
Internal MISP references
UUID 044ef2b7-44cc-4da6-b8e2-45d630558534 which can be used as unique global reference for OWASP Top 10 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-12T00:00:00Z |
| date_published | 2017-04-16T00:00:00Z |
| source | MITRE |
| title | OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks |
OWASP Top 10
OWASP. (2018, February 23). OWASP Top Ten Project. Retrieved April 3, 2018.
Internal MISP references
UUID c6db3a77-4d01-4b4d-886d-746d676ed6d0 which can be used as unique global reference for OWASP Top 10 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2018-02-23T00:00:00Z |
| source | MITRE |
| title | OWASP Top Ten Project |
Debian Manual Maintainer Scripts
Debian Policy Manual v4.6.1.1. (2022, August 14). Package maintainer scripts and installation procedure. Retrieved September 27, 2022.
Internal MISP references
UUID e32e293a-f583-494e-9eb5-c82167f2e000 which can be used as unique global reference for Debian Manual Maintainer Scripts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-27T00:00:00Z |
| date_published | 2022-08-14T00:00:00Z |
| source | MITRE |
| title | Package maintainer scripts and installation procedure |
GCP Packet Mirroring
Google Cloud. (n.d.). Packet Mirroring overview. Retrieved March 17, 2022.
Internal MISP references
UUID c91c6399-3520-4410-936d-48c3b13235ca which can be used as unique global reference for GCP Packet Mirroring in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-17T00:00:00Z |
| source | MITRE |
| title | Packet Mirroring overview |
Citizenlab Packrat 2015
Scott-Railton, J., et al. (2015, December 8). Packrat. Retrieved December 18, 2020.
Internal MISP references
UUID 316f347f-3e92-4861-a075-db64adf6b6a8 which can be used as unique global reference for Citizenlab Packrat 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2015-12-08T00:00:00Z |
| source | MITRE |
| title | Packrat |
GitHub Pacu
Rhino Security Labs. (2019, August 22). Pacu. Retrieved October 17, 2019.
Internal MISP references
UUID bda43b1b-ea8d-4371-9984-6d8a7cc24965 which can be used as unique global reference for GitHub Pacu in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-17T00:00:00Z |
| date_published | 2019-08-22T00:00:00Z |
| source | MITRE |
| title | Pacu |
Pacu Detection Disruption Module
Rhino Security Labs. (2021, April 29). Pacu Detection Disruption Module. Retrieved August 4, 2023.
Internal MISP references
UUID deba605b-7abc-5794-a820-448a395aab69 which can be used as unique global reference for Pacu Detection Disruption Module in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| date_published | 2021-04-29T00:00:00Z |
| source | MITRE |
| title | Pacu Detection Disruption Module |
Symantec Palmerworm Sep 2020
Threat Intelligence. (2020, September 29). Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors. Retrieved March 25, 2022.
Internal MISP references
UUID 84ecd475-8d3f-4e7c-afa8-2dff6078bed5 which can be used as unique global reference for Symantec Palmerworm Sep 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2020-09-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors |
Apple PAM
Apple. (2011, May 11). PAM - Pluggable Authentication Modules. Retrieved June 25, 2020.
Internal MISP references
UUID 4838a58e-c00d-4b4c-937d-8da5d9f1a4b5 which can be used as unique global reference for Apple PAM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2011-05-11T00:00:00Z |
| source | MITRE |
| title | PAM - Pluggable Authentication Modules |
Man Pam_Unix
die.net. (n.d.). pam_unix(8) - Linux man page. Retrieved June 25, 2020.
Internal MISP references
UUID 6bc5ad93-3cc2-4429-ac4c-aae72193df27 which can be used as unique global reference for Man Pam_Unix in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| source | MITRE |
| title | pam_unix(8) - Linux man page |
Unit42 PlugX June 2017
Lancaster, T., Idrizovic, E. (2017, June 27). Paranoid PlugX. Retrieved April 19, 2019.
Internal MISP references
UUID 9dc629a0-543c-4221-86cc-0dfb93903988 which can be used as unique global reference for Unit42 PlugX June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| date_published | 2017-06-27T00:00:00Z |
| source | MITRE |
| title | Paranoid PlugX |
Palo Alto PlugX June 2017
Lancaster, T. and Idrizovic, E.. (2017, June 27). Paranoid PlugX. Retrieved July 13, 2017.
Internal MISP references
UUID 27f17e79-ef38-4c20-9250-40c81fa8717a which can be used as unique global reference for Palo Alto PlugX June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-13T00:00:00Z |
| date_published | 2017-06-27T00:00:00Z |
| source | MITRE |
| title | Paranoid PlugX |
Secuirtyinbits Ataware3 May 2019
Secuirtyinbits . (2019, May 14). Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3. Retrieved June 6, 2019.
Internal MISP references
UUID 0828b2fd-c85f-44c7-bb05-61e6eba34336 which can be used as unique global reference for Secuirtyinbits Ataware3 May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-06T00:00:00Z |
| date_published | 2019-05-14T00:00:00Z |
| source | MITRE |
| title | Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3 |
Dragos PARISITE
Dragos. (n.d.). PARISITE. Retrieved December 21, 2020.
Internal MISP references
UUID 15e974db-51a9-4ec1-9725-cff8bb9bc2fa which can be used as unique global reference for Dragos PARISITE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| source | MITRE |
| title | PARISITE |
DOJ Lazarus Sony 2018
Department of Justice. (2018, September 6). Criminal Complaint - United States of America v. PARK JIN HYOK. Retrieved March 29, 2019.
Internal MISP references
UUID 950f8c1e-8793-43b7-abc7-0c9f6790b3b7 which can be used as unique global reference for DOJ Lazarus Sony 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-29T00:00:00Z |
| source | MITRE |
| title | PARK JIN HYOK |
intezer stripped binaries elf files 2018
Ignacio Sanmillan. (2018, February 7). Executable and Linkable Format 101. Part 2: Symbols. Retrieved September 29, 2022.
Internal MISP references
UUID 2d1faa93-fed5-4b0d-b6c9-72bbc4782201 which can be used as unique global reference for intezer stripped binaries elf files 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-29T00:00:00Z |
| source | MITRE |
| title | Part 2: Symbols |
Gabilondo DYLD_INSERT_LIBRARIES Catalina Bypass
Jon Gabilondo. (2019, September 22). How to Inject Code into Mach-O Apps. Part II.. Retrieved March 24, 2021.
Internal MISP references
UUID 67f3ce33-0197-41ef-a9d0-474c97ecf570 which can be used as unique global reference for Gabilondo DYLD_INSERT_LIBRARIES Catalina Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| source | MITRE |
| title | Part II. |
Office 365 Delegated Administration
Microsoft. (n.d.). Partners: Offer delegated administration. Retrieved May 27, 2022.
Internal MISP references
UUID fa0ed0fd-bf57-4a0f-9370-e22f27b20e42 which can be used as unique global reference for Office 365 Delegated Administration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| source | MITRE |
| title | Partners: Offer delegated administration |
Microsoft IFEOorMalware July 2015
Microsoft. (2015, July 30). Part of Windows 10 or really Malware?. Retrieved December 18, 2017.
Internal MISP references
UUID 183843b5-66dc-4229-ba66-3171d9b8e33d which can be used as unique global reference for Microsoft IFEOorMalware July 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2015-07-30T00:00:00Z |
| source | MITRE |
| title | Part of Windows 10 or really Malware? |
Circl Passive DNS
CIRCL Computer Incident Response Center. (n.d.). Passive DNS. Retrieved October 20, 2020.
Internal MISP references
UUID c19f8683-97fb-4e0c-a9f5-12033b1d38ca which can be used as unique global reference for Circl Passive DNS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Passive DNS |
ObjectiveSee AppleJeus 2019
Patrick Wardle. (2019, October 12). Pass the AppleJeus. Retrieved September 28, 2022.
Internal MISP references
UUID 4cfec669-1db5-4a67-81e2-18383e4c4d3d which can be used as unique global reference for ObjectiveSee AppleJeus 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2019-10-12T00:00:00Z |
| source | MITRE |
| title | Pass the AppleJeus |
GentilKiwi Pass the Ticket
Deply, B. (2014, January 13). Pass the ticket. Retrieved June 2, 2016.
Internal MISP references
UUID 3ff12b9c-1c4e-4383-a771-792f5e95dcf1 which can be used as unique global reference for GentilKiwi Pass the Ticket in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-02T00:00:00Z |
| date_published | 2014-01-13T00:00:00Z |
| source | MITRE |
| title | Pass the ticket |
Wikipedia Password cracking
Wikipedia. (n.d.). Password cracking. Retrieved December 23, 2015.
Internal MISP references
UUID d5ebb79f-b39a-46cb-b546-2db383783a58 which can be used as unique global reference for Wikipedia Password cracking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-23T00:00:00Z |
| source | MITRE |
| title | Password cracking |
RDP Hijacking Korznikov
Korznikov, A. (2017, March 17). Passwordless RDP Session Hijacking Feature All Windows versions. Retrieved December 11, 2017.
Internal MISP references
UUID 8877e1f3-11e6-4ae0-adbd-c9b98b07ee25 which can be used as unique global reference for RDP Hijacking Korznikov in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-11T00:00:00Z |
| date_published | 2017-03-17T00:00:00Z |
| source | MITRE |
| title | Passwordless RDP Session Hijacking Feature All Windows versions |
ise Password Manager February 2019
ise. (2019, February 19). Password Managers: Under the Hood of Secrets Management. Retrieved January 22, 2021.
Internal MISP references
UUID 253104ab-20b0-43d2-8338-afdd3237cc53 which can be used as unique global reference for ise Password Manager February 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-22T00:00:00Z |
| date_published | 2019-02-19T00:00:00Z |
| source | MITRE |
| title | Password Managers: Under the Hood of Secrets Management |
Microsoft Password Complexity
Hall, J., Lich, B. (2017, September 9). Password must meet complexity requirements. Retrieved April 5, 2018.
Internal MISP references
UUID 918d4b6c-5783-4332-96d9-430e4c5ae030 which can be used as unique global reference for Microsoft Password Complexity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-05T00:00:00Z |
| date_published | 2017-09-09T00:00:00Z |
| source | MITRE |
| title | Password must meet complexity requirements |
BlackHillsInfosec Password Spraying
Thyer, J. (2015, October 30). Password Spraying & Other Fun with RPCCLIENT. Retrieved April 25, 2017.
Internal MISP references
UUID f45c7a4b-dafc-4e5c-ad3f-db4b0388a1d7 which can be used as unique global reference for BlackHillsInfosec Password Spraying in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-25T00:00:00Z |
| date_published | 2015-10-30T00:00:00Z |
| source | MITRE |
| title | Password Spraying & Other Fun with RPCCLIENT |
how_pwd_rev_enc_1
Teusink, N. (2009, August 25). Passwords stored using reversible encryption: how it works (part 1). Retrieved November 17, 2021.
Internal MISP references
UUID 180246ca-94d8-4c78-894d-ae3b6fad3257 which can be used as unique global reference for how_pwd_rev_enc_1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-17T00:00:00Z |
| date_published | 2009-08-25T00:00:00Z |
| source | MITRE |
| title | Passwords stored using reversible encryption: how it works (part 1) |
how_pwd_rev_enc_2
Teusink, N. (2009, August 26). Passwords stored using reversible encryption: how it works (part 2). Retrieved November 17, 2021.
Internal MISP references
UUID cc08f190-5c17-441c-a6fa-99f8fdb8d1ae which can be used as unique global reference for how_pwd_rev_enc_2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-17T00:00:00Z |
| date_published | 2009-08-26T00:00:00Z |
| source | MITRE |
| title | Passwords stored using reversible encryption: how it works (part 2) |
Volexity Patchwork June 2018
Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018.
Internal MISP references
UUID d3ed7dd9-0941-4160-aa6a-c0244c63560f which can be used as unique global reference for Volexity Patchwork June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-16T00:00:00Z |
| date_published | 2018-06-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Patchwork APT Group Targets US Think Tanks |
PaloAlto Patchwork Mar 2018
Levene, B. et al.. (2018, March 7). Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent. Retrieved March 31, 2018.
Internal MISP references
UUID 2609e461-1e23-4dc2-aa44-d09f4acb8c6e which can be used as unique global reference for PaloAlto Patchwork Mar 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-31T00:00:00Z |
| date_published | 2018-03-07T00:00:00Z |
| source | MITRE |
| title | Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent |
Symantec Patchwork
Hamada, J.. (2016, July 25). Patchwork cyberespionage group expands targets from governments to wide range of industries. Retrieved August 17, 2016.
Internal MISP references
UUID a6172463-56e2-49f2-856d-f4f8320d7c6e which can be used as unique global reference for Symantec Patchwork in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-17T00:00:00Z |
| date_published | 2016-07-25T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Patchwork cyberespionage group expands targets from governments to wide range of industries |
Trend Micro Pawn Storm OAuth 2017
Hacquebord, F.. (2017, April 25). Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks. Retrieved October 4, 2019.
Internal MISP references
UUID 7d12c764-facd-4086-acd0-5c0287344520 which can be used as unique global reference for Trend Micro Pawn Storm OAuth 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2017-04-25T00:00:00Z |
| source | MITRE |
| title | Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks |
TrendMicro Pawn Storm 2019
Hacquebord, F. (n.d.). Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets. Retrieved December 29, 2020.
Internal MISP references
UUID 104f3264-3e8a-46ca-b9b2-e16a59938570 which can be used as unique global reference for TrendMicro Pawn Storm 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-29T00:00:00Z |
| source | MITRE |
| title | Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets |
TrendMicro Pawn Storm Dec 2020
Hacquebord, F., Remorin, L. (2020, December 17). Pawn Storm’s Lack of Sophistication as a Strategy. Retrieved January 13, 2021.
Internal MISP references
UUID 3bc249cd-f29a-4a74-a179-a6860e43683f which can be used as unique global reference for TrendMicro Pawn Storm Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-13T00:00:00Z |
| date_published | 2020-12-17T00:00:00Z |
| source | MITRE |
| title | Pawn Storm’s Lack of Sophistication as a Strategy |
ClearSky Pay2Kitten December 2020
ClearSky. (2020, December 17). Pay2Key Ransomware – A New Campaign by Fox Kitten. Retrieved December 21, 2020.
Internal MISP references
UUID 6e09bc1a-8a5d-4512-9176-40eed91af358 which can be used as unique global reference for ClearSky Pay2Kitten December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| date_published | 2020-12-17T00:00:00Z |
| source | MITRE |
| title | Pay2Key Ransomware – A New Campaign by Fox Kitten |
PaypalScam
Bob Sullivan. (2000, July 24). PayPal alert! Beware the 'PaypaI' scam. Retrieved March 2, 2017.
Internal MISP references
UUID bcea7897-6cb2-467d-ad3b-ffd20badf19f which can be used as unique global reference for PaypalScam in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-02T00:00:00Z |
| date_published | 2000-07-24T00:00:00Z |
| source | MITRE |
| title | PayPal alert! Beware the 'PaypaI' scam |
Pcalua.exe - LOLBAS Project
LOLBAS. (2018, May 25). Pcalua.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 958064d4-7f9f-46a9-b475-93d6587ed770 which can be used as unique global reference for Pcalua.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Pcalua.exe |
pcodedmp Bontchev
Bontchev, V. (2019, July 30). pcodedmp.py - A VBA p-code disassembler. Retrieved September 17, 2020.
Internal MISP references
UUID 3057d857-6984-4247-918b-952b75ee152e which can be used as unique global reference for pcodedmp Bontchev in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-17T00:00:00Z |
| date_published | 2019-07-30T00:00:00Z |
| source | MITRE |
| title | pcodedmp.py - A VBA p-code disassembler |
GitHub PcShare 2014
LiveMirror. (2014, September 17). PcShare. Retrieved October 11, 2022.
Internal MISP references
UUID f113559f-a6da-43bc-bc64-9ff7155b82bc which can be used as unique global reference for GitHub PcShare 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-11T00:00:00Z |
| date_published | 2014-09-17T00:00:00Z |
| source | MITRE |
| title | PcShare |
Pcwrun.exe - LOLBAS Project
LOLBAS. (2018, May 25). Pcwrun.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b5946ca4-1f1b-4cba-af2f-0b99d6fff8b0 which can be used as unique global reference for Pcwrun.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Pcwrun.exe |
Pcwutl.dll - LOLBAS Project
LOLBAS. (2018, May 25). Pcwutl.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 1050758d-20da-4c4a-83d3-40aeff3db9ca which can be used as unique global reference for Pcwutl.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Pcwutl.dll |
Microsoft Peach Sandstorm September 14 2023
Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved January 31, 2024.
Internal MISP references
UUID 98a631f4-4b95-4159-b311-dee1216ec208 which can be used as unique global reference for Microsoft Peach Sandstorm September 14 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-31T00:00:00Z |
| date_published | 2023-09-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets |
Microsoft Peach Sandstorm 2023
Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved September 18, 2023.
Internal MISP references
UUID 84d026ed-b8f2-5bbb-865a-2d93aa4b2ef8 which can be used as unique global reference for Microsoft Peach Sandstorm 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-18T00:00:00Z |
| date_published | 2023-09-14T00:00:00Z |
| source | MITRE |
| title | Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets |
Microsoft PEB 2021
Microsoft. (2021, October 6). PEB structure (winternl.h). Retrieved November 19, 2021.
Internal MISP references
UUID e0ec4cf6-1e6a-41ab-8704-a66c5cc4d226 which can be used as unique global reference for Microsoft PEB 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-19T00:00:00Z |
| date_published | 2021-10-06T00:00:00Z |
| source | MITRE |
| title | PEB structure (winternl.h) |
Peirates GitHub
InGuardians. (2022, January 5). Peirates GitHub. Retrieved February 8, 2022.
Internal MISP references
UUID a75cde8b-76e4-4dc3-b1d5-cf08479905e7 which can be used as unique global reference for Peirates GitHub in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-08T00:00:00Z |
| date_published | 2022-01-05T00:00:00Z |
| source | MITRE |
| title | Peirates GitHub |
Pentesting AD Forests
García, C. (2019, April 3). Pentesting Active Directory Forests. Retrieved October 20, 2020.
Internal MISP references
UUID 3ca2e78e-751e-460b-9f3c-f851d054bce4 which can be used as unique global reference for Pentesting AD Forests in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-04-03T00:00:00Z |
| source | MITRE |
| title | Pentesting Active Directory Forests |
U.S. CISA BlackTech September 27 2023
Cybersecurity and Infrastructure Security Agency. (2023, September 27). People's Republic of China-Linked Cyber Actors Hide in Router Firmware. Retrieved September 29, 2023.
Internal MISP references
UUID 309bfb48-76d1-4ae9-9c6a-30b54658133c which can be used as unique global reference for U.S. CISA BlackTech September 27 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-29T00:00:00Z |
| date_published | 2023-09-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | People's Republic of China-Linked Cyber Actors Hide in Router Firmware |
Joint Cybersecurity Advisory Volt Typhoon June 2023
NSA et al. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved July 27, 2023.
Internal MISP references
UUID 14872f08-e219-5c0d-a2d7-43a3ba348b4b which can be used as unique global reference for Joint Cybersecurity Advisory Volt Typhoon June 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-27T00:00:00Z |
| date_published | 2023-05-24T00:00:00Z |
| source | MITRE |
| title | People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection |
U.S. CISA Volt Typhoon May 24 2023
Cybersecurity and Infrastructure Security Agency. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved May 25, 2023.
Internal MISP references
UUID 12320f38-ebbf-486a-a450-8a548c3722d6 which can be used as unique global reference for U.S. CISA Volt Typhoon May 24 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-25T00:00:00Z |
| date_published | 2023-05-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection |
TechNet Firewall Design
Microsoft. (2004, February 6). Perimeter Firewall Design. Retrieved April 25, 2016.
Internal MISP references
UUID bb149242-1916-400d-93b8-d0def161ed85 which can be used as unique global reference for TechNet Firewall Design in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-25T00:00:00Z |
| date_published | 2004-02-06T00:00:00Z |
| source | MITRE |
| title | Perimeter Firewall Design |
Oddvar Moe IFEO APR 2018
Moe, O. (2018, April 10). Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe. Retrieved June 27, 2018.
Internal MISP references
UUID 8661b51c-ddb7-484f-919d-22079c39d1e4 which can be used as unique global reference for Oddvar Moe IFEO APR 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-27T00:00:00Z |
| date_published | 2018-04-10T00:00:00Z |
| source | MITRE |
| title | Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe |
Oddvar Moe RunOnceEx Mar 2018
Moe, O. (2018, March 21). Persistence using RunOnceEx - Hidden from Autoruns.exe. Retrieved June 29, 2018.
Internal MISP references
UUID 36d52213-8d9f-4642-892b-40460d5631d7 which can be used as unique global reference for Oddvar Moe RunOnceEx Mar 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-29T00:00:00Z |
| date_published | 2018-03-21T00:00:00Z |
| source | MITRE |
| title | Persistence using RunOnceEx - Hidden from Autoruns.exe |
Xorrior Authorization Plugins
Chris Ross. (2018, October 17). Persistent Credential Theft with Authorization Plugins. Retrieved April 22, 2021.
Internal MISP references
UUID e397815d-34ea-4275-90d8-1b85e5b47369 which can be used as unique global reference for Xorrior Authorization Plugins in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| date_published | 2018-10-17T00:00:00Z |
| source | MITRE |
| title | Persistent Credential Theft with Authorization Plugins |
SpecterOps JXA 2020
Pitt, L. (2020, August 6). Persistent JXA. Retrieved April 14, 2021.
Internal MISP references
UUID d9b6bb05-6ab4-4f5e-9ef0-f3e0cc97ce29 which can be used as unique global reference for SpecterOps JXA 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| date_published | 2020-08-06T00:00:00Z |
| source | MITRE |
| title | Persistent JXA |
PersistentJXA_leopitt
Leo Pitt. (2020, August 6). Persistent JXA - A poor man's Powershell for macOS. Retrieved January 11, 2021.
Internal MISP references
UUID 2d66932e-1b73-4255-a9a8-ea8effb3a776 which can be used as unique global reference for PersistentJXA_leopitt in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-11T00:00:00Z |
| date_published | 2020-08-06T00:00:00Z |
| source | MITRE |
| title | Persistent JXA - A poor man's Powershell for macOS |
Pester.bat - LOLBAS Project
LOLBAS. (2018, May 25). Pester.bat. Retrieved December 4, 2023.
Internal MISP references
UUID 93f281f6-6fcc-474a-b222-b303ea417a18 which can be used as unique global reference for Pester.bat - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Pester.bat |
TrendMicro PE_URSNIF.A2
Trend Micro. (2014, December 11). PE_URSNIF.A2. Retrieved June 5, 2019.
Internal MISP references
UUID 71f5b9da-b882-4376-ac93-b4ce952d0271 which can be used as unique global reference for TrendMicro PE_URSNIF.A2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-05T00:00:00Z |
| date_published | 2014-12-11T00:00:00Z |
| source | MITRE |
| title | PE_URSNIF.A2 |
Volatility Phalanx2
Case, A. (2012, October 10). Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit. Retrieved April 9, 2018.
Internal MISP references
UUID 6149f9ed-9218-489b-b87c-8208de89be68 which can be used as unique global reference for Volatility Phalanx2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2012-10-10T00:00:00Z |
| source | MITRE |
| title | Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit |
Prevailion EvilNum May 2020
Adamitis, D. (2020, May 6). Phantom in the Command Shell. Retrieved December 22, 2021.
Internal MISP references
UUID 533b8ae2-2fc3-4cf4-bcaa-5d8bfcba91c0 which can be used as unique global reference for Prevailion EvilNum May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-22T00:00:00Z |
| date_published | 2020-05-06T00:00:00Z |
| source | MITRE |
| title | Phantom in the Command Shell |
GitHub Phishery
Ryan Hanson. (2016, September 24). phishery. Retrieved October 23, 2020.
Internal MISP references
UUID 6da51561-a813-4802-aa84-1b3de1bc2e14 which can be used as unique global reference for GitHub Phishery in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-23T00:00:00Z |
| date_published | 2016-09-24T00:00:00Z |
| source | MITRE |
| title | phishery |
ryhanson phishery SEPT 2016
Hanson, R. (2016, September 24). phishery. Retrieved July 21, 2018.
Internal MISP references
UUID 7e643cf0-5df7-455d-add7-2342f36bdbcb which can be used as unique global reference for ryhanson phishery SEPT 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-21T00:00:00Z |
| date_published | 2016-09-24T00:00:00Z |
| source | MITRE |
| title | phishery |
ANSSI Nobelium Phishing December 2021
ANSSI. (2021, December 6). PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET. Retrieved April 13, 2022.
Internal MISP references
UUID 96ee2b87-9727-4914-affe-d9dc5d58c955 which can be used as unique global reference for ANSSI Nobelium Phishing December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-13T00:00:00Z |
| date_published | 2021-12-06T00:00:00Z |
| source | MITRE |
| title | PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET |
Enigma Phishing for Credentials Jan 2015
Nelson, M. (2015, January 21). Phishing for Credentials: If you want it, just ask!. Retrieved December 17, 2018.
Internal MISP references
UUID 7fff81f0-2b99-4f4f-8eca-c6a54c4d8205 which can be used as unique global reference for Enigma Phishing for Credentials Jan 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-17T00:00:00Z |
| date_published | 2015-01-21T00:00:00Z |
| source | MITRE |
| title | Phishing for Credentials: If you want it, just ask! |
KISA Operation Muzabi
KISA. (n.d.). Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi. Retrieved March 7, 2022.
Internal MISP references
UUID 8742ac96-a316-4264-9d3d-265784483f1a which can be used as unique global reference for KISA Operation Muzabi in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-07T00:00:00Z |
| source | MITRE |
| title | Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi |
Staaldraad Phishing with OAuth 2017
Stalmans, E.. (2017, August 2). Phishing with OAuth and o365/Azure. Retrieved October 4, 2019.
Internal MISP references
UUID ae139c14-05ec-4c75-861b-15d86b4913fc which can be used as unique global reference for Staaldraad Phishing with OAuth 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2017-08-02T00:00:00Z |
| source | MITRE |
| title | Phishing with OAuth and o365/Azure |
phobos_virustotal
Phobos Ransomware. (2020, December 30). Phobos Ransomware, Fast.exe. Retrieved September 20, 2021.
Internal MISP references
UUID 929dbb22-34a5-4377-95dd-9e240ecb343a which can be used as unique global reference for phobos_virustotal in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2020-12-30T00:00:00Z |
| source | MITRE |
| title | Phobos Ransomware, Fast.exe |
Talos Remcos Aug 2018
Brumaghin, E., Unterbrink, H. (2018, August 22). Picking Apart Remcos Botnet-In-A-Box. Retrieved November 6, 2018.
Internal MISP references
UUID c5cb2eff-ed48-47ff-bfd6-79152bf51430 which can be used as unique global reference for Talos Remcos Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-06T00:00:00Z |
| date_published | 2018-08-22T00:00:00Z |
| source | MITRE |
| title | Picking Apart Remcos Botnet-In-A-Box |
FireEye FIN6 Apr 2019
McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019.
Internal MISP references
UUID e8a2bc6a-04e3-484e-af67-5f57656c7206 which can be used as unique global reference for FireEye FIN6 Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2019-04-05T00:00:00Z |
| source | MITRE |
| title | Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware |
Picus Labs Proc cump 2022
Huseyin Can YUCEEL & Picus Labs. (2022, March 22). Retrieved March 31, 2023.
Internal MISP references
UUID e8a50a79-6ca4-5c91-87ad-0b1ba9eca505 which can be used as unique global reference for Picus Labs Proc cump 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-31T00:00:00Z |
| source | MITRE |
| title | Picus Labs Proc cump 2022 |
wired-pig butchering
Lily Hay Newman. (n.d.). ‘Pig Butchering’ Scams Are Now a $3 Billion Threat. Retrieved August 18, 2023.
Internal MISP references
UUID dc833e17-7105-5790-b30b-b4fed7fd2d2f which can be used as unique global reference for wired-pig butchering in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| source | MITRE |
| title | ‘Pig Butchering’ Scams Are Now a $3 Billion Threat |
Malwarebytes Pikabot December 15 2023
Jérôme Segura. (2023, December 15). PikaBot distributed via malicious search ads. Retrieved January 11, 2023.
Internal MISP references
UUID 50b29ef4-7ade-4672-99b6-fdf367170a5b which can be used as unique global reference for Malwarebytes Pikabot December 15 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-11T00:00:00Z |
| date_published | 2023-12-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | PikaBot distributed via malicious search ads |
Trustwave Pillowmint June 2020
Trustwave SpiderLabs. (2020, June 22). Pillowmint: FIN7’s Monkey Thief . Retrieved July 27, 2020.
Internal MISP references
UUID 31bf381d-a0fc-4a4f-8d39-832480891685 which can be used as unique global reference for Trustwave Pillowmint June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-27T00:00:00Z |
| date_published | 2020-06-22T00:00:00Z |
| source | MITRE |
| title | Pillowmint: FIN7’s Monkey Thief |
TechNet Ping
Microsoft. (n.d.). Ping. Retrieved April 8, 2016.
Internal MISP references
UUID 5afc8ad5-f50d-464f-ba84-e347b3f3e994 which can be used as unique global reference for TechNet Ping in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-08T00:00:00Z |
| source | MITRE |
| title | Ping |
Pass The Cookie
Rehberger, J. (2018, December). Pivot to the Cloud using Pass the Cookie. Retrieved April 5, 2019.
Internal MISP references
UUID dc67930f-5c7b-41be-97e9-d8f4a55e6019 which can be used as unique global reference for Pass The Cookie in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-05T00:00:00Z |
| date_published | 2018-12-01T00:00:00Z |
| source | MITRE |
| title | Pivot to the Cloud using Pass the Cookie |
Pktmon.exe - LOLBAS Project
LOLBAS. (2020, August 12). Pktmon.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 8f0ad4ed-869b-4332-b091-7551262cff29 which can be used as unique global reference for Pktmon.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-08-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Pktmon.exe |
Osanda Stealing NetNTLM Hashes
Osanda Malith Jayathissa. (2017, March 24). Places of Interest in Stealing NetNTLM Hashes. Retrieved January 26, 2018.
Internal MISP references
UUID 991f885e-b3f4-4f3f-b0f9-c9862f918f36 which can be used as unique global reference for Osanda Stealing NetNTLM Hashes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-26T00:00:00Z |
| date_published | 2017-03-24T00:00:00Z |
| source | MITRE |
| title | Places of Interest in Stealing NetNTLM Hashes |
Microsoft PLATINUM June 2017
Kaplan, D, et al. (2017, June 7). PLATINUM continues to evolve, find ways to maintain invisibility. Retrieved February 19, 2018.
Internal MISP references
UUID e71c669e-50bc-4e91-8cee-7cbedab420d1 which can be used as unique global reference for Microsoft PLATINUM June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-19T00:00:00Z |
| date_published | 2017-06-07T00:00:00Z |
| source | MITRE |
| title | PLATINUM continues to evolve, find ways to maintain invisibility |
Microsoft PLATINUM April 2016
Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.
Internal MISP references
UUID d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297 which can be used as unique global reference for Microsoft PLATINUM April 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2016-04-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | PLATINUM: Targeted attacks in South and Southeast Asia |
Forcepoint Felismus Mar 2017
Somerville, L. and Toro, A. (2017, March 30). Playing Cat & Mouse: Introducing the Felismus Malware. Retrieved November 16, 2017.
Internal MISP references
UUID 23b94586-3856-4937-9b02-4fe184b7ba01 which can be used as unique global reference for Forcepoint Felismus Mar 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-16T00:00:00Z |
| date_published | 2017-03-30T00:00:00Z |
| source | MITRE |
| title | Playing Cat & Mouse: Introducing the Felismus Malware |
Symantec Play Ransomware April 19 2023
Symantec Threat Hunter Team. (2023, April 19). Play Ransomware Group Using New Custom Data-Gathering Tools. Retrieved August 10, 2023.
Internal MISP references
UUID a78613a5-ce17-4d11-8f2f-3e642cd7673c which can be used as unique global reference for Symantec Play Ransomware April 19 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-10T00:00:00Z |
| date_published | 2023-04-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Play Ransomware Group Using New Custom Data-Gathering Tools |
Trend Micro Play Playbook September 06 2022
Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved August 10, 2023.
Internal MISP references
UUID 2d2b527d-25b0-4b58-9ae6-c87060b64069 which can be used as unique global reference for Trend Micro Play Playbook September 06 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-10T00:00:00Z |
| date_published | 2022-09-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa |
Trend Micro Play Ransomware September 06 2022
Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved September 21, 2023.
Internal MISP references
UUID ed02529c-920d-4a92-8e86-be1ed7083991 which can be used as unique global reference for Trend Micro Play Ransomware September 06 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| date_published | 2022-09-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa |
JPCert PLEAD Downloader June 2018
Tomonaga, S. (2018, June 8). PLEAD Downloader Used by BlackTech. Retrieved May 6, 2020.
Internal MISP references
UUID 871f4af2-ed99-4256-a74d-b8c0816a82ab which can be used as unique global reference for JPCert PLEAD Downloader June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-06T00:00:00Z |
| date_published | 2018-06-08T00:00:00Z |
| source | MITRE |
| title | PLEAD Downloader Used by BlackTech |
Trend Micro PLEAD RTLO
Alintanahin, K.. (2014, May 23). PLEAD Targeted Attacks Against Taiwanese Government Agencies. Retrieved April 22, 2019.
Internal MISP references
UUID 9a052eba-1708-44c9-a20f-8b4ef208fa14 which can be used as unique global reference for Trend Micro PLEAD RTLO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2014-05-23T00:00:00Z |
| source | MITRE |
| title | PLEAD Targeted Attacks Against Taiwanese Government Agencies |
fileinfo plist file description
FileInfo.com team. (2019, November 26). .PLIST File Extension. Retrieved October 12, 2021.
Internal MISP references
UUID 24331b9d-68af-4db2-887f-3a984b6c5783 which can be used as unique global reference for fileinfo plist file description in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2019-11-26T00:00:00Z |
| source | MITRE |
| title | .PLIST File Extension |
Pnputil.exe - LOLBAS Project
LOLBAS. (2020, December 25). Pnputil.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 21d0419a-5454-4808-b7e6-2b1b9de08ed6 which can be used as unique global reference for Pnputil.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-12-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Pnputil.exe |
uptycs Fake POC linux malware 2023
Nischay Hegde and Siddartha Malladi. (2023, July 12). PoC Exploit: Fake Proof of Concept with Backdoor Malware. Retrieved September 28, 2023.
Internal MISP references
UUID edc18649-2fcf-5fb3-a717-db4bb28ca25f which can be used as unique global reference for uptycs Fake POC linux malware 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-28T00:00:00Z |
| date_published | 2023-07-12T00:00:00Z |
| source | MITRE |
| title | PoC Exploit: Fake Proof of Concept with Backdoor Malware |
GitHub SIP POC Sept 2017
Graeber, M. (2017, September 14). PoCSubjectInterfacePackage. Retrieved January 31, 2018.
Internal MISP references
UUID 1a9bc729-532b-47ab-89ba-90b0ff41f8aa which can be used as unique global reference for GitHub SIP POC Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| date_published | 2017-09-14T00:00:00Z |
| source | MITRE |
| title | PoCSubjectInterfacePackage |
Kube Pod
kubenetes. (n.d.). Pod v1 core. Retrieved October 13, 2021.
Internal MISP references
UUID 8a7a4a51-e16d-447e-8f1e-c02d6dae3e26 which can be used as unique global reference for Kube Pod in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Pod v1 core |
Talos PoetRAT October 2020
Mercer, W. Rascagneres, P. Ventura, V. (2020, October 6). PoetRAT: Malware targeting public and private sector in Azerbaijan evolves . Retrieved April 9, 2021.
Internal MISP references
UUID 5862c90a-3bae-48d0-8749-9a6510fe3630 which can be used as unique global reference for Talos PoetRAT October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-09T00:00:00Z |
| date_published | 2020-10-06T00:00:00Z |
| source | MITRE |
| title | PoetRAT: Malware targeting public and private sector in Azerbaijan evolves |
Talos PoetRAT April 2020
Mercer, W, et al. (2020, April 16). PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. Retrieved April 27, 2020.
Internal MISP references
UUID fe2a79a5-bc50-4147-b919-f3d0eb7430b6 which can be used as unique global reference for Talos PoetRAT April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-27T00:00:00Z |
| date_published | 2020-04-16T00:00:00Z |
| source | MITRE |
| title | PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors |
Talos Zeus Panda Nov 2017
Brumaghin, E., et al. (2017, November 02). Poisoning the Well: Banking Trojan Targets Google Search Results. Retrieved November 5, 2018.
Internal MISP references
UUID f96711d4-010d-4d7e-8074-31dd1b41c54d which can be used as unique global reference for Talos Zeus Panda Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2017-11-02T00:00:00Z |
| source | MITRE |
| title | Poisoning the Well: Banking Trojan Targets Google Search Results |
FireEye Poison Ivy
FireEye. (2014). POISON IVY: Assessing Damage and Extracting Intelligence. Retrieved November 12, 2014.
Internal MISP references
UUID c189447e-a903-4dc2-a38b-1f4accc64e20 which can be used as unique global reference for FireEye Poison Ivy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | POISON IVY: Assessing Damage and Extracting Intelligence |
Umbreon Trend Micro
Fernando Mercês. (2016, September 5). Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems. Retrieved March 5, 2018.
Internal MISP references
UUID 38d9c5a2-8fa5-4cb7-a1a9-86b3f54c1eb7 which can be used as unique global reference for Umbreon Trend Micro in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-05T00:00:00Z |
| date_published | 2016-09-05T00:00:00Z |
| source | MITRE |
| title | Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems |
AWS IAM Policies and Permissions
AWS. (n.d.). Policies and permissions in IAM. Retrieved April 1, 2022.
Internal MISP references
UUID 9bb520fa-0c4f-48aa-8b0a-8f1d42ee1d0c which can be used as unique global reference for AWS IAM Policies and Permissions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| source | MITRE |
| title | Policies and permissions in IAM |
EnableMPRNotifications
Microsoft. (2023, January 26). Policy CSP - WindowsLogon. Retrieved March 30, 2023.
Internal MISP references
UUID 36a7ed58-95ef-594f-a15b-5c3b5911a630 which can be used as unique global reference for EnableMPRNotifications in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2023-01-26T00:00:00Z |
| source | MITRE |
| title | Policy CSP - WindowsLogon |
Microsoft DirSync
Microsoft. (n.d.). Polling for Changes Using the DirSync Control. Retrieved March 30, 2018.
Internal MISP references
UUID 6b7ad651-8c48-462d-90db-07ed3d570118 which can be used as unique global reference for Microsoft DirSync in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| source | MITRE |
| title | Polling for Changes Using the DirSync Control |
Polyglot Files: a Hacker’s best friend
Li, V. (2019, October 2). Polyglot Files: a Hacker’s best friend. Retrieved September 27, 2022.
Internal MISP references
UUID ea9c1fc9-41d7-5629-b714-62f9ecf70e3b which can be used as unique global reference for Polyglot Files: a Hacker’s best friend in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-27T00:00:00Z |
| date_published | 2019-10-02T00:00:00Z |
| source | MITRE |
| title | Polyglot Files: a Hacker’s best friend |
CheckPoint Redaman October 2019
Eisenkraft, K., Olshtein, A. (2019, October 17). Pony’s C&C servers hidden inside the Bitcoin blockchain. Retrieved June 15, 2020.
Internal MISP references
UUID ce64739e-1311-4e1b-8352-ff941786ff39 which can be used as unique global reference for CheckPoint Redaman October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2019-10-17T00:00:00Z |
| source | MITRE |
| title | Pony’s C&C servers hidden inside the Bitcoin blockchain |
Kaspersky Poseidon Group
Kaspersky Lab's Global Research and Analysis Team. (2016, February 9). Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage. Retrieved March 16, 2016.
Internal MISP references
UUID e53bc63e-986f-4d48-a6b7-ed8e93494ed5 which can be used as unique global reference for Kaspersky Poseidon Group in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-16T00:00:00Z |
| date_published | 2016-02-09T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage |
Breach Post-mortem SSH Hijack
Hodgson, M. (2019, May 8). Post-mortem and remediations for Apr 11 security incident. Retrieved February 17, 2020.
Internal MISP references
UUID f1d15b92-8840-45ae-b23d-0cba20fc22cc which can be used as unique global reference for Breach Post-mortem SSH Hijack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-17T00:00:00Z |
| date_published | 2019-05-08T00:00:00Z |
| source | MITRE |
| title | Post-mortem and remediations for Apr 11 security incident |
Elastic Docs Potential Protocol Tunneling via EarthWorm
Elastic. (n.d.). Potential Protocol Tunneling via EarthWorm. Retrieved July 7, 2023.
Internal MISP references
UUID a02790a1-f7c5-43b6-bc7e-075b2c0aa791 which can be used as unique global reference for Elastic Docs Potential Protocol Tunneling via EarthWorm in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Potential Protocol Tunneling via EarthWorm |
This is Security Command Line Confusion
B. Ancel. (2014, August 20). Poweliks – Command Line Confusion. Retrieved March 5, 2018.
Internal MISP references
UUID 49a21bba-b77d-4b0e-b666-20ef2826e92c which can be used as unique global reference for This is Security Command Line Confusion in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-05T00:00:00Z |
| date_published | 2014-08-20T00:00:00Z |
| source | MITRE |
| title | Poweliks – Command Line Confusion |
TrendMicro POWELIKS AUG 2014
Santos, R. (2014, August 1). POWELIKS: Malware Hides In Windows Registry. Retrieved August 9, 2018.
Internal MISP references
UUID 4a42df15-4d09-4f4f-8333-2b41356fdb80 which can be used as unique global reference for TrendMicro POWELIKS AUG 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-09T00:00:00Z |
| date_published | 2014-08-01T00:00:00Z |
| source | MITRE |
| title | POWELIKS: Malware Hides In Windows Registry |
Microsoft: Powercfg command-line options
Microsoft. (2021, December 15). Powercfg command-line options. Retrieved June 5, 2023.
Internal MISP references
UUID d9b5be77-5e44-5786-a683-82642b8dd8c9 which can be used as unique global reference for Microsoft: Powercfg command-line options in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-05T00:00:00Z |
| date_published | 2021-12-15T00:00:00Z |
| source | MITRE |
| title | Powercfg command-line options |
Volexity PowerDuke November 2016
Adair, S.. (2016, November 9). PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs. Retrieved January 11, 2017.
Internal MISP references
UUID 4026c055-6020-41bb-a4c8-54b308867023 which can be used as unique global reference for Volexity PowerDuke November 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-01-11T00:00:00Z |
| date_published | 2016-11-09T00:00:00Z |
| source | MITRE |
| title | PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs |
Cybereason PowerLess February 2022
Cybereason Nocturnus. (2022, February 1). PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage. Retrieved June 1, 2022.
Internal MISP references
UUID 095aaa25-b674-4313-bc4f-3227b00c0459 which can be used as unique global reference for Cybereason PowerLess February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| date_published | 2022-02-01T00:00:00Z |
| source | MITRE |
| title | PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage |
MalwareTech Power Loader Aug 2013
MalwareTech. (2013, August 13). PowerLoader Injection – Something truly amazing. Retrieved December 16, 2017.
Internal MISP references
UUID 9a9a6ca1-d7c5-4385-924b-cdeffd66602e which can be used as unique global reference for MalwareTech Power Loader Aug 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-16T00:00:00Z |
| date_published | 2013-08-13T00:00:00Z |
| source | MITRE |
| title | PowerLoader Injection – Something truly amazing |
Powerpnt.exe - LOLBAS Project
LOLBAS. (2019, July 19). Powerpnt.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 23c48ab3-9426-4949-9a35-d1b9ecb4bb47 which can be used as unique global reference for Powerpnt.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-07-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Powerpnt.exe |
Sophos PowerShell Command History Forensics
Vikas, S. (2020, August 26). PowerShell Command History Forensics. Retrieved September 4, 2020.
Internal MISP references
UUID 9cff28da-c379-49e7-b971-7dccc72054fc which can be used as unique global reference for Sophos PowerShell Command History Forensics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-04T00:00:00Z |
| date_published | 2020-08-26T00:00:00Z |
| source | MITRE |
| title | PowerShell Command History Forensics |
Microsoft PowerShell CLM
PowerShell Team. (2017, November 2). PowerShell Constrained Language Mode. Retrieved March 27, 2023.
Internal MISP references
UUID d6eaa28f-f900-528a-bba0-560a37c90a98 which can be used as unique global reference for Microsoft PowerShell CLM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-27T00:00:00Z |
| date_published | 2017-11-02T00:00:00Z |
| source | MITRE |
| title | PowerShell Constrained Language Mode |
SensePost PS DDE May 2016
El-Sherei, S. (2016, May 20). PowerShell, C-Sharp and DDE The Power Within. Retrieved November 22, 2017.
Internal MISP references
UUID 28b3c105-8d64-4767-a735-d353d1fee756 which can be used as unique global reference for SensePost PS DDE May 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| date_published | 2016-05-20T00:00:00Z |
| source | MITRE |
| title | PowerShell, C-Sharp and DDE The Power Within |
Powersploit
PowerSploit. (n.d.). Retrieved December 4, 2014.
Internal MISP references
UUID 8e870f75-ed76-4898-bfbb-ad3c0c1ae0ca which can be used as unique global reference for Powersploit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-04T00:00:00Z |
| source | MITRE |
| title | Powersploit |
PowerShellMagazine PowerSploit July 2014
Graeber, M. (2014, July 8). PowerSploit. Retrieved February 6, 2018.
Internal MISP references
UUID 7765d4f7-bf2d-43b9-a87e-74114a092645 which can be used as unique global reference for PowerShellMagazine PowerSploit July 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-06T00:00:00Z |
| date_published | 2014-07-08T00:00:00Z |
| source | MITRE |
| title | PowerSploit |
PowerSploit Documentation
PowerSploit. (n.d.). PowerSploit. Retrieved February 6, 2018.
Internal MISP references
UUID 56628e55-94cd-4c5e-8f5a-34ffb7a45174 which can be used as unique global reference for PowerSploit Documentation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-06T00:00:00Z |
| source | MITRE |
| title | PowerSploit |
GitHub PowerSploit May 2012
PowerShellMafia. (2012, May 26). PowerSploit - A PowerShell Post-Exploitation Framework. Retrieved February 6, 2018.
Internal MISP references
UUID ec3edb54-9f1b-401d-a265-cd8924e5cb2b which can be used as unique global reference for GitHub PowerSploit May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-06T00:00:00Z |
| date_published | 2012-05-26T00:00:00Z |
| source | MITRE |
| title | PowerSploit - A PowerShell Post-Exploitation Framework |
byt3bl33d3r NTLM Relaying
Salvati, M. (2017, June 2). Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes). Retrieved February 7, 2019.
Internal MISP references
UUID 34deeec2-6edc-492c-bb35-5ccb1dc8e4df which can be used as unique global reference for byt3bl33d3r NTLM Relaying in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-07T00:00:00Z |
| date_published | 2017-06-02T00:00:00Z |
| source | MITRE |
| title | Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes) |
U.S. CISA Volt Typhoon February 7 2024
Cybersecurity and Infrastructure Security Agency. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved February 9, 2024.
Internal MISP references
UUID c74f5ecf-8810-4670-b778-24171c078724 which can be used as unique global reference for U.S. CISA Volt Typhoon February 7 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-09T00:00:00Z |
| date_published | 2024-02-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure |
Zimbra Preauth
Zimbra. (2023, March 16). Preauth. Retrieved May 31, 2023.
Internal MISP references
UUID f8931e8d-9a03-5407-857a-2a1c5a895eed which can be used as unique global reference for Zimbra Preauth in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-31T00:00:00Z |
| date_published | 2023-03-16T00:00:00Z |
| source | MITRE |
| title | Preauth |
Microsoft Preauthentication Jul 2012
Microsoft. (2012, July 18). Preauthentication. Retrieved August 24, 2020.
Internal MISP references
UUID edaf08ec-0a56-480a-93ef-eb8038147e5c which can be used as unique global reference for Microsoft Preauthentication Jul 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-24T00:00:00Z |
| date_published | 2012-07-18T00:00:00Z |
| source | MITRE |
| title | Preauthentication |
Elastic Predicting DGA
Ahuja, A., Anderson, H., Grant, D., Woodbridge, J.. (2016, November 2). Predicting Domain Generation Algorithms with Long Short-Term Memory Networks. Retrieved April 26, 2019.
Internal MISP references
UUID 4462e71d-0373-4fc0-8cde-93a2972bedd5 which can be used as unique global reference for Elastic Predicting DGA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-26T00:00:00Z |
| date_published | 2016-11-02T00:00:00Z |
| source | MITRE |
| title | Predicting Domain Generation Algorithms with Long Short-Term Memory Networks |
WithSecure SystemBC May 10 2021
Callum Roxan, Sami Ruohonen. (2021, May 10). Prelude to Ransomware: SystemBC. Retrieved September 21, 2023.
Internal MISP references
UUID 4004e072-9e69-4e81-a2b7-840e106cf3d9 which can be used as unique global reference for WithSecure SystemBC May 10 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| date_published | 2021-05-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Prelude to Ransomware: SystemBC |
Presentationhost.exe - LOLBAS Project
LOLBAS. (2018, May 25). Presentationhost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 37539e72-18f5-435a-a949-f9fa5991149a which can be used as unique global reference for Presentationhost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Presentationhost.exe |
Microsoft Sub Takeover 2020
Microsoft. (2020, September 29). Prevent dangling DNS entries and avoid subdomain takeover. Retrieved October 12, 2020.
Internal MISP references
UUID b8005a55-7e77-4dc1-abed-f75a0a3d8afb which can be used as unique global reference for Microsoft Sub Takeover 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-12T00:00:00Z |
| date_published | 2020-09-29T00:00:00Z |
| source | MITRE |
| title | Prevent dangling DNS entries and avoid subdomain takeover |
Microsoft Preventing SMB
Microsoft. (2020, March 10). Preventing SMB traffic from lateral connections and entering or leaving the network. Retrieved June 1, 2020.
Internal MISP references
UUID cd2fd958-63ce-4ac9-85e6-bb32f29d88b0 which can be used as unique global reference for Microsoft Preventing SMB in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-01T00:00:00Z |
| date_published | 2020-03-10T00:00:00Z |
| source | MITRE |
| title | Preventing SMB traffic from lateral connections and entering or leaving the network |
Palo Alto Prince of Persia
Bar, T., Conant, S., Efraim, L. (2016, June 28). Prince of Persia – Game Over. Retrieved July 5, 2017.
Internal MISP references
UUID e08bfc40-a580-4fa3-9531-d5e1bede374e which can be used as unique global reference for Palo Alto Prince of Persia in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2016-06-28T00:00:00Z |
| source | MITRE |
| title | Prince of Persia – Game Over |
PrintBrm.exe - LOLBAS Project
LOLBAS. (2021, June 21). PrintBrm.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a7ab6f09-c22f-4627-afb1-c13a963efca5 which can be used as unique global reference for PrintBrm.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-06-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | PrintBrm.exe |
Print.exe - LOLBAS Project
LOLBAS. (2018, May 25). Print.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 696ce89a-b3a1-4993-b30d-33a669a57031 which can be used as unique global reference for Print.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Print.exe |
Rhingo Security Labs GCP Privilege Escalation
Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved May 27, 2022.
Internal MISP references
UUID 55373476-1cbe-49f5-aecb-69d60b336d38 which can be used as unique global reference for Rhingo Security Labs GCP Privilege Escalation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| source | MITRE |
| title | Privilege Escalation in Google Cloud Platform – Part 1 (IAM) |
Rhino Google Cloud Privilege Escalation
Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved September 21, 2023.
Internal MISP references
UUID 55173e12-9edc-5685-ac0b-acd51617cc6e which can be used as unique global reference for Rhino Google Cloud Privilege Escalation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| source | MITRE |
| title | Privilege Escalation in Google Cloud Platform – Part 1 (IAM) |
FireEye APT19
Ahl, I. (2017, June 06). Privileges and Credentials: Phished at the Request of Counsel. Retrieved May 17, 2018.
Internal MISP references
UUID d75508b1-8b85-47c9-a087-bc64e8e4cb33 which can be used as unique global reference for FireEye APT19 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-17T00:00:00Z |
| date_published | 2017-06-06T00:00:00Z |
| source | MITRE |
| title | Privileges and Credentials: Phished at the Request of Counsel |
Anomali Static Kitten February 2021
Mele, G. et al. (2021, February 10). Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies. Retrieved March 17, 2021.
Internal MISP references
UUID 710ed789-de1f-4601-a8ba-32147827adcb which can be used as unique global reference for Anomali Static Kitten February 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-17T00:00:00Z |
| date_published | 2021-02-10T00:00:00Z |
| source | MITRE |
| title | Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies |
Procdump.exe - LOLBAS Project
LOLBAS. (2020, October 14). Procdump.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3e37fe71-71d0-424e-96ff-81070e2571ae which can be used as unique global reference for Procdump.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-10-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Procdump.exe |
Microsoft Process Creation Flags May 2018
Schofield, M. & Satran, M. (2018, May 30). Process Creation Flags. Retrieved June 4, 2019.
Internal MISP references
UUID d4edd219-c91a-4ff1-8f22-10daa1057f29 which can be used as unique global reference for Microsoft Process Creation Flags May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2018-05-30T00:00:00Z |
| source | MITRE |
| title | Process Creation Flags |
hasherezade Process Doppelgänging Dec 2017
hasherezade. (2017, December 18). Process Doppelgänging – a new way to impersonate a process. Retrieved December 20, 2017.
Internal MISP references
UUID b7a86159-7005-4b61-8b4e-a3dcd77c6a7d which can be used as unique global reference for hasherezade Process Doppelgänging Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-12-18T00:00:00Z |
| source | MITRE |
| title | Process Doppelgänging – a new way to impersonate a process |
Microsoft Processes and Threads
Microsoft. (2018, May 31). Processes and Threads. Retrieved September 28, 2021.
Internal MISP references
UUID 250c689d-9a9c-4f02-8b99-ca43fbdaddae which can be used as unique global reference for Microsoft Processes and Threads in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Processes and Threads |
ProcessHacker Github
ProcessHacker. (2009, October 27). Process Hacker. Retrieved April 11, 2022.
Internal MISP references
UUID 3fc82a92-cfba-405d-b30e-22eba69ab1ee which can be used as unique global reference for ProcessHacker Github in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-11T00:00:00Z |
| date_published | 2009-10-27T00:00:00Z |
| source | MITRE |
| title | Process Hacker |
Leitch Hollowing
Leitch, J. (n.d.). Process Hollowing. Retrieved November 12, 2014.
Internal MISP references
UUID 8feb180a-bfad-42cb-b8ee-792c5088567a which can be used as unique global reference for Leitch Hollowing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| source | MITRE |
| title | Process Hollowing |
Korean FSI TA505 2020
Financial Security Institute. (2020, February 28). Profiling of TA505 Threat Group That Continues to Attack the Financial Sector. Retrieved July 14, 2022.
Internal MISP references
UUID d4e2c109-341c-45b3-9d41-3eb980724524 which can be used as unique global reference for Korean FSI TA505 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| date_published | 2020-02-28T00:00:00Z |
| source | MITRE |
| title | Profiling of TA505 Threat Group That Continues to Attack the Financial Sector |
Microsoft Profiling Mar 2017
Microsoft. (2017, March 30). Profiling Overview. Retrieved June 24, 2020.
Internal MISP references
UUID eb0909ea-616c-4d79-b145-ee2f1ae539fb which can be used as unique global reference for Microsoft Profiling Mar 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| date_published | 2017-03-30T00:00:00Z |
| source | MITRE |
| title | Profiling Overview |
Microsoft Win32
Microsoft. (n.d.). Programming reference for the Win32 API. Retrieved March 15, 2020.
Internal MISP references
UUID 585b9975-3cfb-4485-a9eb-5eea337ebd3c which can be used as unique global reference for Microsoft Win32 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-15T00:00:00Z |
| source | MITRE |
| title | Programming reference for the Win32 API |
CameraShy
ThreatConnect Inc. and Defense Group Inc. (DGI). (2015, September 23). Project CameraShy: Closing the Aperture on China's Unit 78020. Retrieved December 17, 2015.
Internal MISP references
UUID 9942b6a5-6ffb-4a26-9392-6c8bb9954997 which can be used as unique global reference for CameraShy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-17T00:00:00Z |
| date_published | 2015-09-23T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Project CameraShy: Closing the Aperture on China's Unit 78020 |
Unit 42 ProjectM March 2016
Falcone, R. and Conant S. (2016, March 25). ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe. Retrieved September 2, 2021.
Internal MISP references
UUID adee82e6-a74a-4a91-ab5a-97847b135ca3 which can be used as unique global reference for Unit 42 ProjectM March 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-02T00:00:00Z |
| date_published | 2016-03-25T00:00:00Z |
| source | MITRE |
| title | ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe |
Kaspersky ProjectSauron Blog
Kaspersky Lab's Global Research & Analysis Team. (2016, August 8). ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms. Retrieved August 17, 2016.
Internal MISP references
UUID baeaa632-3fa5-4d2b-9537-ccc7674fd7d6 which can be used as unique global reference for Kaspersky ProjectSauron Blog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-17T00:00:00Z |
| date_published | 2016-08-08T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms |
Kaspersky TajMahal April 2019
GReAT. (2019, April 10). Project TajMahal – a sophisticated new APT framework. Retrieved October 14, 2019.
Internal MISP references
UUID 1ed20522-52ae-4d0c-b42e-c680490958ac which can be used as unique global reference for Kaspersky TajMahal April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-14T00:00:00Z |
| date_published | 2019-04-10T00:00:00Z |
| source | MITRE |
| title | Project TajMahal – a sophisticated new APT framework |
DarkReading FireEye FIN5 Oct 2015
Higgins, K. (2015, October 13). Prolific Cybercrime Gang Favors Legit Login Credentials. Retrieved October 4, 2017.
Internal MISP references
UUID afe0549d-dc1b-4bcf-9a1d-55698afd530e which can be used as unique global reference for DarkReading FireEye FIN5 Oct 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-04T00:00:00Z |
| date_published | 2015-10-13T00:00:00Z |
| source | MITRE |
| title | Prolific Cybercrime Gang Favors Legit Login Credentials |
Talos Promethium June 2020
Mercer, W. et al. (2020, June 29). PROMETHIUM extends global reach with StrongPity3 APT. Retrieved July 20, 2020.
Internal MISP references
UUID 188d990e-f0be-40f2-90f3-913dfe687d27 which can be used as unique global reference for Talos Promethium June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-20T00:00:00Z |
| date_published | 2020-06-29T00:00:00Z |
| source | MITRE |
| title | PROMETHIUM extends global reach with StrongPity3 APT |
TechNet Credential Guard
Lich, B. (2016, May 31). Protect derived domain credentials with Credential Guard. Retrieved June 1, 2016.
Internal MISP references
UUID d5b2446b-4685-490f-8181-1169cd049bee which can be used as unique global reference for TechNet Credential Guard in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-01T00:00:00Z |
| date_published | 2016-05-31T00:00:00Z |
| source | MITRE |
| title | Protect derived domain credentials with Credential Guard |
Microsoft Protected Users Security Group
Microsoft. (2016, October 12). Protected Users Security Group. Retrieved May 29, 2020.
Internal MISP references
UUID e6316ecd-da29-4928-a868-c9876badce62 which can be used as unique global reference for Microsoft Protected Users Security Group in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-29T00:00:00Z |
| date_published | 2016-10-12T00:00:00Z |
| source | MITRE |
| title | Protected Users Security Group |
CISA Remote Monitoring and Management Software
CISA. (n.d.). Protecting Against Malicious Use of Remote Monitoring and Management Software. Retrieved February 2, 2023.
Internal MISP references
UUID 1ee55a8c-9e9d-520a-a3d3-1d2da57e0265 which can be used as unique global reference for CISA Remote Monitoring and Management Software in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-02T00:00:00Z |
| source | MITRE |
| title | Protecting Against Malicious Use of Remote Monitoring and Management Software |
Protecting Microsoft 365 From On-Premises Attacks
Microsoft. (2022, August 26). Protecting Microsoft 365 from on-premises attacks. Retrieved February 21, 2023.
Internal MISP references
UUID 95e19778-95ce-585a-892e-e6a8c20389f7 which can be used as unique global reference for Protecting Microsoft 365 From On-Premises Attacks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-08-26T00:00:00Z |
| source | MITRE |
| title | Protecting Microsoft 365 from on-premises attacks |
SANS PsExec
Pilkington, M. (2012, December 17). Protecting Privileged Domain Accounts: PsExec Deep-Dive. Retrieved August 17, 2016.
Internal MISP references
UUID a8d1e40d-b291-443c-86cc-edf6db00b898 which can be used as unique global reference for SANS PsExec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-17T00:00:00Z |
| date_published | 2012-12-17T00:00:00Z |
| source | MITRE |
| title | Protecting Privileged Domain Accounts: PsExec Deep-Dive |
Docker Daemon Socket Protect
Docker. (n.d.). Protect the Docker Daemon Socket. Retrieved March 29, 2021.
Internal MISP references
UUID 48ce6b2c-57e7-4467-b0ea-3160ac46817e which can be used as unique global reference for Docker Daemon Socket Protect in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | Protect the Docker Daemon Socket |
Malwarebytes Emotet Dec 2017
Smith, A.. (2017, December 22). Protect your network from Emotet Trojan with Malwarebytes Endpoint Security. Retrieved January 17, 2019.
Internal MISP references
UUID 3642af0b-f14d-4860-a87c-fb57dc107a49 which can be used as unique global reference for Malwarebytes Emotet Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-17T00:00:00Z |
| date_published | 2017-12-22T00:00:00Z |
| source | MITRE |
| title | Protect your network from Emotet Trojan with Malwarebytes Endpoint Security |
ProtocolHandler.exe - LOLBAS Project
LOLBAS. (2022, July 24). ProtocolHandler.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 1f678111-dfa3-4c06-9359-816b9ca12cd0 which can be used as unique global reference for ProtocolHandler.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-07-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ProtocolHandler.exe |
cybereason osx proton
Amit Serper. (2018, May 10). ProtonB What this Mac Malware Actually Does. Retrieved March 19, 2018.
Internal MISP references
UUID 9c43d646-9ac2-43b5-80b6-9e69dcb57617 which can be used as unique global reference for cybereason osx proton in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2018-05-10T00:00:00Z |
| source | MITRE |
| title | ProtonB What this Mac Malware Actually Does |
Provlaunch.exe - LOLBAS Project
LOLBAS. (2023, June 30). Provlaunch.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 56a57369-4707-4dff-ad23-431109f24233 which can be used as unique global reference for Provlaunch.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-06-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Provlaunch.exe |
FBI Proxies Credential Stuffing
FBI. (2022, August 18). Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts . Retrieved July 6, 2023.
Internal MISP references
UUID 17f9b7b0-3e1a-5d75-9030-da79fcccdb49 which can be used as unique global reference for FBI Proxies Credential Stuffing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-06T00:00:00Z |
| date_published | 2022-08-18T00:00:00Z |
| source | MITRE |
| title | Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts |
Sysdig Proxyjacking
Crystal Morin. (2023, April 4). Proxyjacking has Entered the Chat. Retrieved July 6, 2023.
Internal MISP references
UUID 26562be2-cab6-5867-9a43-d8a59c663596 which can be used as unique global reference for Sysdig Proxyjacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-06T00:00:00Z |
| date_published | 2023-04-04T00:00:00Z |
| source | MITRE |
| title | Proxyjacking has Entered the Chat |
Password Protected Word Docs
Lawrence Abrams. (2017, July 12). PSA: Don't Open SPAM Containing Password Protected Word Docs. Retrieved January 5, 2022.
Internal MISP references
UUID fe6f3ee6-b0a4-4092-947b-48e02a9255c1 which can be used as unique global reference for Password Protected Word Docs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-05T00:00:00Z |
| date_published | 2017-07-12T00:00:00Z |
| source | MITRE |
| title | PSA: Don't Open SPAM Containing Password Protected Word Docs |
Github PSAttack
Haight, J. (2016, April 21). PS>Attack. Retrieved June 1, 2016.
Internal MISP references
UUID 929e37ed-c230-4517-a2ef-b7896bd3e4a2 which can be used as unique global reference for Github PSAttack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-01T00:00:00Z |
| date_published | 2016-04-21T00:00:00Z |
| source | MITRE |
| title | PS>Attack |
PsExec Russinovich
Russinovich, M. (2004, June 28). PsExec. Retrieved December 17, 2015.
Internal MISP references
UUID d6216ce3-1e63-4bb1-b379-b530c8203a96 which can be used as unique global reference for PsExec Russinovich in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-17T00:00:00Z |
| date_published | 2004-06-28T00:00:00Z |
| source | MITRE |
| title | PsExec |
SANS UAC Bypass
Medin, T. (2013, August 8). PsExec UAC Bypass. Retrieved June 3, 2016.
Internal MISP references
UUID 824739ac-633a-40e0-bb01-2bfd43714d67 which can be used as unique global reference for SANS UAC Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-03T00:00:00Z |
| date_published | 2013-08-08T00:00:00Z |
| source | MITRE |
| title | PsExec UAC Bypass |
GitHub PSPKIAudit
HarmJ0y et al. (2021, June 16). PSPKIAudit. Retrieved August 2, 2022.
Internal MISP references
UUID ac3d5502-0ab9-446e-bf8c-22675f92f017 which can be used as unique global reference for GitHub PSPKIAudit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2021-06-16T00:00:00Z |
| source | MITRE |
| title | PSPKIAudit |
Psr.exe - LOLBAS Project
LOLBAS. (2020, June 27). Psr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a00782cf-f6b2-4b63-9d8d-97efe17e11c0 which can be used as unique global reference for Psr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-06-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Psr.exe |
Microsoft PsSetCreateProcessNotifyRoutine routine
Microsoft. (n.d.). PsSetCreateProcessNotifyRoutine routine. Retrieved December 20, 2017.
Internal MISP references
UUID c407645d-1109-49a7-a4c0-51ec9cd54c8d which can be used as unique global reference for Microsoft PsSetCreateProcessNotifyRoutine routine in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| source | MITRE |
| title | PsSetCreateProcessNotifyRoutine routine |
PTRACE man
Kerrisk, M. (2020, February 9). PTRACE(2) - Linux Programmer's Manual. Retrieved February 21, 2020.
Internal MISP references
UUID fc5e63e7-090a-441b-8e34-9946e1840b49 which can be used as unique global reference for PTRACE man in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2020-02-09T00:00:00Z |
| source | MITRE |
| title | PTRACE(2) - Linux Programmer's Manual |
Wikipedia Public Key Crypto
Wikipedia. (2017, June 29). Public-key cryptography. Retrieved July 5, 2017.
Internal MISP references
UUID 1b7514e7-477d-44a2-acee-d1819066dee4 which can be used as unique global reference for Wikipedia Public Key Crypto in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2017-06-29T00:00:00Z |
| source | MITRE |
| title | Public-key cryptography |
SingHealth Breach Jan 2019
Committee of Inquiry into the Cyber Attack on SingHealth. (2019, January 10). Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database. Retrieved June 29, 2020.
Internal MISP references
UUID d1f699e3-7c9d-4a95-ad58-f46e665a4d37 which can be used as unique global reference for SingHealth Breach Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-29T00:00:00Z |
| date_published | 2019-01-10T00:00:00Z |
| source | MITRE |
| title | Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database |
pubprn
Jason Gerend. (2017, October 16). pubprn. Retrieved July 23, 2021.
Internal MISP references
UUID c845c67a-20ab-405c-95fe-2f667f83b886 which can be used as unique global reference for pubprn in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-23T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | pubprn |
Pubprn.vbs - LOLBAS Project
LOLBAS. (2018, May 25). Pubprn.vbs. Retrieved December 4, 2023.
Internal MISP references
UUID d2b6b9fd-5f80-41c0-ac22-06b78c86a9e5 which can be used as unique global reference for Pubprn.vbs - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Pubprn.vbs |
PaloAlto EncodedCommand March 2017
White, J. (2017, March 10). Pulling Back the Curtains on EncodedCommand PowerShell Attacks. Retrieved February 12, 2018.
Internal MISP references
UUID 069ef9af-3402-4b13-8c60-b397b0b0bfd7 which can be used as unique global reference for PaloAlto EncodedCommand March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-12T00:00:00Z |
| date_published | 2017-03-10T00:00:00Z |
| source | MITRE |
| title | Pulling Back the Curtains on EncodedCommand PowerShell Attacks |
Anomali Linux Rabbit 2018
Anomali Labs. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved March 4, 2019.
Internal MISP references
UUID e843eb47-21b0-44b9-8065-02aea0a0b05f which can be used as unique global reference for Anomali Linux Rabbit 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-04T00:00:00Z |
| date_published | 2018-12-06T00:00:00Z |
| source | MITRE |
| title | Pulling Linux Rabbit/Rabbot Malware Out of a Hat |
anomali-linux-rabbit
Anomali Threat Research. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved December 17, 2020.
Internal MISP references
UUID ec413dc7-028c-4153-9e98-abe85961747f which can be used as unique global reference for anomali-linux-rabbit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2018-12-06T00:00:00Z |
| source | MITRE |
| title | Pulling Linux Rabbit/Rabbot Malware Out of a Hat |
Cylance Putter Panda
Gross, J. and Walter, J.. (2016, January 12). Puttering into the Future.... Retrieved January 22, 2016.
Internal MISP references
UUID 058d6e8e-7ab9-4151-97de-1778ac95e18d which can be used as unique global reference for Cylance Putter Panda in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-22T00:00:00Z |
| date_published | 2016-01-12T00:00:00Z |
| source | MITRE |
| title | Puttering into the Future... |
Oddvar Moe ADS1 Jan 2018
Moe, O. (2018, January 14). Putting Data in Alternate Data Streams and How to Execute It. Retrieved June 30, 2018.
Internal MISP references
UUID 4a711970-870c-4710-9dbc-7cfebd2e315c which can be used as unique global reference for Oddvar Moe ADS1 Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-30T00:00:00Z |
| date_published | 2018-01-14T00:00:00Z |
| source | MITRE |
| title | Putting Data in Alternate Data Streams and How to Execute It |
Oddvar Moe ADS2 Apr 2018
Moe, O. (2018, April 11). Putting Data in Alternate Data Streams and How to Execute It - Part 2. Retrieved June 30, 2018.
Internal MISP references
UUID b280f0c8-effe-45a4-a64a-a9a8b6ad2122 which can be used as unique global reference for Oddvar Moe ADS2 Apr 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-30T00:00:00Z |
| date_published | 2018-04-11T00:00:00Z |
| source | MITRE |
| title | Putting Data in Alternate Data Streams and How to Execute It - Part 2 |
Moran RDPieces
Moran, B. (2020, November 18). Putting Together the RDPieces. Retrieved October 17, 2022.
Internal MISP references
UUID 794331fb-f1f2-4aaa-aae8-d1c4c95fb00f which can be used as unique global reference for Moran RDPieces in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-17T00:00:00Z |
| date_published | 2020-11-18T00:00:00Z |
| source | MITRE |
| title | Putting Together the RDPieces |
PuTTY Download Page
PuTTY. (n.d.). PuTTY Download Page. Retrieved November 16, 2023.
Internal MISP references
UUID bf278270-128e-483b-9f09-ce24f5f6ed80 which can be used as unique global reference for PuTTY Download Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | PuTTY Download Page |
Wikipedia pwdump
Wikipedia. (2007, August 9). pwdump. Retrieved June 22, 2016.
Internal MISP references
UUID 6a1a1ae1-a587-41f5-945f-011d6808e5b8 which can be used as unique global reference for Wikipedia pwdump in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-22T00:00:00Z |
| date_published | 2007-08-09T00:00:00Z |
| source | MITRE |
| title | pwdump |
DFIR Pysa Nov 2020
THe DFIR Report. (2020, November 23). PYSA/Mespinoza Ransomware. Retrieved March 17, 2021.
Internal MISP references
UUID a00ae87e-6e64-4f1c-8639-adca436c217e which can be used as unique global reference for DFIR Pysa Nov 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-17T00:00:00Z |
| date_published | 2020-11-23T00:00:00Z |
| source | MITRE |
| title | PYSA/Mespinoza Ransomware |
NHS Digital Pysa Oct 2020
NHS Digital. (2020, October 10). Pysa Ransomware: Another 'big-game hunter' ransomware. Retrieved March 17, 2021.
Internal MISP references
UUID 5a853dfb-d935-4d85-a5bf-0ab5279fd32e which can be used as unique global reference for NHS Digital Pysa Oct 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-17T00:00:00Z |
| date_published | 2020-10-10T00:00:00Z |
| source | MITRE |
| title | Pysa Ransomware: Another 'big-game hunter' ransomware |
oletools toolkit
decalage2. (2019, December 3). python-oletools. Retrieved September 18, 2020.
Internal MISP references
UUID 9036fac0-dca8-4956-b0b4-469801adad28 which can be used as unique global reference for oletools toolkit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-18T00:00:00Z |
| date_published | 2019-12-03T00:00:00Z |
| source | MITRE |
| title | python-oletools |
GitHub PoshC2
Nettitude. (2018, July 23). Python Server for PoshC2. Retrieved April 23, 2019.
Internal MISP references
UUID 45e79c0e-a2f6-4b56-b621-4142756bd1b1 which can be used as unique global reference for GitHub PoshC2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-07-23T00:00:00Z |
| source | MITRE |
| title | Python Server for PoshC2 |
Trend Micro Qakbot December 2020
Trend Micro. (2020, December 17). QAKBOT: A decade-old malware still with new tricks. Retrieved September 27, 2021.
Internal MISP references
UUID c061ce45-1452-4c11-9586-bd5eb2d718ab which can be used as unique global reference for Trend Micro Qakbot December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| date_published | 2020-12-17T00:00:00Z |
| source | MITRE |
| title | QAKBOT: A decade-old malware still with new tricks |
Cyberint Qakbot May 2021
Cyberint. (2021, May 25). Qakbot Banking Trojan. Retrieved September 27, 2021.
Internal MISP references
UUID 1baeac94-9168-4813-ab72-72e609250745 which can be used as unique global reference for Cyberint Qakbot May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| date_published | 2021-05-25T00:00:00Z |
| source | MITRE |
| title | Qakbot Banking Trojan |
Kroll Qakbot June 2020
Sette, N. et al. (2020, June 4). Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks. Retrieved September 27, 2021.
Internal MISP references
UUID 716960fd-c22d-42af-ba9b-295fee02657f which can be used as unique global reference for Kroll Qakbot June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| date_published | 2020-06-04T00:00:00Z |
| source | MITRE |
| title | Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks |
Trend Micro Qakbot May 2020
Mendoza, E. et al. (2020, May 25). Qakbot Resurges, Spreads through VBS Files. Retrieved September 27, 2021.
Internal MISP references
UUID e2791c37-e149-43e7-b7c3-c91a6d1bc91e which can be used as unique global reference for Trend Micro Qakbot May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| date_published | 2020-05-25T00:00:00Z |
| source | MITRE |
| title | Qakbot Resurges, Spreads through VBS Files |
Kaspersky QakBot September 2021
Kuzmenko, A. et al. (2021, September 2). QakBot technical analysis. Retrieved September 27, 2021.
Internal MISP references
UUID f40cabe3-a324-4b4d-8e95-25c036dbd8b5 which can be used as unique global reference for Kaspersky QakBot September 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| date_published | 2021-09-02T00:00:00Z |
| source | MITRE |
| title | QakBot technical analysis |
Red Canary Qbot
Rainey, K. (n.d.). Qbot. Retrieved September 27, 2021.
Internal MISP references
UUID 6e4960e7-ae5e-4b68-ac85-4bd84e940634 which can be used as unique global reference for Red Canary Qbot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| source | MITRE |
| title | Qbot |
TheEclecticLightCompany Quarantine and the flag
hoakley. (2020, October 29). Quarantine and the quarantine flag. Retrieved September 13, 2021.
Internal MISP references
UUID 7cce88cc-fbfb-43e1-a330-ac55bce9e394 which can be used as unique global reference for TheEclecticLightCompany Quarantine and the flag in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2020-10-29T00:00:00Z |
| source | MITRE |
| title | Quarantine and the quarantine flag |
GitHub QuasarRAT
MaxXor. (n.d.). QuasarRAT. Retrieved July 10, 2018.
Internal MISP references
UUID c87e4427-af97-4e93-9596-ad5a588aa171 which can be used as unique global reference for GitHub QuasarRAT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-10T00:00:00Z |
| source | MITRE |
| title | QuasarRAT |
0DAY IN {REA_TEAM} Pikabot January 6 2024
0DAY IN {REA_TEAM}. (2024, January 6). [QuickNote] Technical Analysis of recent Pikabot Core Module. Retrieved January 11, 2024.
Internal MISP references
UUID 08ec9726-5a1d-4b2e-82d5-a5a9e7e917ae which can be used as unique global reference for 0DAY IN {REA_TEAM} Pikabot January 6 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-11T00:00:00Z |
| date_published | 2024-01-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | [QuickNote] Technical Analysis of recent Pikabot Core Module |
DidierStevens SelectMyParent Nov 2009
Stevens, D. (2009, November 22). Quickpost: SelectMyParent or Playing With the Windows Process Tree. Retrieved June 3, 2019.
Internal MISP references
UUID 1fee31b0-2d9c-4c02-b494-d3a6b80f12f3 which can be used as unique global reference for DidierStevens SelectMyParent Nov 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-03T00:00:00Z |
| date_published | 2009-11-22T00:00:00Z |
| source | MITRE |
| title | Quickpost: SelectMyParent or Playing With the Windows Process Tree |
Microsoft - Azure AD App Registration - May 2019
Microsoft. (2019, May 8). Quickstart: Register an application with the Microsoft identity platform. Retrieved September 12, 2019.
Internal MISP references
UUID 36a06c99-55ca-4163-9450-c3b84ae10039 which can be used as unique global reference for Microsoft - Azure AD App Registration - May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| date_published | 2019-05-08T00:00:00Z |
| source | MITRE |
| title | Quickstart: Register an application with the Microsoft identity platform |
Microsoft Azure Key Vault
Microsoft. (2023, January 13). Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI. Retrieved September 25, 2023.
Internal MISP references
UUID 8f076aae-38c0-5335-9f7a-1e29b90fc33f which can be used as unique global reference for Microsoft Azure Key Vault in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-25T00:00:00Z |
| date_published | 2023-01-13T00:00:00Z |
| source | MITRE |
| title | Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI |
Google Command Center Dashboard
Google. (2019, October 3). Quickstart: Using the dashboard. Retrieved October 8, 2019.
Internal MISP references
UUID a470fe2a-40ce-4060-8dfc-2cdb56bbc18b which can be used as unique global reference for Google Command Center Dashboard in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2019-10-03T00:00:00Z |
| source | MITRE |
| title | Quickstart: Using the dashboard |
Trend Micro R980 2016
Antazo, F. and Yambao, M. (2016, August 10). R980 Ransomware Found Abusing Disposable Email Address Service. Retrieved October 13, 2020.
Internal MISP references
UUID 6afd89ba-2f51-4192-82b3-d961cc86adf1 which can be used as unique global reference for Trend Micro R980 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-13T00:00:00Z |
| date_published | 2016-08-10T00:00:00Z |
| source | MITRE |
| title | R980 Ransomware Found Abusing Disposable Email Address Service |
Costa AvosLocker May 2022
Costa, F. (2022, May 1). RaaS AvosLocker Incident Response Analysis. Retrieved January 11, 2023.
Internal MISP references
UUID a94268d8-6b7c-574b-a588-d8fd80c27fd3 which can be used as unique global reference for Costa AvosLocker May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-11T00:00:00Z |
| date_published | 2022-05-01T00:00:00Z |
| source | MITRE |
| title | RaaS AvosLocker Incident Response Analysis |
Sekoia.io Raccoon Stealer June 28 2022
Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team - TDR. (2022, June 28). Raccoon Stealer v2 – Part 1: The return of the dead. Retrieved November 16, 2023.
Internal MISP references
UUID df0c9cbd-8692-497e-9f81-cf9e44a3a5cd which can be used as unique global reference for Sekoia.io Raccoon Stealer June 28 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-16T00:00:00Z |
| date_published | 2022-06-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Raccoon Stealer v2 – Part 1: The return of the dead |
DOJ Iran Indictments March 2018
DOJ. (2018, March 23). U.S. v. Rafatnejad et al . Retrieved February 3, 2021.
Internal MISP references
UUID 7dfdccd5-d035-4678-89c1-f5f1630d7a79 which can be used as unique global reference for DOJ Iran Indictments March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-03T00:00:00Z |
| source | MITRE |
| title | Rafatnejad et al |
Sophos Ragnar May 2020
SophosLabs. (2020, May 21). Ragnar Locker ransomware deploys virtual machine to dodge security. Retrieved June 29, 2020.
Internal MISP references
UUID 04ed6dc0-45c2-4e36-8ec7-a75f6f715f0a which can be used as unique global reference for Sophos Ragnar May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-29T00:00:00Z |
| date_published | 2020-05-21T00:00:00Z |
| source | MITRE |
| title | Ragnar Locker ransomware deploys virtual machine to dodge security |
GitHub Raindance
Stringer, M.. (2018, November 21). RainDance. Retrieved October 6, 2019.
Internal MISP references
UUID 321bba10-06c6-4c4f-a3e0-318561fa0fed which can be used as unique global reference for GitHub Raindance in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| date_published | 2018-11-21T00:00:00Z |
| source | MITRE |
| title | RainDance |
Symantec RAINDROP January 2021
Symantec Threat Hunter Team. (2021, January 18). Raindrop: New Malware Discovered in SolarWinds Investigation. Retrieved January 19, 2021.
Internal MISP references
UUID 9185092d-3d99-466d-b885-f4e76fe74b6b which can be used as unique global reference for Symantec RAINDROP January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-19T00:00:00Z |
| date_published | 2021-01-18T00:00:00Z |
| source | MITRE |
| title | Raindrop: New Malware Discovered in SolarWinds Investigation |
Eset Ramsay May 2020
Sanmillan, I.. (2020, May 13). Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks. Retrieved May 27, 2020.
Internal MISP references
UUID 3c149b0b-f37c-4d4e-aa61-351c87fd57ce which can be used as unique global reference for Eset Ramsay May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-27T00:00:00Z |
| date_published | 2020-05-13T00:00:00Z |
| source | MITRE |
| title | Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks |
Rancor Unit42 June 2018
Ash, B., et al. (2018, June 26). RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families. Retrieved July 2, 2018.
Internal MISP references
UUID 45098a85-a61f-491a-a549-f62b02dc2ecd which can be used as unique global reference for Rancor Unit42 June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-02T00:00:00Z |
| date_published | 2018-06-26T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families |
FBI-ransomware
FBI. (n.d.). Ransomware. Retrieved August 18, 2023.
Internal MISP references
UUID 54e296c9-edcc-5af7-99be-b118da29711f which can be used as unique global reference for FBI-ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| source | MITRE |
| title | Ransomware |
IBM Ransomware Trends September 2020
Singleton, C. and Kiefer, C. (2020, September 28). Ransomware 2020: Attack Trends Affecting Organizations Worldwide. Retrieved September 20, 2021.
Internal MISP references
UUID eb767436-4a96-4e28-bd34-944842d7593e which can be used as unique global reference for IBM Ransomware Trends September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2020-09-28T00:00:00Z |
| source | MITRE |
| title | Ransomware 2020: Attack Trends Affecting Organizations Worldwide |
DHS/CISA Ransomware Targeting Healthcare October 2020
DHS/CISA. (2020, October 28). Ransomware Activity Targeting the Healthcare and Public Health Sector. Retrieved October 28, 2020.
Internal MISP references
UUID 984e86e6-32e4-493c-8172-3d29de4720cc which can be used as unique global reference for DHS/CISA Ransomware Targeting Healthcare October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-28T00:00:00Z |
| date_published | 2020-10-28T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Ransomware Activity Targeting the Healthcare and Public Health Sector |
FireEye Ransomware Feb 2020
Zafra, D., et al. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved March 2, 2021.
Internal MISP references
UUID 44856547-2de5-45ff-898f-a523095bd593 which can be used as unique global reference for FireEye Ransomware Feb 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-02T00:00:00Z |
| date_published | 2020-02-24T00:00:00Z |
| source | MITRE |
| title | Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT |
FireEye Ransomware Disrupt Industrial Production
Zafra, D. Lunden, K. Brubaker, N. Kennelly, J.. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved February 9, 2021.
Internal MISP references
UUID 9ffa0f35-98e4-4265-8b66-9c805a2b6525 which can be used as unique global reference for FireEye Ransomware Disrupt Industrial Production in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-09T00:00:00Z |
| date_published | 2020-02-24T00:00:00Z |
| source | MITRE |
| title | Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT |
Check Point Pay2Key November 2020
Check Point. (2020, November 6). Ransomware Alert: Pay2Key. Retrieved January 4, 2021.
Internal MISP references
UUID e4ea263d-f70e-4f9c-92a1-cb0e565a5ae9 which can be used as unique global reference for Check Point Pay2Key November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-04T00:00:00Z |
| date_published | 2020-11-06T00:00:00Z |
| source | MITRE |
| title | Ransomware Alert: Pay2Key |
Microsoft Ransomware as a Service
Microsoft. (2022, May 9). Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself. Retrieved March 10, 2023.
Internal MISP references
UUID 833018b5-6ef6-5327-9af5-1a551df25cd2 which can be used as unique global reference for Microsoft Ransomware as a Service in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-10T00:00:00Z |
| date_published | 2022-05-09T00:00:00Z |
| source | MITRE |
| title | Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself |
McAfee Maze March 2020
Mundo, A. (2020, March 26). Ransomware Maze. Retrieved May 18, 2020.
Internal MISP references
UUID 627a14dd-5300-4f58-869c-0ec91ffb664e which can be used as unique global reference for McAfee Maze March 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-18T00:00:00Z |
| date_published | 2020-03-26T00:00:00Z |
| source | MITRE |
| title | Ransomware Maze |
Sophos SystemBC December 16 2020
Sivagnanam Gn, Sean Gallagher. (2020, December 16). Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor. Retrieved September 21, 2023.
Internal MISP references
UUID eca1301f-deeb-4a97-8c4e-e61210706116 which can be used as unique global reference for Sophos SystemBC December 16 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| date_published | 2020-12-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor |
TrendMicro Akira October 5 2023
Trend Micro Research. (2023, October 5). Ransomware Spotlight: Akira. Retrieved February 27, 2024.
Internal MISP references
UUID 8f45fb21-c6ad-4b97-b459-da96eb643069 which can be used as unique global reference for TrendMicro Akira October 5 2023 in MISP communities and other software using the MISP galaxy
External references
- http:/www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-akira
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-27T00:00:00Z |
| date_published | 2023-10-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ransomware Spotlight: Akira |
Trend Micro AvosLocker Apr 2022
Trend Micro Research. (2022, April 4). Ransomware Spotlight AvosLocker. Retrieved January 11, 2023.
Internal MISP references
UUID 01fdc732-0951-59e2-afaf-5fe761357e7f which can be used as unique global reference for Trend Micro AvosLocker Apr 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-11T00:00:00Z |
| date_published | 2022-04-04T00:00:00Z |
| source | MITRE |
| title | Ransomware Spotlight AvosLocker |
Trend Micro Black Basta Spotlight September 2022
Trend Micro. (2022, September 1). Ransomware Spotlight Black Basta. Retrieved March 8, 2023.
Internal MISP references
UUID 1f2942ab-e6a9-5a50-b266-3436c8c0b5ec which can be used as unique global reference for Trend Micro Black Basta Spotlight September 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-09-01T00:00:00Z |
| source | MITRE |
| title | Ransomware Spotlight Black Basta |
Trend Micro BlackCat October 27 2022
Trend Micro Research. (2022, October 27). Ransomware Spotlight: BlackCat. Retrieved March 5, 2024.
Internal MISP references
UUID 94aef206-b4cb-4d91-9843-96cf50af157c which can be used as unique global reference for Trend Micro BlackCat October 27 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-05T00:00:00Z |
| date_published | 2022-10-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ransomware Spotlight: BlackCat |
Trend Micro LockBit Spotlight February 08 2023
Trend Micro Research. (2022, February 8). Ransomware Spotlight: LockBit. Retrieved August 18, 2023.
Internal MISP references
UUID f72dade0-ec82-40e7-96a0-9f124d59bd35 which can be used as unique global reference for Trend Micro LockBit Spotlight February 08 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2022-02-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ransomware Spotlight: LockBit |
Trend Micro Play Spotlight July 21 2023
Trend Micro Research. (2023, July 21). Ransomware Spotlight: Play. Retrieved August 10, 2023.
Internal MISP references
UUID 6cf9c6f0-7818-45dd-9afc-f69e394c23e4 which can be used as unique global reference for Trend Micro Play Spotlight July 21 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-10T00:00:00Z |
| date_published | 2023-07-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ransomware Spotlight: Play |
Group IB Ransomware May 2020
Group IB. (2020, May). Ransomware Uncovered: Attackers’ Latest Methods. Retrieved August 5, 2020.
Internal MISP references
UUID 18d20965-f1f4-439f-a4a3-34437ad1fe14 which can be used as unique global reference for Group IB Ransomware May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-05T00:00:00Z |
| date_published | 2020-05-01T00:00:00Z |
| source | MITRE |
| title | Ransomware Uncovered: Attackers’ Latest Methods |
GitHub ransomwatch
joshhighet. (n.d.). ransomwatch. Retrieved June 30, 2023.
Internal MISP references
UUID 62037959-58e4-475a-bb91-ff360d20c1d7 which can be used as unique global reference for GitHub ransomwatch in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ransomwatch |
PyPI RAR
mkz. (2020). rarfile 3.1. Retrieved February 20, 2020.
Internal MISP references
UUID e40d1cc8-b8c7-4f43-b6a7-c50a4f7bf1f0 which can be used as unique global reference for PyPI RAR in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-20T00:00:00Z |
| date_published | 2020-01-01T00:00:00Z |
| source | MITRE |
| title | rarfile 3.1 |
WinRAR Homepage
A. Roshal. (2020). RARLAB. Retrieved February 20, 2020.
Internal MISP references
UUID c1334e4f-67c8-451f-b50a-86003f6e3d3b which can be used as unique global reference for WinRAR Homepage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-20T00:00:00Z |
| date_published | 2020-01-01T00:00:00Z |
| source | MITRE |
| title | RARLAB |
Aquino RARSTONE
Aquino, M. (2013, June 13). RARSTONE Found In Targeted Attacks. Retrieved December 17, 2015.
Internal MISP references
UUID 2327592e-4e8a-481e-bdf9-d548c776adee which can be used as unique global reference for Aquino RARSTONE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-17T00:00:00Z |
| date_published | 2013-06-13T00:00:00Z |
| source | MITRE |
| title | RARSTONE Found In Targeted Attacks |
Rasautou.exe - LOLBAS Project
LOLBAS. (2020, January 10). Rasautou.exe. Retrieved December 4, 2023.
Internal MISP references
UUID dc299f7a-403b-4a22-9386-0be3e160d185 which can be used as unique global reference for Rasautou.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-01-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Rasautou.exe |
Red Canary Raspberry Robin May 2022
Lauren Podber, Stef Rand. (2022, May 5). Raspberry Robin gets the worm early. Retrieved May 19, 2023.
Internal MISP references
UUID fb04d89a-3f39-48be-b986-9c4eac4dd8a4 which can be used as unique global reference for Red Canary Raspberry Robin May 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| date_published | 2022-05-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Raspberry Robin gets the worm early |
Microsoft Security Raspberry Robin October 2022
Microsoft Threat Intelligence. (2022, October 27). Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity. Retrieved May 19, 2023.
Internal MISP references
UUID 8017e42a-8373-4d24-8d89-638a925b704b which can be used as unique global reference for Microsoft Security Raspberry Robin October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| date_published | 2022-10-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity |
Dragos Raspite Aug 2018
Dragos, Inc. (2018, August 2). RASPITE. Retrieved November 26, 2018.
Internal MISP references
UUID bf4ccd52-0a03-41b6-bde7-34ead90171c3 which can be used as unique global reference for Dragos Raspite Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-26T00:00:00Z |
| date_published | 2018-08-02T00:00:00Z |
| source | MITRE |
| title | RASPITE |
RATANKBA
Trend Micro. (2017, February 27). RATANKBA: Delving into Large-scale Watering Holes against Enterprises. Retrieved May 22, 2018.
Internal MISP references
UUID 7d08ec64-7fb8-4520-b26b-95b0dee891fe which can be used as unique global reference for RATANKBA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-22T00:00:00Z |
| date_published | 2017-02-27T00:00:00Z |
| source | MITRE |
| title | RATANKBA: Delving into Large-scale Watering Holes against Enterprises |
TrendMicro RawPOS April 2015
TrendLabs Security Intelligence Blog. (2015, April). RawPOS Technical Brief. Retrieved October 4, 2017.
Internal MISP references
UUID e483ed86-713b-42c6-ad77-e9b889bbcb81 which can be used as unique global reference for TrendMicro RawPOS April 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-04T00:00:00Z |
| date_published | 2015-04-01T00:00:00Z |
| source | MITRE |
| title | RawPOS Technical Brief |
Rclone
Nick Craig-Wood. (n.d.). Rclone syncs your files to cloud storage. Retrieved August 30, 2022.
Internal MISP references
UUID 3c7824de-d958-4254-beec-bc4e5ab989b0 which can be used as unique global reference for Rclone in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-30T00:00:00Z |
| source | MITRE |
| title | Rclone syncs your files to cloud storage |
Rclone Wars
Justin Schoenfeld and Aaron Didier. (2021, May 4). Rclone Wars: Transferring leverage in a ransomware attack. Retrieved August 30, 2022.
Internal MISP references
UUID d47e5f7c-cf70-4f7c-ac83-57e4e1187485 which can be used as unique global reference for Rclone Wars in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-30T00:00:00Z |
| date_published | 2021-05-04T00:00:00Z |
| source | MITRE |
| title | Rclone Wars: Transferring leverage in a ransomware attack |
rcsi.exe - LOLBAS Project
LOLBAS. (2018, May 25). rcsi.exe. Retrieved December 4, 2023.
Internal MISP references
UUID dc02058a-7ed3-4253-a976-6f99b9e91406 which can be used as unique global reference for rcsi.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | rcsi.exe |
RDP Hijacking Medium
Beaumont, K. (2017, March 19). RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation. Retrieved December 11, 2017.
Internal MISP references
UUID 0a615508-c155-4004-86b8-916bbfd8ae42 which can be used as unique global reference for RDP Hijacking Medium in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-11T00:00:00Z |
| date_published | 2017-03-19T00:00:00Z |
| source | MITRE |
| title | RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation |
RDPWrap Github
Stas'M Corp. (2014, October 22). RDP Wrapper Library by Stas'M. Retrieved March 28, 2022.
Internal MISP references
UUID 777a0a6f-3684-4888-ae1b-adc386be763a which can be used as unique global reference for RDPWrap Github in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-28T00:00:00Z |
| date_published | 2014-10-22T00:00:00Z |
| source | MITRE |
| title | RDP Wrapper Library by Stas'M |
rdrleakdiag.exe - LOLBAS Project
LOLBAS. (2022, May 18). rdrleakdiag.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 1feff728-2230-4a45-bd64-6093f8b42646 which can be used as unique global reference for rdrleakdiag.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-05-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | rdrleakdiag.exe |
ESET RTM Feb 2017
Faou, M. and Boutin, J. (2017, February). Read The Manual: A Guide to the RTM Banking Trojan. Retrieved March 9, 2017.
Internal MISP references
UUID ab2cced7-05b8-4788-8d3c-8eadb0aaf38c which can be used as unique global reference for ESET RTM Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-09T00:00:00Z |
| date_published | 2017-02-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Read The Manual: A Guide to the RTM Banking Trojan |
FireEye Sunshop Campaign May 2013
Moran, N. (2013, May 20). Ready for Summer: The Sunshop Campaign. Retrieved March 19, 2018.
Internal MISP references
UUID ec246c7a-3396-46f9-acc4-a100cb5e5fe6 which can be used as unique global reference for FireEye Sunshop Campaign May 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2013-05-20T00:00:00Z |
| source | MITRE |
| title | Ready for Summer: The Sunshop Campaign |
Mandiant golang stripped binaries explanation
STEPHEN ECKELS. (2022, February 28). Ready, Set, Go — Golang Internals and Symbol Recovery. Retrieved September 29, 2022.
Internal MISP references
UUID 60eb0109-9655-41ab-bf76-37b17bf9594a which can be used as unique global reference for Mandiant golang stripped binaries explanation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-29T00:00:00Z |
| date_published | 2022-02-28T00:00:00Z |
| source | MITRE |
| title | Ready, Set, Go — Golang Internals and Symbol Recovery |
reagentc_cmd
Microsoft, EliotSeattle, et al. (2022, August 18). REAgentC command-line options. Retrieved October 19, 2022.
Internal MISP references
UUID d26c830b-c196-5503-bf8c-4cfe90a6e7e5 which can be used as unique global reference for reagentc_cmd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-19T00:00:00Z |
| date_published | 2022-08-18T00:00:00Z |
| source | MITRE |
| title | REAgentC command-line options |
Microsoft DART Case Report 001
Berk Veral. (2020, March 9). Real-life cybercrime stories from DART, the Microsoft Detection and Response Team. Retrieved May 27, 2022.
Internal MISP references
UUID bd8c6a86-1a63-49cd-a97f-3d119e4223d4 which can be used as unique global reference for Microsoft DART Case Report 001 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2020-03-09T00:00:00Z |
| source | MITRE |
| title | Real-life cybercrime stories from DART, the Microsoft Detection and Response Team |
Sans ARP Spoofing Aug 2003
Siles, R. (2003, August). Real World ARP Spoofing. Retrieved October 15, 2020.
Internal MISP references
UUID 1f9f5bfc-c044-4046-8586-39163a305c1e which can be used as unique global reference for Sans ARP Spoofing Aug 2003 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| date_published | 2003-08-01T00:00:00Z |
| source | MITRE |
| title | Real World ARP Spoofing |
Github CLI Create Webhook
Github. (n.d.). Receiving webhooks with the GitHub CLI. Retrieved August 4, 2023.
Internal MISP references
UUID 8ddee62e-adc0-5b28-b271-4b14b01f84c1 which can be used as unique global reference for Github CLI Create Webhook in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| source | MITRE |
| title | Receiving webhooks with the GitHub CLI |
Kaspersky Cloud Atlas August 2019
GReAT. (2019, August 12). Recent Cloud Atlas activity. Retrieved May 8, 2020.
Internal MISP references
UUID 4c3ae600-0787-4847-b528-ae3e8ff1b5ef which can be used as unique global reference for Kaspersky Cloud Atlas August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-08T00:00:00Z |
| date_published | 2019-08-12T00:00:00Z |
| source | MITRE |
| title | Recent Cloud Atlas activity |
Talos MuddyWater May 2019
Adamitis, D. et al. (2019, May 20). Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques. Retrieved June 5, 2019.
Internal MISP references
UUID 5b8b6429-14ef-466b-b806-5603e694efc1 which can be used as unique global reference for Talos MuddyWater May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-05T00:00:00Z |
| date_published | 2019-05-20T00:00:00Z |
| source | MITRE |
| title | Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques |
Free Desktop Entry Keys
Free Desktop. (2017, December 24). Recognized Desktop Entry Keys. Retrieved September 12, 2019.
Internal MISP references
UUID 4ffb9866-1cf4-46d1-b7e5-d75bd98de018 which can be used as unique global reference for Free Desktop Entry Keys in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| date_published | 2017-12-24T00:00:00Z |
| source | MITRE |
| title | Recognized Desktop Entry Keys |
Recorded Future APT3 May 2017
Insikt Group (Recorded Future). (2017, May 17). Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3. Retrieved June 18, 2017.
Internal MISP references
UUID a894d79f-5977-4ef9-9aa5-7bfec795ceb2 which can be used as unique global reference for Recorded Future APT3 May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-18T00:00:00Z |
| date_published | 2017-05-17T00:00:00Z |
| source | MITRE |
| title | Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3 |
Trend Micro Daserf Nov 2017
Chen, J. and Hsieh, M. (2017, November 7). REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography. Retrieved December 27, 2017.
Internal MISP references
UUID 4ca0e6a9-8c20-49a0-957a-7108083a8a29 which can be used as unique global reference for Trend Micro Daserf Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-27T00:00:00Z |
| date_published | 2017-11-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography |
RHEL auditd
Jahoda, M. et al.. (2017, March 14). redhat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.
Internal MISP references
UUID cdedab06-7745-4a5e-aa62-00ed81ccc8d0 which can be used as unique global reference for RHEL auditd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-03-14T00:00:00Z |
| source | MITRE |
| title | redhat Security Guide - Chapter 7 - System Auditing |
Red Hat System Auditing
Jahoda, M. et al.. (2017, March 14). Red Hat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.
Internal MISP references
UUID 599337b3-8587-5578-9be5-e6e4f0edd0ef which can be used as unique global reference for Red Hat System Auditing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-03-14T00:00:00Z |
| source | MITRE |
| title | Red Hat Security Guide - Chapter 7 - System Auditing |
Cylance Redirect to SMB
Cylance. (2015, April 13). Redirect to SMB. Retrieved December 21, 2017.
Internal MISP references
UUID 32c7626a-b284-424c-8294-7fac37e71336 which can be used as unique global reference for Cylance Redirect to SMB in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2015-04-13T00:00:00Z |
| source | MITRE |
| title | Redirect to SMB |
Black Hills Red Teaming MS AD Azure, 2018
Felch, M.. (2018, August 31). Red Teaming Microsoft Part 1 Active Directory Leaks via Azure. Retrieved October 6, 2019.
Internal MISP references
UUID 48971032-8fa2-40ff-adef-e91d7109b859 which can be used as unique global reference for Black Hills Red Teaming MS AD Azure, 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| date_published | 2018-08-31T00:00:00Z |
| source | MITRE |
| title | Red Teaming Microsoft Part 1 Active Directory Leaks via Azure |
OutFlank System Calls
de Plaa, C. (2019, June 19). Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR. Retrieved September 29, 2021.
Internal MISP references
UUID c4c3370a-2d6b-4ebd-961e-58d584066377 which can be used as unique global reference for OutFlank System Calls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2019-06-19T00:00:00Z |
| source | MITRE |
| title | Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR |
US-CERT TA17-156A SNMP Abuse 2017
US-CERT. (2017, June 5). Reducing the Risk of SNMP Abuse. Retrieved October 19, 2020.
Internal MISP references
UUID 82b814f3-2853-48a9-93ff-701d16d97535 which can be used as unique global reference for US-CERT TA17-156A SNMP Abuse 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2017-06-05T00:00:00Z |
| source | MITRE |
| title | Reducing the Risk of SNMP Abuse |
Cloudflare ReflectionDoS May 2017
Marek Majkowsk, Cloudflare. (2017, May 24). Reflections on reflection (attacks). Retrieved April 23, 2019.
Internal MISP references
UUID a6914c13-f95f-4c30-a129-905ed43e3454 which can be used as unique global reference for Cloudflare ReflectionDoS May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2017-05-24T00:00:00Z |
| source | MITRE |
| title | Reflections on reflection (attacks) |
Trend Micro
Karen Victor. (2020, May 18). Reflective Loading Runs Netwalker Fileless Ransomware. Retrieved September 30, 2022.
Internal MISP references
UUID 2d4cb6f1-bc44-454b-94c1-88a81324903e which can be used as unique global reference for Trend Micro in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2020-05-18T00:00:00Z |
| source | MITRE |
| title | Reflective Loading Runs Netwalker Fileless Ransomware |
Microsoft Reg
Microsoft. (2012, April 17). Reg. Retrieved May 1, 2015.
Internal MISP references
UUID 1e1b21bd-18b3-4c77-8eb8-911b028ab603 which can be used as unique global reference for Microsoft Reg in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-05-01T00:00:00Z |
| date_published | 2012-04-17T00:00:00Z |
| source | MITRE |
| title | Reg |
LOLBAS Regasm
LOLBAS. (n.d.). Regasm.exe. Retrieved July 31, 2019.
Internal MISP references
UUID b6a3356f-72c2-4ec2-a276-2432eb691055 which can be used as unique global reference for LOLBAS Regasm in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Regasm.exe |
MSDN Regasm
Microsoft. (n.d.). Regasm.exe (Assembly Registration Tool). Retrieved July 1, 2016.
Internal MISP references
UUID 66a3de54-4a16-4b1b-b18f-e3842aeb7b40 which can be used as unique global reference for MSDN Regasm in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-01T00:00:00Z |
| source | MITRE |
| title | Regasm.exe (Assembly Registration Tool) |
Microsoft RegDelNull July 2016
Russinovich, M. & Sharkey, K. (2016, July 4). RegDelNull v1.11. Retrieved August 10, 2018.
Internal MISP references
UUID d34d35ee-9d0b-4556-ad19-04cfa9001bf2 which can be used as unique global reference for Microsoft RegDelNull July 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-10T00:00:00Z |
| date_published | 2016-07-04T00:00:00Z |
| source | MITRE |
| title | RegDelNull v1.11 |
Regedit.exe - LOLBAS Project
LOLBAS. (2018, May 25). Regedit.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 86e47198-751b-4754-8741-6dd8f2960416 which can be used as unique global reference for Regedit.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Regedit.exe |
Reg.exe - LOLBAS Project
LOLBAS. (2018, May 25). Reg.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ba0e31a1-125b-43c3-adf0-567ca393eeab which can be used as unique global reference for Reg.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Reg.exe |
Microsoft Reghide NOV 2006
Russinovich, M. & Sharkey, K. (2006, January 10). Reghide. Retrieved August 9, 2018.
Internal MISP references
UUID 42503ec7-f5da-4116-a3b3-a1b18a66eed3 which can be used as unique global reference for Microsoft Reghide NOV 2006 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-09T00:00:00Z |
| date_published | 2006-01-10T00:00:00Z |
| source | MITRE |
| title | Reghide |
Regini.exe - LOLBAS Project
LOLBAS. (2020, July 3). Regini.exe. Retrieved December 4, 2023.
Internal MISP references
UUID db2573d2-6ecd-4c5a-b038-2f799f9723ae which can be used as unique global reference for Regini.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-07-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Regini.exe |
Register-cimprovider.exe - LOLBAS Project
LOLBAS. (2018, May 25). Register-cimprovider.exe. Retrieved December 4, 2023.
Internal MISP references
UUID d445d016-c4f1-45c8-929d-913867275417 which can be used as unique global reference for Register-cimprovider.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Register-cimprovider.exe |
Microsoft Registry
Microsoft. (2018, May 31). Registry. Retrieved September 29, 2021.
Internal MISP references
UUID 08dc94ff-a289-45bd-93c2-1183fd507493 which can be used as unique global reference for Microsoft Registry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Registry |
Tilbury 2014
Tilbury, C. (2014, August 28). Registry Analysis with CrowdResponse. Retrieved November 12, 2014.
Internal MISP references
UUID 136325ee-0712-49dd-b3ab-a6f2bfb218b0 which can be used as unique global reference for Tilbury 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-08-28T00:00:00Z |
| source | MITRE |
| title | Registry Analysis with CrowdResponse |
Microsoft COR_PROFILER Feb 2013
Microsoft. (2013, February 4). Registry-Free Profiler Startup and Attach. Retrieved June 24, 2020.
Internal MISP references
UUID 4e85ef68-dfb7-4db3-ac76-92f4b78cb1cd which can be used as unique global reference for Microsoft COR_PROFILER Feb 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| date_published | 2013-02-04T00:00:00Z |
| source | MITRE |
| title | Registry-Free Profiler Startup and Attach |
Microsoft Registry Auditing Aug 2016
Microsoft. (2016, August 31). Registry (Global Object Access Auditing). Retrieved January 31, 2018.
Internal MISP references
UUID f58ac1e4-c470-4aac-a077-7f358e25b0fa which can be used as unique global reference for Microsoft Registry Auditing Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Registry (Global Object Access Auditing) |
MSDN Registry Key Security
Microsoft. (n.d.). Registry Key Security and Access Rights. Retrieved March 16, 2017.
Internal MISP references
UUID c5627d86-1b59-4c2a-aac0-88f1b4dc6974 which can be used as unique global reference for MSDN Registry Key Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-16T00:00:00Z |
| source | MITRE |
| title | Registry Key Security and Access Rights |
Registry Key Security
Microsoft. (2018, May 31). Registry Key Security and Access Rights. Retrieved March 16, 2017.
Internal MISP references
UUID f8f12cbb-029c-48b1-87ce-624a7f98c8ab which can be used as unique global reference for Registry Key Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-16T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Registry Key Security and Access Rights |
Microsoft Registry Drivers
Microsoft. (2021, December 14). Registry Trees for Devices and Drivers. Retrieved March 28, 2023.
Internal MISP references
UUID 4bde767e-d4a7-56c5-9aa3-b3f3cc2e3e70 which can be used as unique global reference for Microsoft Registry Drivers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| date_published | 2021-12-14T00:00:00Z |
| source | MITRE |
| title | Registry Trees for Devices and Drivers |
Microsoft System Wide Com Keys
Microsoft. (n.d.). Registry Values for System-Wide Security. Retrieved November 21, 2017.
Internal MISP references
UUID e0836ebc-66fd-46ac-adf6-727b46f2fb38 which can be used as unique global reference for Microsoft System Wide Com Keys in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| source | MITRE |
| title | Registry Values for System-Wide Security |
LOLBAS Regsvcs
LOLBAS. (n.d.). Regsvcs.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 3f669f4c-0b94-4b78-ad3e-fd62f7600902 which can be used as unique global reference for LOLBAS Regsvcs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Regsvcs.exe |
MSDN Regsvcs
Microsoft. (n.d.). Regsvcs.exe (.NET Services Installation Tool). Retrieved July 1, 2016.
Internal MISP references
UUID 4f3651df-159e-4006-8cb6-de0d0712a194 which can be used as unique global reference for MSDN Regsvcs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-01T00:00:00Z |
| source | MITRE |
| title | Regsvcs.exe (.NET Services Installation Tool) |
LOLBAS Regsvr32
LOLBAS. (n.d.). Regsvr32.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 8e32abef-534e-475a-baad-946b6ec681c1 which can be used as unique global reference for LOLBAS Regsvr32 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Regsvr32.exe |
Fortinet Remcos Feb 2017
Bacurio, F., Salvio, J. (2017, February 14). REMCOS: A New RAT In The Wild. Retrieved November 6, 2018.
Internal MISP references
UUID c4d5d6e7-47c0-457a-b396-53d34f87e444 which can be used as unique global reference for Fortinet Remcos Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-06T00:00:00Z |
| date_published | 2017-02-14T00:00:00Z |
| source | MITRE |
| title | REMCOS: A New RAT In The Wild |
Mandiant Remediation and Hardening Strategies for Microsoft 365
Mandiant. (2022, August). Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29. Retrieved February 21, 2023.
Internal MISP references
UUID 4054604b-7c0f-5012-b40c-2b117f6b54c2 which can be used as unique global reference for Mandiant Remediation and Hardening Strategies for Microsoft 365 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-08-01T00:00:00Z |
| source | MITRE |
| title | Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29 |
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
Mike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved September 25, 2021.
Internal MISP references
UUID 7aa5c294-df8e-4994-9b9e-69444d75ef37 which can be used as unique global reference for Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-25T00:00:00Z |
| date_published | 2021-01-19T00:00:00Z |
| source | MITRE |
| title | Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 |
Mandiant Defend UNC2452 White Paper
Mandiant. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved January 22, 2021.
Internal MISP references
UUID ed031297-d0f5-44a7-9723-ba692e923a6e which can be used as unique global reference for Mandiant Defend UNC2452 White Paper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-22T00:00:00Z |
| date_published | 2021-01-19T00:00:00Z |
| source | MITRE |
| title | Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 |
TechNet Remote Desktop Services
Microsoft. (n.d.). Remote Desktop Services. Retrieved June 1, 2016.
Internal MISP references
UUID b8fc1bdf-f602-4a9b-a51c-fa49e70f24cd which can be used as unique global reference for TechNet Remote Desktop Services in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-01T00:00:00Z |
| source | MITRE |
| title | Remote Desktop Services |
Remote.exe - LOLBAS Project
LOLBAS. (2021, June 1). Remote.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9a298f83-80b8-45a3-9f63-6119be6621b4 which can be used as unique global reference for Remote.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-06-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Remote.exe |
Microsoft Remote Use of Local
Margosis, A.. (2018, December 10). Remote Use of Local Accounts: LAPS Changes Everything. Retrieved March 13, 2020.
Internal MISP references
UUID 2239d595-4b80-4828-9d06-f8de221f9534 which can be used as unique global reference for Microsoft Remote Use of Local in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-13T00:00:00Z |
| date_published | 2018-12-10T00:00:00Z |
| source | MITRE |
| title | Remote Use of Local Accounts: LAPS Changes Everything |
SigmaHQ
Sittikorn S. (2022, April 15). Removal Of SD Value to Hide Schedule Task - Registry. Retrieved June 1, 2022.
Internal MISP references
UUID 27812e3f-9177-42ad-8681-91c65aba4743 which can be used as unique global reference for SigmaHQ in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| date_published | 2022-04-15T00:00:00Z |
| source | MITRE |
| title | Removal Of SD Value to Hide Schedule Task - Registry |
disable_win_evt_logging
Heiligenstein, L. (n.d.). REP-25: Disable Windows Event Logging. Retrieved April 7, 2022.
Internal MISP references
UUID 408c0c8c-5d8e-5ebe-bd31-81b405c615d8 which can be used as unique global reference for disable_win_evt_logging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-07T00:00:00Z |
| source | MITRE |
| title | REP-25: Disable Windows Event Logging |
Microsoft Replace Process Token
Brower, N., Lich, B. (2017, April 19). Replace a process level token. Retrieved December 19, 2017.
Internal MISP references
UUID 75130a36-e859-438b-9536-410c2831b2de which can be used as unique global reference for Microsoft Replace Process Token in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | Replace a process level token |
Replace.exe - LOLBAS Project
LOLBAS. (2018, May 25). Replace.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 82a473e9-208c-4c47-bf38-92aee43238dd which can be used as unique global reference for Replace.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Replace.exe |
Bugcrowd Replay Attack
Bugcrowd. (n.d.). Replay Attack. Retrieved September 27, 2023.
Internal MISP references
UUID ed31056c-23cb-5cb0-9b70-f363c54b27f7 which can be used as unique global reference for Bugcrowd Replay Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| source | MITRE |
| title | Replay Attack |
Mac Forwarding Rules
Apple. (n.d.). Reply to, forward, or redirect emails in Mail on Mac. Retrieved June 22, 2021.
Internal MISP references
UUID 0ff40575-cd2d-4a70-a07b-fff85f520062 which can be used as unique global reference for Mac Forwarding Rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-22T00:00:00Z |
| source | MITRE |
| title | Reply to, forward, or redirect emails in Mail on Mac |
GitHub Reptile
Augusto, I. (2018, March 8). Reptile - LMK Linux rootkit. Retrieved April 9, 2018.
Internal MISP references
UUID 6e8cc88a-fb3f-4464-9380-868f597def6e which can be used as unique global reference for GitHub Reptile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2018-03-08T00:00:00Z |
| source | MITRE |
| title | Reptile - LMK Linux rootkit |
AWS Temporary Security Credentials
AWS. (n.d.). Requesting temporary security credentials. Retrieved April 1, 2022.
Internal MISP references
UUID c6f29134-5af2-42e1-af4f-fbb9eae03432 which can be used as unique global reference for AWS Temporary Security Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| source | MITRE |
| title | Requesting temporary security credentials |
ARS Technica China Hack SK April 2017
Sean Gallagher. (2017, April 21). Researchers claim China trying to hack South Korea missile defense efforts. Retrieved October 17, 2021.
Internal MISP references
UUID c9c647b6-f4fb-44d6-9376-23c1ae9520b4 which can be used as unique global reference for ARS Technica China Hack SK April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-17T00:00:00Z |
| date_published | 2017-04-21T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Researchers claim China trying to hack South Korea missile defense efforts |
Wired SandCat Oct 2019
Zetter, K. (2019, October 3). Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC. Retrieved October 15, 2020.
Internal MISP references
UUID 5f28adee-1313-48ec-895c-27341bd1071f which can be used as unique global reference for Wired SandCat Oct 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| date_published | 2019-10-03T00:00:00Z |
| source | MITRE |
| title | Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC |
MSitPros CMSTP Aug 2017
Moe, O. (2017, August 15). Research on CMSTP.exe. Retrieved April 11, 2018.
Internal MISP references
UUID 8dbbf13b-e73c-43c2-a053-7b07fdf25c85 which can be used as unique global reference for MSitPros CMSTP Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2017-08-15T00:00:00Z |
| source | MITRE |
| title | Research on CMSTP.exe |
sentinellabs resource named fork 2020
Phil Stokes. (2020, November 5). Resourceful macOS Malware Hides in Named Fork. Retrieved October 12, 2021.
Internal MISP references
UUID 0008dfd8-25a1-4e6a-9154-da7bcbb7daa7 which can be used as unique global reference for sentinellabs resource named fork 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2020-11-05T00:00:00Z |
| source | MITRE |
| title | Resourceful macOS Malware Hides in Named Fork |
GitHub Responder
Gaffie, L. (2016, August 25). Responder. Retrieved November 17, 2017.
Internal MISP references
UUID 3ef681a9-4ab0-420b-9d1a-b8152c50b3ca which can be used as unique global reference for GitHub Responder in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| date_published | 2016-08-25T00:00:00Z |
| source | MITRE |
| title | Responder |
Mandiant UNC2589 March 2022
Sadowski, J; Hall, R. (2022, March 4). Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation. Retrieved June 9, 2022.
Internal MISP references
UUID 63d89139-9dd4-4ed6-bf6e-8cd872c5d034 which can be used as unique global reference for Mandiant UNC2589 March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-09T00:00:00Z |
| date_published | 2022-03-04T00:00:00Z |
| source | MITRE |
| title | Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation |
CrowdStrike BGH Ransomware 2021
Falcon Complete Team. (2021, May 11). Response When Minutes Matter: Rising Up Against Ransomware. Retrieved October 8, 2021.
Internal MISP references
UUID a4cb3caf-e7ef-4662-93c6-63a0c3352a32 which can be used as unique global reference for CrowdStrike BGH Ransomware 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-08T00:00:00Z |
| date_published | 2021-05-11T00:00:00Z |
| source | MITRE |
| title | Response When Minutes Matter: Rising Up Against Ransomware |
Google - Restore Cloud Snapshot
Google. (2019, October 7). Restoring and deleting persistent disk snapshots. Retrieved October 8, 2019.
Internal MISP references
UUID ffa46676-518e-4fef-965d-e91efae95dfc which can be used as unique global reference for Google - Restore Cloud Snapshot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2019-10-07T00:00:00Z |
| source | MITRE |
| title | Restoring and deleting persistent disk snapshots |
Google Instances Resource
Google. (n.d.). Rest Resource: instance. Retrieved March 3, 2020.
Internal MISP references
UUID 9733447c-072f-4da8-9cc7-0a0ce6a3b820 which can be used as unique global reference for Google Instances Resource in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-03T00:00:00Z |
| source | MITRE |
| title | Rest Resource: instance |
Secureworks IRON LIBERTY July 2019
Secureworks. (2019, July 24). Resurgent Iron Liberty Targeting Energy Sector. Retrieved August 12, 2020.
Internal MISP references
UUID c666200d-5392-43f2-9ad0-1268d7b2e86f which can be used as unique global reference for Secureworks IRON LIBERTY July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-12T00:00:00Z |
| date_published | 2019-07-24T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Resurgent Iron Liberty Targeting Energy Sector |
Palo Alto Retefe
Levene, B., Falcone, R., Grunzweig, J., Lee, B., Olson, R. (2015, August 20). Retefe Banking Trojan Targets Sweden, Switzerland and Japan. Retrieved July 3, 2017.
Internal MISP references
UUID 52f841b0-10a8-4f48-8265-5b336489ff80 which can be used as unique global reference for Palo Alto Retefe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2015-08-20T00:00:00Z |
| source | MITRE |
| title | Retefe Banking Trojan Targets Sweden, Switzerland and Japan |
AWS Secrets Manager
AWS. (n.d.). Retrieve secrets from AWS Secrets Manager. Retrieved September 25, 2023.
Internal MISP references
UUID ec87e183-3018-5cac-9fab-711003be54f7 which can be used as unique global reference for AWS Secrets Manager in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-25T00:00:00Z |
| source | MITRE |
| title | Retrieve secrets from AWS Secrets Manager |
Directory Services Internals DPAPI Backup Keys Oct 2015
Grafnetter, M. (2015, October 26). Retrieving DPAPI Backup Keys from Active Directory. Retrieved December 19, 2017.
Internal MISP references
UUID e48dc4ce-e7c5-44e4-b033-7ab4bbdbe1cb which can be used as unique global reference for Directory Services Internals DPAPI Backup Keys Oct 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| date_published | 2015-10-26T00:00:00Z |
| source | MITRE |
| title | Retrieving DPAPI Backup Keys from Active Directory |
Malwarebytes RokRAT VBA January 2021
Jazi, Hossein. (2021, January 6). Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat. Retrieved March 22, 2022.
Internal MISP references
UUID 62ad7dbc-3ed2-4fa5-a56a-2810ce131167 which can be used as unique global reference for Malwarebytes RokRAT VBA January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-22T00:00:00Z |
| date_published | 2021-01-06T00:00:00Z |
| source | MITRE |
| title | Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat |
jRAT Symantec Aug 2018
Sharma, R. (2018, August 15). Revamped jRAT Uses New Anti-Parsing Techniques. Retrieved September 21, 2018.
Internal MISP references
UUID 8aed9534-2ec6-4c9f-b63b-9bb135432cfb which can be used as unique global reference for jRAT Symantec Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-21T00:00:00Z |
| date_published | 2018-08-15T00:00:00Z |
| source | MITRE |
| title | Revamped jRAT Uses New Anti-Parsing Techniques |
Morphisec Snip3 May 2021
Lorber, N. (2021, May 7). Revealing the Snip3 Crypter, a Highly Evasive RAT Loader. Retrieved September 13, 2023.
Internal MISP references
UUID abe44c50-8347-5c98-8b04-d41afbe59d4c which can be used as unique global reference for Morphisec Snip3 May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-13T00:00:00Z |
| date_published | 2021-05-07T00:00:00Z |
| source | MITRE |
| title | Revealing the Snip3 Crypter, a Highly Evasive RAT Loader |
Microsoft DUBNIUM June 2016
Microsoft. (2016, June 9). Reverse-engineering DUBNIUM. Retrieved March 31, 2021.
Internal MISP references
UUID ae28afad-e2d6-4c3c-a309-ee7c44a3e586 which can be used as unique global reference for Microsoft DUBNIUM June 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-31T00:00:00Z |
| date_published | 2016-06-09T00:00:00Z |
| source | MITRE |
| title | Reverse-engineering DUBNIUM |
Microsoft DUBNIUM Flash June 2016
Microsoft. (2016, June 20). Reverse-engineering DUBNIUM’s Flash-targeting exploit. Retrieved March 31, 2021.
Internal MISP references
UUID 999a471e-6373-463b-a77b-d3020b4a8702 which can be used as unique global reference for Microsoft DUBNIUM Flash June 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-31T00:00:00Z |
| date_published | 2016-06-20T00:00:00Z |
| source | MITRE |
| title | Reverse-engineering DUBNIUM’s Flash-targeting exploit |
Microsoft DUBNIUM July 2016
Microsoft. (2016, July 14). Reverse engineering DUBNIUM – Stage 2 payload analysis . Retrieved March 31, 2021.
Internal MISP references
UUID e1bd8fb3-e0b4-4659-85a1-d37e1c3d167f which can be used as unique global reference for Microsoft DUBNIUM July 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-31T00:00:00Z |
| date_published | 2016-07-14T00:00:00Z |
| source | MITRE |
| title | Reverse engineering DUBNIUM – Stage 2 payload analysis |
CSRB LAPSUS$ July 24 2023
Cyber Safety Review Board. (2023, July 24). Review of the Attacks Associated with LAPSUS$ and Related Threat Groups. Retrieved November 16, 2023.
Internal MISP references
UUID f8311977-303c-4d05-a7f4-25b3ae36318b which can be used as unique global reference for CSRB LAPSUS$ July 24 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-16T00:00:00Z |
| date_published | 2023-07-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Review of the Attacks Associated with LAPSUS$ and Related Threat Groups |
Intel 471 REvil March 2020
Intel 471 Malware Intelligence team. (2020, March 31). REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation. Retrieved August 4, 2020.
Internal MISP references
UUID b939dc98-e00e-4d47-84a4-3eaaeb5c0abf which can be used as unique global reference for Intel 471 REvil March 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2020-03-31T00:00:00Z |
| source | MITRE |
| title | REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation |
BleepingComputer REvil 2021
Abrams, L. (2021, March 19). REvil ransomware has a new ‘Windows Safe Mode’ encryption mode. Retrieved June 23, 2021.
Internal MISP references
UUID 790ef274-aea4-49b7-8b59-1b95185c5f50 which can be used as unique global reference for BleepingComputer REvil 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-23T00:00:00Z |
| date_published | 2021-03-19T00:00:00Z |
| source | MITRE |
| title | REvil ransomware has a new ‘Windows Safe Mode’ encryption mode |
Secureworks REvil September 2019
Counter Threat Unit Research Team. (2019, September 24). REvil/Sodinokibi Ransomware. Retrieved August 4, 2020.
Internal MISP references
UUID 8f4e2baf-4227-4bbd-bfdb-5598717dcf88 which can be used as unique global reference for Secureworks REvil September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2019-09-24T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | REvil/Sodinokibi Ransomware |
Secureworks GandCrab and REvil September 2019
Secureworks . (2019, September 24). REvil: The GandCrab Connection. Retrieved August 4, 2020.
Internal MISP references
UUID 46b5d57b-17be-48ff-b723-406f6a55d84a which can be used as unique global reference for Secureworks GandCrab and REvil September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2019-09-24T00:00:00Z |
| source | MITRE |
| title | REvil: The GandCrab Connection |
Enigma Reviving DDE Jan 2018
Nelson, M. (2018, January 29). Reviving DDE: Using OneNote and Excel for Code Execution. Retrieved February 3, 2018.
Internal MISP references
UUID 188a0f02-8d1e-4e4e-b2c0-ddf1bf1bdf93 which can be used as unique global reference for Enigma Reviving DDE Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-03T00:00:00Z |
| date_published | 2018-01-29T00:00:00Z |
| source | MITRE |
| title | Reviving DDE: Using OneNote and Excel for Code Execution |
GitHub Revoke-Obfuscation
Bohannon, D. (2017, July 27). Revoke-Obfuscation. Retrieved February 12, 2018.
Internal MISP references
UUID 3624d75e-be50-4c10-9e8a-28523568ff9f which can be used as unique global reference for GitHub Revoke-Obfuscation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-12T00:00:00Z |
| date_published | 2017-07-27T00:00:00Z |
| source | MITRE |
| title | Revoke-Obfuscation |
FireEye Revoke-Obfuscation July 2017
Bohannon, D. & Holmes, L. (2017, July 27). Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science. Retrieved February 12, 2018.
Internal MISP references
UUID e03e9d19-18bb-4d28-8c96-8c1cef89a20b which can be used as unique global reference for FireEye Revoke-Obfuscation July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-12T00:00:00Z |
| date_published | 2017-07-27T00:00:00Z |
| source | MITRE |
| title | Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science |
HC3 Analyst Note Rhysida Ransomware August 2023
Health Sector Cybersecurity Coordination Center (HC3). (2023, August 4). Rhysida Ransomware. Retrieved August 11, 2023.
Internal MISP references
UUID 3f6e2821-5073-4382-b5dd-08676eaa2240 which can be used as unique global reference for HC3 Analyst Note Rhysida Ransomware August 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-11T00:00:00Z |
| date_published | 2023-08-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Rhysida Ransomware |
Microsoft XorDdos Linux Stealth 2022
Microsoft Threat Intelligence. (2022, May 19). Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices. Retrieved September 27, 2023.
Internal MISP references
UUID 6425d351-2c88-5af9-970a-4d0d184d0c70 which can be used as unique global reference for Microsoft XorDdos Linux Stealth 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2022-05-19T00:00:00Z |
| source | MITRE |
| title | Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices |
httrack_unhcr
RISKIQ. (2022, March 15). RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure. Retrieved July 29, 2022.
Internal MISP references
UUID a4a3fd3d-1c13-40e5-b462-fa69a1861986 which can be used as unique global reference for httrack_unhcr in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-29T00:00:00Z |
| date_published | 2022-03-15T00:00:00Z |
| source | MITRE |
| title | RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure |
US-CERT Alert TA13-175A Risks of Default Passwords on the Internet
US-CERT. (n.d.). Risks of Default Passwords on the Internet. Retrieved April 12, 2019.
Internal MISP references
UUID 0c365c3f-3aa7-4c63-b96e-7716b95db049 which can be used as unique global reference for US-CERT Alert TA13-175A Risks of Default Passwords on the Internet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-12T00:00:00Z |
| source | MITRE |
| title | Risks of Default Passwords on the Internet |
ROADtools Github
Dirk-jan Mollema. (2022, January 31). ROADtools. Retrieved January 31, 2022.
Internal MISP references
UUID 90c592dc-2c9d-401a-96ab-b539f7522956 which can be used as unique global reference for ROADtools Github in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-31T00:00:00Z |
| date_published | 2022-01-31T00:00:00Z |
| source | MITRE |
| title | ROADtools |
Harmj0y Roasting AS-REPs Jan 2017
HarmJ0y. (2017, January 17). Roasting AS-REPs. Retrieved August 24, 2020.
Internal MISP references
UUID bfb01fbf-4dc0-4943-8a21-457f28f4b01f which can be used as unique global reference for Harmj0y Roasting AS-REPs Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-24T00:00:00Z |
| date_published | 2017-01-17T00:00:00Z |
| source | MITRE |
| title | Roasting AS-REPs |
Anomali Rocke March 2019
Anomali Labs. (2019, March 15). Rocke Evolves Its Arsenal With a New Malware Family Written in Golang. Retrieved April 24, 2019.
Internal MISP references
UUID 31051c8a-b523-4b8e-b834-2168c59e783b which can be used as unique global reference for Anomali Rocke March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-24T00:00:00Z |
| date_published | 2019-03-15T00:00:00Z |
| source | MITRE |
| title | Rocke Evolves Its Arsenal With a New Malware Family Written in Golang |
Talos Rocke August 2018
Liebenberg, D.. (2018, August 30). Rocke: The Champion of Monero Miners. Retrieved May 26, 2020.
Internal MISP references
UUID bff0ee40-e583-4f73-a013-4669ca576904 which can be used as unique global reference for Talos Rocke August 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| date_published | 2018-08-30T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Rocke: The Champion of Monero Miners |
Check Point Rocket Kitten
Check Point Software Technologies. (2015). ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES. Retrieved March 16, 2018.
Internal MISP references
UUID 71da7d4c-f1f8-4f5c-a609-78a414851baf which can be used as unique global reference for Check Point Rocket Kitten in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-16T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES |
NCCGroup RokRat Nov 2018
Pantazopoulos, N.. (2018, November 8). RokRat Analysis. Retrieved May 21, 2020.
Internal MISP references
UUID bcad3b27-858f-4c1d-a24c-dbc4dcee3cdc which can be used as unique global reference for NCCGroup RokRat Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-21T00:00:00Z |
| date_published | 2018-11-08T00:00:00Z |
| source | MITRE |
| title | RokRat Analysis |
Talos ROKRAT 2
Mercer, W., Rascagneres, P. (2017, November 28). ROKRAT Reloaded. Retrieved May 21, 2018.
Internal MISP references
UUID 116f6565-d36d-4d01-9a97-a40cf589afa9 which can be used as unique global reference for Talos ROKRAT 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-21T00:00:00Z |
| date_published | 2017-11-28T00:00:00Z |
| source | MITRE |
| title | ROKRAT Reloaded |
Kubernetes RBAC
Kubernetes. (n.d.). Role Based Access Control Good Practices. Retrieved March 8, 2023.
Internal MISP references
UUID 37c0e0e1-cc4d-5a93-b8a0-224f031b7324 which can be used as unique global reference for Kubernetes RBAC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| source | MITRE |
| title | Role Based Access Control Good Practices |
Google Cloud Service Account Authentication Roles
Google Cloud. (n.d.). Roles for service account authentication. Retrieved July 10, 2023.
Internal MISP references
UUID 525a8afc-64e9-5cc3-9c56-95da9811da0d which can be used as unique global reference for Google Cloud Service Account Authentication Roles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-10T00:00:00Z |
| source | MITRE |
| title | Roles for service account authentication |
BBC-Ronin
Joe Tidy. (2022, March 30). Ronin Network: What a $600m hack says about the state of crypto. Retrieved August 18, 2023.
Internal MISP references
UUID 8e162e39-a58f-5ba0-9a8e-101d4cfa324c which can be used as unique global reference for BBC-Ronin in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-18T00:00:00Z |
| date_published | 2022-03-30T00:00:00Z |
| source | MITRE |
| title | Ronin Network: What a $600m hack says about the state of crypto |
Wikipedia Root Certificate
Wikipedia. (2016, December 6). Root certificate. Retrieved February 20, 2017.
Internal MISP references
UUID 68b9ccbb-906e-4f06-b5bd-3969723c3616 which can be used as unique global reference for Wikipedia Root Certificate in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-20T00:00:00Z |
| date_published | 2016-12-06T00:00:00Z |
| source | MITRE |
| title | Root certificate |
Wikipedia Rootkit
Wikipedia. (2016, June 1). Rootkit. Retrieved June 2, 2016.
Internal MISP references
UUID 7e877b6b-9873-48e2-b138-e02dcb5268ca which can be used as unique global reference for Wikipedia Rootkit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-02T00:00:00Z |
| date_published | 2016-06-01T00:00:00Z |
| source | MITRE |
| title | Rootkit |
Sekoia HideDRV Oct 2016
Rascagnères, P.. (2016, October 27). Rootkit analysis: Use case on HideDRV. Retrieved March 9, 2017.
Internal MISP references
UUID c383811d-c036-4fe7-add8-b4d4f73b3ce4 which can be used as unique global reference for Sekoia HideDRV Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-09T00:00:00Z |
| date_published | 2016-10-27T00:00:00Z |
| source | MITRE |
| title | Rootkit analysis: Use case on HideDRV |
RotaJakiro 2021 netlab360 analysis
Alex Turing, Hui Wang. (2021, April 28). RotaJakiro: A long live secret backdoor with 0 VT detection. Retrieved June 14, 2023.
Internal MISP references
UUID 7a9c53dd-2c0e-5452-9ee2-01531fbf8ba8 which can be used as unique global reference for RotaJakiro 2021 netlab360 analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-14T00:00:00Z |
| date_published | 2021-04-28T00:00:00Z |
| source | MITRE |
| title | RotaJakiro: A long live secret backdoor with 0 VT detection |
netlab360 rotajakiro vs oceanlotus
Alex Turing. (2021, May 6). RotaJakiro, the Linux version of the OceanLotus. Retrieved June 14, 2023.
Internal MISP references
UUID 20967c9b-5bb6-5cdd-9466-2c9efd9ab98c which can be used as unique global reference for netlab360 rotajakiro vs oceanlotus in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-14T00:00:00Z |
| date_published | 2021-05-06T00:00:00Z |
| source | MITRE |
| title | RotaJakiro, the Linux version of the OceanLotus |
TechNet Route
Microsoft. (n.d.). Route. Retrieved April 17, 2016.
Internal MISP references
UUID 0e483ec8-af40-4139-9711-53b999e069ee which can be used as unique global reference for TechNet Route in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-17T00:00:00Z |
| source | MITRE |
| title | Route |
U.S. HHS Royal & BlackCat Alert
Health Sector Cybersecurity Coordination Center (HC3). (2023, January 12). Royal & BlackCat Ransomware: The Threat to the Health Sector. Retrieved March 7, 2024.
Internal MISP references
UUID d1d6b6fe-ef93-4417-844b-7cd8dc76934b which can be used as unique global reference for U.S. HHS Royal & BlackCat Alert in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-07T00:00:00Z |
| date_published | 2023-01-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Royal & BlackCat Ransomware: The Threat to the Health Sector |
Kroll Royal Deep Dive February 2023
Iacono, L. and Green, S. (2023, February 13). Royal Ransomware Deep Dive. Retrieved March 30, 2023.
Internal MISP references
UUID dcdcc965-56d0-58e6-996b-d8bd40916745 which can be used as unique global reference for Kroll Royal Deep Dive February 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2023-02-13T00:00:00Z |
| source | MITRE |
| title | Royal Ransomware Deep Dive |
Trend Micro Royal Linux ESXi February 2023
Morales, N. et al. (2023, February 20). Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers. Retrieved March 30, 2023.
Internal MISP references
UUID e5bb846f-d11f-580c-b96a-9de4ba5eaed6 which can be used as unique global reference for Trend Micro Royal Linux ESXi February 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2023-02-20T00:00:00Z |
| source | MITRE |
| title | Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers |
Cybereason Royal December 2022
Cybereason Global SOC and Cybereason Security Research Teams. (2022, December 14). Royal Rumble: Analysis of Royal Ransomware. Retrieved March 30, 2023.
Internal MISP references
UUID 28aef64e-20d3-5227-a3c9-e657c6e2d07e which can be used as unique global reference for Cybereason Royal December 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-30T00:00:00Z |
| date_published | 2022-12-14T00:00:00Z |
| source | MITRE |
| title | Royal Rumble: Analysis of Royal Ransomware |
Rpcping.exe - LOLBAS Project
LOLBAS. (2018, May 25). Rpcping.exe. Retrieved December 4, 2023.
Internal MISP references
UUID dc15a187-4de7-422e-a507-223e89e317b1 which can be used as unique global reference for Rpcping.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Rpcping.exe |
Threatpost New Op Sharpshooter Data March 2019
L. O'Donnell. (2019, March 3). RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope. Retrieved September 26, 2022.
Internal MISP references
UUID 2361b5b1-3a01-4d77-99c6-261f444a498e which can be used as unique global reference for Threatpost New Op Sharpshooter Data March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-26T00:00:00Z |
| date_published | 2019-03-03T00:00:00Z |
| source | MITRE |
| title | RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope |
GCN RSA June 2011
Jackson, William. (2011, June 7). RSA confirms its tokens used in Lockheed hack. Retrieved September 24, 2018.
Internal MISP references
UUID 40564d23-b9ae-4bb3-8dd1-d6b01163a32d which can be used as unique global reference for GCN RSA June 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-24T00:00:00Z |
| date_published | 2011-06-07T00:00:00Z |
| source | MITRE |
| title | RSA confirms its tokens used in Lockheed hack |
RSA Shell Crew
RSA Incident Response. (2014, January). RSA Incident Response Emerging Threat Profile: Shell Crew. Retrieved January 14, 2016.
Internal MISP references
UUID 6872a6d3-c4ab-40cf-82b7-5c5c8e077189 which can be used as unique global reference for RSA Shell Crew in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | RSA Incident Response Emerging Threat Profile: Shell Crew |
GitHub Rubeus March 2023
Harmj0y. (n.d.). Rubeus. Retrieved March 29, 2023.
Internal MISP references
UUID 4bde7ce6-7fc6-5660-a8aa-745f19350ee1 which can be used as unique global reference for GitHub Rubeus March 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-29T00:00:00Z |
| source | MITRE |
| title | Rubeus |
SOCPrime DoubleExtension
Eugene Tkachenko. (2020, May 1). Rule of the Week: Possible Malicious File Double Extension. Retrieved July 27, 2021.
Internal MISP references
UUID 14a99228-de84-4551-a6b5-9c6f1173f292 which can be used as unique global reference for SOCPrime DoubleExtension in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-27T00:00:00Z |
| date_published | 2020-05-01T00:00:00Z |
| source | MITRE |
| title | Rule of the Week: Possible Malicious File Double Extension |
SensePost Ruler GitHub
SensePost. (2016, August 18). Ruler: A tool to abuse Exchange services. Retrieved February 4, 2019.
Internal MISP references
UUID aa0a1508-a872-4e69-bf20-d3c8202f18c1 which can be used as unique global reference for SensePost Ruler GitHub in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-04T00:00:00Z |
| date_published | 2016-08-18T00:00:00Z |
| source | MITRE |
| title | Ruler: A tool to abuse Exchange services |
Microsoft Cloud App Security
Niv Goldenberg. (2018, December 12). Rule your inbox with Microsoft Cloud App Security. Retrieved June 7, 2021.
Internal MISP references
UUID be0a1168-fa84-4742-a658-41a078b7f5fa which can be used as unique global reference for Microsoft Cloud App Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-07T00:00:00Z |
| date_published | 2018-12-12T00:00:00Z |
| source | MITRE |
| title | Rule your inbox with Microsoft Cloud App Security |
Microsoft Run Key
Microsoft. (n.d.). Run and RunOnce Registry Keys. Retrieved November 12, 2014.
Internal MISP references
UUID 0d633a50-4afd-4479-898e-1a785f5637da which can be used as unique global reference for Microsoft Run Key in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| source | MITRE |
| title | Run and RunOnce Registry Keys |
Microsoft RunAs
Microsoft. (2016, August 31). Runas. Retrieved October 1, 2021.
Internal MISP references
UUID af05c12e-f9c6-421a-9a5d-0797c01ab2dc which can be used as unique global reference for Microsoft RunAs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-01T00:00:00Z |
| date_published | 2016-08-31T00:00:00Z |
| source | MITRE |
| title | Runas |
Microsoft runas
Microsoft TechNet. (n.d.). Runas. Retrieved April 21, 2017.
Internal MISP references
UUID 8b4bdce9-da19-443f-88d2-11466e126c09 which can be used as unique global reference for Microsoft runas in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-21T00:00:00Z |
| source | MITRE |
| title | Runas |
Wikipedia Run Command
Wikipedia. (2018, August 3). Run Command. Retrieved October 12, 2018.
Internal MISP references
UUID 2fd66037-95dd-4819-afc7-00b7fd6f54fe which can be used as unique global reference for Wikipedia Run Command in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-12T00:00:00Z |
| date_published | 2018-08-03T00:00:00Z |
| source | MITRE |
| title | Run Command |
Secpod Winexe June 2017
Prakash, T. (2017, June 21). Run commands on Windows system remotely using Winexe. Retrieved January 22, 2018.
Internal MISP references
UUID ca8ea354-44d4-4606-8b3e-1102b27f251c which can be used as unique global reference for Secpod Winexe June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2017-06-21T00:00:00Z |
| source | MITRE |
| title | Run commands on Windows system remotely using Winexe |
Rundll32.exe - LOLBAS Project
LOLBAS. (2018, May 25). Rundll32.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 90aff246-ce27-4f21-96f9-38543718ab07 which can be used as unique global reference for Rundll32.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Rundll32.exe |
Attackify Rundll32.exe Obscurity
Attackify. (n.d.). Rundll32.exe Obscurity. Retrieved August 23, 2021.
Internal MISP references
UUID daa35853-eb46-4ef4-b543-a2c5157f96bf which can be used as unique global reference for Attackify Rundll32.exe Obscurity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-23T00:00:00Z |
| source | MITRE |
| title | Rundll32.exe Obscurity |
Runexehelper.exe - LOLBAS Project
LOLBAS. (2022, December 13). Runexehelper.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 86ff0379-2b73-4981-9f13-2b02b53bc90f which can be used as unique global reference for Runexehelper.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-12-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Runexehelper.exe |
ELC Running at startup
hoakley. (2018, May 22). Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon. Retrieved October 5, 2021.
Internal MISP references
UUID 11ee6303-5103-4063-a765-659ead217c6c which can be used as unique global reference for ELC Running at startup in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| date_published | 2018-05-22T00:00:00Z |
| source | MITRE |
| title | Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon |
Powershell Remote Commands
Microsoft. (2020, August 21). Running Remote Commands. Retrieved July 26, 2021.
Internal MISP references
UUID 24c526e1-7199-45ca-99b4-75e75c7041cd which can be used as unique global reference for Powershell Remote Commands in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-26T00:00:00Z |
| date_published | 2020-08-21T00:00:00Z |
| source | MITRE |
| title | Running Remote Commands |
Runonce.exe - LOLBAS Project
LOLBAS. (2018, May 25). Runonce.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b97d4b16-ead2-4cc7-90e5-f8b05d84faf3 which can be used as unique global reference for Runonce.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Runonce.exe |
Apple Developer Doco Archive Run-Path
Apple Inc.. (2012, July 7). Run-Path Dependent Libraries. Retrieved March 31, 2021.
Internal MISP references
UUID e9e5cff5-836a-4b66-87d5-03a727c0f467 which can be used as unique global reference for Apple Developer Doco Archive Run-Path in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-31T00:00:00Z |
| date_published | 2012-07-07T00:00:00Z |
| source | MITRE |
| title | Run-Path Dependent Libraries |
Runscripthelper.exe - LOLBAS Project
LOLBAS. (2018, May 25). Runscripthelper.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6d7151e3-685a-4dc7-a44d-aefae4f3db6a which can be used as unique global reference for Runscripthelper.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Runscripthelper.exe |
Microsoft Run Command
Microsoft. (2023, March 10). Run scripts in your VM by using Run Command. Retrieved March 13, 2023.
Internal MISP references
UUID 4f2e6adb-6e3d-5f1f-b873-4b99797f2bfa which can be used as unique global reference for Microsoft Run Command in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| date_published | 2023-03-10T00:00:00Z |
| source | MITRE |
| title | Run scripts in your VM by using Run Command |
McAfee APT28 DDE2 Nov 2017
Paganini, P. (2017, November 9). Russia-Linked APT28 group observed using DDE attack to deliver malware. Retrieved November 21, 2017.
Internal MISP references
UUID d5ab8075-334f-492c-8318-c691f210b984 which can be used as unique global reference for McAfee APT28 DDE2 Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-11-09T00:00:00Z |
| source | MITRE |
| title | Russia-Linked APT28 group observed using DDE attack to deliver malware |
Security Affairs DustSquad Oct 2018
Paganini, P. (2018, October 16). Russia-linked APT group DustSquad targets diplomatic entities in Central Asia. Retrieved August 24, 2021.
Internal MISP references
UUID 0e6b019c-cf8e-40a7-9e7c-6a7dc5309dc6 which can be used as unique global reference for Security Affairs DustSquad Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| date_published | 2018-10-16T00:00:00Z |
| source | MITRE |
| title | Russia-linked APT group DustSquad targets diplomatic entities in Central Asia |
SecurityWeek Nomadic Octopus Oct 2018
Kovacs, E. (2018, October 18). Russia-Linked Hackers Target Diplomatic Entities in Central Asia. Retrieved October 13, 2021.
Internal MISP references
UUID 659f86ef-7e90-42ff-87b7-2e289f9f6cc2 which can be used as unique global reference for SecurityWeek Nomadic Octopus Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| date_published | 2018-10-18T00:00:00Z |
| source | MITRE |
| title | Russia-Linked Hackers Target Diplomatic Entities in Central Asia |
U.S. Federal Bureau of Investigation 2 27 2024
U.S. Federal Bureau of Investigation. (2024, February 27). Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. Retrieved February 28, 2024.
Internal MISP references
UUID 962fb031-dfd1-43a7-8202-3a2231b0472b which can be used as unique global reference for U.S. Federal Bureau of Investigation 2 27 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-28T00:00:00Z |
| date_published | 2024-02-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations |
U.S. CISA SVR TeamCity Exploits December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 13). Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally. Retrieved December 14, 2023.
Internal MISP references
UUID 5f66f864-58c2-4b41-8011-61f954e04b7e which can be used as unique global reference for U.S. CISA SVR TeamCity Exploits December 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-14T00:00:00Z |
| date_published | 2023-12-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally |
U.S. CISA Star Blizzard December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 7). Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. Retrieved December 14, 2023.
Internal MISP references
UUID 3d53c154-8ced-4dbe-ab4e-db3bc15bfe4b which can be used as unique global reference for U.S. CISA Star Blizzard December 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-14T00:00:00Z |
| date_published | 2023-12-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns |
NSA/FBI Drovorub August 2020
NSA/FBI. (2020, August). Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware. Retrieved August 25, 2020.
Internal MISP references
UUID d697a342-4100-4e6b-95b9-4ae3ba80924b which can be used as unique global reference for NSA/FBI Drovorub August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-25T00:00:00Z |
| date_published | 2020-08-01T00:00:00Z |
| source | MITRE |
| title | Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware |
Cybersecurity Advisory GRU Brute Force Campaign July 2021
NSA, CISA, FBI, NCSC. (2021, July). Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. Retrieved July 26, 2021.
Internal MISP references
UUID e70f0742-5f3e-4701-a46b-4a58c0281537 which can be used as unique global reference for Cybersecurity Advisory GRU Brute Force Campaign July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-26T00:00:00Z |
| date_published | 2021-07-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments |
BleepingComputer Ebury March 2017
Cimpanu, C.. (2017, March 29). Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware. Retrieved April 23, 2019.
Internal MISP references
UUID e5d69297-b0f3-4586-9eb7-d2922b3ee7bb which can be used as unique global reference for BleepingComputer Ebury March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2017-03-29T00:00:00Z |
| source | MITRE |
| title | Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware |
Russian 2FA Push Annoyance - Cimpanu
Catalin Cimpanu. (2021, December 9). Russian hackers bypass 2FA by annoying victims with repeated push notifications. Retrieved March 31, 2022.
Internal MISP references
UUID ad2b0648-b657-4daa-9510-82375a252fc4 which can be used as unique global reference for Russian 2FA Push Annoyance - Cimpanu in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-31T00:00:00Z |
| date_published | 2021-12-09T00:00:00Z |
| source | MITRE |
| title | Russian hackers bypass 2FA by annoying victims with repeated push notifications |
Unit42 Redaman January 2019
Duncan, B., Harbison, M. (2019, January 23). Russian Language Malspam Pushing Redaman Banking Malware. Retrieved June 16, 2020.
Internal MISP references
UUID 433cd55a-f912-4d5a-aff6-92133d08267b which can be used as unique global reference for Unit42 Redaman January 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-16T00:00:00Z |
| date_published | 2019-01-23T00:00:00Z |
| source | MITRE |
| title | Russian Language Malspam Pushing Redaman Banking Malware |
Russians Exploit Default MFA Protocol - CISA March 2022
Cyber Security Infrastructure Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved May 31, 2022.
Internal MISP references
UUID 00c6ff88-6eeb-486d-ae69-dffd5aebafe6 which can be used as unique global reference for Russians Exploit Default MFA Protocol - CISA March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-31T00:00:00Z |
| date_published | 2022-03-15T00:00:00Z |
| source | MITRE |
| title | Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability |
CISA MFA PrintNightmare
Cybersecurity and Infrastructure Security Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved March 16, 2022.
Internal MISP references
UUID fa03324e-c79c-422e-80f1-c270fd87d4e2 which can be used as unique global reference for CISA MFA PrintNightmare in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-16T00:00:00Z |
| date_published | 2022-03-15T00:00:00Z |
| source | MITRE |
| title | Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability |
US-CERT TA18-106A Network Infrastructure Devices 2018
US-CERT. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.
Internal MISP references
UUID 8fdf280d-680f-4b8f-8fb9-6b3118ec3983 which can be used as unique global reference for US-CERT TA18-106A Network Infrastructure Devices 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2018-04-20T00:00:00Z |
| source | MITRE |
| title | Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices |
alert_TA18_106A
CISA. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved February 14, 2022.
Internal MISP references
UUID 26b520dc-5c68-40f4-82fb-366d27fc0c2f which can be used as unique global reference for alert_TA18_106A in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-14T00:00:00Z |
| date_published | 2018-04-20T00:00:00Z |
| source | MITRE |
| title | Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices |
UK GOV FSB Factsheet April 2022
UK Gov. (2022, April 5). Russia's FSB malign activity: factsheet. Retrieved April 5, 2022.
Internal MISP references
UUID 27e7d347-9d85-4897-9e04-33f58acc5687 which can be used as unique global reference for UK GOV FSB Factsheet April 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-05T00:00:00Z |
| date_published | 2022-04-05T00:00:00Z |
| source | MITRE |
| title | Russia's FSB malign activity: factsheet |
Unit 42 Gamaredon February 2022
Unit 42. (2022, February 3). Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. Retrieved February 21, 2022.
Internal MISP references
UUID a5df39b2-77f8-4814-8198-8620655aa79b which can be used as unique global reference for Unit 42 Gamaredon February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-21T00:00:00Z |
| date_published | 2022-02-03T00:00:00Z |
| source | MITRE |
| title | Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine |
Wired Russia Cyberwar
Greenberg, A. (2022, November 10). Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless. Retrieved March 22, 2023.
Internal MISP references
UUID 28c53a97-5500-5bfb-8aac-3c0bf94c2dfe which can be used as unique global reference for Wired Russia Cyberwar in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-22T00:00:00Z |
| date_published | 2022-11-10T00:00:00Z |
| source | MITRE |
| title | Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless |
RyanW3stman Tweet October 10 2023
RyanW3stman. (2023, October 10). RyanW3stman Tweet October 10 2023. Retrieved October 10, 2023.
Internal MISP references
UUID cfd0ad64-54b2-446f-9624-9c90a9a94f52 which can be used as unique global reference for RyanW3stman Tweet October 10 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-10-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | RyanW3stman Tweet October 10 2023 |
DFIR Ryuk in 5 Hours October 2020
The DFIR Report. (2020, October 18). Ryuk in 5 Hours. Retrieved October 19, 2020.
Internal MISP references
UUID 892150f4-769d-447d-b652-e5d85790ee37 which can be used as unique global reference for DFIR Ryuk in 5 Hours October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2020-10-18T00:00:00Z |
| source | MITRE |
| title | Ryuk in 5 Hours |
ANSSI RYUK RANSOMWARE
ANSSI. (2021, February 25). RYUK RANSOMWARE. Retrieved March 29, 2021.
Internal MISP references
UUID 0a23be83-3438-4437-9e51-0cfa16a00d57 which can be used as unique global reference for ANSSI RYUK RANSOMWARE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| date_published | 2021-02-25T00:00:00Z |
| source | MITRE |
| title | RYUK RANSOMWARE |
Bleeping Computer - Ryuk WoL
Abrams, L. (2021, January 14). Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices. Retrieved February 11, 2021.
Internal MISP references
UUID f6670b73-4d57-4aad-8264-1d42d585e280 which can be used as unique global reference for Bleeping Computer - Ryuk WoL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-11T00:00:00Z |
| date_published | 2021-01-14T00:00:00Z |
| source | MITRE |
| title | Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices |
DFIR Ryuk 2 Hour Speed Run November 2020
The DFIR Report. (2020, November 5). Ryuk Speed Run, 2 Hours to Ransom. Retrieved November 6, 2020.
Internal MISP references
UUID 3b904516-3b26-4caa-8814-6e69b76a7c8c which can be used as unique global reference for DFIR Ryuk 2 Hour Speed Run November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-06T00:00:00Z |
| date_published | 2020-11-05T00:00:00Z |
| source | MITRE |
| title | Ryuk Speed Run, 2 Hours to Ransom |
DFIR Ryuk's Return October 2020
The DFIR Report. (2020, October 8). Ryuk’s Return. Retrieved October 9, 2020.
Internal MISP references
UUID eba1dafb-ff62-4d34-b268-3b9ba6a7a822 which can be used as unique global reference for DFIR Ryuk's Return October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-09T00:00:00Z |
| date_published | 2020-10-08T00:00:00Z |
| source | MITRE |
| title | Ryuk’s Return |
Rhino S3 Ransomware Part 1
Gietzen, S. (n.d.). S3 Ransomware Part 1: Attack Vector. Retrieved April 14, 2021.
Internal MISP references
UUID bb28711f-186d-4101-b153-6340ce826343 which can be used as unique global reference for Rhino S3 Ransomware Part 1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| source | MITRE |
| title | S3 Ransomware Part 1: Attack Vector |
Rhino S3 Ransomware Part 2
Gietzen, S. (n.d.). S3 Ransomware Part 2: Prevention and Defense. Retrieved April 14, 2021.
Internal MISP references
UUID a2b3e738-257c-4078-9fde-d55b08c8003b which can be used as unique global reference for Rhino S3 Ransomware Part 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-14T00:00:00Z |
| source | MITRE |
| title | S3 Ransomware Part 2: Prevention and Defense |
S3Recon GitHub
Travis Clarke. (2020, March 21). S3Recon GitHub. Retrieved March 4, 2022.
Internal MISP references
UUID 803c51be-a54e-4fab-8ea0-c6bef18e84d3 which can be used as unique global reference for S3Recon GitHub in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-04T00:00:00Z |
| date_published | 2020-03-21T00:00:00Z |
| source | MITRE |
| title | S3Recon GitHub |
Dell Sakula
Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, July 30). Sakula Malware Family. Retrieved January 26, 2016.
Internal MISP references
UUID e9a2ffd8-7aed-4343-8678-66fc3e758d19 which can be used as unique global reference for Dell Sakula in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-26T00:00:00Z |
| date_published | 2015-07-30T00:00:00Z |
| source | MITRE |
| title | Sakula Malware Family |
Wine API samlib.dll
Wine API. (n.d.). samlib.dll. Retrieved December 4, 2017.
Internal MISP references
UUID d0fdc669-959c-42ed-be5d-386a4e90a897 which can be used as unique global reference for Wine API samlib.dll in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| source | MITRE |
| title | samlib.dll |
Sophos SamSam Apr 2018
Palotay, D. and Mackenzie, P. (2018, April). SamSam Ransomware Chooses Its Targets Carefully. Retrieved April 15, 2019.
Internal MISP references
UUID 4da5e9c3-7205-4a6e-b147-be7c971380f0 which can be used as unique global reference for Sophos SamSam Apr 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-15T00:00:00Z |
| date_published | 2018-04-01T00:00:00Z |
| source | MITRE |
| title | SamSam Ransomware Chooses Its Targets Carefully |
Symantec SamSam Oct 2018
Symantec Security Response Attack Investigation Team. (2018, October 30). SamSam: Targeted Ransomware Attacks Continue. Retrieved April 16, 2019.
Internal MISP references
UUID c5022a91-bdf4-4187-9967-dfe6362219ea which can be used as unique global reference for Symantec SamSam Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2018-10-30T00:00:00Z |
| source | MITRE |
| title | SamSam: Targeted Ransomware Attacks Continue |
Talos SamSam Jan 2018
Ventura, V. (2018, January 22). SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks. Retrieved April 16, 2019.
Internal MISP references
UUID 0965bb64-be96-46b9-b60f-6829c43a661f which can be used as unique global reference for Talos SamSam Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2018-01-22T00:00:00Z |
| source | MITRE |
| title | SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks |
Mandiant Sandworm November 9 2023
Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler McLellan, Chris Sistrunk. (2023, November 9). Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology. Retrieved April 17, 2024.
Internal MISP references
UUID e35f005d-a3cd-4733-88ac-92bbf46e2c8a which can be used as unique global reference for Mandiant Sandworm November 9 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-17T00:00:00Z |
| date_published | 2023-11-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology |
ANSSI Sandworm January 2021
ANSSI. (2021, January 27). SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS. Retrieved March 30, 2021.
Internal MISP references
UUID 5e619fef-180a-46d4-8bf5-998860b5ad7e which can be used as unique global reference for ANSSI Sandworm January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| date_published | 2021-01-27T00:00:00Z |
| source | MITRE |
| title | SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS |
iSIGHT Sandworm 2014
Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.
Internal MISP references
UUID 63622990-5467-42b2-8f45-b675dfc4dc8f which can be used as unique global reference for iSIGHT Sandworm 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-06T00:00:00Z |
| date_published | 2016-01-07T00:00:00Z |
| source | MITRE |
| title | Sandworm Team and the Ukrainian Power Authority Attacks |
DOJ - Cisco Insider
DOJ. (2020, August 26). San Jose Man Pleads Guilty To Damaging Cisco’s Network. Retrieved December 15, 2020.
Internal MISP references
UUID b8d9006d-7466-49cf-a70e-384edee530ce which can be used as unique global reference for DOJ - Cisco Insider in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-15T00:00:00Z |
| date_published | 2020-08-26T00:00:00Z |
| source | MITRE |
| title | San Jose Man Pleads Guilty To Damaging Cisco’s Network |
ATT ScanBox
Blasco, J. (2014, August 28). Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks. Retrieved October 19, 2020.
Internal MISP references
UUID 48753fc9-b7b7-465f-92a7-fb3f51b032cb which can be used as unique global reference for ATT ScanBox in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2014-08-28T00:00:00Z |
| source | MITRE |
| title | Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks |
Mandiant SCANdalous Jul 2020
Stephens, A. (2020, July 13). SCANdalous! (External Detection Using Network Scan Data and Automation). Retrieved October 12, 2021.
Internal MISP references
UUID 3a60f7de-9ead-444e-9d08-689c655b26c7 which can be used as unique global reference for Mandiant SCANdalous Jul 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2020-07-13T00:00:00Z |
| source | MITRE |
| title | SCANdalous! (External Detection Using Network Scan Data and Automation) |
Securelist ScarCruft May 2019
GReAT. (2019, May 13). ScarCruft continues to evolve, introduces Bluetooth harvester. Retrieved June 4, 2019.
Internal MISP references
UUID 2dd5b872-a4ab-4b77-8457-a3d947298fc0 which can be used as unique global reference for Securelist ScarCruft May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2019-05-13T00:00:00Z |
| source | MITRE |
| title | ScarCruft continues to evolve, introduces Bluetooth harvester |
Sysdig ScarletEel 2.0 2023
Alessandro Brucato. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved September 25, 2023.
Internal MISP references
UUID 285266e7-7a62-5f98-9b0f-fefde4b21c88 which can be used as unique global reference for Sysdig ScarletEel 2.0 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-25T00:00:00Z |
| date_published | 2023-07-11T00:00:00Z |
| source | MITRE |
| title | SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto |
Sysdig ScarletEel 2.0
SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved July 12, 2023.
Internal MISP references
UUID 90e60242-82d8-5648-b7e4-def6fd508e16 which can be used as unique global reference for Sysdig ScarletEel 2.0 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-12T00:00:00Z |
| date_published | 2023-07-11T00:00:00Z |
| source | MITRE |
| title | SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto |
Scarlet Mimic Jan 2016
Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.
Internal MISP references
UUID f84a5b6d-3af1-45b1-ac55-69ceced8735f which can be used as unique global reference for Scarlet Mimic Jan 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-10T00:00:00Z |
| date_published | 2016-01-24T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists |
CrowdStrike Scattered Spider Profile
CrowdStrike. (n.d.). Scattered Spider. Retrieved July 5, 2023.
Internal MISP references
UUID a865a984-7f7b-5f82-ac4a-6fac79a2a753 which can be used as unique global reference for CrowdStrike Scattered Spider Profile in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-05T00:00:00Z |
| source | MITRE |
| title | Scattered Spider |
U.S. CISA Scattered Spider November 16 2023
Cybersecurity and Infrastructure Security Agency. (2023, November 16). Scattered Spider. Retrieved November 16, 2023.
Internal MISP references
UUID 9c242265-c28c-4580-8e6a-478d8700b092 which can be used as unique global reference for U.S. CISA Scattered Spider November 16 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-16T00:00:00Z |
| date_published | 2023-11-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Scattered Spider |
CrowdStrike Scattered Spider BYOVD January 2023
CrowdStrike. (2023, January 10). SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security. Retrieved July 5, 2023.
Internal MISP references
UUID d7d86f5d-1f02-54b0-b6f4-879878563245 which can be used as unique global reference for CrowdStrike Scattered Spider BYOVD January 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-05T00:00:00Z |
| date_published | 2023-01-10T00:00:00Z |
| source | MITRE |
| title | SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security |
Sc.exe - LOLBAS Project
LOLBAS. (2018, May 25). Sc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5ce3ef73-f789-4939-a60e-e0a373048bda which can be used as unique global reference for Sc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Sc.exe |
TechNet Forum Scheduled Task Operational Setting
Satyajit321. (2015, November 3). Scheduled Tasks History Retention settings. Retrieved December 12, 2017.
Internal MISP references
UUID 63e53238-30b5-46ef-8083-7d2888b01561 which can be used as unique global reference for TechNet Forum Scheduled Task Operational Setting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2015-11-03T00:00:00Z |
| source | MITRE |
| title | Scheduled Tasks History Retention settings |
Kifarunix - Task Scheduling in Linux
Koromicha. (2019, September 7). Scheduling tasks using at command in Linux. Retrieved December 3, 2019.
Internal MISP references
UUID dbab6766-ab87-4528-97e5-cc3121aa77b9 which can be used as unique global reference for Kifarunix - Task Scheduling in Linux in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-12-03T00:00:00Z |
| date_published | 2019-09-07T00:00:00Z |
| source | MITRE |
| title | Scheduling tasks using at command in Linux |
TechNet Schtasks
Microsoft. (n.d.). Schtasks. Retrieved April 28, 2016.
Internal MISP references
UUID 17c03e27-222d-41b5-9fa2-34f0939e5371 which can be used as unique global reference for TechNet Schtasks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-28T00:00:00Z |
| source | MITRE |
| title | Schtasks |
Schtasks.exe - LOLBAS Project
LOLBAS. (2018, May 25). Schtasks.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2ef31677-b7ec-4200-a342-7c9196e1aa58 which can be used as unique global reference for Schtasks.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Schtasks.exe |
Wikipedia Screensaver
Wikipedia. (2017, November 22). Screensaver. Retrieved December 5, 2017.
Internal MISP references
UUID b5d69465-27df-4acc-b6cc-f51be8780b7b which can be used as unique global reference for Wikipedia Screensaver in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-05T00:00:00Z |
| date_published | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | Screensaver |
CobaltStrike Scripted Web Delivery
Strategic Cyber, LLC. (n.d.). Scripted Web Delivery. Retrieved January 23, 2018.
Internal MISP references
UUID 89ed4c93-b69d-4eed-8212-cd2ebee08bcb which can be used as unique global reference for CobaltStrike Scripted Web Delivery in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-23T00:00:00Z |
| source | MITRE |
| title | Scripted Web Delivery |
Cobalt Strike DCOM Jan 2017
Mudge, R. (2017, January 24). Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique. Retrieved November 21, 2017.
Internal MISP references
UUID ccafe7af-fbb3-4478-9035-f588e5e3c8b8 which can be used as unique global reference for Cobalt Strike DCOM Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-01-24T00:00:00Z |
| source | MITRE |
| title | Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique |
Scriptrunner.exe - LOLBAS Project
LOLBAS. (2018, May 25). Scriptrunner.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 805d16cc-8bd0-4f80-b0ac-c5b5df51427c which can be used as unique global reference for Scriptrunner.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Scriptrunner.exe |
Scrobj.dll - LOLBAS Project
LOLBAS. (2021, January 7). Scrobj.dll. Retrieved December 4, 2023.
Internal MISP references
UUID c50ff71f-c742-4d63-a18e-e1ce41d55193 which can be used as unique global reference for Scrobj.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-01-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Scrobj.dll |
Microsoft SDelete July 2016
Russinovich, M. (2016, July 4). SDelete v2.0. Retrieved February 8, 2018.
Internal MISP references
UUID 356c7d49-5abc-4566-9657-5ce58cf7be67 which can be used as unique global reference for Microsoft SDelete July 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-08T00:00:00Z |
| date_published | 2016-07-04T00:00:00Z |
| source | MITRE |
| title | SDelete v2.0 |
Sean Metcalf Twitter DNS Records
Sean Metcalf. (2019, May 9). Sean Metcalf Twitter. Retrieved May 27, 2022.
Internal MISP references
UUID c7482430-58f9-4365-a7c6-d17067b257e4 which can be used as unique global reference for Sean Metcalf Twitter DNS Records in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2019-05-09T00:00:00Z |
| source | MITRE |
| title | Sean Metcalf Twitter |
AWS CloudTrail Search
Amazon. (n.d.). Search CloudTrail logs for API calls to EC2 Instances. Retrieved June 17, 2020.
Internal MISP references
UUID 636b933d-8953-4579-980d-227527dfcc94 which can be used as unique global reference for AWS CloudTrail Search in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-17T00:00:00Z |
| source | MITRE |
| title | Search CloudTrail logs for API calls to EC2 Instances |
Group IB Cobalt Aug 2017
Matveeva, V. (2017, August 15). Secrets of Cobalt. Retrieved October 10, 2018.
Internal MISP references
UUID 2d9ef1de-2ee6-4500-a87d-b55f83e65900 which can be used as unique global reference for Group IB Cobalt Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-10T00:00:00Z |
| date_published | 2017-08-15T00:00:00Z |
| source | MITRE |
| title | Secrets of Cobalt |
GitHub SHB Credential Guard
NSA IAD. (2017, April 20). Secure Host Baseline - Credential Guard. Retrieved April 25, 2017.
Internal MISP references
UUID 11bb1f9b-53c1-4738-ab66-56522f228743 which can be used as unique global reference for GitHub SHB Credential Guard in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-25T00:00:00Z |
| date_published | 2017-04-20T00:00:00Z |
| source | MITRE |
| title | Secure Host Baseline - Credential Guard |
Secure Host Baseline EMET
National Security Agency. (2016, May 4). Secure Host Baseline EMET. Retrieved June 22, 2016.
Internal MISP references
UUID 00953d3e-5fe7-454a-8d01-6405f74cca80 which can be used as unique global reference for Secure Host Baseline EMET in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-22T00:00:00Z |
| date_published | 2016-05-04T00:00:00Z |
| source | MITRE |
| title | Secure Host Baseline EMET |
TechNet Secure Boot Process
Microsoft. (n.d.). Secure the Windows 10 boot process. Retrieved April 23, 2020.
Internal MISP references
UUID 3f0ff65d-56a0-4c29-b561-e6342b0b6b65 which can be used as unique global reference for TechNet Secure Boot Process in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-23T00:00:00Z |
| source | MITRE |
| title | Secure the Windows 10 boot process |
SecureWorks August 2019
SecureWorks. (2019, August 27) LYCEUM Takes Center Stage in Middle East Campaign. Retrieved November 19, 2019
Internal MISP references
UUID 573edbb6-687b-4bc2-bc4a-764a548633b5 which can be used as unique global reference for SecureWorks August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-19T00:00:00Z |
| date_published | 2019-08-27T00:00:00Z |
| source | MITRE |
| title | SecureWorks August 2019 |
Securing bash history
Mathew Branwell. (2012, March 21). Securing .bash_history file. Retrieved July 8, 2017.
Internal MISP references
UUID 15280399-e9c8-432c-8ee2-47ced9377378 which can be used as unique global reference for Securing bash history in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-08T00:00:00Z |
| date_published | 2012-03-21T00:00:00Z |
| source | MITRE |
| title | Securing .bash_history file |
Microsoft Securing Privileged Access
Plett, C., Poggemeyer, L. (2012, October 26). Securing Privileged Access Reference Material. Retrieved April 25, 2017.
Internal MISP references
UUID 716844d6-a6ed-41d4-9067-3822ed32828f which can be used as unique global reference for Microsoft Securing Privileged Access in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-25T00:00:00Z |
| date_published | 2012-10-26T00:00:00Z |
| source | MITRE |
| title | Securing Privileged Access Reference Material |
Berkley Secure
Berkeley Security, University of California. (n.d.). Securing Remote Desktop for System Administrators. Retrieved November 4, 2014.
Internal MISP references
UUID 98bdf25b-fbad-497f-abd2-8286d9e0479c which can be used as unique global reference for Berkley Secure in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-04T00:00:00Z |
| source | MITRE |
| title | Securing Remote Desktop for System Administrators |
Cisco Securing SNMP
Cisco. (2006, May 10). Securing Simple Network Management Protocol. Retrieved October 19, 2020.
Internal MISP references
UUID 31de3a32-ae7a-42bf-9153-5d891651a7d1 which can be used as unique global reference for Cisco Securing SNMP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2006-05-10T00:00:00Z |
| source | MITRE |
| title | Securing Simple Network Management Protocol |
ADSecurity Windows Secure Baseline
Metcalf, S. (2016, October 21). Securing Windows Workstations: Developing a Secure Baseline. Retrieved November 17, 2017.
Internal MISP references
UUID 078b9848-8e5f-4750-bb90-3e110876a6a4 which can be used as unique global reference for ADSecurity Windows Secure Baseline in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| date_published | 2016-10-21T00:00:00Z |
| source | MITRE |
| title | Securing Windows Workstations: Developing a Secure Baseline |
Morphisec ShellTea June 2019
Gorelik, M.. (2019, June 10). SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY. Retrieved June 13, 2019.
Internal MISP references
UUID 1b6ce918-651a-480d-8305-82bccbf42e96 which can be used as unique global reference for Morphisec ShellTea June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-13T00:00:00Z |
| date_published | 2019-06-10T00:00:00Z |
| source | MITRE |
| title | SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY |
Carbon Black Obfuscation Sept 2016
Tedesco, B. (2016, September 23). Security Alert Summary. Retrieved February 12, 2018.
Internal MISP references
UUID bed8ae68-9738-46fb-abc9-0004fa35636a which can be used as unique global reference for Carbon Black Obfuscation Sept 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-12T00:00:00Z |
| date_published | 2016-09-23T00:00:00Z |
| source | MITRE |
| title | Security Alert Summary |
Havana authentication bug
Jay Pipes. (2013, December 23). Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!. Retrieved October 6, 2021.
Internal MISP references
UUID 255181c2-b1c5-4531-bc16-853f21bc6435 which can be used as unique global reference for Havana authentication bug in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-06T00:00:00Z |
| date_published | 2013-12-23T00:00:00Z |
| source | MITRE |
| title | Security Breach! Tenant A is seeing the VNC Consoles of Tenant B! |
Microsoft Trust Considerations Nov 2014
Microsoft. (2014, November 19). Security Considerations for Trusts. Retrieved November 30, 2017.
Internal MISP references
UUID 01ddd53c-1f02-466d-abf2-43bf1ab2d3fc which can be used as unique global reference for Microsoft Trust Considerations Nov 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| date_published | 2014-11-19T00:00:00Z |
| source | MITRE |
| title | Security Considerations for Trusts |
AWS Sec Groups VPC
Amazon. (n.d.). Security groups for your VPC. Retrieved October 13, 2021.
Internal MISP references
UUID a5dd078b-10c7-433d-b7b5-929cf8437413 which can be used as unique global reference for AWS Sec Groups VPC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Security groups for your VPC |
Microsoft SID
Microsoft. (n.d.). Security Identifiers. Retrieved November 30, 2017.
Internal MISP references
UUID c921c476-741e-4b49-8f94-752984adbba5 which can be used as unique global reference for Microsoft SID in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Security Identifiers |
Schneider Electric USB Malware
Schneider Electric. (2018, August 24). Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor. Retrieved May 28, 2019.
Internal MISP references
UUID e4d8ce63-8626-4c8f-a437-b6a120ff61c7 which can be used as unique global reference for Schneider Electric USB Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-28T00:00:00Z |
| date_published | 2018-08-24T00:00:00Z |
| source | MITRE |
| title | Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor |
Microsoft Security Subsystem
Microsoft. (n.d.). Security Subsystem Architecture. Retrieved November 27, 2017.
Internal MISP references
UUID 27dae010-e3b3-4080-8039-9f89a29607e6 which can be used as unique global reference for Microsoft Security Subsystem in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| source | MITRE |
| title | Security Subsystem Architecture |
CISA IDN ST05-016
CISA. (2019, September 27). Security Tip (ST05-016): Understanding Internationalized Domain Names. Retrieved October 20, 2020.
Internal MISP references
UUID 3cc2c996-10e9-4e25-999c-21dc2c69e4af which can be used as unique global reference for CISA IDN ST05-016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2019-09-27T00:00:00Z |
| source | MITRE |
| title | Security Tip (ST05-016): Understanding Internationalized Domain Names |
Azure AD Federation Vulnerability
Dr. Nestori Syynimaa.. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved February 1, 2022.
Internal MISP references
UUID 123995be-36f5-4cd6-b80a-d601c2d0971e which can be used as unique global reference for Azure AD Federation Vulnerability in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-01T00:00:00Z |
| date_published | 2017-11-16T00:00:00Z |
| source | MITRE |
| title | Security vulnerability in Azure AD & Office 365 identity federation |
AADInternals zure AD Federated Domain
Dr. Nestori Syynimaa. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved September 28, 2022.
Internal MISP references
UUID d2005eb6-4da4-4938-97fb-caa0e2381f4e which can be used as unique global reference for AADInternals zure AD Federated Domain in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2017-11-16T00:00:00Z |
| source | MITRE |
| title | Security vulnerability in Azure AD & Office 365 identity federation |
ESET Sednit July 2015
ESET Research. (2015, July 10). Sednit APT Group Meets Hacking Team. Retrieved March 1, 2017.
Internal MISP references
UUID e21c39ad-85e5-49b4-8df7-e8890b09c7c1 which can be used as unique global reference for ESET Sednit July 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2015-07-10T00:00:00Z |
| source | MITRE |
| title | Sednit APT Group Meets Hacking Team |
ESET Sednit USBStealer 2014
Calvet, J. (2014, November 11). Sednit Espionage Group Attacking Air-Gapped Networks. Retrieved January 4, 2017.
Internal MISP references
UUID 8673f7fc-5b23-432a-a2d8-700ece46bd0f which can be used as unique global reference for ESET Sednit USBStealer 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-01-04T00:00:00Z |
| date_published | 2014-11-11T00:00:00Z |
| source | MITRE |
| title | Sednit Espionage Group Attacking Air-Gapped Networks |
ESET Sednit 2017 Activity
ESET. (2017, December 21). Sednit update: How Fancy Bear Spent the Year. Retrieved February 18, 2019.
Internal MISP references
UUID 406e434e-0602-4a08-bbf6-6d72311a720e which can be used as unique global reference for ESET Sednit 2017 Activity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2017-12-21T00:00:00Z |
| source | MITRE |
| title | Sednit update: How Fancy Bear Spent the Year |
ESET Zebrocy Nov 2018
ESET. (2018, November 20). Sednit: What’s going on with Zebrocy?. Retrieved February 12, 2019.
Internal MISP references
UUID 1e503e32-75aa-482b-81d3-ac61e806fa5c which can be used as unique global reference for ESET Zebrocy Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-12T00:00:00Z |
| date_published | 2018-11-20T00:00:00Z |
| source | MITRE |
| title | Sednit: What’s going on with Zebrocy? |
Symantec MuddyWater Dec 2018
Symantec DeepSight Adversary Intelligence Team. (2018, December 10). Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms. Retrieved December 14, 2018.
Internal MISP references
UUID a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d which can be used as unique global reference for Symantec MuddyWater Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-14T00:00:00Z |
| date_published | 2018-12-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms |
SanDisk SMART
SanDisk. (n.d.). Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.). Retrieved October 2, 2018.
Internal MISP references
UUID 578464ff-79d4-4358-9aa6-df8d7063fee1 which can be used as unique global reference for SanDisk SMART in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-02T00:00:00Z |
| source | MITRE |
| title | Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.) |
SELinux official
SELinux Project. (2017, November 30). SELinux Project Wiki. Retrieved December 20, 2017.
Internal MISP references
UUID 3b64ce9e-6eec-42ee-bec1-1a8b5420f01d which can be used as unique global reference for SELinux official in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | SELinux Project Wiki |
Microsoft SendNotifyMessage function
Microsoft. (n.d.). SendNotifyMessage function. Retrieved December 16, 2017.
Internal MISP references
UUID c65b3dc8-4129-4c14-b3d1-7fdd1d39ebd5 which can be used as unique global reference for Microsoft SendNotifyMessage function in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-16T00:00:00Z |
| source | MITRE |
| title | SendNotifyMessage function |
DFIR Report Gootloader
The DFIR Report. (2022, May 9). SEO Poisoning – A Gootloader Story. Retrieved September 30, 2022.
Internal MISP references
UUID aa12dc30-ba81-46c5-b412-ca4a01e72d7f which can be used as unique global reference for DFIR Report Gootloader in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2022-05-09T00:00:00Z |
| source | MITRE |
| title | SEO Poisoning – A Gootloader Story |
MalwareBytes SEO
Arntz, P. (2018, May 29). SEO poisoning: Is it worth it?. Retrieved September 30, 2022.
Internal MISP references
UUID 250b09a2-dd97-4fbf-af2f-618d1f126957 which can be used as unique global reference for MalwareBytes SEO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2018-05-29T00:00:00Z |
| source | MITRE |
| title | SEO poisoning: Is it worth it? |
Sophos Attachment
Ducklin, P. (2020, October 2). Serious Security: Phishing without links – when phishers bring along their own web pages. Retrieved October 20, 2020.
Internal MISP references
UUID b4aa5bf9-31db-42ee-93e8-a576ecc00b57 which can be used as unique global reference for Sophos Attachment in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-10-02T00:00:00Z |
| source | MITRE |
| title | Serious Security: Phishing without links – when phishers bring along their own web pages |
ProofPoint Serpent
Campbell, B. et al. (2022, March 21). Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain. Retrieved April 11, 2022.
Internal MISP references
UUID c2f7958b-f521-4133-9aeb-c5c8fae23e78 which can be used as unique global reference for ProofPoint Serpent in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-11T00:00:00Z |
| date_published | 2022-03-21T00:00:00Z |
| source | MITRE |
| title | Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain |
Wikipedia SMB
Wikipedia. (2016, June 12). Server Message Block. Retrieved June 12, 2016.
Internal MISP references
UUID 087b4779-22d5-4872-adb7-583904a92285 which can be used as unique global reference for Wikipedia SMB in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-12T00:00:00Z |
| date_published | 2016-06-12T00:00:00Z |
| source | MITRE |
| title | Server Message Block |
Wikipedia Server Message Block
Wikipedia. (2017, December 16). Server Message Block. Retrieved December 21, 2017.
Internal MISP references
UUID 3ea03c65-12e0-4e28-bbdc-17bb8c1e1831 which can be used as unique global reference for Wikipedia Server Message Block in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2017-12-16T00:00:00Z |
| source | MITRE |
| title | Server Message Block |
Proofpoint TA505 Jan 2019
Schwarz, D. and Proofpoint Staff. (2019, January 9). ServHelper and FlawedGrace - New malware introduced by TA505. Retrieved May 28, 2019.
Internal MISP references
UUID b744f739-8810-4fb9-96e3-6488f9ed6305 which can be used as unique global reference for Proofpoint TA505 Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-28T00:00:00Z |
| date_published | 2019-01-09T00:00:00Z |
| source | MITRE |
| title | ServHelper and FlawedGrace - New malware introduced by TA505 |
Kubernetes Service Accounts Security
Kubernetes. (n.d.). Service Accounts. Retrieved July 14, 2023.
Internal MISP references
UUID 522eaa6b-0075-5346-bf3c-db1e7820aba2 which can be used as unique global reference for Kubernetes Service Accounts Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-14T00:00:00Z |
| source | MITRE |
| title | Service Accounts |
Microsoft Service Control Manager
Microsoft. (2018, May 31). Service Control Manager. Retrieved March 28, 2020.
Internal MISP references
UUID 00d22c6d-a51a-4107-bf75-53ec3330db92 which can be used as unique global reference for Microsoft Service Control Manager in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-28T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Service Control Manager |
Rapid7 Service Persistence 22JUNE2016
Rapid7. (2016, June 22). Service Persistence. Retrieved April 23, 2019.
Internal MISP references
UUID 75441af3-2ff6-42c8-b7f1-c8dc2c27efe2 which can be used as unique global reference for Rapid7 Service Persistence 22JUNE2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2016-06-22T00:00:00Z |
| source | MITRE |
| title | Service Persistence |
Microsoft SPN
Microsoft. (n.d.). Service Principal Names. Retrieved March 22, 2018.
Internal MISP references
UUID 985ad31b-c385-473d-978d-40b6cd85268a which can be used as unique global reference for Microsoft SPN in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-22T00:00:00Z |
| source | MITRE |
| title | Service Principal Names |
Microsoft SetSPN
Microsoft. (2010, April 13). Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe). Retrieved March 22, 2018.
Internal MISP references
UUID dd5dc432-32de-4bf3-b2c7-0bbdda031dd0 which can be used as unique global reference for Microsoft SetSPN in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-22T00:00:00Z |
| date_published | 2010-04-13T00:00:00Z |
| source | MITRE |
| title | Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe) |
Tweet Registry Perms Weakness
@r0wdy_. (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018.
Internal MISP references
UUID 7757776d-b0e9-4a99-8a55-2cd1b248c4a0 which can be used as unique global reference for Tweet Registry Perms Weakness in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Service Recovery Parameters |
Twitter Service Recovery Nov 2017
The Cyber (@r0wdy_). (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018.
Internal MISP references
UUID 8875ff5d-65bc-402a-bfe0-32adc10fb008 which can be used as unique global reference for Twitter Service Recovery Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Service Recovery Parameters |
TechNet Services
Microsoft. (n.d.). Services. Retrieved June 7, 2016.
Internal MISP references
UUID b50a3c2e-e997-4af5-8be0-3a8b3a959827 which can be used as unique global reference for TechNet Services in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-07T00:00:00Z |
| source | MITRE |
| title | Services |
Krebs Access Brokers Fortune 500
Brian Krebs. (2012, October 22). Service Sells Access to Fortune 500 Firms. Retrieved March 10, 2023.
Internal MISP references
UUID 37d237ae-f0a8-5b30-8f97-d751c1560391 which can be used as unique global reference for Krebs Access Brokers Fortune 500 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-10T00:00:00Z |
| date_published | 2012-10-22T00:00:00Z |
| source | MITRE |
| title | Service Sells Access to Fortune 500 Firms |
Medium Authentication Tokens
Hsu, S. (2018, June 30). Session vs Token Based Authentication. Retrieved September 29, 2021.
Internal MISP references
UUID 08b5165c-1c98-4ebc-9f9f-778115e9e06d which can be used as unique global reference for Medium Authentication Tokens in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2018-06-30T00:00:00Z |
| source | MITRE |
| title | Session vs Token Based Authentication |
Microsoft Set-InboxRule
Microsoft. (n.d.). Set-InboxRule. Retrieved June 7, 2021.
Internal MISP references
UUID 28cc6142-cc4f-4e63-bcff-94347bc06b37 which can be used as unique global reference for Microsoft Set-InboxRule in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-07T00:00:00Z |
| source | MITRE |
| title | Set-InboxRule |
Setres.exe - LOLBAS Project
LOLBAS. (2022, October 21). Setres.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 631de0bd-d536-4183-bc5a-25af83bd795a which can be used as unique global reference for Setres.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-10-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Setres.exe |
Microsoft Process Wide Com Keys
Microsoft. (n.d.). Setting Process-Wide Security Through the Registry. Retrieved November 21, 2017.
Internal MISP references
UUID 749d83a9-3c9f-42f4-b5ed-fa775b079716 which can be used as unique global reference for Microsoft Process Wide Com Keys in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| source | MITRE |
| title | Setting Process-Wide Security Through the Registry |
SettingSyncHost.exe - LOLBAS Project
LOLBAS. (2021, August 26). SettingSyncHost.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 57f573f2-1c9b-4037-8f4d-9ae65d13af94 which can be used as unique global reference for SettingSyncHost.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | SettingSyncHost.exe |
Petri Logon Script AD
Daniel Petri. (2009, January 8). Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008. Retrieved November 15, 2019.
Internal MISP references
UUID 1de42b0a-3dd6-4f75-bcf3-a2373e349a39 which can be used as unique global reference for Petri Logon Script AD in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-15T00:00:00Z |
| date_published | 2009-01-08T00:00:00Z |
| source | MITRE |
| title | Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008 |
AWS Setting Up Run Command
AWS. (n.d.). Setting up Run Command. Retrieved March 13, 2023.
Internal MISP references
UUID 9d320336-5be4-5c20-8205-a139376fe648 which can be used as unique global reference for AWS Setting Up Run Command in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-13T00:00:00Z |
| source | MITRE |
| title | Setting up Run Command |
VNC Authentication
Tegan. (2019, August 15). Setting up System Authentication. Retrieved September 20, 2021.
Internal MISP references
UUID de6e1202-19aa-41af-8446-521abc20200d which can be used as unique global reference for VNC Authentication in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2019-08-15T00:00:00Z |
| source | MITRE |
| title | Setting up System Authentication |
MacOS VNC software for Remote Desktop
Apple Support. (n.d.). Set up a computer running VNC software for Remote Desktop. Retrieved August 18, 2021.
Internal MISP references
UUID c1f7fb59-6e61-4a7f-b14d-a3d1d3da45af which can be used as unique global reference for MacOS VNC software for Remote Desktop in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-18T00:00:00Z |
| source | MITRE |
| title | Set up a computer running VNC software for Remote Desktop |
Setupapi.dll - LOLBAS Project
LOLBAS. (2018, May 25). Setupapi.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 1a8a1434-fc4a-4c3e-9a9b-fb91692d7efd which can be used as unique global reference for Setupapi.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Setupapi.dll |
Microsoft Service Recovery Feb 2013
Microsoft. (2013, February 22). Set up Recovery Actions to Take Place When a Service Fails. Retrieved April 9, 2018.
Internal MISP references
UUID 6284d130-83e5-4961-a723-af4f9a01c24e which can be used as unique global reference for Microsoft Service Recovery Feb 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2013-02-22T00:00:00Z |
| source | MITRE |
| title | Set up Recovery Actions to Take Place When a Service Fails |
Microsoft SetWindowLong function
Microsoft. (n.d.). SetWindowLong function. Retrieved December 16, 2017.
Internal MISP references
UUID 11755d06-a9df-4a19-a165-2995f25c4b12 which can be used as unique global reference for Microsoft SetWindowLong function in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-16T00:00:00Z |
| source | MITRE |
| title | SetWindowLong function |
Securelist ShadowPad Aug 2017
GReAT. (2017, August 15). ShadowPad in corporate networks. Retrieved March 22, 2021.
Internal MISP references
UUID 862877d7-e18c-4613-bdad-0700bf3d45ae which can be used as unique global reference for Securelist ShadowPad Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-22T00:00:00Z |
| date_published | 2017-08-15T00:00:00Z |
| source | MITRE |
| title | ShadowPad in corporate networks |
Kaspersky ShadowPad Aug 2017
Kaspersky Lab. (2017, August). ShadowPad: popular server management software hit in supply chain attack. Retrieved March 22, 2021.
Internal MISP references
UUID 95c9a28d-6056-4f87-9a46-9491318889e2 which can be used as unique global reference for Kaspersky ShadowPad Aug 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-22T00:00:00Z |
| date_published | 2017-08-01T00:00:00Z |
| source | MITRE |
| title | ShadowPad: popular server management software hit in supply chain attack |
Palo Alto Shamoon Nov 2016
Falcone, R.. (2016, November 30). Shamoon 2: Return of the Disttrack Wiper. Retrieved January 11, 2017.
Internal MISP references
UUID 15007a87-a281-41ae-b203-fdafe02a885f which can be used as unique global reference for Palo Alto Shamoon Nov 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-01-11T00:00:00Z |
| date_published | 2016-11-30T00:00:00Z |
| source | MITRE |
| title | Shamoon 2: Return of the Disttrack Wiper |
Unit 42 Shamoon3 2018
Falcone, R. (2018, December 13). Shamoon 3 Targets Oil and Gas Organization. Retrieved March 14, 2019.
Internal MISP references
UUID c2148166-faf4-4ab7-a37e-deae0c88c08d which can be used as unique global reference for Unit 42 Shamoon3 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-14T00:00:00Z |
| date_published | 2018-12-13T00:00:00Z |
| source | MITRE |
| title | Shamoon 3 Targets Oil and Gas Organization |
McAfee Shamoon December19 2018
Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 19). Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems. Retrieved May 29, 2020.
Internal MISP references
UUID 11cb784e-0bfe-4e64-a1ed-56530798f358 which can be used as unique global reference for McAfee Shamoon December19 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-29T00:00:00Z |
| date_published | 2018-12-19T00:00:00Z |
| source | MITRE |
| title | Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems |
McAfee Shamoon December 2018
Mundo, A., Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 14). Shamoon Returns to Wipe Systems in Middle East, Europe . Retrieved May 29, 2020.
Internal MISP references
UUID d731f5b4-77a1-4de1-a00a-e2ad918de670 which can be used as unique global reference for McAfee Shamoon December 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-29T00:00:00Z |
| date_published | 2018-12-14T00:00:00Z |
| source | MITRE |
| title | Shamoon Returns to Wipe Systems in Middle East, Europe |
TechNet Shared Folder
Microsoft. (n.d.). Share a Folder or Drive. Retrieved June 30, 2017.
Internal MISP references
UUID 80a9b92a-1404-4454-88f0-dd929a12e16f which can be used as unique global reference for TechNet Shared Folder in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-30T00:00:00Z |
| source | MITRE |
| title | Share a Folder or Drive |
AWS EBS Snapshot Sharing
Amazon Web Services. (n.d.). Share an Amazon EBS snapshot. Retrieved March 2, 2022.
Internal MISP references
UUID 6f454218-91b7-4606-9467-c6d465c0fd1f which can be used as unique global reference for AWS EBS Snapshot Sharing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-02T00:00:00Z |
| source | MITRE |
| title | Share an Amazon EBS snapshot |
TLDP Shared Libraries
The Linux Documentation Project. (n.d.). Shared Libraries. Retrieved January 31, 2020.
Internal MISP references
UUID 2862845b-72b3-41d8-aafb-b36e90c6c30a which can be used as unique global reference for TLDP Shared Libraries in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-01-31T00:00:00Z |
| source | MITRE |
| title | Shared Libraries |
Linux Shared Libraries
Wheeler, D. (2003, April 11). Shared Libraries. Retrieved September 7, 2023.
Internal MISP references
UUID 054d769a-f88e-55e9-971a-f169ee434cfe which can be used as unique global reference for Linux Shared Libraries in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-07T00:00:00Z |
| date_published | 2003-04-11T00:00:00Z |
| source | MITRE |
| title | Shared Libraries |
Phrack halfdead 1997
halflife. (1997, September 1). Shared Library Redirection Techniques. Retrieved December 20, 2017.
Internal MISP references
UUID 9b3f0dc7-d830-43c5-8a5b-ad3c811920c5 which can be used as unique global reference for Phrack halfdead 1997 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 1997-09-01T00:00:00Z |
| source | MITRE |
| title | Shared Library Redirection Techniques |
Wikipedia Shared Resource
Wikipedia. (2017, April 15). Shared resource. Retrieved June 30, 2017.
Internal MISP references
UUID 6cc6164e-84b3-4413-9895-6719248808fb which can be used as unique global reference for Wikipedia Shared Resource in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-30T00:00:00Z |
| date_published | 2017-04-15T00:00:00Z |
| source | MITRE |
| title | Shared resource |
Sharepoint Sharing Events
Microsoft. (n.d.). Sharepoint Sharing Events. Retrieved October 8, 2021.
Internal MISP references
UUID 2086d37a-05a8-4604-9c69-75a178406b4a which can be used as unique global reference for Sharepoint Sharing Events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-08T00:00:00Z |
| source | MITRE |
| title | Sharepoint Sharing Events |
GitHub GhostPack Certificates
HarmJ0y. (2018, August 22). SharpDPAPI - Certificates. Retrieved August 2, 2022.
Internal MISP references
UUID 941e214d-4188-4ca0-9ef8-b26aa96373a2 which can be used as unique global reference for GitHub GhostPack Certificates in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-02T00:00:00Z |
| date_published | 2018-08-22T00:00:00Z |
| source | MITRE |
| title | SharpDPAPI - Certificates |
Shdocvw.dll - LOLBAS Project
LOLBAS. (2018, May 25). Shdocvw.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 0739d5fe-b460-4ed4-be75-cff422643a32 which can be used as unique global reference for Shdocvw.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Shdocvw.dll |
Securelist Turla Oct 2018
Kaspersky Lab's Global Research & Analysis Team. (2018, October 04). Shedding Skin – Turla’s Fresh Faces. Retrieved November 7, 2018.
Internal MISP references
UUID 5b08ea46-e25d-4df9-9b91-f8e7a1d5f7ee which can be used as unique global reference for Securelist Turla Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-07T00:00:00Z |
| date_published | 2018-10-04T00:00:00Z |
| source | MITRE |
| title | Shedding Skin – Turla’s Fresh Faces |
Shell32.dll - LOLBAS Project
LOLBAS. (2018, May 25). Shell32.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 9465358f-e0cc-41f0-a7f9-01d5faca8157 which can be used as unique global reference for Shell32.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Shell32.dll |
Cylance Shell Crew Feb 2017
Cylance SPEAR Team. (2017, February 9). Shell Crew Variants Continue to Fly Under Big AV’s Radar. Retrieved February 15, 2017.
Internal MISP references
UUID c0fe5d29-838b-4e91-bd33-59ab3dbcfbc3 which can be used as unique global reference for Cylance Shell Crew Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-15T00:00:00Z |
| date_published | 2017-02-09T00:00:00Z |
| source | MITRE |
| title | Shell Crew Variants Continue to Fly Under Big AV’s Radar |
Magento
Cesar Anjos. (2018, May 31). Shell Logins as a Magento Reinfection Vector. Retrieved December 17, 2020.
Internal MISP references
UUID b8b3f360-e14c-49ea-a4e5-8d6d9727e731 which can be used as unique global reference for Magento in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Shell Logins as a Magento Reinfection Vector |
Trend Micro TA505 June 2019
Hiroaki, H. and Lu, L. (2019, June 12). Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns. Retrieved May 29, 2020.
Internal MISP references
UUID e664a0c7-154f-449e-904d-335be1b72b29 which can be used as unique global reference for Trend Micro TA505 June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-29T00:00:00Z |
| date_published | 2019-06-12T00:00:00Z |
| source | MITRE |
| title | Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns |
Shimgvw.dll - LOLBAS Project
LOLBAS. (2021, January 6). Shimgvw.dll. Retrieved December 4, 2023.
Internal MISP references
UUID aba1cc57-ac30-400f-8b02-db7bf279dfb6 which can be used as unique global reference for Shimgvw.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-01-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Shimgvw.dll |
FireEye Shining A Light on DARKSIDE May 2021
FireEye. (2021, May 11). Shining a Light on DARKSIDE Ransomware Operations. Retrieved September 22, 2021.
Internal MISP references
UUID 6ac6acc2-9fea-4887-99b2-9988991b47b6 which can be used as unique global reference for FireEye Shining A Light on DARKSIDE May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-05-11T00:00:00Z |
| source | MITRE |
| title | Shining a Light on DARKSIDE Ransomware Operations |
Telekom Security DarkGate August 25 2023
Fabian Marquardt. (2023, August 25). Shining some light on the DarkGate loader. Retrieved October 20, 2023.
Internal MISP references
UUID 1cb60362-f73e-49e6-b0ee-e8f67a25c058 which can be used as unique global reference for Telekom Security DarkGate August 25 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2023-08-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Shining some light on the DarkGate loader |
NCC Group Black Basta June 2022
Inman, R. and Gurney, P. (2022, June 6). Shining the Light on Black Basta. Retrieved March 8, 2023.
Internal MISP references
UUID b5f91f77-b102-5812-a79f-69b254487da8 which can be used as unique global reference for NCC Group Black Basta June 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-06-06T00:00:00Z |
| source | MITRE |
| title | Shining the Light on Black Basta |
Trustwave Cherry Picker
Merritt, E.. (2015, November 16). Shining the Spotlight on Cherry Picker PoS Malware. Retrieved April 20, 2016.
Internal MISP references
UUID e09f639e-bdd3-4e88-8032-f665e347272b which can be used as unique global reference for Trustwave Cherry Picker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-20T00:00:00Z |
| date_published | 2015-11-16T00:00:00Z |
| source | MITRE |
| title | Shining the Spotlight on Cherry Picker PoS Malware |
Shlayer jamf gatekeeper bypass 2021
Jaron Bradley. (2021, April 26). Shlayer malware abusing Gatekeeper bypass on macOS. Retrieved September 22, 2021.
Internal MISP references
UUID 9ece29ee-c4e9-4a30-9958-88b114a417ce which can be used as unique global reference for Shlayer jamf gatekeeper bypass 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-04-26T00:00:00Z |
| source | MITRE |
| title | Shlayer malware abusing Gatekeeper bypass on macOS |
Shodan
Shodan. (n.d.). Shodan. Retrieved October 20, 2020.
Internal MISP references
UUID a142aceb-3ef5-4231-8771-bb3b2dae9acd which can be used as unique global reference for Shodan in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Shodan |
Shortcut for Persistence
Elastic. (n.d.). Shortcut File Written or Modified for Persistence. Retrieved June 1, 2022.
Internal MISP references
UUID 4a12e927-0511-40b1-85f3-869ffc452c2e which can be used as unique global reference for Shortcut for Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| source | MITRE |
| title | Shortcut File Written or Modified for Persistence |
Unprotect Shortcut
Unprotect Project. (2019, March 18). Shortcut Hiding. Retrieved October 3, 2023.
Internal MISP references
UUID b62d40bc-2782-538a-8913-429908c6a2ee which can be used as unique global reference for Unprotect Shortcut in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-03T00:00:00Z |
| date_published | 2019-03-18T00:00:00Z |
| source | MITRE |
| title | Shortcut Hiding |
Sleep, shut down, hibernate
AVG. (n.d.). Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop?. Retrieved June 8, 2023.
Internal MISP references
UUID e9064801-0297-51d0-9089-db58f4811a9f which can be used as unique global reference for Sleep, shut down, hibernate in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-08T00:00:00Z |
| source | MITRE |
| title | Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop? |
show_clock_detail_cisco_cmd
Cisco. (2023, March 6). show clock detail - Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.
Internal MISP references
UUID a2215813-31b0-5624-92d8-479e7bd1a30b which can be used as unique global reference for show_clock_detail_cisco_cmd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2023-03-06T00:00:00Z |
| source | MITRE |
| title | show clock detail - Cisco IOS Security Command Reference: Commands S to Z |
show_processes_cisco_cmd
Cisco. (2022, August 16). show processes - . Retrieved July 13, 2022.
Internal MISP references
UUID 944e529b-5e8a-54a1-b205-71dcb7dd304f which can be used as unique global reference for show_processes_cisco_cmd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | show processes - |
show_run_config_cmd_cisco
Cisco. (2022, August 16). show running-config - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.
Internal MISP references
UUID 5a68a45a-a53e-5d73-a82a-0cc951071aef which can be used as unique global reference for show_run_config_cmd_cisco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2022-08-16T00:00:00Z |
| source | MITRE |
| title | show running-config - Cisco IOS Configuration Fundamentals Command Reference |
Symantec Shuckworm January 2022
Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022.
Internal MISP references
UUID 3abb9cfb-8927-4447-b904-6ed071787bef which can be used as unique global reference for Symantec Shuckworm January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-17T00:00:00Z |
| date_published | 2022-01-31T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Shuckworm Continues Cyber-Espionage Attacks Against Ukraine |
Microsoft Shutdown Oct 2017
Microsoft. (2017, October 15). Shutdown. Retrieved October 4, 2019.
Internal MISP references
UUID c587f021-596a-4e63-ac51-afa2793a859d which can be used as unique global reference for Microsoft Shutdown Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-04T00:00:00Z |
| date_published | 2017-10-15T00:00:00Z |
| source | MITRE |
| title | Shutdown |
MalwareBytes SideCopy Dec 2021
Threat Intelligence Team. (2021, December 2). SideCopy APT: Connecting lures victims, payloads to infrastructure. Retrieved June 13, 2022.
Internal MISP references
UUID 466569a7-1ef8-4824-bd9c-d25301184ea4 which can be used as unique global reference for MalwareBytes SideCopy Dec 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-13T00:00:00Z |
| date_published | 2021-12-02T00:00:00Z |
| source | MITRE |
| title | SideCopy APT: Connecting lures victims, payloads to infrastructure |
Rewterz Sidewinder APT April 2020
Rewterz. (2020, April 20). Sidewinder APT Group Campaign Analysis. Retrieved January 29, 2021.
Internal MISP references
UUID e1cecdab-d6d1-47c6-a942-3f3329e5d98d which can be used as unique global reference for Rewterz Sidewinder APT April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-29T00:00:00Z |
| date_published | 2020-04-20T00:00:00Z |
| source | MITRE |
| title | Sidewinder APT Group Campaign Analysis |
Cyble Sidewinder September 2020
Cyble. (2020, September 26). SideWinder APT Targets with futuristic Tactics and Techniques. Retrieved January 29, 2021.
Internal MISP references
UUID 25d8d6df-d3b9-4f57-bce0-d5285660e746 which can be used as unique global reference for Cyble Sidewinder September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-29T00:00:00Z |
| date_published | 2020-09-26T00:00:00Z |
| source | MITRE |
| title | SideWinder APT Targets with futuristic Tactics and Techniques |
Microsoft Sigcheck May 2017
Russinovich, M. et al.. (2017, May 22). Sigcheck. Retrieved April 3, 2018.
Internal MISP references
UUID 7f3a0f44-03d4-4b02-9d9d-74e8ee9eede8 which can be used as unique global reference for Microsoft Sigcheck May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-03T00:00:00Z |
| date_published | 2017-05-22T00:00:00Z |
| source | MITRE |
| title | Sigcheck |
Linux Signal Man
Linux man-pages. (2023, April 3). signal(7). Retrieved August 30, 2023.
Internal MISP references
UUID 63483956-fa3e-52da-a834-b3b762c4e84e which can be used as unique global reference for Linux Signal Man in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-30T00:00:00Z |
| date_published | 2023-04-03T00:00:00Z |
| source | MITRE |
| title | signal(7) |
f-secure janicab
Brod. (2013, July 15). Signed Mac Malware Using Right-to-Left Override Trick. Retrieved July 17, 2017.
Internal MISP references
UUID 07e484cb-7e72-4938-a029-f9904d751777 which can be used as unique global reference for f-secure janicab in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-17T00:00:00Z |
| date_published | 2013-07-15T00:00:00Z |
| source | MITRE |
| title | Signed Mac Malware Using Right-to-Left Override Trick |
Group IB Silence Aug 2019
Group-IB. (2019, August). Silence 2.0: Going Global. Retrieved May 5, 2020.
Internal MISP references
UUID 2c314eb6-767f-45b9-8a60-dba11e06afd8 which can be used as unique global reference for Group IB Silence Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-05T00:00:00Z |
| date_published | 2019-08-01T00:00:00Z |
| source | MITRE |
| title | Silence 2.0: Going Global |
SecureList Silence Nov 2017
GReAT. (2017, November 1). Silence – a new Trojan attacking financial organizations. Retrieved May 24, 2019.
Internal MISP references
UUID 004a8877-7e57-48ad-a6ce-b9ad8577cc68 which can be used as unique global reference for SecureList Silence Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-24T00:00:00Z |
| date_published | 2017-11-01T00:00:00Z |
| source | MITRE |
| title | Silence – a new Trojan attacking financial organizations |
Cyber Forensicator Silence Jan 2019
Skulkin, O.. (2019, January 20). Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis. Retrieved May 24, 2019.
Internal MISP references
UUID c328d6d3-5e8b-45a6-8487-eecd7e8cbf7e which can be used as unique global reference for Cyber Forensicator Silence Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-24T00:00:00Z |
| date_published | 2019-01-20T00:00:00Z |
| source | MITRE |
| title | Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis |
Group IB Silence Sept 2018
Group-IB. (2018, September). Silence: Moving Into the Darkside. Retrieved May 5, 2020.
Internal MISP references
UUID 10d41d2e-44be-41a7-84c1-b8f39689cb93 which can be used as unique global reference for Group IB Silence Sept 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-05T00:00:00Z |
| date_published | 2018-09-01T00:00:00Z |
| source | MITRE |
| title | Silence: Moving Into the Darkside |
CrowdStrike Silent Chollima Adversary September 2021
CrowdStrike. (2021, September 29). Silent Chollima Adversary Profile. Retrieved September 29, 2021.
Internal MISP references
UUID 835283b5-af3b-4baf-805e-da8ebbe8b5d2 which can be used as unique global reference for CrowdStrike Silent Chollima Adversary September 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2021-09-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Silent Chollima Adversary Profile |
Malwarebytes Silent Librarian October 2020
Malwarebytes Threat Intelligence Team. (2020, October 14). Silent Librarian APT right on schedule for 20/21 academic year. Retrieved February 3, 2021.
Internal MISP references
UUID 9bb8ddd0-a8ec-459b-9983-79ccf46297ca which can be used as unique global reference for Malwarebytes Silent Librarian October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-03T00:00:00Z |
| date_published | 2020-10-14T00:00:00Z |
| source | MITRE |
| title | Silent Librarian APT right on schedule for 20/21 academic year |
Phish Labs Silent Librarian
Hassold, Crane. (2018, March 26). Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment. Retrieved February 3, 2021.
Internal MISP references
UUID d79d0510-4d49-464d-8074-daedd186f1c1 which can be used as unique global reference for Phish Labs Silent Librarian in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-03T00:00:00Z |
| date_published | 2018-03-26T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment |
GitHub SILENTTRINITY Modules July 2019
Salvati, M. (2019, August 6). SILENTTRINITY Modules. Retrieved March 24, 2022.
Internal MISP references
UUID df9252e6-2727-4b39-a5f8-9f01c85aae9d which can be used as unique global reference for GitHub SILENTTRINITY Modules July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-24T00:00:00Z |
| date_published | 2019-08-06T00:00:00Z |
| source | MITRE |
| title | SILENTTRINITY Modules |
Unit 42 Siloscape Jun 2021
Prizmant, D. (2021, June 7). Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments. Retrieved June 9, 2021.
Internal MISP references
UUID 4be128a7-97b8-48fa-8a52-a53c1e56f086 which can be used as unique global reference for Unit 42 Siloscape Jun 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-09T00:00:00Z |
| date_published | 2021-06-07T00:00:00Z |
| source | MITRE |
| title | Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments |
Unit42 SilverTerrier 2016
Renals, P., Conant, S. (2016). SILVERTERRIER: The Next Evolution in Nigerian Cybercrime. Retrieved November 13, 2018.
Internal MISP references
UUID a6ba79ca-7d4a-48d3-aae3-ee766770f83b which can be used as unique global reference for Unit42 SilverTerrier 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2016-01-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | SILVERTERRIER: The Next Evolution in Nigerian Cybercrime |
Unit42 SilverTerrier 2018
Unit42. (2016). SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE. Retrieved November 13, 2018.
Internal MISP references
UUID 59630d6e-d034-4788-b418-a72bafefe54e which can be used as unique global reference for Unit42 SilverTerrier 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-13T00:00:00Z |
| date_published | 2016-01-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE |
Timac DYLD_INSERT_LIBRARIES
Timac. (2012, December 18). Simple code injection using DYLD_INSERT_LIBRARIES. Retrieved March 26, 2020.
Internal MISP references
UUID 54fcbc49-f4e3-48a4-9d67-52ca08b322b2 which can be used as unique global reference for Timac DYLD_INSERT_LIBRARIES in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-26T00:00:00Z |
| date_published | 2012-12-18T00:00:00Z |
| source | MITRE |
| title | Simple code injection using DYLD_INSERT_LIBRARIES |
SIM Swapping and Abuse of the Microsoft Azure Serial Console
Mandiant Intelligence. (2023, May 16). SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack. Retrieved June 2, 2023.
Internal MISP references
UUID c596a0e0-6e9c-52e4-b1bb-9c0542f960f2 which can be used as unique global reference for SIM Swapping and Abuse of the Microsoft Azure Serial Console in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-02T00:00:00Z |
| date_published | 2023-05-16T00:00:00Z |
| source | MITRE |
| title | SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack |
EduardosBlog SIPs July 2008
Navarro, E. (2008, July 11). SIP’s (Subject Interface Package) and Authenticode. Retrieved January 31, 2018.
Internal MISP references
UUID ac37f167-3ae9-437b-9215-c30c1ab4e249 which can be used as unique global reference for EduardosBlog SIPs July 2008 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| date_published | 2008-07-11T00:00:00Z |
| source | MITRE |
| title | SIP’s (Subject Interface Package) and Authenticode |
Anonymous Hackers Deface Russian Govt Site
Andy. (2018, May 12). ‘Anonymous’ Hackers Deface Russian Govt. Site to Protest Web-Blocking (NSFW). Retrieved April 19, 2019.
Internal MISP references
UUID ca63ccd4-8c81-4de6-8eb4-06a6c68ce4d3 which can be used as unique global reference for Anonymous Hackers Deface Russian Govt Site in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| source | MITRE |
| title | Site to Protest Web-Blocking (NSFW) |
Dell Skeleton
Dell SecureWorks. (2015, January 12). Skeleton Key Malware Analysis. Retrieved April 8, 2019.
Internal MISP references
UUID cea9ce77-7641-4086-b92f-a4c3ad94a49c which can be used as unique global reference for Dell Skeleton in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-08T00:00:00Z |
| date_published | 2015-01-12T00:00:00Z |
| source | MITRE |
| title | Skeleton Key Malware Analysis |
Command Five SK 2011
Command Five Pty Ltd. (2011, September). SK Hack by an Advanced Persistent Threat. Retrieved April 6, 2018.
Internal MISP references
UUID ccca927e-fa03-4eba-b631-9989804a1f3c which can be used as unique global reference for Command Five SK 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2011-09-01T00:00:00Z |
| source | MITRE |
| title | SK Hack by an Advanced Persistent Threat |
Trend Micro Skidmap
Remillano, A., Urbanec, J. (2019, September 19). Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload. Retrieved June 4, 2020.
Internal MISP references
UUID 53291621-f0ad-4cb7-af08-78b96eb67168 which can be used as unique global reference for Trend Micro Skidmap in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-04T00:00:00Z |
| date_published | 2019-09-19T00:00:00Z |
| source | MITRE |
| title | Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload |
Detectify Slack Tokens
Detectify. (2016, April 28). Slack bot token leakage exposing business critical information. Retrieved October 19, 2020.
Internal MISP references
UUID 46c40ed4-5a15-4b38-b625-bebc569dbf69 which can be used as unique global reference for Detectify Slack Tokens in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2016-04-28T00:00:00Z |
| source | MITRE |
| title | Slack bot token leakage exposing business critical information |
GitHub Sliver C2
BishopFox. (n.d.). Sliver. Retrieved September 15, 2021.
Internal MISP references
UUID f706839a-c6e7-469b-a0c0-02c0d55eb4f6 which can be used as unique global reference for GitHub Sliver C2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-15T00:00:00Z |
| source | MITRE |
| title | Sliver |
GitHub Sliver C2 DNS
BishopFox. (n.d.). Sliver DNS C2 . Retrieved September 15, 2021.
Internal MISP references
UUID 41c1ac3e-d03a-4e09-aebe-a8c191236e7e which can be used as unique global reference for GitHub Sliver C2 DNS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-15T00:00:00Z |
| source | MITRE |
| title | Sliver DNS C2 |
GitHub Sliver Download
BishopFox. (n.d.). Sliver Download. Retrieved September 16, 2021.
Internal MISP references
UUID f9f6468f-6115-4753-a1ff-3658e410f964 which can be used as unique global reference for GitHub Sliver Download in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Sliver Download |
GitHub Sliver File System August 2021
BishopFox. (2021, August 18). Sliver Filesystem. Retrieved September 22, 2021.
Internal MISP references
UUID 820beaff-a0d5-4017-9a9c-6fbd7874b585 which can be used as unique global reference for GitHub Sliver File System August 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-08-18T00:00:00Z |
| source | MITRE |
| title | Sliver Filesystem |
GitHub Sliver HTTP
BishopFox. (n.d.). Sliver HTTP(S) C2. Retrieved September 16, 2021.
Internal MISP references
UUID 0194a86d-c7bf-4115-ab45-4c67fcfdb2a1 which can be used as unique global reference for GitHub Sliver HTTP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Sliver HTTP(S) C2 |
GitHub Sliver Ifconfig
BishopFox. (n.d.). Sliver Ifconfig. Retrieved September 16, 2021.
Internal MISP references
UUID e9783116-144f-49e9-a3c5-28bf3ff9c654 which can be used as unique global reference for GitHub Sliver Ifconfig in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Sliver Ifconfig |
GitHub Sliver Netstat
BishopFox. (n.d.). Sliver Netstat. Retrieved September 16, 2021.
Internal MISP references
UUID 37ef7619-8157-4522-aea7-779d75464029 which can be used as unique global reference for GitHub Sliver Netstat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Sliver Netstat |
GitHub Sliver Screen
BishopFox. (n.d.). Sliver Screenshot. Retrieved September 16, 2021.
Internal MISP references
UUID 0417572e-d1c7-4db5-8644-5b94c79cc14d which can be used as unique global reference for GitHub Sliver Screen in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Sliver Screenshot |
GitHub Sliver Encryption
BishopFox. (n.d.). Sliver Transport Encryption. Retrieved September 16, 2021.
Internal MISP references
UUID b33a9d44-1468-4b3e-8d27-9c48c81bec74 which can be used as unique global reference for GitHub Sliver Encryption in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Sliver Transport Encryption |
GitHub Sliver Upload
BishopFox. (n.d.). Sliver Upload. Retrieved September 16, 2021.
Internal MISP references
UUID 96e6e207-bf8b-4a3e-9a92-779e8bb6bb67 which can be used as unique global reference for GitHub Sliver Upload in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-16T00:00:00Z |
| source | MITRE |
| title | Sliver Upload |
Zdnet Ngrok September 2018
Cimpanu, C. (2018, September 13). Sly malware author hides cryptomining botnet behind ever-shifting proxy service. Retrieved September 15, 2020.
Internal MISP references
UUID 3edb88be-2ca6-4925-ba2e-a5a4ac5f9ab0 which can be used as unique global reference for Zdnet Ngrok September 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-15T00:00:00Z |
| date_published | 2018-09-13T00:00:00Z |
| source | MITRE |
| title | Sly malware author hides cryptomining botnet behind ever-shifting proxy service |
NCSC GCHQ Small Sieve Jan 2022
NCSC GCHQ. (2022, January 27). Small Sieve Malware Analysis Report. Retrieved August 22, 2022.
Internal MISP references
UUID 0edb8946-be38-45f5-a27c-bdbebc383d72 which can be used as unique global reference for NCSC GCHQ Small Sieve Jan 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-22T00:00:00Z |
| date_published | 2022-01-27T00:00:00Z |
| source | MITRE |
| title | Small Sieve Malware Analysis Report |
SmartMontools
smartmontools. (n.d.). smartmontools. Retrieved October 2, 2018.
Internal MISP references
UUID efae8de6-1b8d-47c0-b7a0-e3d0c227a14c which can be used as unique global reference for SmartMontools in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-10-02T00:00:00Z |
| source | MITRE |
| title | smartmontools |
CME Github September 2018
byt3bl33d3r. (2018, September 8). SMB: Command Reference. Retrieved July 17, 2020.
Internal MISP references
UUID a6e1e3b4-1b69-43b7-afbe-aedb812c5778 which can be used as unique global reference for CME Github September 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-17T00:00:00Z |
| date_published | 2018-09-08T00:00:00Z |
| source | MITRE |
| title | SMB: Command Reference |
US-CERT SMB Security
US-CERT. (2017, March 16). SMB Security Best Practices. Retrieved December 21, 2017.
Internal MISP references
UUID 710d2292-c693-4857-9196-397449061e76 which can be used as unique global reference for US-CERT SMB Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2017-03-16T00:00:00Z |
| source | MITRE |
| title | SMB Security Best Practices |
SMLoginItemSetEnabled Schroeder 2013
Tim Schroeder. (2013, April 21). SMLoginItemSetEnabled Demystified. Retrieved October 5, 2021.
Internal MISP references
UUID ad14bad2-95c8-49b0-9777-e464fc8359a0 which can be used as unique global reference for SMLoginItemSetEnabled Schroeder 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| date_published | 2013-04-21T00:00:00Z |
| source | MITRE |
| title | SMLoginItemSetEnabled Demystified |
Malwarebytes SmokeLoader 2016
Hasherezade. (2016, September 12). Smoke Loader – downloader with a smokescreen still alive. Retrieved March 20, 2018.
Internal MISP references
UUID b619e338-16aa-478c-b227-b22f78d572a3 which can be used as unique global reference for Malwarebytes SmokeLoader 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-20T00:00:00Z |
| date_published | 2016-09-12T00:00:00Z |
| source | MITRE |
| title | Smoke Loader – downloader with a smokescreen still alive |
Talos Smoke Loader July 2018
Baker, B., Unterbrink H. (2018, July 03). Smoking Guns - Smoke Loader learned new tricks. Retrieved July 5, 2018.
Internal MISP references
UUID 072ac051-7564-4dd3-a279-7f75c91b55f1 which can be used as unique global reference for Talos Smoke Loader July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-05T00:00:00Z |
| date_published | 2018-07-03T00:00:00Z |
| source | MITRE |
| title | Smoking Guns - Smoke Loader learned new tricks |
FireEye SMOKEDHAM June 2021
FireEye. (2021, June 16). Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise. Retrieved September 22, 2021.
Internal MISP references
UUID a81ad3ef-fd96-432c-a7c8-ccc86d127a1b which can be used as unique global reference for FireEye SMOKEDHAM June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-06-16T00:00:00Z |
| source | MITRE |
| title | Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise |
Environmental Keyed HTA
Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved January 16, 2019.
Internal MISP references
UUID b16bae1a-75aa-478b-b8c7-458ee5a3f7e5 which can be used as unique global reference for Environmental Keyed HTA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-16T00:00:00Z |
| date_published | 2017-08-08T00:00:00Z |
| source | MITRE |
| title | Smuggling HTA files in Internet Explorer/Edge |
nccgroup Smuggling HTA 2017
Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved May 20, 2021.
Internal MISP references
UUID f5615cdc-bc56-415b-8e38-6f3fd1c33c88 which can be used as unique global reference for nccgroup Smuggling HTA 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-20T00:00:00Z |
| date_published | 2017-08-08T00:00:00Z |
| source | MITRE |
| title | Smuggling HTA files in Internet Explorer/Edge |
Accenture SNAKEMACKEREL Nov 2018
Accenture Security. (2018, November 29). SNAKEMACKEREL. Retrieved April 15, 2019.
Internal MISP references
UUID c38d021c-d84c-4aa7-b7a5-be47e18df1d8 which can be used as unique global reference for Accenture SNAKEMACKEREL Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-15T00:00:00Z |
| date_published | 2018-11-29T00:00:00Z |
| source | MITRE |
| title | SNAKEMACKEREL |
Sophos Snatch Ransomware 2019
Sophos. (2019, December 9). Snatch ransomware reboots PCs into Safe Mode to bypass protection. Retrieved June 23, 2021.
Internal MISP references
UUID 63019d16-07ec-4e53-98b7-529cc09b8429 which can be used as unique global reference for Sophos Snatch Ransomware 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-23T00:00:00Z |
| date_published | 2019-12-09T00:00:00Z |
| source | MITRE |
| title | Snatch ransomware reboots PCs into Safe Mode to bypass protection |
AdSecurity SID History Sept 2015
Metcalf, S. (2015, September 19). Sneaky Active Directory Persistence #14: SID History. Retrieved November 30, 2017.
Internal MISP references
UUID 26961107-c48e-46d5-8d80-cda543b3be3b which can be used as unique global reference for AdSecurity SID History Sept 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| date_published | 2015-09-19T00:00:00Z |
| source | MITRE |
| title | Sneaky Active Directory Persistence #14: SID History |
ADSecurity GPO Persistence 2016
Metcalf, S. (2016, March 14). Sneaky Active Directory Persistence #17: Group Policy. Retrieved March 5, 2019.
Internal MISP references
UUID e304715f-7da1-4342-ba5b-d0387d93aeb2 which can be used as unique global reference for ADSecurity GPO Persistence 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2016-03-14T00:00:00Z |
| source | MITRE |
| title | Sneaky Active Directory Persistence #17: Group Policy |
Telefonica Snip3 December 2021
Jornet, A. (2021, December 23). Snip3, an investigation into malware. Retrieved September 19, 2023.
Internal MISP references
UUID f026dd44-1491-505b-8a8a-e4f28c6cd6a7 which can be used as unique global reference for Telefonica Snip3 December 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-19T00:00:00Z |
| date_published | 2021-12-23T00:00:00Z |
| source | MITRE |
| title | Snip3, an investigation into malware |
Security Joes Sockbot March 09 2022
Felipe Duarte, Ido Naor. (2022, March 9). Sockbot in GoLand. Retrieved September 22, 2023.
Internal MISP references
UUID bca2b5c2-bc3b-4504-806e-5c5b6fee96e6 which can be used as unique global reference for Security Joes Sockbot March 09 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-22T00:00:00Z |
| date_published | 2022-03-09T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Sockbot in GoLand |
Kaspersky Sodin July 2019
Mamedov, O, et al. (2019, July 3). Sodin ransomware exploits Windows vulnerability and processor architecture. Retrieved August 4, 2020.
Internal MISP references
UUID ea46271d-3251-4bd7-afa8-f1bd7baf9570 which can be used as unique global reference for Kaspersky Sodin July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2019-07-03T00:00:00Z |
| source | MITRE |
| title | Sodin ransomware exploits Windows vulnerability and processor architecture |
Kaspersky Sofacy
Kaspersky Lab's Global Research and Analysis Team. (2015, December 4). Sofacy APT hits high profile targets with updated toolset. Retrieved December 10, 2015.
Internal MISP references
UUID 46226f98-c762-48e3-9bcd-19ff14184bb5 which can be used as unique global reference for Kaspersky Sofacy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-10T00:00:00Z |
| date_published | 2015-12-04T00:00:00Z |
| source | MITRE |
| title | Sofacy APT hits high profile targets with updated toolset |
Unit 42 Sofacy Feb 2018
Lee, B, et al. (2018, February 28). Sofacy Attacks Multiple Government Entities. Retrieved March 15, 2018.
Internal MISP references
UUID 0bcc2d76-987c-4a9b-9e00-1400eec4e606 which can be used as unique global reference for Unit 42 Sofacy Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-15T00:00:00Z |
| date_published | 2018-02-28T00:00:00Z |
| source | MITRE |
| title | Sofacy Attacks Multiple Government Entities |
Unit42 Cannon Nov 2018
Falcone, R., Lee, B. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved November 26, 2018.
Internal MISP references
UUID 8c634bbc-4878-4b27-aa18-5996ec968809 which can be used as unique global reference for Unit42 Cannon Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-26T00:00:00Z |
| date_published | 2018-11-20T00:00:00Z |
| source | MITRE |
| title | Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan |
Unit 42 Sofacy Nov 2018
Falcone, R., Lee, B.. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved April 23, 2019.
Internal MISP references
UUID 1523c6de-8879-4652-ac51-1a5085324370 which can be used as unique global reference for Unit 42 Sofacy Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-11-20T00:00:00Z |
| source | MITRE |
| title | Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan |
Palo Alto Sofacy 06-2018
Lee, B., Falcone, R. (2018, June 06). Sofacy Group’s Parallel Attacks. Retrieved June 18, 2018.
Internal MISP references
UUID a32357eb-3226-4bee-aeed-d2fbcfa52da0 which can be used as unique global reference for Palo Alto Sofacy 06-2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-18T00:00:00Z |
| date_published | 2018-06-06T00:00:00Z |
| source | MITRE |
| title | Sofacy Group’s Parallel Attacks |
F-Secure Sofacy 2015
F-Secure. (2015, September 8). Sofacy Recycles Carberp and Metasploit Code. Retrieved August 3, 2016.
Internal MISP references
UUID 56a95d3c-5268-4e69-b669-7055fb38d570 which can be used as unique global reference for F-Secure Sofacy 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2015-09-08T00:00:00Z |
| source | MITRE |
| title | Sofacy Recycles Carberp and Metasploit Code |
Sofacy Komplex Trojan
Dani Creus, Tyler Halfpop, Robert Falcone. (2016, September 26). Sofacy's 'Komplex' OS X Trojan. Retrieved July 8, 2017.
Internal MISP references
UUID a21be45e-26c3-446d-b336-b58d08df5749 which can be used as unique global reference for Sofacy Komplex Trojan in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-08T00:00:00Z |
| date_published | 2016-09-26T00:00:00Z |
| source | MITRE |
| title | Sofacy's 'Komplex' OS X Trojan |
Sofacy DealersChoice
Falcone, R. (2018, March 15). Sofacy Uses DealersChoice to Target European Government Agency. Retrieved June 4, 2018.
Internal MISP references
UUID ec157d0c-4091-43f5-85f1-a271c4aac1fc which can be used as unique global reference for Sofacy DealersChoice in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-06-04T00:00:00Z |
| date_published | 2018-03-15T00:00:00Z |
| source | MITRE |
| title | Sofacy Uses DealersChoice to Target European Government Agency |
Unit 42 SolarStorm December 2020
Unit 42. (2020, December 23). SolarStorm Supply Chain Attack Timeline. Retrieved March 24, 2023.
Internal MISP references
UUID ecbb602a-2427-5eba-8c2b-25d90c95f166 which can be used as unique global reference for Unit 42 SolarStorm December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-24T00:00:00Z |
| date_published | 2020-12-23T00:00:00Z |
| source | MITRE |
| title | SolarStorm Supply Chain Attack Timeline |
Symantec Sunburst Sending Data January 2021
Symantec Threat Hunter Team. (2021, January 22). SolarWinds: How Sunburst Sends Data Back to the Attackers. Retrieved January 22, 2021.
Internal MISP references
UUID 50be20ca-48d1-4eb9-a25f-76935a0770b3 which can be used as unique global reference for Symantec Sunburst Sending Data January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-22T00:00:00Z |
| date_published | 2021-01-22T00:00:00Z |
| source | MITRE |
| title | SolarWinds: How Sunburst Sends Data Back to the Attackers |
Carnegie Mellon University Supernova Dec 2020
Carnegie Mellon University. (2020, December 26). SolarWinds Orion API authentication bypass allows remote command execution. Retrieved February 22, 2021.
Internal MISP references
UUID ad43df0c-bdac-43e2-bd86-640036367b6c which can be used as unique global reference for Carnegie Mellon University Supernova Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2020-12-26T00:00:00Z |
| source | MITRE |
| title | SolarWinds Orion API authentication bypass allows remote command execution |
SolarWinds Advisory Dec 2020
SolarWinds. (2020, December 24). SolarWinds Security Advisory. Retrieved February 22, 2021.
Internal MISP references
UUID 4e8b908a-bdc5-441b-bc51-98dfa87f6b7a which can be used as unique global reference for SolarWinds Advisory Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2020-12-24T00:00:00Z |
| source | MITRE |
| title | SolarWinds Security Advisory |
solution_monitor_dhcp_scopes
Shoemaker, E. (2015, December 31). Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell. Retrieved March 7, 2022.
Internal MISP references
UUID 6fce30c3-17d6-42a0-8470-319e2930e573 which can be used as unique global reference for solution_monitor_dhcp_scopes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-07T00:00:00Z |
| date_published | 2015-12-31T00:00:00Z |
| source | MITRE |
| title | Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell |
Sophos X-Ops Tweet September 13 2023
SophosXOps. (2023, September 13). Sophos X-Ops Tweet September 13 2023. Retrieved September 22, 2023.
Internal MISP references
UUID 98af96a6-98bb-4d81-bb0c-a550e765e6ac which can be used as unique global reference for Sophos X-Ops Tweet September 13 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-22T00:00:00Z |
| date_published | 2023-09-13T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Sophos X-Ops Tweet September 13 2023 |
Source Manual
ss64. (n.d.). Source or Dot Operator. Retrieved May 21, 2019.
Internal MISP references
UUID a39354fc-334f-4f65-ba8a-56550f91710f which can be used as unique global reference for Source Manual in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-21T00:00:00Z |
| source | MITRE |
| title | Source or Dot Operator |
Symantec Sowbug Nov 2017
Symantec Security Response. (2017, November 7). Sowbug: Cyber espionage group targets South American and Southeast Asian governments. Retrieved November 16, 2017.
Internal MISP references
UUID 14f49074-fc46-45d3-bf7e-30c896c39c07 which can be used as unique global reference for Symantec Sowbug Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-16T00:00:00Z |
| date_published | 2017-11-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Sowbug: Cyber espionage group targets South American and Southeast Asian governments |
NIST 800-63-3
Grassi, P., et al. (2017, December 1). SP 800-63-3, Digital Identity Guidelines. Retrieved January 16, 2019.
Internal MISP references
UUID 143599bf-167b-4041-82c5-8612c3e81095 which can be used as unique global reference for NIST 800-63-3 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-16T00:00:00Z |
| date_published | 2017-12-01T00:00:00Z |
| source | MITRE |
| title | SP 800-63-3, Digital Identity Guidelines |
Threatpost Hancitor
Tom Spring. (2017, January 11). Spammers Revive Hancitor Downloader Campaigns. Retrieved August 13, 2020.
Internal MISP references
UUID 70ad77af-88aa-4f06-a9cb-df9608157841 which can be used as unique global reference for Threatpost Hancitor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-13T00:00:00Z |
| date_published | 2017-01-11T00:00:00Z |
| source | MITRE |
| title | Spammers Revive Hancitor Downloader Campaigns |
CheckPoint SpeakUp Feb 2019
Check Point Research. (2019, February 4). SpeakUp: A New Undetected Backdoor Linux Trojan. Retrieved April 17, 2019.
Internal MISP references
UUID 8f0d6a8d-6bd4-4df5-aa28-70e1ec4b0b12 which can be used as unique global reference for CheckPoint SpeakUp Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2019-02-04T00:00:00Z |
| source | MITRE |
| title | SpeakUp: A New Undetected Backdoor Linux Trojan |
Cyfirma Kimsuky Spear Phishing
Cyfirma. (2020, December 16). Spear Phishing Attack by N. Korean Hacking Group, Kimsuky. Retrieved October 30, 2023.
Internal MISP references
UUID de9817bc-1ac0-4f19-b5af-c402c874f431 which can be used as unique global reference for Cyfirma Kimsuky Spear Phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-30T00:00:00Z |
| date_published | 2020-12-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Spear Phishing Attack by N. Korean Hacking Group, Kimsuky |
Palo Alto Unit 42 OutSteel SaintBot February 2022
Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Retrieved June 9, 2022.
Internal MISP references
UUID b0632490-76be-4018-982d-4b73b3d13881 which can be used as unique global reference for Palo Alto Unit 42 OutSteel SaintBot February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-09T00:00:00Z |
| date_published | 2022-02-25T00:00:00Z |
| source | MITRE |
| title | Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot |
Zscaler Bazar September 2020
Sadique, M. and Singh, A. (2020, September 29). Spear Phishing Campaign Delivers Buer and Bazar Malware. Retrieved November 19, 2020.
Internal MISP references
UUID fc46f152-9ed7-4850-8127-7b1f486ef2fe which can be used as unique global reference for Zscaler Bazar September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-19T00:00:00Z |
| date_published | 2020-09-29T00:00:00Z |
| source | MITRE |
| title | Spear Phishing Campaign Delivers Buer and Bazar Malware |
Reaqta MSXSL Spearphishing MAR 2018
Admin. (2018, March 2). Spear-phishing campaign leveraging on MSXSL. Retrieved July 3, 2018.
Internal MISP references
UUID 927737c9-63a3-49a6-85dc-620e055aaf0a which can be used as unique global reference for Reaqta MSXSL Spearphishing MAR 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2018-03-02T00:00:00Z |
| source | MITRE |
| title | Spear-phishing campaign leveraging on MSXSL |
FireEye Regsvr32 Targeting Mongolian Gov
Anubhav, A., Kizhakkinan, D. (2017, February 22). Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government. Retrieved February 24, 2017.
Internal MISP references
UUID d1509d15-04af-46bd-a6b1-30fbd179b257 which can be used as unique global reference for FireEye Regsvr32 Targeting Mongolian Gov in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-24T00:00:00Z |
| date_published | 2017-02-22T00:00:00Z |
| source | MITRE |
| title | Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government |
FireEye admin@338 March 2014
Moran, N. and Lanstein, A.. (2014, March 25). Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370. Retrieved April 15, 2016.
Internal MISP references
UUID 6a37e6eb-b767-4b10-9c39-660a42b19ddd which can be used as unique global reference for FireEye admin@338 March 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-15T00:00:00Z |
| date_published | 2014-03-25T00:00:00Z |
| source | MITRE |
| title | Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370 |
Microsoft File Handlers
Microsoft. (n.d.). Specifying File Handlers for File Name Extensions. Retrieved November 13, 2014.
Internal MISP references
UUID cc12cd2c-4f41-4d7b-902d-53c35eb41210 which can be used as unique global reference for Microsoft File Handlers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-13T00:00:00Z |
| source | MITRE |
| title | Specifying File Handlers for File Name Extensions |
GTFO split
GTFOBins. (2020, November 13). split. Retrieved April 18, 2022.
Internal MISP references
UUID 4b86c8c3-57b0-4558-be21-f928acb23f49 which can be used as unique global reference for GTFO split in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-18T00:00:00Z |
| date_published | 2020-11-13T00:00:00Z |
| source | MITRE |
| title | split |
split man page
Torbjorn Granlund, Richard M. Stallman. (2020, March null). split(1) — Linux manual page. Retrieved March 25, 2022.
Internal MISP references
UUID 3a4dc770-8bfa-44e9-bb0e-f0af0ae92994 which can be used as unique global reference for split man page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| source | MITRE |
| title | split(1) — Linux manual page |
Spoofing credential dialogs
Johann Rehberger. (2021, April 18). Spoofing credential dialogs on macOS Linux and Windows. Retrieved August 19, 2021.
Internal MISP references
UUID 4f8abaae-1483-4bf6-a79c-6a801ae5a640 which can be used as unique global reference for Spoofing credential dialogs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-19T00:00:00Z |
| date_published | 2021-04-18T00:00:00Z |
| source | MITRE |
| title | Spoofing credential dialogs on macOS Linux and Windows |
Infosecinstitute RTLO Technique
Security Ninja. (2015, April 16). Spoof Using Right to Left Override (RTLO) Technique. Retrieved April 22, 2019.
Internal MISP references
UUID 79d21506-07a8-444d-a2d7-c91de67c393e which can be used as unique global reference for Infosecinstitute RTLO Technique in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2015-04-16T00:00:00Z |
| source | MITRE |
| title | Spoof Using Right to Left Override (RTLO) Technique |
BBC-malvertising
BBC. (2011, March 29). Spotify ads hit by malware attack. Retrieved February 21, 2023.
Internal MISP references
UUID 425775e4-2948-5a73-a2d8-9a3edca74b1b which can be used as unique global reference for BBC-malvertising in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2011-03-29T00:00:00Z |
| source | MITRE |
| title | Spotify ads hit by malware attack |
NSA Spotting
National Security Agency/Central Security Service Information Assurance Directorate. (2015, August 7). Spotting the Adversary with Windows Event Log Monitoring. Retrieved September 6, 2018.
Internal MISP references
UUID c1fa6c1d-f11a-47d4-88fc-ec0a3dc44279 which can be used as unique global reference for NSA Spotting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-06T00:00:00Z |
| date_published | 2015-08-07T00:00:00Z |
| source | MITRE |
| title | Spotting the Adversary with Windows Event Log Monitoring |
Villeneuve 2014
Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.
Internal MISP references
UUID a156e24e-0da5-4ac7-b914-29f2f05e7d6f which can be used as unique global reference for Villeneuve 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-29T00:00:00Z |
| date_published | 2014-07-31T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Spy of the Tiger |
Sqldumper.exe - LOLBAS Project
LOLBAS. (2018, May 25). Sqldumper.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 793d6262-37af-46e1-a6b5-a5262f4a749d which can be used as unique global reference for Sqldumper.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Sqldumper.exe |
sqlmap Introduction
Damele, B., Stampar, M. (n.d.). sqlmap. Retrieved March 19, 2018.
Internal MISP references
UUID ac643245-d54f-470f-a393-26875c0877c8 which can be used as unique global reference for sqlmap Introduction in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| source | MITRE |
| title | sqlmap |
Sqlps.exe - LOLBAS Project
LOLBAS. (2018, May 25). Sqlps.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 31cc851a-c536-4cef-9391-d3c7d3eab64f which can be used as unique global reference for Sqlps.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Sqlps.exe |
SQLToolsPS.exe - LOLBAS Project
LOLBAS. (2018, May 25). SQLToolsPS.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 612c9569-80af-48d2-a853-0f6e3f55aa50 which can be used as unique global reference for SQLToolsPS.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | SQLToolsPS.exe |
Squirrel.exe - LOLBAS Project
LOLBAS. (2019, June 26). Squirrel.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 952b5ca5-1251-4e27-bd30-5d55d7d2da5e which can be used as unique global reference for Squirrel.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-06-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Squirrel.exe |
ZScaler Squirrelwaffle Sep 2021
Kumar, A., Stone-Gross, Brett. (2021, September 28). Squirrelwaffle: New Loader Delivering Cobalt Strike. Retrieved August 9, 2022.
Internal MISP references
UUID 624a62db-f00f-45f9-89f6-2c3505b4979f which can be used as unique global reference for ZScaler Squirrelwaffle Sep 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-09T00:00:00Z |
| date_published | 2021-09-28T00:00:00Z |
| source | MITRE |
| title | Squirrelwaffle: New Loader Delivering Cobalt Strike |
Netskope Squirrelwaffle Oct 2021
Palazolo, G. (2021, October 7). SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot. Retrieved August 9, 2022.
Internal MISP references
UUID 5559895a-4647-438f-b3d5-6d6aa323a6f9 which can be used as unique global reference for Netskope Squirrelwaffle Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-09T00:00:00Z |
| date_published | 2021-10-07T00:00:00Z |
| source | MITRE |
| title | SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot |
Clockwork SSH Agent Hijacking
Beuchler, B. (2012, September 28). SSH Agent Hijacking. Retrieved December 20, 2017.
Internal MISP references
UUID 4a4026e3-977a-4f25-aeee-794947f384b2 which can be used as unique global reference for Clockwork SSH Agent Hijacking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2012-09-28T00:00:00Z |
| source | MITRE |
| title | SSH Agent Hijacking |
Symantec SSH and ssh-agent
Hatch, B. (2004, November 22). SSH and ssh-agent. Retrieved January 8, 2018.
Internal MISP references
UUID 0d576bca-511d-40a2-9916-26832eb28861 which can be used as unique global reference for Symantec SSH and ssh-agent in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-08T00:00:00Z |
| date_published | 2004-11-22T00:00:00Z |
| source | MITRE |
| title | SSH and ssh-agent |
ssh.exe - LOLBAS Project
LOLBAS. (2021, November 8). ssh.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b1a9af1c-0cfc-4e8a-88ac-7d33cddc26a1 which can be used as unique global reference for ssh.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-11-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | ssh.exe |
SSH Secure Shell
SSH.COM. (n.d.). SSH (Secure Shell). Retrieved March 23, 2020.
Internal MISP references
UUID ac5fc103-1946-488b-8af5-eda0636cbdd0 which can be used as unique global reference for SSH Secure Shell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-23T00:00:00Z |
| source | MITRE |
| title | SSH (Secure Shell) |
SSH Tunneling
SSH.COM. (n.d.). SSH tunnel. Retrieved March 15, 2020.
Internal MISP references
UUID 13280f38-0f17-42d3-9f92-693f1da60ffa which can be used as unique global reference for SSH Tunneling in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-15T00:00:00Z |
| source | MITRE |
| title | SSH tunnel |
SSLShopper Lookup
SSL Shopper. (n.d.). SSL Checker. Retrieved October 20, 2020.
Internal MISP references
UUID a8dc493f-2021-48fa-8f28-afd13756b789 which can be used as unique global reference for SSLShopper Lookup in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | SSL Checker |
Ubuntu SSSD Docs
Ubuntu. (n.d.). SSSD. Retrieved September 23, 2021.
Internal MISP references
UUID f2ed1c28-8cde-4279-a04c-217a4dc68121 which can be used as unique global reference for Ubuntu SSSD Docs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| source | MITRE |
| title | SSSD |
Stantinko Botnet
Vachon, F., Faou, M. (2017, July 20). Stantinko: A massive adware campaign operating covertly since 2012. Retrieved November 16, 2017.
Internal MISP references
UUID d81e0274-76f4-43ce-b829-69f761e280dc which can be used as unique global reference for Stantinko Botnet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-16T00:00:00Z |
| date_published | 2017-07-20T00:00:00Z |
| source | MITRE |
| title | Stantinko: A massive adware campaign operating covertly since 2012 |
Amazon AWS
Amazon. (n.d.). Start Building on AWS Today. Retrieved October 13, 2021.
Internal MISP references
UUID b7d41cde-18c8-4e15-a0ac-ca0afc127e33 which can be used as unique global reference for Amazon AWS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Start Building on AWS Today |
Startup Items
Apple. (2016, September 13). Startup Items. Retrieved July 11, 2017.
Internal MISP references
UUID e36dd211-22e4-4b23-befb-fbfe1a84b866 which can be used as unique global reference for Startup Items in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-11T00:00:00Z |
| date_published | 2016-09-13T00:00:00Z |
| source | MITRE |
| title | Startup Items |
Microsoft Safe Mode
Microsoft. (n.d.). Start your PC in safe mode in Windows 10. Retrieved June 23, 2021.
Internal MISP references
UUID fdddb25b-22ba-4433-b25f-bad340ffc849 which can be used as unique global reference for Microsoft Safe Mode in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-23T00:00:00Z |
| source | MITRE |
| title | Start your PC in safe mode in Windows 10 |
Mandiant APT41
Rufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram. (2022, March 8). Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments. Retrieved July 8, 2022.
Internal MISP references
UUID e54415fe-40c2-55ff-9e75-881bc8a912b8 which can be used as unique global reference for Mandiant APT41 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-08T00:00:00Z |
| source | MITRE |
| title | State Governments |
Twitter SquiblyTwo Detection APR 2018
Desimone, J. (2018, April 18). Status Update. Retrieved July 3, 2018.
Internal MISP references
UUID 9cee0681-3ad2-4b1d-8eeb-5160134f3069 which can be used as unique global reference for Twitter SquiblyTwo Detection APR 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2018-04-18T00:00:00Z |
| source | MITRE |
| title | Status Update |
Mandiant Endpoint Evading 2019
Pena, E., Erikson, C. (2019, October 10). Staying Hidden on the Endpoint: Evading Detection with Shellcode. Retrieved November 29, 2021.
Internal MISP references
UUID 5d43542f-aad5-4ac5-b5b6-1a2b03222fc8 which can be used as unique global reference for Mandiant Endpoint Evading 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-29T00:00:00Z |
| date_published | 2019-10-10T00:00:00Z |
| source | MITRE |
| title | Staying Hidden on the Endpoint: Evading Detection with Shellcode |
O365 Blog Azure AD Device IDs
Syynimaa, N. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved August 3, 2022.
Internal MISP references
UUID ec94c043-92ef-4691-b21a-7ea68f39e338 which can be used as unique global reference for O365 Blog Azure AD Device IDs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-03T00:00:00Z |
| date_published | 2022-02-15T00:00:00Z |
| source | MITRE |
| title | Stealing and faking Azure AD device identities |
AADInternals Azure AD Device Identities
Dr. Nestori Syynimaa. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved February 21, 2023.
Internal MISP references
UUID b5ef16c4-1db0-51e9-93ab-54a8e480debc which can be used as unique global reference for AADInternals Azure AD Device Identities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-02-15T00:00:00Z |
| source | MITRE |
| title | Stealing and faking Azure AD device identities |
Carnal Ownage Password Filters Sept 2013
Fuller, R. (2013, September 11). Stealing passwords every time they change. Retrieved November 21, 2017.
Internal MISP references
UUID 78ed9074-a46c-4ce6-ab7d-a587bd585dc5 which can be used as unique global reference for Carnal Ownage Password Filters Sept 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2013-09-11T00:00:00Z |
| source | MITRE |
| title | Stealing passwords every time they change |
CSM Elderwood Sept 2012
Clayton, M.. (2012, September 14). Stealing US business secrets: Experts ID two huge cyber 'gangs' in China. Retrieved February 15, 2018.
Internal MISP references
UUID 6b79006d-f6de-489c-82fa-8c3c28d652ef which can be used as unique global reference for CSM Elderwood Sept 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2012-09-14T00:00:00Z |
| source | MITRE |
| title | Stealing US business secrets: Experts ID two huge cyber 'gangs' in China |
DEFCON2016 Sticky Keys
Maldonado, D., McGuffin, T. (2016, August 6). Sticky Keys to the Kingdom. Retrieved July 5, 2017.
Internal MISP references
UUID f903146d-b63d-4771-8d53-28ef137c9349 which can be used as unique global reference for DEFCON2016 Sticky Keys in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2016-08-06T00:00:00Z |
| source | MITRE |
| title | Sticky Keys to the Kingdom |
The DFIR Report Stolen Images Conti
The DFIR Report. (2023, April 4). Stolen Images Campaign Ends in Conti Ransomware. Retrieved June 23, 2023.
Internal MISP references
UUID 4a89916f-3919-41fd-bf93-27f25a2363f5 which can be used as unique global reference for The DFIR Report Stolen Images Conti in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-23T00:00:00Z |
| date_published | 2023-04-04T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Stolen Images Campaign Ends in Conti Ransomware |
Netscout Stolen Pencil Dec 2018
ASERT team. (2018, December 5). STOLEN PENCIL Campaign Targets Academia. Retrieved February 5, 2019.
Internal MISP references
UUID 6d3b31da-a784-4da0-91dd-b72c04fd520a which can be used as unique global reference for Netscout Stolen Pencil Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-05T00:00:00Z |
| date_published | 2018-12-05T00:00:00Z |
| source | MITRE |
| title | STOLEN PENCIL Campaign Targets Academia |
FireEye VBA stomp Feb 2020
Cole, R., Moore, A., Stark, G., Stancill, B. (2020, February 5). STOMP 2 DIS: Brilliance in the (Visual) Basics. Retrieved September 17, 2020.
Internal MISP references
UUID bd034cc8-29e2-4d58-a72a-161b831191b7 which can be used as unique global reference for FireEye VBA stomp Feb 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-17T00:00:00Z |
| date_published | 2020-02-05T00:00:00Z |
| source | MITRE |
| title | STOMP 2 DIS: Brilliance in the (Visual) Basics |
Stopping CloudTrail from Sending Events to CloudWatch Logs
Amazon Web Services. (n.d.). Stopping CloudTrail from Sending Events to CloudWatch Logs. Retrieved October 16, 2020.
Internal MISP references
UUID affb4d4f-5c96-4c27-b702-b8ad9bc8e1b3 which can be used as unique global reference for Stopping CloudTrail from Sending Events to CloudWatch Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| source | MITRE |
| title | Stopping CloudTrail from Sending Events to CloudWatch Logs |
McAfee Virtual Jan 2017
Roccia, T. (2017, January 19). Stopping Malware With a Fake Virtual Machine. Retrieved April 17, 2019.
Internal MISP references
UUID a541a027-733c-438f-a723-6f7e8e6f354c which can be used as unique global reference for McAfee Virtual Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2017-01-19T00:00:00Z |
| source | MITRE |
| title | Stopping Malware With a Fake Virtual Machine |
Checkpoint Dridex Jan 2021
Check Point Research. (2021, January 4). Stopping Serial Killer: Catching the Next Strike. Retrieved September 7, 2021.
Internal MISP references
UUID a988084f-1a58-4e5b-a616-ed31d311cccf which can be used as unique global reference for Checkpoint Dridex Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-07T00:00:00Z |
| date_published | 2021-01-04T00:00:00Z |
| source | MITRE |
| title | Stopping Serial Killer: Catching the Next Strike |
U.S. CISA Akira April 18 2024
Cybersecurity and Infrastructure Security Agency. (2024, April 18). #StopRansomware: Akira Ransomware. Retrieved April 19, 2024.
Internal MISP references
UUID 2e8cf25e-1c06-4f14-a6aa-cb7b876ad5be which can be used as unique global reference for U.S. CISA Akira April 18 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-19T00:00:00Z |
| date_published | 2024-04-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: Akira Ransomware |
U.S. CISA ALPHV Blackcat December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 19). #StopRansomware: ALPHV Blackcat. Retrieved December 19, 2023.
Internal MISP references
UUID d28d64cf-b5db-4438-8c5c-907ce5f55f69 which can be used as unique global reference for U.S. CISA ALPHV Blackcat December 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-19T00:00:00Z |
| date_published | 2023-12-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: ALPHV Blackcat |
U.S. CISA AvosLocker October 11 2023
Cybersecurity and Infrastructure Security Agency. (2023, October 11). #StopRansomware: AvosLocker Ransomware (Update). Retrieved October 20, 2023.
Internal MISP references
UUID d419a317-6599-4fc5-91d1-a4c2bc83bf6a which can be used as unique global reference for U.S. CISA AvosLocker October 11 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| date_published | 2023-10-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: AvosLocker Ransomware (Update) |
U.S. CISA BianLian Ransomware May 2023
Cybersecurity and Infrastructure Security Agency. (2023, May 16). #StopRansomware: BianLian Ransomware Group. Retrieved May 18, 2023.
Internal MISP references
UUID aa52e826-f292-41f6-985d-0282230c8948 which can be used as unique global reference for U.S. CISA BianLian Ransomware May 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-18T00:00:00Z |
| date_published | 2023-05-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: BianLian Ransomware Group |
U.S. CISA CL0P CVE-2023-34362 Exploitation
Cybersecurity and Infrastructure Security Agency. (2023, June 7). #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability. Retrieved July 27, 2023.
Internal MISP references
UUID 07e48ca8-b965-4234-b04a-dfad45d58b22 which can be used as unique global reference for U.S. CISA CL0P CVE-2023-34362 Exploitation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-27T00:00:00Z |
| date_published | 2023-06-07T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability |
U.S. CISA Daixin Team October 2022
Cybersecurity and Infrastructure Security Agency. (2022, October 26). #StopRansomware: Daixin Team. Retrieved May 19, 2023.
Internal MISP references
UUID cbf5ecfb-de79-41cc-8250-01790ff6e89b which can be used as unique global reference for U.S. CISA Daixin Team October 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| date_published | 2022-10-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: Daixin Team |
U.S. CISA LockBit 3.0 March 2023
Cybersecurity and Infrastructure Security Agency. (2023, March 16). #StopRansomware: LockBit 3.0. Retrieved May 19, 2023.
Internal MISP references
UUID 06de9247-ce40-4709-a17a-a65b8853758b which can be used as unique global reference for U.S. CISA LockBit 3.0 March 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| date_published | 2023-03-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: LockBit 3.0 |
U.S. CISA LockBit Citrix Bleed November 21 2023
Cybersecurity and Infrastructure Security Agency. (2023, November 21). #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability. Retrieved November 30, 2023.
Internal MISP references
UUID 21f56e0c-9605-4fbb-9cb1-f868ba6eb053 which can be used as unique global reference for U.S. CISA LockBit Citrix Bleed November 21 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-30T00:00:00Z |
| date_published | 2023-11-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability |
U.S. CISA MedusaLocker August 11 2022
Cybersecurity and Infrastructure Security Agency. (2022, August 11). #StopRansomware: MedusaLocker. Retrieved August 4, 2023.
Internal MISP references
UUID 48b34fb3-c346-4165-a4c6-caeaa9b02dba which can be used as unique global reference for U.S. CISA MedusaLocker August 11 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| date_published | 2022-08-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: MedusaLocker |
U.S. CISA Phobos February 29 2024
Cybersecurity and Infrastructure Security Agency. (2024, February 29). #StopRansomware: Phobos Ransomware. Retrieved March 7, 2024.
Internal MISP references
UUID bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a which can be used as unique global reference for U.S. CISA Phobos February 29 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-07T00:00:00Z |
| date_published | 2024-02-29T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: Phobos Ransomware |
U.S. CISA Play Ransomware December 2023
Cybersecurity and Infrastructure Security Agency. (2023, December 18). #StopRansomware: Play Ransomware. Retrieved December 18, 2023.
Internal MISP references
UUID ad96148c-8230-4923-86fd-4b1da211db1a which can be used as unique global reference for U.S. CISA Play Ransomware December 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-18T00:00:00Z |
| date_published | 2023-12-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: Play Ransomware |
U.S. CISA Rhysida Ransomware November 15 2023
Cybersecurity and Infrastructure Security Agency. (2023, November 15). #StopRansomware: Rhysida Ransomware. Retrieved November 16, 2023.
Internal MISP references
UUID 6d902955-d9a9-4ec1-8dd4-264f7594605e which can be used as unique global reference for U.S. CISA Rhysida Ransomware November 15 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-16T00:00:00Z |
| date_published | 2023-11-15T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: Rhysida Ransomware |
CISA Royal AA23-061A March 2023
CISA. (2023, March 2). #StopRansomware: Royal Ransomware. Retrieved March 31, 2023.
Internal MISP references
UUID 81baa61e-13c3-51e0-bf22-08383dbfb2a1 which can be used as unique global reference for CISA Royal AA23-061A March 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-31T00:00:00Z |
| date_published | 2023-03-02T00:00:00Z |
| source | MITRE |
| title | #StopRansomware: Royal Ransomware |
#StopRansomware: Royal Ransomware | CISA
Cybersecurity and Infrastructure Security Agency. (2023, March 2). #StopRansomware: Royal Ransomware | CISA. Retrieved May 10, 2023.
Internal MISP references
UUID dd094572-da2e-4e54-9e54-b243dd4fcd2b which can be used as unique global reference for #StopRansomware: Royal Ransomware | CISA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-10T00:00:00Z |
| date_published | 2023-03-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: Royal Ransomware |
U.S. CISA Vice Society September 2022
Cybersecurity and Infrastructure Security Agency. (2022, September 8). #StopRansomware: Vice Society. Retrieved May 19, 2023.
Internal MISP references
UUID 0a754513-5f20-44a0-8cea-c5d9519106c8 which can be used as unique global reference for U.S. CISA Vice Society September 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| date_published | 2022-09-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | #StopRansomware: Vice Society |
Stordiag.exe - LOLBAS Project
LOLBAS. (2021, October 21). Stordiag.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5e52a211-7ef6-42bd-93a1-5902f5e1c2ea which can be used as unique global reference for Stordiag.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-10-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Stordiag.exe |
Pentestlab Stored Credentials
netbiosX. (2017, April 19). Stored Credentials. Retrieved April 6, 2018.
Internal MISP references
UUID 5be9afb8-749e-45a2-8e86-b5e6dc167b41 which can be used as unique global reference for Pentestlab Stored Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2017-04-19T00:00:00Z |
| source | MITRE |
| title | Stored Credentials |
store_pwd_rev_enc
Microsoft. (2021, October 28). Store passwords using reversible encryption. Retrieved January 3, 2022.
Internal MISP references
UUID d3b9df24-b776-4658-9bb4-f43a2fe0094c which can be used as unique global reference for store_pwd_rev_enc in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-03T00:00:00Z |
| date_published | 2021-10-28T00:00:00Z |
| source | MITRE |
| title | Store passwords using reversible encryption |
IBM Storwize
IBM Support. (2017, April 26). Storwize USB Initialization Tool may contain malicious code. Retrieved May 28, 2019.
Internal MISP references
UUID 321cf27a-327d-4824-84d0-56634d3b86f5 which can be used as unique global reference for IBM Storwize in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-28T00:00:00Z |
| date_published | 2017-04-26T00:00:00Z |
| source | MITRE |
| title | Storwize USB Initialization Tool may contain malicious code |
G Data Sodinokibi June 2019
Han, Karsten. (2019, June 4). Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA. Retrieved August 4, 2020.
Internal MISP references
UUID 03b1ef5a-aa63-453a-affc-aa0caf174ce4 which can be used as unique global reference for G Data Sodinokibi June 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| date_published | 2019-06-04T00:00:00Z |
| source | MITRE |
| title | Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA |
Windows Blogs Microsoft Edge Sandbox
Cowan, C. (2017, March 23). Strengthening the Microsoft Edge Sandbox. Retrieved March 12, 2018.
Internal MISP references
UUID d7097b1e-507b-4626-9cef-39367c09f722 which can be used as unique global reference for Windows Blogs Microsoft Edge Sandbox in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-12T00:00:00Z |
| date_published | 2017-03-23T00:00:00Z |
| source | MITRE |
| title | Strengthening the Microsoft Edge Sandbox |
Symantec Strider Blog
Symantec Security Response. (2016, August 7). Strider: Cyberespionage group turns eye of Sauron on targets. Retrieved August 17, 2016.
Internal MISP references
UUID 664eac41-257f-4d4d-aba5-5d2e8e2117a7 which can be used as unique global reference for Symantec Strider Blog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-17T00:00:00Z |
| date_published | 2016-08-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Strider: Cyberespionage group turns eye of Sauron on targets |
Cybereason StrifeWater Feb 2022
Cybereason Nocturnus. (2022, February 1). StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations. Retrieved August 15, 2022.
Internal MISP references
UUID 30c911b2-9a5e-4510-a78c-c65e84398c7e which can be used as unique global reference for Cybereason StrifeWater Feb 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-15T00:00:00Z |
| date_published | 2022-02-01T00:00:00Z |
| source | MITRE |
| title | StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations |
Bitdefender StrongPity June 2020
Tudorica, R. et al. (2020, June 30). StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure. Retrieved July 20, 2020.
Internal MISP references
UUID 7d2e20f2-20ba-4d51-9495-034c07be41a8 which can be used as unique global reference for Bitdefender StrongPity June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-20T00:00:00Z |
| date_published | 2020-06-30T00:00:00Z |
| source | MITRE |
| title | StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure |
Microsoft STRONTIUM New Patterns Cred Harvesting Sept 2020
Microsoft Threat Intelligence Center (MSTIC). (2020, September 10). STRONTIUM: Detecting new patterns in credential harvesting. Retrieved September 11, 2020.
Internal MISP references
UUID 0a65008c-acdd-40fa-af1a-3d9941af8eac which can be used as unique global reference for Microsoft STRONTIUM New Patterns Cred Harvesting Sept 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-11T00:00:00Z |
| date_published | 2020-09-10T00:00:00Z |
| source | MITRE |
| title | STRONTIUM: Detecting new patterns in credential harvesting |
ESET Stuxnet Under the Microscope
Matrosov, A., Rodionov, E., Harley, D., Malcho, J.. (n.d.). Stuxnet Under the Microscope. Retrieved December 7, 2020.
Internal MISP references
UUID 4ec039a9-f843-42de-96ed-185c4e8c2d9f which can be used as unique global reference for ESET Stuxnet Under the Microscope in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-07T00:00:00Z |
| source | MITRE |
| title | Stuxnet Under the Microscope |
subTee .NET Profilers May 2017
Smith, C. (2017, May 18). Subvert CLR Process Listing With .NET Profilers. Retrieved June 24, 2020.
Internal MISP references
UUID 6ef42019-5393-423e-811d-29b728c877e1 which can be used as unique global reference for subTee .NET Profilers May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| date_published | 2017-05-18T00:00:00Z |
| source | MITRE |
| title | Subvert CLR Process Listing With .NET Profilers |
SpectorOps Subverting Trust Sept 2017
Graeber, M. (2017, September). Subverting Trust in Windows. Retrieved January 31, 2018.
Internal MISP references
UUID 0b6e7651-0e17-4101-ab2b-22cb09fe1691 which can be used as unique global reference for SpectorOps Subverting Trust Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| date_published | 2017-09-01T00:00:00Z |
| source | MITRE |
| title | Subverting Trust in Windows |
Symantec Suckfly March 2016
DiMaggio, J. (2016, March 15). Suckfly: Revealing the secret life of your code signing certificates. Retrieved August 3, 2016.
Internal MISP references
UUID 8711c175-e405-4cb0-8c86-8aaa471e5573 which can be used as unique global reference for Symantec Suckfly March 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-03-15T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Suckfly: Revealing the secret life of your code signing certificates |
sudo man page 2018
Todd C. Miller. (2018). Sudo Man Page. Retrieved March 19, 2018.
Internal MISP references
UUID 659d4302-d4cf-41af-8007-aa1da0208aa0 which can be used as unique global reference for sudo man page 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-19T00:00:00Z |
| date_published | 2018-01-01T00:00:00Z |
| source | MITRE |
| title | Sudo Man Page |
FireEye SUNBURST Additional Details Dec 2020
Stephen Eckels, Jay Smith, William Ballenthin. (2020, December 24). SUNBURST Additional Technical Details. Retrieved January 6, 2021.
Internal MISP references
UUID c5d94f7f-f796-4872-9a19-f030c825588e which can be used as unique global reference for FireEye SUNBURST Additional Details Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2020-12-24T00:00:00Z |
| source | MITRE |
| title | SUNBURST Additional Technical Details |
CheckPoint Sunburst & Teardrop December 2020
Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.
Internal MISP references
UUID 4e3d9201-83d4-5375-b3b7-e00dfb16342d which can be used as unique global reference for CheckPoint Sunburst & Teardrop December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2020-12-22T00:00:00Z |
| source | MITRE |
| title | SUNBURST, TEARDROP and the NetSec New Normal |
Check Point Sunburst Teardrop December 2020
Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.
Internal MISP references
UUID a6b75979-af51-42ed-9bb9-01d5fb9ceac9 which can be used as unique global reference for Check Point Sunburst Teardrop December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2020-12-22T00:00:00Z |
| source | MITRE |
| title | SUNBURST, TEARDROP and the NetSec New Normal |
CrowdStrike SUNSPOT Implant January 2021
CrowdStrike Intelligence Team. (2021, January 11). SUNSPOT: An Implant in the Build Process. Retrieved January 11, 2021.
Internal MISP references
UUID 3a7b71cf-961a-4f63-84a8-31b43b18fb95 which can be used as unique global reference for CrowdStrike SUNSPOT Implant January 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-11T00:00:00Z |
| date_published | 2021-01-11T00:00:00Z |
| source | MITRE |
| title | SUNSPOT: An Implant in the Build Process |
Kaspersky Superfish
Onuma. (2015, February 24). Superfish: Adware Preinstalled on Lenovo Laptops. Retrieved February 20, 2017.
Internal MISP references
UUID 3d554c05-992c-41f3-99f4-6b0baac56b3a which can be used as unique global reference for Kaspersky Superfish in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-20T00:00:00Z |
| date_published | 2015-02-24T00:00:00Z |
| source | MITRE |
| title | Superfish: Adware Preinstalled on Lenovo Laptops |
Unit42 SUPERNOVA Dec 2020
Tennis, M. (2020, December 17). SUPERNOVA: A Novel .NET Webshell. Retrieved February 22, 2021.
Internal MISP references
UUID e884d0b5-f2a2-47cb-bb77-3acdac6b1790 which can be used as unique global reference for Unit42 SUPERNOVA Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2020-12-17T00:00:00Z |
| source | MITRE |
| title | SUPERNOVA: A Novel .NET Webshell |
Guidepoint SUPERNOVA Dec 2020
Riley, W. (2020, December 1). SUPERNOVA SolarWinds .NET Webshell Analysis. Retrieved February 18, 2021.
Internal MISP references
UUID 78fee365-ab2b-4823-8358-46c362be1ac0 which can be used as unique global reference for Guidepoint SUPERNOVA Dec 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-18T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | SUPERNOVA SolarWinds .NET Webshell Analysis |
00sec Droppers
0x00pico. (2017, September 25). Super-Stealthy Droppers. Retrieved October 4, 2021.
Internal MISP references
UUID 7569e79b-5a80-4f42-b467-8548cc9fc319 which can be used as unique global reference for 00sec Droppers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2017-09-25T00:00:00Z |
| source | MITRE |
| title | Super-Stealthy Droppers |
FireEyeSupplyChain
FireEye. (2014). SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye. Retrieved March 6, 2017.
Internal MISP references
UUID 0647b285-963b-4427-bc96-a17b5f8839a9 which can be used as unique global reference for FireEyeSupplyChain in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye |
Moran 2013
Moran, N., & Villeneuve, N. (2013, August 12). Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]. Retrieved November 12, 2014.
Internal MISP references
UUID d38bdb47-1a8d-43f8-b7ed-dfa5e430ac2f which can be used as unique global reference for Moran 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2013-08-12T00:00:00Z |
| source | MITRE |
| title | Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog] |
Dell Threat Group 2889
Dell SecureWorks. (2015, October 7). Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles. Retrieved January 14, 2016.
Internal MISP references
UUID de7003cb-5127-4fd7-9475-d69e0d7f5cc8 which can be used as unique global reference for Dell Threat Group 2889 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2015-10-07T00:00:00Z |
| source | MITRE |
| title | Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles |
Mandiant UNC3890 Aug 2022
Mandiant Israel Research Team. (2022, August 17). Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors. Retrieved September 21, 2022.
Internal MISP references
UUID 7b3fda0b-d327-4f02-bebe-2b8974f9959d which can be used as unique global reference for Mandiant UNC3890 Aug 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-21T00:00:00Z |
| date_published | 2022-08-17T00:00:00Z |
| source | MITRE |
| title | Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors |
Suspected Russian Activity Targeting Government and Business Entities Around the Globe
Luke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock. (2021, December 6). Suspected Russian Activity Targeting Government and Business Entities Around the Globe. Retrieved April 15, 2022.
Internal MISP references
UUID f45a0551-8d49-4d40-989f-659416dc25ec which can be used as unique global reference for Suspected Russian Activity Targeting Government and Business Entities Around the Globe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-15T00:00:00Z |
| date_published | 2021-12-06T00:00:00Z |
| source | MITRE |
| title | Suspected Russian Activity Targeting Government and Business Entities Around the Globe |
U.S. CISA APT29 Cloud Access
Cybersecurity and Infrastructure Security Agency. (2024, February 26). SVR Cyber Actors Adapt Tactics for Initial Cloud Access. Retrieved March 1, 2024.
Internal MISP references
UUID e9e08eca-1e01-4ff0-a8ef-49ecf66aaf3d which can be used as unique global reference for U.S. CISA APT29 Cloud Access in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-01T00:00:00Z |
| date_published | 2024-02-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | SVR Cyber Actors Adapt Tactics for Initial Cloud Access |
Recorded Future Turla Infra 2020
Insikt Group. (2020, March 12). Swallowing the Snake’s Tail: Tracking Turla Infrastructure. Retrieved October 20, 2020.
Internal MISP references
UUID 73aaff33-5a0e-40b7-a089-77ac57da8dca which can be used as unique global reference for Recorded Future Turla Infra 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-03-12T00:00:00Z |
| source | MITRE |
| title | Swallowing the Snake’s Tail: Tracking Turla Infrastructure |
Microsoft Sxstrace
Gerend, J. et al.. (2017, October 16). sxstrace. Retrieved April 26, 2021.
Internal MISP references
UUID a0a753c6-7d8c-4ad9-91a9-a2c385178054 which can be used as unique global reference for Microsoft Sxstrace in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-26T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | sxstrace |
Alienvault Sykipot DOD Smart Cards
Blasco, J. (2012, January 12). Sykipot variant hijacks DOD and Windows smart cards. Retrieved January 10, 2016.
Internal MISP references
UUID 1a96544f-5b4e-4e1a-8db0-a989df9e4aaa which can be used as unique global reference for Alienvault Sykipot DOD Smart Cards in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-10T00:00:00Z |
| date_published | 2012-01-12T00:00:00Z |
| source | MITRE |
| title | Sykipot variant hijacks DOD and Windows smart cards |
SecureList SynAck Doppelgänging May 2018
Ivanov, A. et al. (2018, May 7). SynAck targeted ransomware uses the Doppelgänging technique. Retrieved May 22, 2018.
Internal MISP references
UUID d9f0af0f-8a65-406b-9d7e-4051086ef301 which can be used as unique global reference for SecureList SynAck Doppelgänging May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-22T00:00:00Z |
| date_published | 2018-05-07T00:00:00Z |
| source | MITRE |
| title | SynAck targeted ransomware uses the Doppelgänging technique |
SyncAppvPublishingServer.exe - LOLBAS Project
LOLBAS. (2018, May 25). SyncAppvPublishingServer.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ce371df7-aab6-4338-9491-656481cb5601 which can be used as unique global reference for SyncAppvPublishingServer.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | SyncAppvPublishingServer.exe |
Syncappvpublishingserver.vbs - LOLBAS Project
LOLBAS. (2018, May 25). Syncappvpublishingserver.vbs. Retrieved December 4, 2023.
Internal MISP references
UUID adb09226-894c-4874-a2e3-fb2c6de30173 which can be used as unique global reference for Syncappvpublishingserver.vbs - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Syncappvpublishingserver.vbs |
Mandiant - Synful Knock
Bill Hau, Tony Lee, Josh Homan. (2015, September 15). SYNful Knock - A Cisco router implant - Part I. Retrieved October 19, 2020.
Internal MISP references
UUID 1f6eaa98-9184-4341-8634-5512a9c632dd which can be used as unique global reference for Mandiant - Synful Knock in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2015-09-15T00:00:00Z |
| source | MITRE |
| title | SYNful Knock - A Cisco router implant - Part I |
Sysmon EID 9
Russinovich, R. & Garnier, T. (2021, August 18). Sysmon Event ID 9. Retrieved September 24, 2021.
Internal MISP references
UUID b24440b2-43c3-46f2-be4c-1147f6acfe57 which can be used as unique global reference for Sysmon EID 9 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-24T00:00:00Z |
| date_published | 2021-08-18T00:00:00Z |
| source | MITRE |
| title | Sysmon Event ID 9 |
Microsoft Sysmon v6 May 2017
Russinovich, M. & Garnier, T. (2017, May 22). Sysmon v6.20. Retrieved December 13, 2017.
Internal MISP references
UUID 41cd9e06-a56c-4b68-948c-efc497a8d0dc which can be used as unique global reference for Microsoft Sysmon v6 May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-13T00:00:00Z |
| date_published | 2017-05-22T00:00:00Z |
| source | MITRE |
| title | Sysmon v6.20 |
Syssetup.dll - LOLBAS Project
LOLBAS. (2018, May 25). Syssetup.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 3bb7027f-7cbb-47e7-8cbb-cf45604669af which can be used as unique global reference for Syssetup.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Syssetup.dll |
System and kernel extensions in macOS
Apple. (n.d.). System and kernel extensions in macOS. Retrieved March 31, 2022.
Internal MISP references
UUID e5c4974d-dfd4-4c1c-ba4c-b6fb276effac which can be used as unique global reference for System and kernel extensions in macOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-31T00:00:00Z |
| source | MITRE |
| title | System and kernel extensions in macOS |
Linux man-pages: systemd January 2014
Linux man-pages. (2014, January). systemd(1) - Linux manual page. Retrieved April 23, 2019.
Internal MISP references
UUID e9a58efd-8de6-40c9-9638-c642311d6a07 which can be used as unique global reference for Linux man-pages: systemd January 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | systemd(1) - Linux manual page |
FreeDesktop Journal
freedesktop.org. (n.d.). systemd-journald.service. Retrieved June 15, 2022.
Internal MISP references
UUID 5ded9060-9a23-42dc-b13b-15e4e3ccabf9 which can be used as unique global reference for FreeDesktop Journal in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-15T00:00:00Z |
| source | MITRE |
| title | systemd-journald.service |
Ubuntu Manpage systemd rc
Canonical Ltd.. (n.d.). systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown. Retrieved February 23, 2021.
Internal MISP references
UUID 6be16aba-a37f-49c4-9a36-51d2676f64e6 which can be used as unique global reference for Ubuntu Manpage systemd rc in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-23T00:00:00Z |
| source | MITRE |
| title | systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown |
freedesktop systemd.service
Free Desktop. (n.d.). systemd.service — Service unit configuration. Retrieved March 20, 2023.
Internal MISP references
UUID cae49a7a-db3b-5202-ba45-fbfa98b073c9 which can be used as unique global reference for freedesktop systemd.service in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-20T00:00:00Z |
| source | MITRE |
| title | systemd.service — Service unit configuration |
Systemd Service Units
Freedesktop.org. (n.d.). systemd.service — Service unit configuration. Retrieved March 16, 2020.
Internal MISP references
UUID 43bae447-d2e3-4b53-b17b-12a0b54ac604 which can be used as unique global reference for Systemd Service Units in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-16T00:00:00Z |
| source | MITRE |
| title | systemd.service — Service unit configuration |
systemdsleep Linux
Man7. (n.d.). systemd-sleep.conf(5) — Linux manual page. Retrieved June 7, 2023.
Internal MISP references
UUID 9537f6f9-1521-5c21-b14f-ac459a2d1b70 which can be used as unique global reference for systemdsleep Linux in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-07T00:00:00Z |
| source | MITRE |
| title | systemd-sleep.conf(5) — Linux manual page |
Freedesktop.org Linux systemd 29SEP2018
Freedesktop.org. (2018, September 29). systemd System and Service Manager. Retrieved April 23, 2019.
Internal MISP references
UUID 940dcbbe-45d3-4f36-8d48-d606d41a679e which can be used as unique global reference for Freedesktop.org Linux systemd 29SEP2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-09-29T00:00:00Z |
| source | MITRE |
| title | systemd System and Service Manager |
archlinux Systemd Timers Aug 2020
archlinux. (2020, August 11). systemd/Timers. Retrieved October 12, 2020.
Internal MISP references
UUID 670f02f1-3927-4f38-aa2b-9ca0d8cf5b8e which can be used as unique global reference for archlinux Systemd Timers Aug 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-12T00:00:00Z |
| date_published | 2020-08-11T00:00:00Z |
| source | MITRE |
| title | systemd/Timers |
TechNet Systeminfo
Microsoft. (n.d.). Systeminfo. Retrieved April 8, 2016.
Internal MISP references
UUID 5462ba66-6e26-41c2-bc28-6c19085d4469 which can be used as unique global reference for TechNet Systeminfo in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-08T00:00:00Z |
| source | MITRE |
| title | Systeminfo |
Peripheral Discovery macOS
SS64. (n.d.). system_profiler. Retrieved March 11, 2022.
Internal MISP references
UUID 2a3c5216-b153-4d89-b0b1-f32af3aa83d0 which can be used as unique global reference for Peripheral Discovery macOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-11T00:00:00Z |
| source | MITRE |
| title | system_profiler |
MSDN System Time
Microsoft. (n.d.). System Time. Retrieved November 25, 2016.
Internal MISP references
UUID 5e15e03b-be8b-4f3d-a3ae-0df7a4ecfbec which can be used as unique global reference for MSDN System Time in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-25T00:00:00Z |
| source | MITRE |
| title | System Time |
T1562.002_redcanaryco
redcanaryco. (2021, September 3). T1562.002 - Disable Windows Event Logging. Retrieved September 13, 2021.
Internal MISP references
UUID e136f5a2-d4c2-4c6c-8f72-0f8ed9abeed1 which can be used as unique global reference for T1562.002_redcanaryco in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2021-09-03T00:00:00Z |
| source | MITRE |
| title | T1562.002 - Disable Windows Event Logging |
Palo Alto T9000 Feb 2016
Grunzweig, J. and Miller-Osborn, J.. (2016, February 4). T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques. Retrieved April 15, 2016.
Internal MISP references
UUID d7eefe85-86cf-4b9d-bf70-f16c5a0227cc which can be used as unique global reference for Palo Alto T9000 Feb 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-15T00:00:00Z |
| date_published | 2016-02-04T00:00:00Z |
| source | MITRE |
| title | T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques |
US-CERT TA18-068A 2018
US-CERT. (2018, March 27). TA18-068A Brute Force Attacks Conducted by Cyber Actors. Retrieved October 2, 2019.
Internal MISP references
UUID d9992f57-8ff3-432f-b445-937ff4a6ebf9 which can be used as unique global reference for US-CERT TA18-068A 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-02T00:00:00Z |
| date_published | 2018-03-27T00:00:00Z |
| source | MITRE |
| title | TA18-068A Brute Force Attacks Conducted by Cyber Actors |
Proofpoint TA416 November 2020
Proofpoint Threat Research Team. (2020, November 23). TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader. Retrieved April 13, 2021.
Internal MISP references
UUID f72685de-c775-41c4-94ed-45fd7f873a1d which can be used as unique global reference for Proofpoint TA416 November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2020-11-23T00:00:00Z |
| source | MITRE |
| title | TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader |
NCC Group TA505
Terefos, A. (2020, November 18). TA505: A Brief History of Their Time. Retrieved July 14, 2022.
Internal MISP references
UUID 45e0b869-5447-491b-9e8b-fbf63c62f5d6 which can be used as unique global reference for NCC Group TA505 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| date_published | 2020-11-18T00:00:00Z |
| source | MITRE |
| title | TA505: A Brief History of Their Time |
ProofPoint SettingContent-ms July 2018
Proofpoint Staff. (2018, July 19). TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT. Retrieved April 19, 2019.
Internal MISP references
UUID 4f92af77-0428-4c67-8eec-98ecc3b55630 which can be used as unique global reference for ProofPoint SettingContent-ms July 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-19T00:00:00Z |
| date_published | 2018-07-19T00:00:00Z |
| source | MITRE |
| title | TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT |
IBM TA505 April 2020
Frydrych, M. (2020, April 14). TA505 Continues to Infect Networks With SDBbot RAT. Retrieved May 29, 2020.
Internal MISP references
UUID bcef8bf8-5fc2-4921-b920-74ef893b8a27 which can be used as unique global reference for IBM TA505 April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-29T00:00:00Z |
| date_published | 2020-04-14T00:00:00Z |
| source | MITRE |
| title | TA505 Continues to Infect Networks With SDBbot RAT |
Proofpoint TA505 October 2019
Schwarz, D. et al. (2019, October 16). TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader. Retrieved May 29, 2020.
Internal MISP references
UUID 711ea2b3-58e2-4b38-aa71-877029c12e64 which can be used as unique global reference for Proofpoint TA505 October 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-29T00:00:00Z |
| date_published | 2019-10-16T00:00:00Z |
| source | MITRE |
| title | TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader |
Proofpoint TA505 June 2018
Proofpoint Staff. (2018, June 8). TA505 shifts with the times. Retrieved May 28, 2019.
Internal MISP references
UUID e48dec7b-5635-4ae0-b0db-229660806c06 which can be used as unique global reference for Proofpoint TA505 June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-28T00:00:00Z |
| date_published | 2018-06-08T00:00:00Z |
| source | MITRE |
| title | TA505 shifts with the times |
TrendMicro TA505 Aug 2019
Trend Micro. (2019, August 27). TA505: Variety in Use of ServHelper and FlawedAmmyy. Retrieved February 22, 2021.
Internal MISP references
UUID 460758ea-ed3e-4e9b-ba2e-97c9d42154a4 which can be used as unique global reference for TrendMicro TA505 Aug 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2019-08-27T00:00:00Z |
| source | MITRE |
| title | TA505: Variety in Use of ServHelper and FlawedAmmyy |
Unit 42 TA551 Jan 2021
Duncan, B. (2021, January 7). TA551: Email Attack Campaign Switches from Valak to IcedID. Retrieved March 17, 2021.
Internal MISP references
UUID 8e34bf1e-86ce-4d52-a6fa-037572766e99 which can be used as unique global reference for Unit 42 TA551 Jan 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-17T00:00:00Z |
| date_published | 2021-01-07T00:00:00Z |
| source | MITRE |
| title | TA551: Email Attack Campaign Switches from Valak to IcedID |
IBM TA577 OneNote Malspam
IBM X-Force. (2023, May 30). TA577 OneNote Malspam Results in QakBot Deployment. Retrieved January 24, 2024.
Internal MISP references
UUID 30ebffb8-be3e-4094-a41b-882aec9e14b8 which can be used as unique global reference for IBM TA577 OneNote Malspam in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-24T00:00:00Z |
| date_published | 2023-05-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | TA577 OneNote Malspam Results in QakBot Deployment |
Cobalt Strike TTPs Dec 2017
Cobalt Strike. (2017, December 8). Tactics, Techniques, and Procedures. Retrieved December 20, 2017.
Internal MISP references
UUID ee56d7a3-32c4-4f75-ad0c-73164a83b5a6 which can be used as unique global reference for Cobalt Strike TTPs Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-12-08T00:00:00Z |
| source | MITRE |
| title | Tactics, Techniques, and Procedures |
Reuters Taiwan BlackTech August 2020
Lee, Y. (2020, August 19). Taiwan says China behind cyberattacks on government agencies, emails. Retrieved April 6, 2022.
Internal MISP references
UUID 77293f88-e336-4786-b042-7f0080bbff32 which can be used as unique global reference for Reuters Taiwan BlackTech August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-06T00:00:00Z |
| date_published | 2020-08-19T00:00:00Z |
| source | MITRE |
| title | Taiwan says China behind cyberattacks on government agencies, emails |
Microsoft Process Snapshot
Microsoft. (n.d.). Taking a Snapshot and Viewing Processes. Retrieved December 12, 2017.
Internal MISP references
UUID 6e4b1921-99b2-41ce-a7dc-72c05b17c682 which can be used as unique global reference for Microsoft Process Snapshot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| source | MITRE |
| title | Taking a Snapshot and Viewing Processes |
Lacework TeamTNT May 2021
Stroud, J. (2021, May 25). Taking TeamTNT's Docker Images Offline. Retrieved September 22, 2021.
Internal MISP references
UUID 5908b04b-dbca-4fd8-bacc-141ef15546a1 which can be used as unique global reference for Lacework TeamTNT May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-05-25T00:00:00Z |
| source | MITRE |
| title | Taking TeamTNT's Docker Images Offline |
Splunk Kovar Certificates 2017
Kovar, R. (2017, December 11). Tall Tales of Hunting with TLS/SSL Certificates. Retrieved October 16, 2020.
Internal MISP references
UUID 2b341021-897e-4e3f-9141-825d3501c498 which can be used as unique global reference for Splunk Kovar Certificates 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| date_published | 2017-12-11T00:00:00Z |
| source | MITRE |
| title | Tall Tales of Hunting with TLS/SSL Certificates |
Dragos TALONITE
Dragos. (null). TALONITE. Retrieved February 25, 2021.
Internal MISP references
UUID f8ef1920-a4ad-4d65-b9de-8357d75f6929 which can be used as unique global reference for Dragos TALONITE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-25T00:00:00Z |
| source | MITRE |
| title | TALONITE |
Talos Sodinokibi April 2019
Cadieux, P, et al (2019, April 30). Sodinokibi ransomware exploits WebLogic Server vulnerability. Retrieved August 4, 2020.
Internal MISP references
UUID fb948877-da2b-4abd-9d57-de9866b7a7c2 which can be used as unique global reference for Talos Sodinokibi April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-04T00:00:00Z |
| source | MITRE |
| title | Talos Sodinokibi April 2019 |
Medium Event Tracing Tampering 2018
Palantir. (2018, December 24). Tampering with Windows Event Tracing: Background, Offense, and Defense. Retrieved June 7, 2019.
Internal MISP references
UUID cd1a7b9a-183f-4acf-95c8-14d9475d0551 which can be used as unique global reference for Medium Event Tracing Tampering 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-07T00:00:00Z |
| date_published | 2018-12-24T00:00:00Z |
| source | MITRE |
| title | Tampering with Windows Event Tracing: Background, Offense, and Defense |
Tar.exe - LOLBAS Project
LOLBAS. (2023, January 30). Tar.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e5f54ded-3ec1-49c1-9302-6b9f372d5015 which can be used as unique global reference for Tar.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-01-30T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Tar.exe |
Netskope GCP Redirection
Ashwin Vamshi. (2019, January 24). Targeted Attacks Abusing Google Cloud Platform Open Redirection. Retrieved August 18, 2022.
Internal MISP references
UUID 18efeffc-c47b-46ad-8e7b-2eda30a406f0 which can be used as unique global reference for Netskope GCP Redirection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-18T00:00:00Z |
| date_published | 2019-01-24T00:00:00Z |
| source | MITRE |
| title | Targeted Attacks Abusing Google Cloud Platform Open Redirection |
AhnLab Andariel Subgroup of Lazarus June 2018
AhnLab. (2018, June 23). Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus. Retrieved September 29, 2021.
Internal MISP references
UUID bbc66e9f-98f9-4e34-b568-2833ea536f2e which can be used as unique global reference for AhnLab Andariel Subgroup of Lazarus June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2018-06-23T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus |
dharma_ransomware
Loui, E. Scheuerman, K. et al. (2020, April 16). Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques. Retrieved January 26, 2022.
Internal MISP references
UUID dfd168c0-40da-4402-a123-963eb8e2125a which can be used as unique global reference for dharma_ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-26T00:00:00Z |
| date_published | 2020-04-16T00:00:00Z |
| source | MITRE |
| title | Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques |
Targeted SSL Stripping Attacks Are Real
Check Point. (n.d.). Targeted SSL Stripping Attacks Are Real. Retrieved May 24, 2023.
Internal MISP references
UUID 714528e8-0f2e-50a3-93c0-c560a34ba973 which can be used as unique global reference for Targeted SSL Stripping Attacks Are Real in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-24T00:00:00Z |
| source | MITRE |
| title | Targeted SSL Stripping Attacks Are Real |
CFR Vaccine Development Threats
Council on Foreign Relations. (2020, November 28). Targeting of companies involved in vaccine development. Retrieved October 30, 2023.
Internal MISP references
UUID 2ec4f877-de9a-44bf-8236-20d7ecd631df which can be used as unique global reference for CFR Vaccine Development Threats in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-30T00:00:00Z |
| date_published | 2020-11-28T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Targeting of companies involved in vaccine development |
Tarrask scheduled task
Microsoft Threat Intelligence Team & Detection and Response Team . (2022, April 12). Tarrask malware uses scheduled tasks for defense evasion. Retrieved June 1, 2022.
Internal MISP references
UUID 87682623-d1dd-4ee8-ae68-b08be5113e3e which can be used as unique global reference for Tarrask scheduled task in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| date_published | 2022-04-12T00:00:00Z |
| source | MITRE |
| title | Tarrask malware uses scheduled tasks for defense evasion |
Microsoft Tasklist
Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.
Internal MISP references
UUID 2c09561a-02ee-4948-9745-9d6c8eb2881d which can be used as unique global reference for Microsoft Tasklist in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-23T00:00:00Z |
| source | MITRE |
| title | Tasklist |
Microsoft Tasks
Microsoft. (2018, May 31). Tasks. Retrieved September 28, 2021.
Internal MISP references
UUID def6601b-67e6-41e5-bcf3-9c701b86fd10 which can be used as unique global reference for Microsoft Tasks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Tasks |
TechNet Task Scheduler Security
Microsoft. (2005, January 21). Task Scheduler and security. Retrieved June 8, 2016.
Internal MISP references
UUID 3a6d08ba-d79d-46f7-917d-075a98c59228 which can be used as unique global reference for TechNet Task Scheduler Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-08T00:00:00Z |
| date_published | 2005-01-21T00:00:00Z |
| source | MITRE |
| title | Task Scheduler and security |
tau bundlore erika noerenberg 2020
Erika Noerenberg. (2020, June 29). TAU Threat Analysis: Bundlore (macOS) mm-install-macos. Retrieved October 12, 2021.
Internal MISP references
UUID 1c62ed57-43f7-40d7-a5c9-46b40a40af0e which can be used as unique global reference for tau bundlore erika noerenberg 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2020-06-29T00:00:00Z |
| source | MITRE |
| title | TAU Threat Analysis: Bundlore (macOS) mm-install-macos |
CarbonBlack Conti July 2020
Baskin, B. (2020, July 8). TAU Threat Discovery: Conti Ransomware. Retrieved February 17, 2021.
Internal MISP references
UUID 3c3a6dc0-66f2-492e-8c9c-c0bcca73008e which can be used as unique global reference for CarbonBlack Conti July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-17T00:00:00Z |
| date_published | 2020-07-08T00:00:00Z |
| source | MITRE |
| title | TAU Threat Discovery: Conti Ransomware |
CarbonBlack LockerGoga 2019
CarbonBlack Threat Analysis Unit. (2019, March 22). TAU Threat Intelligence Notification – LockerGoga Ransomware. Retrieved April 16, 2019.
Internal MISP references
UUID 9970063c-6df7-4638-a247-6b1102289372 which can be used as unique global reference for CarbonBlack LockerGoga 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-03-22T00:00:00Z |
| source | MITRE |
| title | TAU Threat Intelligence Notification – LockerGoga Ransomware |
GitHub Turla Driver Loader
TDL Project. (2016, February 4). TDL (Turla Driver Loader). Retrieved April 22, 2021.
Internal MISP references
UUID ed3534be-06ce-487b-911d-abe2fba70210 which can be used as unique global reference for GitHub Turla Driver Loader in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| date_published | 2016-02-04T00:00:00Z |
| source | MITRE |
| title | TDL (Turla Driver Loader) |
S1 Old Rat New Tricks
Landry, J. (2016, April 21). Teaching an old RAT new tricks. Retrieved October 4, 2021.
Internal MISP references
UUID 20ef3645-fb92-4e13-a5a8-99367869bcba which can be used as unique global reference for S1 Old Rat New Tricks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-04T00:00:00Z |
| date_published | 2016-04-21T00:00:00Z |
| source | MITRE |
| title | Teaching an old RAT new tricks |
Teams.exe - LOLBAS Project
LOLBAS. (2022, January 17). Teams.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ceee2b13-331f-4019-9c27-af0ce8b25414 which can be used as unique global reference for Teams.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Teams.exe |
TeamTNT Cloud Enumeration
Nathaniel Quist. (2021, June 4). TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations. Retrieved February 8, 2022.
Internal MISP references
UUID a672b74f-1f04-4d3a-84a6-1dd50e1a9951 which can be used as unique global reference for TeamTNT Cloud Enumeration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-08T00:00:00Z |
| date_published | 2021-06-04T00:00:00Z |
| source | MITRE |
| title | TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations |
Intezer TeamTNT Explosion September 2021
Intezer. (2021, September 1). TeamTNT Cryptomining Explosion. Retrieved October 15, 2021.
Internal MISP references
UUID e0d6208b-a4d6-45f0-bb3a-6c8681630b55 which can be used as unique global reference for Intezer TeamTNT Explosion September 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-15T00:00:00Z |
| date_published | 2021-09-01T00:00:00Z |
| source | MITRE |
| title | TeamTNT Cryptomining Explosion |
Cisco Talos Intelligence Group
Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved August 4, 2022.
Internal MISP references
UUID f39b5f92-6e14-4c7f-b79d-7bade722e6d9 which can be used as unique global reference for Cisco Talos Intelligence Group in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-04T00:00:00Z |
| date_published | 2022-04-21T00:00:00Z |
| source | MITRE |
| title | TeamTNT targeting AWS, Alibaba |
Talos TeamTNT
Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved July 8, 2022.
Internal MISP references
UUID acd1b4c5-da28-584e-b892-599180a8dbb0 which can be used as unique global reference for Talos TeamTNT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-08T00:00:00Z |
| date_published | 2022-04-21T00:00:00Z |
| source | MITRE |
| title | TeamTNT targeting AWS, Alibaba |
Cado Security TeamTNT Worm August 2020
Cado Security. (2020, August 16). Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials. Retrieved September 22, 2021.
Internal MISP references
UUID 8ccab4fe-155d-44b0-b0f2-941e9f8f87db which can be used as unique global reference for Cado Security TeamTNT Worm August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2020-08-16T00:00:00Z |
| source | MITRE |
| title | Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials |
ATT TeamTNT Chimaera September 2020
AT&T Alien Labs. (2021, September 8). TeamTNT with new campaign aka Chimaera. Retrieved September 22, 2021.
Internal MISP references
UUID 5d9f402f-4ff4-4993-8685-e5656e2f3aff which can be used as unique global reference for ATT TeamTNT Chimaera September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| date_published | 2021-09-08T00:00:00Z |
| source | MITRE |
| title | TeamTNT with new campaign aka Chimaera |
OSX Coldroot RAT
Patrick Wardle. (2018, February 17). Tearing Apart the Undetected (OSX)Coldroot RAT. Retrieved August 8, 2019.
Internal MISP references
UUID 5ee3a92c-df33-4ecd-b21e-7b9a4f6de227 which can be used as unique global reference for OSX Coldroot RAT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-08T00:00:00Z |
| date_published | 2018-02-17T00:00:00Z |
| source | MITRE |
| title | Tearing Apart the Undetected (OSX)Coldroot RAT |
Kaspersky ProjectSauron Technical Analysis
Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Technical Analysis. Retrieved August 17, 2016.
Internal MISP references
UUID 1664726e-3a79-4d90-86e0-b2d50e9e0ba2 which can be used as unique global reference for Kaspersky ProjectSauron Technical Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-17T00:00:00Z |
| source | MITRE |
| title | Technical Analysis |
McAfee Babuk February 2021
Mundo, A. et al. (2021, February). Technical Analysis of Babuk Ransomware. Retrieved August 11, 2021.
Internal MISP references
UUID bb23ca19-78bb-4406-90a4-bf82bd467e04 which can be used as unique global reference for McAfee Babuk February 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-11T00:00:00Z |
| date_published | 2021-02-01T00:00:00Z |
| source | MITRE |
| title | Technical Analysis of Babuk Ransomware |
McAfee Cuba April 2021
Roccio, T., et al. (2021, April). Technical Analysis of Cuba Ransomware. Retrieved June 18, 2021.
Internal MISP references
UUID e0e86e08-64ec-48dc-91e6-24fde989cd77 which can be used as unique global reference for McAfee Cuba April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-18T00:00:00Z |
| date_published | 2021-04-01T00:00:00Z |
| source | MITRE |
| title | Technical Analysis of Cuba Ransomware |
McAfee Dianxun March 2021
Roccia, T., Seret, T., Fokker, J. (2021, March 16). Technical Analysis of Operation Dianxun. Retrieved April 13, 2021.
Internal MISP references
UUID a40a69d7-7abc-4829-9905-98c156a809fe which can be used as unique global reference for McAfee Dianxun March 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-13T00:00:00Z |
| date_published | 2021-03-16T00:00:00Z |
| source | MITRE |
| title | Technical Analysis of Operation Dianxun |
Zscaler Pikabot May 24 2023
Brett Stone-Gross, Nikolaos Pantazopoulos. (2023, May 24). Technical Analysis of Pikabot. Retrieved January 11, 2024.
Internal MISP references
UUID ec87676b-bc88-44b5-9e9a-5eb8eb39b4a1 which can be used as unique global reference for Zscaler Pikabot May 24 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-11T00:00:00Z |
| date_published | 2023-05-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Technical Analysis of Pikabot |
Crowdstrike WhisperGate January 2022
Crowdstrike. (2022, January 19). Technical Analysis of the WhisperGate Malicious Bootloader. Retrieved March 10, 2022.
Internal MISP references
UUID 846bccb4-b177-4c17-8cc5-56769c1d4b60 which can be used as unique global reference for Crowdstrike WhisperGate January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-10T00:00:00Z |
| date_published | 2022-01-19T00:00:00Z |
| source | MITRE |
| title | Technical Analysis of the WhisperGate Malicious Bootloader |
Apple TN2459 Kernel Extensions
Apple. (2018, April 19). Technical Note TN2459: User-Approved Kernel Extension Loading. Retrieved June 30, 2020.
Internal MISP references
UUID 8cd7676a-bbef-4c31-8288-365837acf65d which can be used as unique global reference for Apple TN2459 Kernel Extensions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-30T00:00:00Z |
| date_published | 2018-04-19T00:00:00Z |
| source | MITRE |
| title | Technical Note TN2459: User-Approved Kernel Extension Loading |
GovCERT Carbon May 2016
GovCERT. (2016, May 23). Technical Report about the Espionage Case at RUAG. Retrieved November 7, 2018.
Internal MISP references
UUID 2e4a445f-b55c-4800-9d75-9d8fe20abc74 which can be used as unique global reference for GovCERT Carbon May 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-07T00:00:00Z |
| date_published | 2016-05-23T00:00:00Z |
| source | MITRE |
| title | Technical Report about the Espionage Case at RUAG |
Palo Alto Office Test Sofacy
Falcone, R. (2016, July 20). Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks. Retrieved July 3, 2017.
Internal MISP references
UUID 3138f32c-f89c-439c-a8c5-2964c356308d which can be used as unique global reference for Palo Alto Office Test Sofacy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-03T00:00:00Z |
| date_published | 2016-07-20T00:00:00Z |
| source | MITRE |
| title | Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks |
te.exe - LOLBAS Project
LOLBAS. (2018, May 25). te.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e7329381-319e-4dcc-8187-92882e6f2e12 which can be used as unique global reference for te.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | te.exe |
ESET Telebots June 2017
Cherepanov, A.. (2017, June 30). TeleBots are back: Supply chain attacks against Ukraine. Retrieved June 11, 2020.
Internal MISP references
UUID eb5c2951-b149-4e40-bc5f-b2630213eb8b which can be used as unique global reference for ESET Telebots June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-11T00:00:00Z |
| date_published | 2017-06-30T00:00:00Z |
| source | MITRE |
| title | TeleBots are back: Supply chain attacks against Ukraine |
SANS Brian Wiltse Template Injection
Wiltse, B.. (2018, November 7). Template Injection Attacks - Bypassing Security Controls by Living off the Land. Retrieved April 10, 2019.
Internal MISP references
UUID 8c010c87-865b-4168-87a7-4a24db413def which can be used as unique global reference for SANS Brian Wiltse Template Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-10T00:00:00Z |
| date_published | 2018-11-07T00:00:00Z |
| source | MITRE |
| title | Template Injection Attacks - Bypassing Security Controls by Living off the Land |
Amazon AWS Temporary Security Credentials
Amazon. (n.d.). Temporary Security Credentials. Retrieved October 18, 2019.
Internal MISP references
UUID d3740d23-1561-47c4-a6e5-df1b6277839e which can be used as unique global reference for Amazon AWS Temporary Security Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-18T00:00:00Z |
| source | MITRE |
| title | Temporary Security Credentials |
Elastic Process Injection July 2017
Hosseini, A. (2017, July 18). Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques. Retrieved December 7, 2017.
Internal MISP references
UUID 02c9100d-27eb-4f2f-b302-adf890055546 which can be used as unique global reference for Elastic Process Injection July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-07T00:00:00Z |
| date_published | 2017-07-18T00:00:00Z |
| source | MITRE |
| title | Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques |
TestWindowRemoteAgent.exe - LOLBAS Project
LOLBAS. (2023, August 21). TestWindowRemoteAgent.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 0cc891bc-692c-4a52-9985-39ddb434294d which can be used as unique global reference for TestWindowRemoteAgent.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-08-21T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | TestWindowRemoteAgent.exe |
Sygnia Elephant Beetle Jan 2022
Sygnia Incident Response Team. (2022, January 5). TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION. Retrieved February 9, 2023.
Internal MISP references
UUID 932897a6-0fa4-5be3-bf0b-20d6ddad238e which can be used as unique global reference for Sygnia Elephant Beetle Jan 2022 in MISP communities and other software using the MISP galaxy
External references
- https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf?__hstc=147695848.3e8f1a482c8f8d4531507747318e660b.1680005306711.1680005306711.1680005306711.1&__hssc=147695848.1.1680005306711&__hsfp=3000179024&hsCtaTracking=189ec409-ae2d-4909-8bf1-62dcdd694372%7Cca91d317-8f10-4a38-9f80-367f551ad64d - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-09T00:00:00Z |
| date_published | 2022-01-05T00:00:00Z |
| source | MITRE |
| title | TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION |
Domain_Steal_CC
Krebs, B. (2018, November 13). That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards. Retrieved September 20, 2019.
Internal MISP references
UUID 30ab5d35-db9b-401f-89cb-73f2c7fea060 which can be used as unique global reference for Domain_Steal_CC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-20T00:00:00Z |
| date_published | 2018-11-13T00:00:00Z |
| source | MITRE |
| title | That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards |
Kali Hydra
Kali. (2014, February 18). THC-Hydra. Retrieved November 2, 2017.
Internal MISP references
UUID d8c93272-00f8-4dc4-b4cd-03246fc0fc23 which can be used as unique global reference for Kali Hydra in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-02T00:00:00Z |
| date_published | 2014-02-18T00:00:00Z |
| source | MITRE |
| title | THC-Hydra |
Adventures of a Keystroke
Tinaztepe, E. (n.d.). The Adventures of a Keystroke: An in-depth look into keyloggers on Windows. Retrieved April 27, 2016.
Internal MISP references
UUID f29ed400-2986-4b2c-9b8a-7dde37562d22 which can be used as unique global reference for Adventures of a Keystroke in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-27T00:00:00Z |
| source | MITRE |
| title | The Adventures of a Keystroke: An in-depth look into keyloggers on Windows |
ThreatConnect Anthem
ThreatConnect Research Team. (2015, February 27). The Anthem Hack: All Roads Lead to China. Retrieved January 26, 2016.
Internal MISP references
UUID 61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec which can be used as unique global reference for ThreatConnect Anthem in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-26T00:00:00Z |
| date_published | 2015-02-27T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The Anthem Hack: All Roads Lead to China |
Talos Cobalt Strike September 2020
Mavis, N. (2020, September 21). The Art and Science of Detecting Cobalt Strike. Retrieved April 6, 2021.
Internal MISP references
UUID 60a5ee63-3d98-466a-8037-4a1edfcdef8c which can be used as unique global reference for Talos Cobalt Strike September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-06T00:00:00Z |
| date_published | 2020-09-21T00:00:00Z |
| source | MITRE |
| title | The Art and Science of Detecting Cobalt Strike |
wardle chp2 persistence
Patrick Wardle. (2022, January 1). The Art of Mac Malware Volume 0x1:Analysis. Retrieved April 19, 2022.
Internal MISP references
UUID 3684bacb-24cb-4467-b463-d0d3f5075c5c which can be used as unique global reference for wardle chp2 persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-19T00:00:00Z |
| date_published | 2022-01-01T00:00:00Z |
| source | MITRE |
| title | The Art of Mac Malware Volume 0x1:Analysis |
wardle artofmalware volume1
Patrick Wardle. (2020, August 5). The Art of Mac Malware Volume 0x1: Analysis. Retrieved March 19, 2021.
Internal MISP references
UUID 53d0279e-4f30-4bbe-a9c7-90e36cd81570 which can be used as unique global reference for wardle artofmalware volume1 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-19T00:00:00Z |
| date_published | 2020-08-05T00:00:00Z |
| source | MITRE |
| title | The Art of Mac Malware Volume 0x1: Analysis |
ArtOfMemoryForensics
Ligh, M.H. et al.. (2014, July). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Retrieved December 20, 2017.
Internal MISP references
UUID 054404b7-48a6-4578-9828-9f1e8e21d2df which can be used as unique global reference for ArtOfMemoryForensics in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2014-07-01T00:00:00Z |
| source | MITRE |
| title | The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory |
STIG Audit Kernel Modules
Unified Compliance Framework. (2016, December 20). The audit system must be configured to audit the loading and unloading of dynamic kernel modules.. Retrieved September 28, 2021.
Internal MISP references
UUID 44c10623-557f-445d-8b88-6006af13c54d which can be used as unique global reference for STIG Audit Kernel Modules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-28T00:00:00Z |
| date_published | 2016-12-20T00:00:00Z |
| source | MITRE |
| title | The audit system must be configured to audit the loading and unloading of dynamic kernel modules. |
Medium Metamorfo Apr 2020
Erlich, C. (2020, April 3). The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable. Retrieved May 26, 2020.
Internal MISP references
UUID 356defac-b976-41c1-aac8-5d6ff0c80e28 which can be used as unique global reference for Medium Metamorfo Apr 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| date_published | 2020-04-03T00:00:00Z |
| source | MITRE |
| title | The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable |
Gigamon Berserk Bear October 2021
Slowik, J. (2021, October). THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE. Retrieved December 6, 2021.
Internal MISP references
UUID 06b6cbe3-8e35-4594-b36f-76b503c11520 which can be used as unique global reference for Gigamon Berserk Bear October 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-06T00:00:00Z |
| date_published | 2021-10-01T00:00:00Z |
| source | MITRE |
| title | THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE |
Kaspersky Emotet Jan 2019
Shulmin, A. . (2015, April 9). The Banking Trojan Emotet: Detailed Analysis. Retrieved March 25, 2019.
Internal MISP references
UUID 4824dfdf-8dbb-4b98-afcc-4a703c31fbda which can be used as unique global reference for Kaspersky Emotet Jan 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2015-04-09T00:00:00Z |
| source | MITRE |
| title | The Banking Trojan Emotet: Detailed Analysis |
Symantec Black Vine
DiMaggio, J.. (2015, August 6). The Black Vine cyberespionage group. Retrieved January 26, 2016.
Internal MISP references
UUID 0b7745ce-04c0-41d9-a440-df9084a45d09 which can be used as unique global reference for Symantec Black Vine in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-26T00:00:00Z |
| date_published | 2015-08-06T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The Black Vine cyberespionage group |
Group IB GrimAgent July 2021
Priego, A. (2021, July). THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK. Retrieved July 16, 2021.
Internal MISP references
UUID 6b0dd676-3ea5-4b56-a27b-b1685787de02 which can be used as unique global reference for Group IB GrimAgent July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-16T00:00:00Z |
| date_published | 2021-07-01T00:00:00Z |
| source | MITRE |
| title | THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK |
RSA Carbanak November 2017
RSA. (2017, November 21). THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT. Retrieved July 29, 2020.
Internal MISP references
UUID eb947d49-26f4-4104-8296-1552a273c9c3 which can be used as unique global reference for RSA Carbanak November 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-29T00:00:00Z |
| date_published | 2017-11-21T00:00:00Z |
| source | MITRE |
| title | THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT |
Picus Emotet Dec 2018
Özarslan, S. (2018, December 21). The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc. Retrieved March 25, 2019.
Internal MISP references
UUID d7594fb4-e544-491b-a406-228a5c7884a9 which can be used as unique global reference for Picus Emotet Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2018-12-21T00:00:00Z |
| source | MITRE |
| title | The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc |
Medium Ali Salem Bumblebee April 2022
Salem, A. (2022, April 27). The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection. Retrieved September 2, 2022.
Internal MISP references
UUID 5f6752a7-50a9-4202-b69b-c5f9d24b86de which can be used as unique global reference for Medium Ali Salem Bumblebee April 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-02T00:00:00Z |
| date_published | 2022-04-27T00:00:00Z |
| source | MITRE |
| title | The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection |
MSDN COM Elevation
Microsoft. (n.d.). The COM Elevation Moniker. Retrieved July 26, 2016.
Internal MISP references
UUID 898df7c7-4f19-40cb-a216-7b0f6c6155b3 which can be used as unique global reference for MSDN COM Elevation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-26T00:00:00Z |
| source | MITRE |
| title | The COM Elevation Moniker |
Microsoft Component Object Model
Microsoft. (n.d.). The Component Object Model. Retrieved August 18, 2016.
Internal MISP references
UUID e1bb3872-7748-4e64-818f-6187a20d59f0 which can be used as unique global reference for Microsoft Component Object Model in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-18T00:00:00Z |
| source | MITRE |
| title | The Component Object Model |
SANS Conficker
Burton, K. (n.d.). The Conficker Worm. Retrieved February 18, 2021.
Internal MISP references
UUID 2dca2274-5f25-475a-b87d-97f3e3a525de which can be used as unique global reference for SANS Conficker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-18T00:00:00Z |
| source | MITRE |
| title | The Conficker Worm |
Symantec DDoS October 2014
Wueest, C.. (2014, October 21). The continued rise of DDoS attacks. Retrieved April 24, 2019.
Internal MISP references
UUID 878e0382-4191-4bca-8adc-c379b0d57ba8 which can be used as unique global reference for Symantec DDoS October 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-24T00:00:00Z |
| date_published | 2014-10-21T00:00:00Z |
| source | MITRE |
| title | The continued rise of DDoS attacks |
BlackBerry CostaRicto November 2020
The BlackBerry Research and Intelligence Team. (2020, November 12). The CostaRicto Campaign: Cyber-Espionage Outsourced. Retrieved May 24, 2021.
Internal MISP references
UUID 93a23447-641c-4ee2-9fbd-64b2adea8a5f which can be used as unique global reference for BlackBerry CostaRicto November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-05-24T00:00:00Z |
| date_published | 2020-11-12T00:00:00Z |
| source | MITRE |
| title | The CostaRicto Campaign: Cyber-Espionage Outsourced |
SecureWorks Mia Ash July 2017
Counter Threat Unit Research Team. (2017, July 27). The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets. Retrieved February 26, 2018.
Internal MISP references
UUID 754c9276-ef05-4d05-956f-75866090aa78 which can be used as unique global reference for SecureWorks Mia Ash July 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-26T00:00:00Z |
| date_published | 2017-07-27T00:00:00Z |
| source | MITRE |
| title | The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets |
Trustwave IIS Module 2013
Grunzweig, J. (2013, December 9). The Curious Case of the Malicious IIS Module. Retrieved June 3, 2021.
Internal MISP references
UUID cbb79c3c-1e2c-42ac-8183-9566ccde0cd6 which can be used as unique global reference for Trustwave IIS Module 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-03T00:00:00Z |
| date_published | 2013-12-09T00:00:00Z |
| source | MITRE |
| title | The Curious Case of the Malicious IIS Module |
CloudSploit - Unused AWS Regions
CloudSploit. (2019, June 8). The Danger of Unused AWS Regions. Retrieved October 8, 2019.
Internal MISP references
UUID 7c237b73-233f-4fe3-b4a6-ce523fd82853 which can be used as unique global reference for CloudSploit - Unused AWS Regions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2019-06-08T00:00:00Z |
| source | MITRE |
| title | The Danger of Unused AWS Regions |
Dormann Dangers of VHD 2019
Dormann, W. (2019, September 4). The Dangers of VHD and VHDX Files. Retrieved March 16, 2021.
Internal MISP references
UUID e58b4e78-d858-4b28-8d06-2fb467b26337 which can be used as unique global reference for Dormann Dangers of VHD 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-16T00:00:00Z |
| date_published | 2019-09-04T00:00:00Z |
| source | MITRE |
| title | The Dangers of VHD and VHDX Files |
Kaspersky Darkhotel
Kaspersky Lab's Global Research and Analysis Team. (2014, November). The Darkhotel APT A Story of Unusual Hospitality. Retrieved November 12, 2014.
Internal MISP references
UUID 3247c03a-a57c-4945-9b85-72a70719e1cd which can be used as unique global reference for Kaspersky Darkhotel in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-11-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The Darkhotel APT A Story of Unusual Hospitality |
ESET ForSSHe December 2018
Dumont, R., M.Léveillé, M., Porcher, H. (2018, December 1). THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors. Retrieved July 16, 2020.
Internal MISP references
UUID 0e25bf8b-3c9e-4661-a9fd-79b2ad3b8dd2 which can be used as unique global reference for ESET ForSSHe December 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-16T00:00:00Z |
| date_published | 2018-12-01T00:00:00Z |
| source | MITRE |
| title | THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors |
Zscaler 2 12 2024
Nikolaos Pantazopoulos. (2024, February 12). The (D)Evolution of Pikabot. Retrieved March 12, 2024.
Internal MISP references
UUID 17ebabfb-6399-4b5f-8274-b34045e2d51a which can be used as unique global reference for Zscaler 2 12 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-12T00:00:00Z |
| date_published | 2024-02-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | The (D)Evolution of Pikabot |
Securelist Dropping Elephant
Kaspersky Lab's Global Research & Analysis Team. (2016, July 8). The Dropping Elephant – aggressive cyber-espionage in the Asian region. Retrieved August 3, 2016.
Internal MISP references
UUID 2efa655f-ebd3-459b-9fd7-712d3f4ba1f8 which can be used as unique global reference for Securelist Dropping Elephant in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-07-08T00:00:00Z |
| source | MITRE |
| title | The Dropping Elephant – aggressive cyber-espionage in the Asian region |
F-Secure The Dukes
F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.
Internal MISP references
UUID cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27 which can be used as unique global reference for F-Secure The Dukes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-10T00:00:00Z |
| date_published | 2015-09-17T00:00:00Z |
| source | MITRE |
| title | The Dukes: 7 years of Russian cyberespionage |
Kaspersky Duqu 2.0
Kaspersky Lab. (2015, June 11). The Duqu 2.0. Retrieved April 21, 2017.
Internal MISP references
UUID b4d6db03-1587-4af3-87ff-51542ef7c87b which can be used as unique global reference for Kaspersky Duqu 2.0 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-21T00:00:00Z |
| date_published | 2015-06-11T00:00:00Z |
| source | MITRE |
| title | The Duqu 2.0 |
Symantec Elderwood Sept 2012
O'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.
Internal MISP references
UUID 5e908748-d260-42f1-a599-ac38b4e22559 which can be used as unique global reference for Symantec Elderwood Sept 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-15T00:00:00Z |
| date_published | 2012-09-06T00:00:00Z |
| source | MITRE |
| title | The Elderwood Project |
Kaspersky Turla Aug 2014
Kaspersky Lab's Global Research & Analysis Team. (2014, August 06). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros. Retrieved November 7, 2018.
Internal MISP references
UUID 52577f34-0aa6-4765-9f6b-dd7397183223 which can be used as unique global reference for Kaspersky Turla Aug 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-07T00:00:00Z |
| date_published | 2014-08-06T00:00:00Z |
| source | MITRE |
| title | The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros |
Kaspersky Turla
Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
Internal MISP references
UUID 535e9f1a-f89e-4766-a290-c5b8100968f8 which can be used as unique global reference for Kaspersky Turla in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-11T00:00:00Z |
| date_published | 2014-08-07T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos |
FireEye EPS Awakens Part 2
Winters, R. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016.
Internal MISP references
UUID 7fd58ef5-a0b7-40b6-8771-ca5e87740965 which can be used as unique global reference for FireEye EPS Awakens Part 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-22T00:00:00Z |
| date_published | 2015-12-20T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The EPS Awakens - Part 2 |
Symantec Emotet Jul 2018
Symantec. (2018, July 18). The Evolution of Emotet: From Banking Trojan to Threat Distributor. Retrieved March 25, 2019.
Internal MISP references
UUID b94b5be4-1c77-48e1-875e-0cff0023fbd9 which can be used as unique global reference for Symantec Emotet Jul 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-25T00:00:00Z |
| date_published | 2018-07-18T00:00:00Z |
| source | MITRE |
| title | The Evolution of Emotet: From Banking Trojan to Threat Distributor |
SilentBreak Offensive PS Dec 2015
Christensen, L.. (2015, December 28). The Evolution of Offensive PowerShell Invocation. Retrieved December 8, 2018.
Internal MISP references
UUID 8eec1af3-c65e-4522-8087-73122ac6c281 which can be used as unique global reference for SilentBreak Offensive PS Dec 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-08T00:00:00Z |
| date_published | 2015-12-28T00:00:00Z |
| source | MITRE |
| title | The Evolution of Offensive PowerShell Invocation |
CrowdStrike Evolution of Pinchy Spider July 2021
Meyers, Adam. (2021, July 6). The Evolution of PINCHY SPIDER from GandCrab to REvil. Retrieved March 28, 2023.
Internal MISP references
UUID 7578541b-1ae3-58d0-a8b9-120bd6cd96f5 which can be used as unique global reference for CrowdStrike Evolution of Pinchy Spider July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| date_published | 2021-07-06T00:00:00Z |
| source | MITRE |
| title | The Evolution of PINCHY SPIDER from GandCrab to REvil |
Proofpoint Ransomware Initial Access June 2021
Selena Larson, Daniel Blackford, Garrett G. (2021, June 16). The First Step: Initial Access Leads to Ransomware. Retrieved January 24, 2024.
Internal MISP references
UUID 3b0631ae-f589-4b7c-a00a-04dcd5f3a77b which can be used as unique global reference for Proofpoint Ransomware Initial Access June 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-01-24T00:00:00Z |
| date_published | 2021-06-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | The First Step: Initial Access Leads to Ransomware |
Kaspersky Flame
Gostev, A. (2012, May 28). The Flame: Questions and Answers. Retrieved March 1, 2017.
Internal MISP references
UUID 6db8f76d-fe38-43b1-ad85-ad372da9c09d which can be used as unique global reference for Kaspersky Flame in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2012-05-28T00:00:00Z |
| source | MITRE |
| title | The Flame: Questions and Answers |
Unit 42 CARROTBAT November 2018
Grunzweig, J. and Wilhoit, K. (2018, November 29). The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia. Retrieved June 2, 2020.
Internal MISP references
UUID 6986a64a-5fe6-4697-b70b-79cccaf3d730 which can be used as unique global reference for Unit 42 CARROTBAT November 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-02T00:00:00Z |
| date_published | 2018-11-29T00:00:00Z |
| source | MITRE |
| title | The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia |
Palo Alto Gamaredon Feb 2017
Kasza, A. and Reichel, D. (2017, February 27). The Gamaredon Group Toolset Evolution. Retrieved March 1, 2017.
Internal MISP references
UUID 3f9a6343-1db3-4696-99ed-f22c6eabee71 which can be used as unique global reference for Palo Alto Gamaredon Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-01T00:00:00Z |
| date_published | 2017-02-27T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The Gamaredon Group Toolset Evolution |
GNU Acct
GNU. (2010, February 5). The GNU Accounting Utilities. Retrieved December 20, 2017.
Internal MISP references
UUID ef3edd44-b8d1-4d7d-a0d8-0e75aa441eac which can be used as unique global reference for GNU Acct in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2010-02-05T00:00:00Z |
| source | MITRE |
| title | The GNU Accounting Utilities |
GLIBC
glibc developer community. (2020, February 1). The GNU C Library (glibc). Retrieved June 25, 2020.
Internal MISP references
UUID 75a6a1bf-a5a7-419d-b290-6662aeddb7eb which can be used as unique global reference for GLIBC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2020-02-01T00:00:00Z |
| source | MITRE |
| title | The GNU C Library (glibc) |
Trustwave GoldenSpy June 2020
Trustwave SpiderLabs. (2020, June 25). The Golden Tax Department and Emergence of GoldenSpy Malware. Retrieved July 23, 2020.
Internal MISP references
UUID 2a27a2ea-2815-4d97-88c0-47a6e04e84f8 which can be used as unique global reference for Trustwave GoldenSpy June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-23T00:00:00Z |
| date_published | 2020-06-25T00:00:00Z |
| source | MITRE |
| title | The Golden Tax Department and Emergence of GoldenSpy Malware |
Proofpoint TA416 Europe March 2022
Raggi, M. et al. (2022, March 7). The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates. Retrieved March 16, 2022.
Internal MISP references
UUID 5731d7e4-dd19-4d08-b493-7b1a467599d3 which can be used as unique global reference for Proofpoint TA416 Europe March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-16T00:00:00Z |
| date_published | 2022-03-07T00:00:00Z |
| source | MITRE |
| title | The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates |
Unit 42 Gorgon Group Aug 2018
Falcone, R., et al. (2018, August 02). The Gorgon Group: Slithering Between Nation State and Cybercrime. Retrieved August 7, 2018.
Internal MISP references
UUID d0605185-3f8d-4846-a718-15572714e15b which can be used as unique global reference for Unit 42 Gorgon Group Aug 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-07T00:00:00Z |
| date_published | 2018-08-02T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The Gorgon Group: Slithering Between Nation State and Cybercrime |
Trend Micro HeartBeat Campaign January 2013
Roland Dela Paz. (2003, January 3). The HeartBeat APT Campaign. Retrieved October 17, 2021.
Internal MISP references
UUID f42a36c2-1ca5-49ff-a7ec-7de90379a6d5 which can be used as unique global reference for Trend Micro HeartBeat Campaign January 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-17T00:00:00Z |
| date_published | 2003-01-03T00:00:00Z |
| source | MITRE |
| title | The HeartBeat APT Campaign |
FireEye Hikit Rootkit
Glyer, C., Kazanciyan, R. (2012, August 20). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1). Retrieved June 6, 2016.
Internal MISP references
UUID 65d751cb-fdd2-4a45-81db-8a5a11bbee62 which can be used as unique global reference for FireEye Hikit Rootkit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-06T00:00:00Z |
| date_published | 2012-08-20T00:00:00Z |
| source | MITRE |
| title | The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1) |
FireEye HIKIT Rootkit Part 2
Glyer, C., Kazanciyan, R. (2012, August 22). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2). Retrieved May 4, 2020.
Internal MISP references
UUID 48448972-a5ed-4371-b930-b51dcb174b82 which can be used as unique global reference for FireEye HIKIT Rootkit Part 2 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-04T00:00:00Z |
| date_published | 2012-08-22T00:00:00Z |
| source | MITRE |
| title | The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2) |
Proofpoint Human Factor
Proofpoint. (n.d.). The Human Factor 2023: Analyzing the cyber attack chain. Retrieved July 20, 2023.
Internal MISP references
UUID 143e191f-9175-557b-8fe1-41dbe04867a6 which can be used as unique global reference for Proofpoint Human Factor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-20T00:00:00Z |
| source | MITRE |
| title | The Human Factor 2023: Analyzing the cyber attack chain |
TechNet Blogs Credential Protection
Wilson, B. (2016, April 18). The Importance of KB2871997 and KB2928120 for Credential Protection. Retrieved April 11, 2018.
Internal MISP references
UUID 88367099-df19-4044-8c9b-2db4c9f418c4 which can be used as unique global reference for TechNet Blogs Credential Protection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2016-04-18T00:00:00Z |
| source | MITRE |
| title | The Importance of KB2871997 and KB2928120 for Credential Protection |
dhs_threat_to_net_devices
U.S. Department of Homeland Security. (2016, August 30). The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations. Retrieved July 29, 2022.
Internal MISP references
UUID f1d16045-d365-43d2-bc08-65ba1ddbe0fd which can be used as unique global reference for dhs_threat_to_net_devices in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-29T00:00:00Z |
| date_published | 2016-08-30T00:00:00Z |
| source | MITRE |
| title | The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations |
PWC KeyBoys Feb 2017
Parys, B. (2017, February 11). The KeyBoys are back in town. Retrieved June 13, 2019.
Internal MISP references
UUID 9ac6737b-c8a2-416f-bbc3-8c5556ad4833 which can be used as unique global reference for PWC KeyBoys Feb 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-13T00:00:00Z |
| date_published | 2017-02-11T00:00:00Z |
| source | MITRE |
| title | The KeyBoys are back in town |
Securelist Kimsuky Sept 2013
Tarakanov , D.. (2013, September 11). The “Kimsuky” Operation: A North Korean APT?. Retrieved August 13, 2019.
Internal MISP references
UUID f26771b0-2101-4fed-ac82-1bd9683dd7da which can be used as unique global reference for Securelist Kimsuky Sept 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-08-13T00:00:00Z |
| date_published | 2013-09-11T00:00:00Z |
| source | MITRE |
| title | The “Kimsuky” Operation: A North Korean APT? |
ClearSky Kittens Back 2 Oct 2019
ClearSky Research Team. (2019, October 1). The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods. Retrieved April 21, 2021.
Internal MISP references
UUID f5114978-2528-4199-a586-0158c5f8a138 which can be used as unique global reference for ClearSky Kittens Back 2 Oct 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-21T00:00:00Z |
| date_published | 2019-10-01T00:00:00Z |
| source | MITRE |
| title | The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods |
ClearSky Kittens Back 3 August 2020
ClearSky Research Team. (2020, August 1). The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp. Retrieved April 21, 2021.
Internal MISP references
UUID a10c6a53-79bb-4454-b444-cfb9136ecd36 which can be used as unique global reference for ClearSky Kittens Back 3 August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-21T00:00:00Z |
| date_published | 2020-08-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp |
Kubernetes API
The Kubernetes Authors. (n.d.). The Kubernetes API. Retrieved March 29, 2021.
Internal MISP references
UUID 5bdd1b82-9e5c-4db0-9764-240e37a1cc99 which can be used as unique global reference for Kubernetes API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| source | MITRE |
| title | The Kubernetes API |
GitHub LaZagne Dec 2018
Zanni, A. (n.d.). The LaZagne Project !!!. Retrieved December 14, 2018.
Internal MISP references
UUID 9347b507-3a41-405d-87f9-d4fc2bfc48e5 which can be used as unique global reference for GitHub LaZagne Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-12-14T00:00:00Z |
| source | MITRE |
| title | The LaZagne Project !!! |
Dell P2P ZeuS
SecureWorks. (2013). The Lifecycle of Peer-to-Peer (Gameover) ZeuS. Retrieved August 19, 2015.
Internal MISP references
UUID 773d1d91-a93c-4bb3-928b-4c3f82f2c889 which can be used as unique global reference for Dell P2P ZeuS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-08-19T00:00:00Z |
| date_published | 2013-01-01T00:00:00Z |
| source | MITRE |
| title | The Lifecycle of Peer-to-Peer (Gameover) ZeuS |
Linux Kernel API
Linux Kernel Organization, Inc. (n.d.). The Linux Kernel API. Retrieved June 25, 2020.
Internal MISP references
UUID 0a30d54e-187a-43e0-9725-3c80aa1c7619 which can be used as unique global reference for Linux Kernel API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| source | MITRE |
| title | The Linux Kernel API |
Linux Kernel Programming
Pomerantz, O., Salzman, P.. (2003, April 4). The Linux Kernel Module Programming Guide. Retrieved April 6, 2018.
Internal MISP references
UUID 70f31f19-e0b3-40b1-b8dd-6667557bb334 which can be used as unique global reference for Linux Kernel Programming in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2003-04-04T00:00:00Z |
| source | MITRE |
| title | The Linux Kernel Module Programming Guide |
The DFIR Report Dharma Ransomware June 2020
The DFIR Report. (2020, June 16). The Little Ransomware That Couldn’t (Dharma). Retrieved March 7, 2024.
Internal MISP references
UUID b1002e9a-020d-4224-bf60-0c2a66d511f2 which can be used as unique global reference for The DFIR Report Dharma Ransomware June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-07T00:00:00Z |
| date_published | 2020-06-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | The Little Ransomware That Couldn’t (Dharma) |
Villeneuve 2011
Villeneuve, N., Sancho, D. (2011). THE “LURID” DOWNLOADER. Retrieved November 12, 2014.
Internal MISP references
UUID ed5a2ec0-8328-40db-9f58-7eaac4ad39a0 which can be used as unique global reference for Villeneuve 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2011-01-01T00:00:00Z |
| source | MITRE |
| title | THE “LURID” DOWNLOADER |
Microsoft BlackCat Jun 2022
Microsoft Defender Threat Intelligence. (2022, June 13). The many lives of BlackCat ransomware. Retrieved December 20, 2022.
Internal MISP references
UUID 55be1ca7-fdb7-5d76-a9c8-5f44a0d00b0e which can be used as unique global reference for Microsoft BlackCat Jun 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-12-20T00:00:00Z |
| date_published | 2022-06-13T00:00:00Z |
| source | MITRE |
| title | The many lives of BlackCat ransomware |
Talos Nyetya MEDoc 2017
Maynor, D., Nikolic, A., Olney, M., and Younan, Y. (2017, July 5). The MeDoc Connection. Retrieved March 26, 2019.
Internal MISP references
UUID a055d7a2-a356-4f0e-9a66-7f7b3ac7e74a which can be used as unique global reference for Talos Nyetya MEDoc 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-26T00:00:00Z |
| date_published | 2017-07-05T00:00:00Z |
| source | MITRE |
| title | The MeDoc Connection |
PegasusCitizenLab
Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016.
Internal MISP references
UUID d248e284-37d3-4425-a29e-5a0c814ae803 which can be used as unique global reference for PegasusCitizenLab in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-12-12T00:00:00Z |
| date_published | 2016-08-24T00:00:00Z |
| source | MITRE |
| title | The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender |
Securelist MiniDuke Feb 2013
Kaspersky Lab's Global Research & Analysis Team. (2013, February 27). The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor. Retrieved April 5, 2017.
Internal MISP references
UUID def2a635-d322-4c27-9167-2642bf8f153c which can be used as unique global reference for Securelist MiniDuke Feb 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-05T00:00:00Z |
| date_published | 2013-02-27T00:00:00Z |
| source | MITRE |
| title | The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor |
Harmj0y SeEnableDelegationPrivilege Right
Schroeder, W. (2017, January 10). The Most Dangerous User Right You (Probably) Have Never Heard Of. Retrieved March 5, 2019.
Internal MISP references
UUID e8f7df08-1a62-41d9-b8a4-ff39a2160294 which can be used as unique global reference for Harmj0y SeEnableDelegationPrivilege Right in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-05T00:00:00Z |
| date_published | 2017-01-10T00:00:00Z |
| source | MITRE |
| title | The Most Dangerous User Right You (Probably) Have Never Heard Of |
Baumgartner Naikon 2015
Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019.
Internal MISP references
UUID 09302b4f-7f71-4289-92f6-076c685f0810 which can be used as unique global reference for Baumgartner Naikon 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-10T00:00:00Z |
| date_published | 2015-05-01T00:00:00Z |
| source | MITRE |
| title | The MsnMM Campaigns: The Earliest Naikon APT Campaigns |
SentinelLabs Metador Sept 2022
Ehrlich, A., et al. (2022, September). THE MYSTERY OF METADOR | AN UNATTRIBUTED THREAT HIDING IN TELCOS, ISPS, AND UNIVERSITIES. Retrieved January 23, 2023.
Internal MISP references
UUID 137474b7-638a-56d7-9ce2-ab906f207175 which can be used as unique global reference for SentinelLabs Metador Sept 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-01-23T00:00:00Z |
| date_published | 2022-09-01T00:00:00Z |
| source | MITRE |
| title | THE MYSTERY OF METADOR |
Baumgartner Golovkin Naikon 2015
Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.
Internal MISP references
UUID 5163576f-0b2c-49ba-8f34-b7efe3f3f6db which can be used as unique global reference for Baumgartner Golovkin Naikon 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-01-14T00:00:00Z |
| date_published | 2015-05-14T00:00:00Z |
| source | MITRE |
| title | The Naikon APT |
Cofense NanoCore Mar 2018
Patel, K. (2018, March 02). The NanoCore RAT Has Resurfaced From the Sewers. Retrieved November 9, 2018.
Internal MISP references
UUID de31ba54-5634-48c5-aa57-c6b0dbb53870 which can be used as unique global reference for Cofense NanoCore Mar 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-09T00:00:00Z |
| date_published | 2018-03-02T00:00:00Z |
| source | MITRE |
| title | The NanoCore RAT Has Resurfaced From the Sewers |
Kaspersky NetTraveler
Kaspersky Lab's Global Research and Analysis Team. (n.d.). The NetTraveler (aka ‘Travnet’). Retrieved November 12, 2014.
Internal MISP references
UUID a7d4b322-3710-436f-bd51-e5c258073dba which can be used as unique global reference for Kaspersky NetTraveler in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| source | MITRE |
| title | The NetTraveler (aka ‘Travnet’) |
Unit42 OceanLotus 2017
Erye Hernandez and Danny Tsechansky. (2017, June 22). The New and Improved macOS Backdoor from OceanLotus. Retrieved September 8, 2023.
Internal MISP references
UUID fcaf57f1-6696-54a5-a78c-255c8f6ac235 which can be used as unique global reference for Unit42 OceanLotus 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| date_published | 2017-06-22T00:00:00Z |
| source | MITRE |
| title | The New and Improved macOS Backdoor from OceanLotus |
CyberArk Labs Discord
CyberArk Labs. (2023, April 13). The (Not so) Secret War on Discord. Retrieved July 20, 2023.
Internal MISP references
UUID 4b3cd2c0-fd0b-5583-8746-648229fc5f9d which can be used as unique global reference for CyberArk Labs Discord in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-20T00:00:00Z |
| date_published | 2023-04-13T00:00:00Z |
| source | MITRE |
| title | The (Not so) Secret War on Discord |
Gh0stRAT ATT March 2019
Quinn, J. (2019, March 25). The odd case of a Gh0stRAT variant. Retrieved July 15, 2020.
Internal MISP references
UUID 88d7bf25-985a-4b5e-92d6-ec4fa47a314f which can be used as unique global reference for Gh0stRAT ATT March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-15T00:00:00Z |
| date_published | 2019-03-25T00:00:00Z |
| source | MITRE |
| title | The odd case of a Gh0stRAT variant |
Palo Alto OilRig May 2016
Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.
Internal MISP references
UUID 53836b95-a30a-4e95-8e19-e2bb2f18c738 which can be used as unique global reference for Palo Alto OilRig May 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-03T00:00:00Z |
| date_published | 2016-05-26T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor |
STIG krbtgt reset
UCF. (n.d.). The password for the krbtgt account on a domain must be reset at least every 180 days. Retrieved November 5, 2020.
Internal MISP references
UUID a42fc58f-e7a7-46de-a2f4-25fa8498b3b3 which can be used as unique global reference for STIG krbtgt reset in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-05T00:00:00Z |
| source | MITRE |
| title | The password for the krbtgt account on a domain must be reset at least every 180 days |
Haq 2014
Haq, T., Moran, N., Scott, M., & Vashisht, S. O. (2014, September 10). The Path to Mass-Producing Cyber Attacks [Blog]. Retrieved November 12, 2014.
Internal MISP references
UUID 4e10228d-d9da-4ba4-bca7-d3bbdce42e0d which can be used as unique global reference for Haq 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2014-09-10T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | The Path to Mass-Producing Cyber Attacks [Blog] |
Kaspersky Turla Penquin December 2014
Baumgartner, K. and Raiu, C. (2014, December 8). The ‘Penquin’ Turla. Retrieved March 11, 2021.
Internal MISP references
UUID 957edb5c-b893-4968-9603-1a6b8577f3aa which can be used as unique global reference for Kaspersky Turla Penquin December 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-11T00:00:00Z |
| date_published | 2014-12-08T00:00:00Z |
| source | MITRE |
| title | The ‘Penquin’ Turla |
FireEye PLA
FireEye Labs. (2014, May 20). The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity. Retrieved November 4, 2014.
Internal MISP references
UUID b8b72a8e-87a1-4ce7-94df-ed938f9eb61c which can be used as unique global reference for FireEye PLA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-04T00:00:00Z |
| date_published | 2014-05-20T00:00:00Z |
| source | MITRE |
| title | The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity |
Kaspersky ProjectSauron Full Report
Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Retrieved August 17, 2016.
Internal MISP references
UUID 6840c1d6-89dc-4138-99e8-fbd2a45f2a1c which can be used as unique global reference for Kaspersky ProjectSauron Full Report in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-17T00:00:00Z |
| date_published | 2016-08-09T00:00:00Z |
| source | MITRE |
| title | The ProjectSauron APT |
McMillan Pwn March 2012
Robert McMillan. (2012, March 3). The Pwn Plug is a little white box that can hack your network. Retrieved March 30, 2018.
Internal MISP references
UUID 6b57e883-75a1-4a71-accc-2d18148b9c3d which can be used as unique global reference for McMillan Pwn March 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| date_published | 2012-03-03T00:00:00Z |
| source | MITRE |
| title | The Pwn Plug is a little white box that can hack your network |
FireEye Application Shimming
Ballenthin, W., Tomczak, J.. (2015). The Real Shim Shary. Retrieved May 4, 2020.
Internal MISP references
UUID 658c8dd6-1a6a-40f0-a7b5-286fd4b1985d which can be used as unique global reference for FireEye Application Shimming in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-04T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | The Real Shim Shary |
Kaspersky Regin
Kaspersky Lab's Global Research and Analysis Team. (2014, November 24). THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS. Retrieved December 1, 2014.
Internal MISP references
UUID 1b521b76-5b8f-4bd9-b312-7c795fc97898 which can be used as unique global reference for Kaspersky Regin in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-01T00:00:00Z |
| date_published | 2014-11-24T00:00:00Z |
| source | MITRE |
| title | THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS |
The Remote Framebuffer Protocol
T. Richardson, J. Levine, RealVNC Ltd.. (2011, March). The Remote Framebuffer Protocol. Retrieved September 20, 2021.
Internal MISP references
UUID 4c75a00d-aa90-4260-ab7a-2addc17d1728 which can be used as unique global reference for The Remote Framebuffer Protocol in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2011-03-01T00:00:00Z |
| source | MITRE |
| title | The Remote Framebuffer Protocol |
Malwarebytes Heroku Skimmers
Jérôme Segura. (2019, December 4). There's an app for that: web skimmers found on PaaS Heroku. Retrieved August 18, 2022.
Internal MISP references
UUID 4656cc2c-aff3-4416-b18d-995876d37e06 which can be used as unique global reference for Malwarebytes Heroku Skimmers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-18T00:00:00Z |
| date_published | 2019-12-04T00:00:00Z |
| source | MITRE |
| title | There's an app for that: web skimmers found on PaaS Heroku |
ELC Extended Attributes
Howard Oakley. (2020, October 24). There's more to files than data: Extended Attributes. Retrieved October 12, 2021.
Internal MISP references
UUID e62d67ed-48d0-4141-aacc-92e165d66f16 which can be used as unique global reference for ELC Extended Attributes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-12T00:00:00Z |
| date_published | 2020-10-24T00:00:00Z |
| source | MITRE |
| title | There's more to files than data: Extended Attributes |
FireEye WMI SANS 2015
Devon Kerr. (2015). There's Something About WMI. Retrieved May 4, 2020.
Internal MISP references
UUID a9333ef5-5637-4a4c-9aaf-fdc9daf8b860 which can be used as unique global reference for FireEye WMI SANS 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-04T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | There's Something About WMI |
Nviso Spoof Command Line 2020
Daman, R. (2020, February 4). The return of the spoof part 2: Command line spoofing. Retrieved November 19, 2021.
Internal MISP references
UUID a3fa92ed-763c-4082-8220-cab82d70fad4 which can be used as unique global reference for Nviso Spoof Command Line 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-19T00:00:00Z |
| date_published | 2020-02-04T00:00:00Z |
| source | MITRE |
| title | The return of the spoof part 2: Command line spoofing |
Zscaler Higaisa 2020
Singh, S. Singh, A. (2020, June 11). The Return on the Higaisa APT. Retrieved March 2, 2021.
Internal MISP references
UUID 26d7ee2c-d4f7-441a-9073-49c9049b017e which can be used as unique global reference for Zscaler Higaisa 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-02T00:00:00Z |
| date_published | 2020-06-11T00:00:00Z |
| source | MITRE |
| title | The Return on the Higaisa APT |
Check Point Research Rhysida August 08 2023
Check Point Research. (2023, August 8). The Rhysida Ransomware: Activity Analysis and Ties to Vice Society. Retrieved August 11, 2023.
Internal MISP references
UUID 0d01416f-4888-4b68-be47-a3245549cec5 which can be used as unique global reference for Check Point Research Rhysida August 08 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-11T00:00:00Z |
| date_published | 2023-08-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | The Rhysida Ransomware: Activity Analysis and Ties to Vice Society |
DigiTrust Agent Tesla Jan 2017
The DigiTrust Group. (2017, January 12). The Rise of Agent Tesla. Retrieved November 5, 2018.
Internal MISP references
UUID dbae7e21-20d4-454c-88db-43e2a195808e which can be used as unique global reference for DigiTrust Agent Tesla Jan 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2017-01-12T00:00:00Z |
| source | MITRE |
| title | The Rise of Agent Tesla |
ATT QakBot April 2021
Morrow, D. (2021, April 15). The rise of QakBot. Retrieved September 27, 2021.
Internal MISP references
UUID c7b0b3f3-e9ea-4159-acd1-f6d92ed41828 which can be used as unique global reference for ATT QakBot April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-27T00:00:00Z |
| date_published | 2021-04-15T00:00:00Z |
| source | MITRE |
| title | The rise of QakBot |
ESET Telebots Dec 2016
Cherepanov, A.. (2016, December 13). The rise of TeleBots: Analyzing disruptive KillDisk attacks. Retrieved June 10, 2020.
Internal MISP references
UUID 34e6e415-099a-4f29-aad0-fc0331a733a4 which can be used as unique global reference for ESET Telebots Dec 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-10T00:00:00Z |
| date_published | 2016-12-13T00:00:00Z |
| source | MITRE |
| title | The rise of TeleBots: Analyzing disruptive KillDisk attacks |
SEI SSL Inspection Risks
Dormann, W. (2015, March 13). The Risks of SSL Inspection. Retrieved April 5, 2016.
Internal MISP references
UUID 3fafc00e-b808-486e-81bc-c08b6a410133 which can be used as unique global reference for SEI SSL Inspection Risks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-05T00:00:00Z |
| date_published | 2015-03-13T00:00:00Z |
| source | MITRE |
| title | The Risks of SSL Inspection |
SourceForge rkhunter
Rootkit Hunter Project. (2018, February 20). The Rootkit Hunter project. Retrieved April 9, 2018.
Internal MISP references
UUID e52cf1aa-3d14-40ce-a1d4-e9de672261ef which can be used as unique global reference for SourceForge rkhunter in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2018-02-20T00:00:00Z |
| source | MITRE |
| title | The Rootkit Hunter project |
Campbell 2014
Campbell, C. (2014). The Secret Life of Krbtgt. Retrieved December 4, 2014.
Internal MISP references
UUID 8bef22ff-f2fc-4e1a-b4d2-d746a120f6c6 which can be used as unique global reference for Campbell 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-04T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | The Secret Life of Krbtgt |
Proofpoint Domain Shadowing
Proofpoint Staff. (2015, December 15). The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK. Retrieved October 16, 2020.
Internal MISP references
UUID 4653a9a5-95f1-4b02-9bf0-8f1b8cd6c059 which can be used as unique global reference for Proofpoint Domain Shadowing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-16T00:00:00Z |
| date_published | 2015-12-15T00:00:00Z |
| source | MITRE |
| title | The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK |
Symantec Shamoon 2012
Symantec. (2012, August 16). The Shamoon Attacks. Retrieved March 14, 2019.
Internal MISP references
UUID ac634e99-d951-402b-bb1c-e575753dfda8 which can be used as unique global reference for Symantec Shamoon 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-14T00:00:00Z |
| date_published | 2012-08-16T00:00:00Z |
| source | MITRE |
| title | The Shamoon Attacks |
Spring Dragon Jun 2015
Baumgartner, K.. (2015, June 17). The Spring Dragon APT. Retrieved February 15, 2016.
Internal MISP references
UUID 2cc38587-a18e-47e9-a8bb-e3498e4737f5 which can be used as unique global reference for Spring Dragon Jun 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-15T00:00:00Z |
| date_published | 2015-06-17T00:00:00Z |
| source | MITRE |
| title | The Spring Dragon APT |
Check Point APT31 February 2021
Itkin, E. and Cohen, I. (2021, February 22). The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day. Retrieved March 24, 2021.
Internal MISP references
UUID 84ac99ef-106f-44e9-97f0-3eda90570932 which can be used as unique global reference for Check Point APT31 February 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| date_published | 2021-02-22T00:00:00Z |
| source | MITRE |
| title | The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day |
UCF STIG Elevation Account Enumeration
UCF. (n.d.). The system must require username and password to elevate a running application.. Retrieved December 18, 2017.
Internal MISP references
UUID 7b895692-d401-4d74-ab3f-e6f8e432877a which can be used as unique global reference for UCF STIG Elevation Account Enumeration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| source | MITRE |
| title | The system must require username and password to elevate a running application. |
TrendMicro Taidoor
Trend Micro. (2012). The Taidoor Campaign. Retrieved November 12, 2014.
Internal MISP references
UUID 3d703dfa-97c5-498f-a712-cb4995119297 which can be used as unique global reference for TrendMicro Taidoor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| date_published | 2012-01-01T00:00:00Z |
| source | MITRE |
| title | The Taidoor Campaign |
SpectorOPs SettingContent-ms Jun 2018
Nelson, M. (2018, June 11). The Tale of SettingContent-ms Files. Retrieved April 18, 2019.
Internal MISP references
UUID 88ffa36e-c1d8-4e40-86c9-bdefad9a6c95 which can be used as unique global reference for SpectorOPs SettingContent-ms Jun 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-18T00:00:00Z |
| date_published | 2018-06-11T00:00:00Z |
| source | MITRE |
| title | The Tale of SettingContent-ms Files |
Securelist Brazilian Banking Malware July 2020
GReAT. (2020, July 14). The Tetrade: Brazilian banking malware goes global. Retrieved November 9, 2020.
Internal MISP references
UUID ccc34875-93f3-40ed-a9ee-f31b86708507 which can be used as unique global reference for Securelist Brazilian Banking Malware July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-09T00:00:00Z |
| date_published | 2020-07-14T00:00:00Z |
| source | MITRE |
| title | The Tetrade: Brazilian banking malware goes global |
Symantec Trojan.Hydraq Jan 2010
Symantec Security Response. (2010, January 18). The Trojan.Hydraq Incident. Retrieved February 20, 2018.
Internal MISP references
UUID 10bed842-400f-4276-972d-5fca794ea778 which can be used as unique global reference for Symantec Trojan.Hydraq Jan 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-20T00:00:00Z |
| date_published | 2010-01-18T00:00:00Z |
| source | MITRE |
| title | The Trojan.Hydraq Incident |
Fidelis Turbo
Fidelis Cybersecurity. (2016, February 29). The Turbo Campaign, Featuring Derusbi for 64-bit Linux. Retrieved March 2, 2016.
Internal MISP references
UUID f19877f1-3e0f-4c68-b6c9-ef5b0bd470ed which can be used as unique global reference for Fidelis Turbo in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-02T00:00:00Z |
| date_published | 2016-02-29T00:00:00Z |
| source | MITRE |
| title | The Turbo Campaign, Featuring Derusbi for 64-bit Linux |
USDOJ Sandworm Feb 2020
Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.
Internal MISP references
UUID fefa7321-cd60-4c7e-a9d5-c723d88013f2 which can be used as unique global reference for USDOJ Sandworm Feb 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-18T00:00:00Z |
| date_published | 2020-02-20T00:00:00Z |
| source | MITRE |
| title | The United States Condemns Russian Cyber Attack Against the Country of Georgia |
Securelist Ventir
Mikhail, K. (2014, October 16). The Ventir Trojan: assemble your MacOS spy. Retrieved April 6, 2018.
Internal MISP references
UUID 5e4e82c0-16b6-43bc-a70d-6b8d55aaef52 which can be used as unique global reference for Securelist Ventir in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-06T00:00:00Z |
| date_published | 2014-10-16T00:00:00Z |
| source | MITRE |
| title | The Ventir Trojan: assemble your MacOS spy |
Symantec Waterbug
Symantec. (2015, January 26). The Waterbug attack group. Retrieved April 10, 2015.
Internal MISP references
UUID ec02f951-17b8-44cb-945a-e5c313555124 which can be used as unique global reference for Symantec Waterbug in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-04-10T00:00:00Z |
| date_published | 2015-01-26T00:00:00Z |
| source | MITRE |
| title | The Waterbug attack group |
Windows NT Command Shell
Tim Hill. (2014, February 2). The Windows NT Command Shell. Retrieved December 5, 2014.
Internal MISP references
UUID aee1e76c-8ff2-4ff0-83e3-edcb76f34d19 which can be used as unique global reference for Windows NT Command Shell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| date_published | 2014-02-02T00:00:00Z |
| source | MITRE |
| title | The Windows NT Command Shell |
Malwarebytes The Windows Vault
Arntz, P. (2016, March 30). The Windows Vault . Retrieved November 23, 2020.
Internal MISP references
UUID f09fdc31-38ca-411d-8478-683b08a68535 which can be used as unique global reference for Malwarebytes The Windows Vault in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-23T00:00:00Z |
| date_published | 2016-03-30T00:00:00Z |
| source | MITRE |
| title | The Windows Vault |
Microsoft JScript 2007
Microsoft. (2007, August 15). The World of JScript, JavaScript, ECMAScript …. Retrieved June 23, 2020.
Internal MISP references
UUID e3c97d0f-150e-4fe3-a4ce-fc146a2fa718 which can be used as unique global reference for Microsoft JScript 2007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| date_published | 2007-08-15T00:00:00Z |
| source | MITRE |
| title | The World of JScript, JavaScript, ECMAScript … |
ntlm_relaying_kerberos_del
Mollema, D. (2019, March 4). The worst of both worlds: Combining NTLM Relaying and Kerberos delegation . Retrieved August 15, 2022.
Internal MISP references
UUID 08f44086-2387-4254-a0b6-3b9be2b6ee30 which can be used as unique global reference for ntlm_relaying_kerberos_del in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-15T00:00:00Z |
| date_published | 2019-03-04T00:00:00Z |
| source | MITRE |
| title | The worst of both worlds: Combining NTLM Relaying and Kerberos delegation |
trendmicro xcsset xcode project 2020
Mac Threat Response, Mobile Research Team. (2020, August 13). The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits. Retrieved October 5, 2021.
Internal MISP references
UUID 0194bb11-8b97-4d61-8ddb-824077edc7db which can be used as unique global reference for trendmicro xcsset xcode project 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| date_published | 2020-08-13T00:00:00Z |
| source | MITRE |
| title | The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits |
Sophos New Ryuk Attack October 2020
Sean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearney, Anand Aijan, Sivagnanam Gn, Suraj Mundalik. (2020, October 14). They’re back: inside a new Ryuk ransomware attack. Retrieved October 14, 2020.
Internal MISP references
UUID bfc6f6fe-b504-4b99-a7c0-1efba08ac14e which can be used as unique global reference for Sophos New Ryuk Attack October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-14T00:00:00Z |
| date_published | 2020-10-14T00:00:00Z |
| source | MITRE |
| title | They’re back: inside a new Ryuk ransomware attack |
RSA EU12 They're Inside
Rivner, U., Schwartz, E. (2012). They’re Inside… Now What?. Retrieved November 25, 2016.
Internal MISP references
UUID 8330ab88-9c73-4332-97d6-c1fb95b1a155 which can be used as unique global reference for RSA EU12 They're Inside in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-25T00:00:00Z |
| date_published | 2012-01-01T00:00:00Z |
| source | MITRE |
| title | They’re Inside… Now What? |
APT29 Deep Look at Credential Roaming
Thibault Van Geluwe De Berlaere. (2022, November 8). They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming. Retrieved November 9, 2022.
Internal MISP references
UUID 691fb596-07b6-5c13-9cec-e28530ffde12 which can be used as unique global reference for APT29 Deep Look at Credential Roaming in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-11-09T00:00:00Z |
| date_published | 2022-11-08T00:00:00Z |
| source | MITRE |
| title | They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming |
ZDNet Ransomware Backups 2020
Steve Ranger. (2020, February 27). Ransomware victims thought their backups were safe. They were wrong. Retrieved March 21, 2023.
Internal MISP references
UUID 301da9c8-60de-58f0-989f-6b504e3457a3 which can be used as unique global reference for ZDNet Ransomware Backups 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-21T00:00:00Z |
| source | MITRE |
| title | They were wrong |
Microsoft Unidentified Dec 2018
Microsoft Defender Research Team. (2018, December 3). Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers. Retrieved April 15, 2019.
Internal MISP references
UUID 896c88f9-8765-4b60-b679-667b338757e3 which can be used as unique global reference for Microsoft Unidentified Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-15T00:00:00Z |
| source | MITRE |
| title | think tanks, non-profits, public sector by unidentified attackers |
iPhone Charging Cable Hack
Zack Whittaker. (2019, August 12). This hacker’s iPhone charging cable can hijack your computer. Retrieved May 25, 2022.
Internal MISP references
UUID b8bb0bc5-e131-47b5-8c42-48cd3dc25250 which can be used as unique global reference for iPhone Charging Cable Hack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-25T00:00:00Z |
| date_published | 2019-08-12T00:00:00Z |
| source | MITRE |
| title | This hacker’s iPhone charging cable can hijack your computer |
Mandiant APT41 Global Intrusion
Gyler, C.,Perez D.,Jones, S.,Miller, S.. (2021, February 25). This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved February 17, 2022.
Internal MISP references
UUID 9b75a38e-e5c7-43c8-a7fb-c7f212e00497 which can be used as unique global reference for Mandiant APT41 Global Intrusion in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-17T00:00:00Z |
| date_published | 2021-02-25T00:00:00Z |
| source | MITRE |
| title | This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits |
FireEye APT41 March 2020
Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020.
Internal MISP references
UUID e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d which can be used as unique global reference for FireEye APT41 March 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-28T00:00:00Z |
| date_published | 2020-03-01T00:00:00Z |
| source | MITRE |
| title | This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits |
Proofpoint Bumblebee April 2022
Merriman, K. and Trouerbach, P. (2022, April 28). This isn't Optimus Prime's Bumblebee but it's Still Transforming. Retrieved August 22, 2022.
Internal MISP references
UUID 765b0ce9-7305-4b35-b5be-2f6f42339646 which can be used as unique global reference for Proofpoint Bumblebee April 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-22T00:00:00Z |
| date_published | 2022-04-28T00:00:00Z |
| source | MITRE |
| title | This isn't Optimus Prime's Bumblebee but it's Still Transforming |
Code Injection on Linux and macOS
Itamar Turner-Trauring. (2017, April 18). “This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD. Retrieved December 20, 2017.
Internal MISP references
UUID 82d41fd8-495d-41b6-b908-6ada5764c94d which can be used as unique global reference for Code Injection on Linux and macOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-04-18T00:00:00Z |
| source | MITRE |
| title | “This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD |
FireEye Fin8 May 2016
Kizhakkinan, D., et al. (2016, May 11). Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks. Retrieved February 12, 2018.
Internal MISP references
UUID 2079101c-d988-430a-9082-d25c475b2af5 which can be used as unique global reference for FireEye Fin8 May 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-12T00:00:00Z |
| date_published | 2016-05-11T00:00:00Z |
| source | MITRE |
| title | Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks |
Proofpoint TA407 September 2019
Proofpoint Threat Insight Team. (2019, September 5). Threat Actor Profile: TA407, the Silent Librarian. Retrieved February 3, 2021.
Internal MISP references
UUID e787e9af-f496-442a-8b36-16056ff8bfc1 which can be used as unique global reference for Proofpoint TA407 September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-03T00:00:00Z |
| date_published | 2019-09-05T00:00:00Z |
| source | MITRE |
| title | Threat Actor Profile: TA407, the Silent Librarian |
Proofpoint TA505 Sep 2017
Proofpoint Staff. (2017, September 27). Threat Actor Profile: TA505, From Dridex to GlobeImposter. Retrieved May 28, 2019.
Internal MISP references
UUID c1fff36f-802b-4436-abce-7f2787c148db which can be used as unique global reference for Proofpoint TA505 Sep 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-28T00:00:00Z |
| date_published | 2017-09-27T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Threat Actor Profile: TA505, From Dridex to GlobeImposter |
U.S. CISA CVE-2023-3519 Exploits
Cybersecurity and Infrastructure Security Agency. (2023, July 20). Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. Retrieved July 24, 2023.
Internal MISP references
UUID 021c4caa-7a7a-4e49-9c5c-6eec176bf923 which can be used as unique global reference for U.S. CISA CVE-2023-3519 Exploits in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-24T00:00:00Z |
| date_published | 2023-07-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells |
U.S. CISA CVE-2023-35078 Exploits
Cybersecurity and Infrastructure Security Agency. (2023, August 1). Threat Actors Exploiting Ivanti EPMM Vulnerabilities. Retrieved August 3, 2023.
Internal MISP references
UUID 62305b8a-76c8-49ec-82dc-6756643ccf7a which can be used as unique global reference for U.S. CISA CVE-2023-35078 Exploits in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-03T00:00:00Z |
| date_published | 2023-08-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Threat Actors Exploiting Ivanti EPMM Vulnerabilities |
U.S. CISA Ivanti Exploits February 2024
Cybersecurity and Infrastructure Security Agency. (2024, February 29). Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways. Retrieved March 1, 2024.
Internal MISP references
UUID a501b21d-916d-454e-b5a0-c3d3bdb4e45c which can be used as unique global reference for U.S. CISA Ivanti Exploits February 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-01T00:00:00Z |
| date_published | 2024-02-29T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways |
Atlas SEO
Atlas Cybersecurity. (2021, April 19). Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware. Retrieved September 30, 2022.
Internal MISP references
UUID 26d7134e-7b93-4aa1-a859-03cf964ca1b5 which can be used as unique global reference for Atlas SEO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2021-04-19T00:00:00Z |
| source | MITRE |
| title | Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware |
Cybereason TA505 April 2019
Salem, E. (2019, April 25). Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware. Retrieved May 28, 2019.
Internal MISP references
UUID 076f2b95-97d2-4d50-bb9b-6199c161e5c6 which can be used as unique global reference for Cybereason TA505 April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-28T00:00:00Z |
| date_published | 2019-04-25T00:00:00Z |
| source | MITRE |
| title | Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware |
Cisco CaddyWiper March 2022
Malhotra, A. (2022, March 15). Threat Advisory: CaddyWiper. Retrieved March 23, 2022.
Internal MISP references
UUID 88fc1f96-2d55-4c92-a929-234248490c30 which can be used as unique global reference for Cisco CaddyWiper March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-23T00:00:00Z |
| date_published | 2022-03-15T00:00:00Z |
| source | MITRE |
| title | Threat Advisory: CaddyWiper |
Carbon Black Squiblydoo Apr 2016
Nolen, R. et al.. (2016, April 28). Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land”. Retrieved April 9, 2018.
Internal MISP references
UUID b23fc191-cc84-49c8-9eb0-09db7e23b24d which can be used as unique global reference for Carbon Black Squiblydoo Apr 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2016-04-28T00:00:00Z |
| source | MITRE |
| title | Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land” |
Aqua Build Images on Hosts
Assaf Morag. (2020, July 15). Threat Alert: Attackers Building Malicious Images on Your Hosts. Retrieved March 29, 2021.
Internal MISP references
UUID efd64f41-13cc-4b2b-864c-4d2352cdadcd which can be used as unique global reference for Aqua Build Images on Hosts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-29T00:00:00Z |
| date_published | 2020-07-15T00:00:00Z |
| source | MITRE |
| title | Threat Alert: Attackers Building Malicious Images on Your Hosts |
Aqua Kinsing April 2020
Singer, G. (2020, April 3). Threat Alert: Kinsing Malware Attacks Targeting Container Environments. Retrieved April 1, 2021.
Internal MISP references
UUID 67dd04dd-c0e0-49e6-9341-4e445d660641 which can be used as unique global reference for Aqua Kinsing April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2020-04-03T00:00:00Z |
| source | MITRE |
| title | Threat Alert: Kinsing Malware Attacks Targeting Container Environments |
Palo Alto Networks Black Basta August 2022
Elsad, A. (2022, August 25). Threat Assessment: Black Basta Ransomware. Retrieved March 8, 2023.
Internal MISP references
UUID fc9ee531-3680-549b-86e0-a10a70c3ec67 which can be used as unique global reference for Palo Alto Networks Black Basta August 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-08-25T00:00:00Z |
| source | MITRE |
| title | Threat Assessment: Black Basta Ransomware |
Unit42 Clop April 2021
Santos, D. (2021, April 13). Threat Assessment: Clop Ransomware. Retrieved July 30, 2021.
Internal MISP references
UUID ce48d631-757c-480b-8572-b7d9f4d738c6 which can be used as unique global reference for Unit42 Clop April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-30T00:00:00Z |
| date_published | 2021-04-13T00:00:00Z |
| source | MITRE |
| title | Threat Assessment: Clop Ransomware |
Palo Alto Unit 42 EKANS
Hinchliffe, A. Santos, D. (2020, June 26). Threat Assessment: EKANS Ransomware. Retrieved February 9, 2021.
Internal MISP references
UUID dcdd4e48-3c3d-4008-a6f6-390f896f147b which can be used as unique global reference for Palo Alto Unit 42 EKANS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-09T00:00:00Z |
| date_published | 2020-06-26T00:00:00Z |
| source | MITRE |
| title | Threat Assessment: EKANS Ransomware |
UNIT 42 LAPSUS Mar 2022
UNIT 42. (2022, March 24). Threat Brief: Lapsus$ Group. Retrieved May 17, 2022.
Internal MISP references
UUID 50f4c1ed-b046-405a-963d-a113324355a3 which can be used as unique global reference for UNIT 42 LAPSUS Mar 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-17T00:00:00Z |
| date_published | 2022-03-24T00:00:00Z |
| source | MITRE |
| title | Threat Brief: Lapsus$ Group |
Unit 42 WhisperGate January 2022
Falcone, R. et al.. (2022, January 20). Threat Brief: Ongoing Russia and Ukraine Cyber Conflict. Retrieved March 10, 2022.
Internal MISP references
UUID 3daa8c9e-da17-4eda-aa0d-df97c5de8f64 which can be used as unique global reference for Unit 42 WhisperGate January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-10T00:00:00Z |
| date_published | 2022-01-20T00:00:00Z |
| source | MITRE |
| title | Threat Brief: Ongoing Russia and Ukraine Cyber Conflict |
Unit 42 DGA Feb 2019
Unit 42. (2019, February 7). Threat Brief: Understanding Domain Generation Algorithms (DGA). Retrieved February 19, 2019.
Internal MISP references
UUID 5e1db76a-0a3e-42ce-a66c-f914fb1a3471 which can be used as unique global reference for Unit 42 DGA Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-19T00:00:00Z |
| date_published | 2019-02-07T00:00:00Z |
| source | MITRE |
| title | Threat Brief: Understanding Domain Generation Algorithms (DGA) |
Dell TG-3390
Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.
Internal MISP references
UUID dfd2d832-a6c5-40e7-a554-5a92f05bebae which can be used as unique global reference for Dell TG-3390 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-18T00:00:00Z |
| date_published | 2015-08-05T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Threat Group-3390 Targets Organizations for Cyberespionage |
SecureWorks TG-4127
SecureWorks Counter Threat Unit Threat Intelligence. (2016, June 16). Threat Group-4127 Targets Hillary Clinton Presidential Campaign. Retrieved August 3, 2016.
Internal MISP references
UUID 5f401c82-4e16-43a1-b234-48918fe7df9f which can be used as unique global reference for SecureWorks TG-4127 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-06-16T00:00:00Z |
| source | MITRE |
| title | Threat Group-4127 Targets Hillary Clinton Presidential Campaign |
McAfee APT28 DDE1 Nov 2017
Sherstobitoff, R., Rea, M. (2017, November 7). Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack. Retrieved November 21, 2017.
Internal MISP references
UUID 8670f4ee-7491-4c37-9832-99d6f8f54ba8 which can be used as unique global reference for McAfee APT28 DDE1 Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-21T00:00:00Z |
| date_published | 2017-11-07T00:00:00Z |
| source | MITRE |
| title | Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack |
Awake Security Avaddon
Gahlot, A. (n.d.). Threat Hunting for Avaddon Ransomware. Retrieved August 19, 2021.
Internal MISP references
UUID c113cde7-5dd5-45e9-af16-3ab6ed0b1728 which can be used as unique global reference for Awake Security Avaddon in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-19T00:00:00Z |
| source | MITRE |
| title | Threat Hunting for Avaddon Ransomware |
Detecting Command & Control in the Cloud
Gary Golomb. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved July 8, 2022.
Internal MISP references
UUID b12e0288-48cd-46ec-8305-0f4d050782f2 which can be used as unique global reference for Detecting Command & Control in the Cloud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-08T00:00:00Z |
| source | MITRE |
| title | Threat Hunting Series: Detecting Command & Control in the Cloud |
Awake Security C2 Cloud
Gary Golomb and Tory Kei. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved May 27, 2022.
Internal MISP references
UUID fa3762ce-3e60-4991-b464-12601d2a6912 which can be used as unique global reference for Awake Security C2 Cloud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| source | MITRE |
| title | Threat Hunting Series: Detecting Command & Control in the Cloud |
Threat Matrix for Kubernetes
Weizman, Y. (2020, April 2). Threat Matrix for Kubernetes. Retrieved March 30, 2021.
Internal MISP references
UUID 43fab719-e348-4902-8df3-8807765b95f0 which can be used as unique global reference for Threat Matrix for Kubernetes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| date_published | 2020-04-02T00:00:00Z |
| source | MITRE |
| title | Threat Matrix for Kubernetes |
SecureWorks BRONZE MOHAWK n.d.
SecureWorks. (n.d.). Threat Profile - BRONZE MOHAWK. Retrieved August 24, 2021.
Internal MISP references
UUID b741fe9a-4b08-44b9-b6e7-5988eee486a3 which can be used as unique global reference for SecureWorks BRONZE MOHAWK n.d. in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| source | MITRE |
| title | Threat Profile - BRONZE MOHAWK |
ESET T3 Threat Report 2021
ESET. (2022, February). THREAT REPORT T3 2021. Retrieved February 10, 2022.
Internal MISP references
UUID 34a23b22-2d39-47cc-a1e9-47f7f490dcbd which can be used as unique global reference for ESET T3 Threat Report 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-10T00:00:00Z |
| date_published | 2022-02-01T00:00:00Z |
| source | MITRE |
| title | THREAT REPORT T3 2021 |
BlackBerry Amadey 2020
Kasuya, M. (2020, January 8). Threat Spotlight: Amadey Bot Targets Non-Russian Users. Retrieved July 14, 2022.
Internal MISP references
UUID 21b7a7c7-55a2-4235-ba11-d34ba68d1bf5 which can be used as unique global reference for BlackBerry Amadey 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| date_published | 2020-01-08T00:00:00Z |
| source | MITRE |
| title | Threat Spotlight: Amadey Bot Targets Non-Russian Users |
CiscoAngler
Nick Biasini. (2015, March 3). Threat Spotlight: Angler Lurking in the Domain Shadows. Retrieved March 6, 2017.
Internal MISP references
UUID 0b10d7d4-9c18-4fd8-933a-b46e41d618ab which can be used as unique global reference for CiscoAngler in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2015-03-03T00:00:00Z |
| source | MITRE |
| title | Threat Spotlight: Angler Lurking in the Domain Shadows |
Talos IPFS 2022
Edmund Brumaghin. (2022, November 9). Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns. Retrieved March 8, 2023.
Internal MISP references
UUID dc98c7ce-0a3f-5f35-9885-6c1c73e5858d which can be used as unique global reference for Talos IPFS 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-08T00:00:00Z |
| date_published | 2022-11-09T00:00:00Z |
| source | MITRE |
| title | Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns |
Cisco Group 72
Esler, J., Lee, M., and Williams, C. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.
Internal MISP references
UUID b9201737-ef72-46d4-8e86-89fee5b98aa8 which can be used as unique global reference for Cisco Group 72 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2014-10-14T00:00:00Z |
| source | MITRE |
| title | Threat Spotlight: Group 72 |
Talos ZxShell Oct 2014
Allievi, A., et al. (2014, October 28). Threat Spotlight: Group 72, Opening the ZxShell. Retrieved September 24, 2019.
Internal MISP references
UUID 41c20013-71b3-4957-98f0-fb919014c93e which can be used as unique global reference for Talos ZxShell Oct 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-24T00:00:00Z |
| date_published | 2014-10-28T00:00:00Z |
| source | MITRE |
| title | Threat Spotlight: Group 72, Opening the ZxShell |
Infinitum IT LockBit 3.0
Infinitum IT. (n.d.). Threat Spotlight: Lockbit Black 3.0 Ransomware. Retrieved May 19, 2023.
Internal MISP references
UUID 8bee2689-dfd8-45b2-b8dd-e87ab3ade0ec which can be used as unique global reference for Infinitum IT LockBit 3.0 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Threat Spotlight: Lockbit Black 3.0 Ransomware |
BlackBerry SystemBC June 10 2021
The BlackBerry Research & Intelligence Team. (2021, June 10). Threat Thursday: SystemBC – a RAT in the Pipeline. Retrieved September 21, 2023.
Internal MISP references
UUID 08186ff9-6ca5-4c09-b5e7-b883eb15fdba which can be used as unique global reference for BlackBerry SystemBC June 10 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-21T00:00:00Z |
| date_published | 2021-06-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Threat Thursday: SystemBC – a RAT in the Pipeline |
DOJ North Korea Indictment Feb 2021
Department of Justice. (2021, February 17). Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe. Retrieved June 9, 2021.
Internal MISP references
UUID d702653f-a9da-4a36-8f84-97caeb445266 which can be used as unique global reference for DOJ North Korea Indictment Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-09T00:00:00Z |
| date_published | 2021-02-17T00:00:00Z |
| source | MITRE |
| title | Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe |
Symantec Thrip June 2018
Security Response Attack Investigation Team. (2018, June 19). Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies. Retrieved July 10, 2018.
Internal MISP references
UUID 482a6946-b663-4789-a31f-83fb2132118d which can be used as unique global reference for Symantec Thrip June 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-10T00:00:00Z |
| date_published | 2018-06-19T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies |
FireEye Bootkits
Andonov, D., et al. (2015, December 7). Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record. Retrieved May 13, 2016.
Internal MISP references
UUID 585827a8-1f03-439d-b66e-ad5290117c1b which can be used as unique global reference for FireEye Bootkits in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-05-13T00:00:00Z |
| date_published | 2015-12-07T00:00:00Z |
| source | MITRE |
| title | Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record |
SpecterOps AWS Traffic Mirroring
Luke Paine. (2020, March 11). Through the Looking Glass — Part 1. Retrieved March 17, 2022.
Internal MISP references
UUID 6ab2cfa1-230f-498e-8049-fcdd2f7296dd which can be used as unique global reference for SpecterOps AWS Traffic Mirroring in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-17T00:00:00Z |
| date_published | 2020-03-11T00:00:00Z |
| source | MITRE |
| title | Through the Looking Glass — Part 1 |
Ossmann Star Feb 2011
Michael Ossmann. (2011, February 17). Throwing Star LAN Tap. Retrieved March 30, 2018.
Internal MISP references
UUID 1be27354-1326-4568-b26a-d0034acecba2 which can be used as unique global reference for Ossmann Star Feb 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| date_published | 2011-02-17T00:00:00Z |
| source | MITRE |
| title | Throwing Star LAN Tap |
Symantec Tick Apr 2016
DiMaggio, J. (2016, April 28). Tick cyberespionage group zeros in on Japan. Retrieved July 16, 2018.
Internal MISP references
UUID 3e29cacc-2c05-4f35-8dd1-948f8aee6713 which can be used as unique global reference for Symantec Tick Apr 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-16T00:00:00Z |
| date_published | 2016-04-28T00:00:00Z |
| source | MITRE |
| title | Tick cyberespionage group zeros in on Japan |
TightVNC Software Project Page
TightVNC Software. (n.d.). TightVNC Software. Retrieved July 10, 2023.
Internal MISP references
UUID e1725230-4f6c-47c5-8e30-90dfb01a75d7 which can be used as unique global reference for TightVNC Software Project Page in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-10T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | TightVNC Software |
AnyRun TimeBomb
Malicious History. (2020, September 17). Time Bombs: Malware With Delayed Execution. Retrieved April 22, 2021.
Internal MISP references
UUID cd369bf9-80a8-426f-a0aa-c9745b40696c which can be used as unique global reference for AnyRun TimeBomb in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-22T00:00:00Z |
| date_published | 2020-09-17T00:00:00Z |
| source | MITRE |
| title | Time Bombs: Malware With Delayed Execution |
Microsoft TimeProvider
Microsoft. (n.d.). Time Provider. Retrieved March 26, 2018.
Internal MISP references
UUID cf7c1db8-6282-4ccd-9609-5a012faf70d6 which can be used as unique global reference for Microsoft TimeProvider in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-26T00:00:00Z |
| source | MITRE |
| title | Time Provider |
Talos TinyTurla September 2021
Cisco Talos. (2021, September 21). TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines. Retrieved December 2, 2021.
Internal MISP references
UUID 94cdbd73-a31a-4ec3-aa36-de3ea077c1c7 which can be used as unique global reference for Talos TinyTurla September 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-02T00:00:00Z |
| date_published | 2021-09-21T00:00:00Z |
| source | MITRE |
| title | TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines |
Pentestlab Token Manipulation
netbiosX. (2017, April 3). Token Manipulation. Retrieved April 21, 2017.
Internal MISP references
UUID 243deb44-4d47-4c41-bd5d-262c4319cce5 which can be used as unique global reference for Pentestlab Token Manipulation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-21T00:00:00Z |
| date_published | 2017-04-03T00:00:00Z |
| source | MITRE |
| title | Token Manipulation |
Langer Stuxnet
Ralph Langner. (2013, November). To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve. Retrieved December 7, 2020.
Internal MISP references
UUID 76b99581-e94d-4e51-8110-80557474048e which can be used as unique global reference for Langer Stuxnet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-07T00:00:00Z |
| date_published | 2013-11-01T00:00:00Z |
| source | MITRE |
| title | To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve |
TrendMicro Tonto Team October 2020
Daniel Lughi, Jaromir Horejsi. (2020, October 2). Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure. Retrieved October 17, 2021.
Internal MISP references
UUID 140e6b01-6b98-4f82-9455-0c84b3856b86 which can be used as unique global reference for TrendMicro Tonto Team October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-17T00:00:00Z |
| date_published | 2020-10-02T00:00:00Z |
| source | MITRE |
| title | Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure |
NorthSec 2015 GData Uroburos Tools
Rascagneres, P. (2015, May). Tools used by the Uroburos actors. Retrieved August 18, 2016.
Internal MISP references
UUID 99e2709e-a32a-4fbf-a20a-ffcdd8befdc8 which can be used as unique global reference for NorthSec 2015 GData Uroburos Tools in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-18T00:00:00Z |
| date_published | 2015-05-01T00:00:00Z |
| source | MITRE |
| title | Tools used by the Uroburos actors |
Dingledine Tor The Second-Generation Onion Router
Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.
Internal MISP references
UUID ffb6a26d-2da9-4cce-bb2d-5280e9cc16b4 which can be used as unique global reference for Dingledine Tor The Second-Generation Onion Router in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2004-01-01T00:00:00Z |
| source | MITRE |
| title | Tor: The Second-Generation Onion Router |
FireEye FIN7 Shim Databases
Erickson, J., McWhirt, M., Palombo, D. (2017, May 3). To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence. Retrieved July 18, 2017.
Internal MISP references
UUID 25d8bac0-9187-45db-ad96-c7bce20cef00 which can be used as unique global reference for FireEye FIN7 Shim Databases in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-18T00:00:00Z |
| date_published | 2017-05-03T00:00:00Z |
| source | MITRE |
| title | To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence |
LOLBAS Tracker
LOLBAS. (n.d.). Tracker.exe. Retrieved July 31, 2019.
Internal MISP references
UUID f0e368f1-3347-41ef-91fb-995c3cb07707 which can be used as unique global reference for LOLBAS Tracker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Tracker.exe |
BushidoToken Scattered Spider August 16 2023
BushidoToken. (2023, August 16). Tracking Adversaries: Scattered Spider, the BlackCat affiliate. Retrieved September 14, 2023.
Internal MISP references
UUID 621a8320-0e3c-444f-b82a-7fd4fdf9fb67 which can be used as unique global reference for BushidoToken Scattered Spider August 16 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-14T00:00:00Z |
| date_published | 2023-08-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Tracking Adversaries: Scattered Spider, the BlackCat affiliate |
Lateral Movement Payne
Payne, J. (2015, November 26). Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts. Retrieved February 1, 2016.
Internal MISP references
UUID 5d5ca6a4-5e2f-4679-9040-b68d524778ff which can be used as unique global reference for Lateral Movement Payne in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-01T00:00:00Z |
| date_published | 2015-11-26T00:00:00Z |
| source | MITRE |
| title | Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts |
Unit 42 KerrDown February 2019
Ray, V. and Hayashi, K. (2019, February 1). Tracking OceanLotus’ new Downloader, KerrDown. Retrieved October 1, 2021.
Internal MISP references
UUID bff5dbfe-d080-46c1-82b7-272e03d2aa8c which can be used as unique global reference for Unit 42 KerrDown February 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-01T00:00:00Z |
| date_published | 2019-02-01T00:00:00Z |
| source | MITRE |
| title | Tracking OceanLotus’ new Downloader, KerrDown |
Trend Micro TeamTNT
Fiser, D. Oliveira, A. (n.d.). Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group. Retrieved September 22, 2021.
Internal MISP references
UUID d6b52135-6bb2-4e37-8f94-1e1d6354bdfd which can be used as unique global reference for Trend Micro TeamTNT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-22T00:00:00Z |
| source | MITRE |
| title | Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group |
SANS Windshift August 2018
Karim, T. (2018, August). TRAILS OF WINDSHIFT. Retrieved June 25, 2020.
Internal MISP references
UUID 97eac0f2-d528-4f7c-8425-7531eae4fc39 which can be used as unique global reference for SANS Windshift August 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| date_published | 2018-08-01T00:00:00Z |
| source | MITRE |
| title | TRAILS OF WINDSHIFT |
Microsoft TxF
Microsoft. (n.d.). Transactional NTFS (TxF). Retrieved December 20, 2017.
Internal MISP references
UUID f7f2eecc-19e6-4d93-8a53-91afea2f242e which can be used as unique global reference for Microsoft TxF in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| source | MITRE |
| title | Transactional NTFS (TxF) |
Rclone-mega-extortion_05_2021
Justin Schoenfeld, Aaron Didier. (2021, May 4). Transferring leverage in a ransomware attack. Retrieved July 14, 2022.
Internal MISP references
UUID 9b492a2f-1326-4733-9c0e-a9454bf7fabb which can be used as unique global reference for Rclone-mega-extortion_05_2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-14T00:00:00Z |
| date_published | 2021-05-04T00:00:00Z |
| source | MITRE |
| title | Transferring leverage in a ransomware attack |
JScrip May 2018
Microsoft. (2018, May 31). Translating to JScript. Retrieved June 23, 2020.
Internal MISP references
UUID 99e48516-f918-477c-b85e-4ad894cc031f which can be used as unique global reference for JScrip May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | Translating to JScript |
Talos Transparent Tribe May 2021
Malhotra, A. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal. Retrieved September 2, 2021.
Internal MISP references
UUID 5d58c285-bc7d-4a8a-a96a-ac7118c1089d which can be used as unique global reference for Talos Transparent Tribe May 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-02T00:00:00Z |
| date_published | 2021-05-13T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Transparent Tribe APT expands its Windows malware arsenal |
tt_obliqueRAT
Malhotra, A., McKay, K. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal . Retrieved July 29, 2022.
Internal MISP references
UUID be1e3092-1981-457b-ae76-b55b057e1d73 which can be used as unique global reference for tt_obliqueRAT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-29T00:00:00Z |
| date_published | 2021-05-13T00:00:00Z |
| source | MITRE |
| title | Transparent Tribe APT expands its Windows malware arsenal |
Cisco Talos Transparent Tribe Education Campaign July 2022
N. Baisini. (2022, July 13). Transparent Tribe begins targeting education sector in latest campaign. Retrieved September 22, 2022.
Internal MISP references
UUID acb10fb6-608f-44d3-9faf-7e577b0e2786 which can be used as unique global reference for Cisco Talos Transparent Tribe Education Campaign July 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-22T00:00:00Z |
| date_published | 2022-07-13T00:00:00Z |
| source | MITRE |
| title | Transparent Tribe begins targeting education sector in latest campaign |
tt_httrack_fake_domains
Malhotra, A., Thattil, J. et al. (2022, March 29). Transparent Tribe campaign uses new bespoke malware to target Indian government officials . Retrieved September 6, 2022.
Internal MISP references
UUID 9bdda422-dbf7-4b70-a7b1-9e3ad658c239 which can be used as unique global reference for tt_httrack_fake_domains in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-06T00:00:00Z |
| date_published | 2022-03-29T00:00:00Z |
| source | MITRE |
| title | Transparent Tribe campaign uses new bespoke malware to target Indian government officials |
Securelist Trasparent Tribe 2020
Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved April 1, 2021.
Internal MISP references
UUID 0db470b1-ab22-4b67-a858-472e4de7c6f0 which can be used as unique global reference for Securelist Trasparent Tribe 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2020-08-20T00:00:00Z |
| source | MITRE |
| title | Transparent Tribe: Evolution analysis, part 1 |
Kaspersky Transparent Tribe August 2020
Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved September 2, 2021.
Internal MISP references
UUID 42c7faa2-f664-4e4a-9d23-93c88a09da5b which can be used as unique global reference for Kaspersky Transparent Tribe August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-02T00:00:00Z |
| date_published | 2020-08-20T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Transparent Tribe: Evolution analysis, part 1 |
Microsoft TransportAgent Jun 2016
Microsoft. (2016, June 1). Transport agents. Retrieved June 24, 2019.
Internal MISP references
UUID 16ae3e7e-5f0d-4ca9-8453-be960b2111b6 which can be used as unique global reference for Microsoft TransportAgent Jun 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-24T00:00:00Z |
| date_published | 2016-06-01T00:00:00Z |
| source | MITRE |
| title | Transport agents |
Trap Manual
ss64. (n.d.). trap. Retrieved May 21, 2019.
Internal MISP references
UUID 143462e1-b7e8-4e18-9cb1-6f4f3969e891 which can be used as unique global reference for Trap Manual in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-21T00:00:00Z |
| source | MITRE |
| title | trap |
Red Canary Netwire Linux 2022
TONY LAMBERT. (2022, June 7). Trapping the Netwire RAT on Linux. Retrieved September 28, 2023.
Internal MISP references
UUID 6d4c6c52-38ae-52f5-b438-edeceed446a5 which can be used as unique global reference for Red Canary Netwire Linux 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-28T00:00:00Z |
| date_published | 2022-06-07T00:00:00Z |
| source | MITRE |
| title | Trapping the Netwire RAT on Linux |
Cyberciti Trap Statements
Cyberciti. (2016, March 29). Trap statement. Retrieved May 21, 2019.
Internal MISP references
UUID 24cf5471-f327-4407-b32f-055537f3495e which can be used as unique global reference for Cyberciti Trap Statements in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-21T00:00:00Z |
| date_published | 2016-03-29T00:00:00Z |
| source | MITRE |
| title | Trap statement |
Dept. of Treasury Iran Sanctions September 2020
Dept. of Treasury. (2020, September 17). Treasury Sanctions Cyber Actors Backed by Iranian Intelligence. Retrieved December 10, 2020.
Internal MISP references
UUID 0c8ff80a-6b1d-4212-aa40-99aeef04ce05 which can be used as unique global reference for Dept. of Treasury Iran Sanctions September 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-10T00:00:00Z |
| date_published | 2020-09-17T00:00:00Z |
| source | MITRE |
| title | Treasury Sanctions Cyber Actors Backed by Iranian Intelligence |
Treasury EvilCorp Dec 2019
U.S. Department of Treasury. (2019, December 5). Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware. Retrieved September 15, 2021.
Internal MISP references
UUID 074a52c4-26d9-4083-9349-c14e2639c1bc which can be used as unique global reference for Treasury EvilCorp Dec 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-15T00:00:00Z |
| date_published | 2019-12-05T00:00:00Z |
| source | MITRE |
| title | Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware |
Treasury North Korean Cyber Groups September 2019
US Treasury . (2019, September 13). Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups. Retrieved September 29, 2021.
Internal MISP references
UUID 54977bb2-2929-41d7-bdea-06d39dc76174 which can be used as unique global reference for Treasury North Korean Cyber Groups September 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2019-09-13T00:00:00Z |
| source | MITRE |
| title | Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups |
Mandiant APT29 Trello
Wolfram, J. et al. (2022, April 28). Trello From the Other Side: Tracking APT29 Phishing Campaigns. Retrieved August 3, 2022.
Internal MISP references
UUID 5590bb5c-d9d1-480c-bb69-1944c1cf2431 which can be used as unique global reference for Mandiant APT29 Trello in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-03T00:00:00Z |
| date_published | 2022-04-28T00:00:00Z |
| source | MITRE |
| title | Trello From the Other Side: Tracking APT29 Phishing Campaigns |
Malicious Chrome Extension Numbers
Jagpal, N., et al. (2015, August). Trends and Lessons from Three Years Fighting Malicious Extensions. Retrieved November 17, 2017.
Internal MISP references
UUID f34fcf1f-370e-4b6e-9cc4-7ee4075faf6e which can be used as unique global reference for Malicious Chrome Extension Numbers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-17T00:00:00Z |
| date_published | 2015-08-01T00:00:00Z |
| source | MITRE |
| title | Trends and Lessons from Three Years Fighting Malicious Extensions |
Triage 23893f035f8564dfea5030b9fdd54120d96072bb
tria.ge. (n.d.). Triage 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.
Internal MISP references
UUID 3c4857e0-0318-435f-9459-bd57d83e84fe which can be used as unique global reference for Triage 23893f035f8564dfea5030b9fdd54120d96072bb in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Triage 23893f035f8564dfea5030b9fdd54120d96072bb |
Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7
tria.ge. (n.d.). Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7. Retrieved October 20, 2023.
Internal MISP references
UUID fd9800c3-c556-4804-a4ea-f31c2b198dcf which can be used as unique global reference for Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7 |
exatrack bpf filters passive backdoors
ExaTrack. (2022, May 11). Tricephalic Hellkeeper: a tale of a passive backdoor. Retrieved October 18, 2022.
Internal MISP references
UUID 84ffd130-97b9-4bbf-bc3e-42accdf248ce which can be used as unique global reference for exatrack bpf filters passive backdoors in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-10-18T00:00:00Z |
| date_published | 2022-05-11T00:00:00Z |
| source | MITRE |
| title | Tricephalic Hellkeeper: a tale of a passive backdoor |
Malwarebytes TrickBot Sep 2019
Umawing, J. (2019, September 3). TrickBot adds new trick to its arsenal: tampering with trusted texts. Retrieved June 15, 2020.
Internal MISP references
UUID 4d6d258f-a57f-4cfd-880a-1ecd98e26d9f which can be used as unique global reference for Malwarebytes TrickBot Sep 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-15T00:00:00Z |
| date_published | 2019-09-03T00:00:00Z |
| source | MITRE |
| title | TrickBot adds new trick to its arsenal: tampering with trusted texts |
TrendMicro Trickbot Feb 2019
Llimos, N., Pascual, C.. (2019, February 12). Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire. Retrieved March 12, 2019.
Internal MISP references
UUID c402888a-ccd1-4cbc-856c-ff0bdcb8b30b which can be used as unique global reference for TrendMicro Trickbot Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-12T00:00:00Z |
| date_published | 2019-02-12T00:00:00Z |
| source | MITRE |
| title | Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire |
Eclypsium Trickboot December 2020
Eclypsium, Advanced Intelligence. (2020, December 1). TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT. Retrieved March 15, 2021.
Internal MISP references
UUID ad72e27f-ae4f-425a-a4ef-c76a20382691 which can be used as unique global reference for Eclypsium Trickboot December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-15T00:00:00Z |
| date_published | 2020-12-01T00:00:00Z |
| source | MITRE |
| title | TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT |
IBM X-Force ITG23 Oct 2021
Villadsen, O., et al. (2021, October 13). Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds. Retrieved June 15, 2023.
Internal MISP references
UUID d796e773-7335-549f-a79b-a2961f85a8ec which can be used as unique global reference for IBM X-Force ITG23 Oct 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-15T00:00:00Z |
| date_published | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds |
Trend Micro Trickbot Nov 2018
Anthony, N., Pascual, C.. (2018, November 1). Trickbot Shows Off New Trick: Password Grabber Module. Retrieved November 16, 2018.
Internal MISP references
UUID 5504d906-579e-4b1c-8864-d811b67a25f8 which can be used as unique global reference for Trend Micro Trickbot Nov 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-16T00:00:00Z |
| date_published | 2018-11-01T00:00:00Z |
| source | MITRE |
| title | Trickbot Shows Off New Trick: Password Grabber Module |
Joe Sec Trickbot
Joe Security. (2020, July 13). TrickBot's new API-Hammering explained. Retrieved September 30, 2021.
Internal MISP references
UUID f5441718-3c0d-4b26-863c-24df1130b090 which can be used as unique global reference for Joe Sec Trickbot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-30T00:00:00Z |
| date_published | 2020-07-13T00:00:00Z |
| source | MITRE |
| title | TrickBot's new API-Hammering explained |
Fortinet TrickBot
Bacurio Jr., F. and Salvio, J. (2018, April 9). Trickbot’s New Reconnaissance Plugin. Retrieved February 14, 2019.
Internal MISP references
UUID a5dc1702-1930-463a-a581-74cc13e66ba5 which can be used as unique global reference for Fortinet TrickBot in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-14T00:00:00Z |
| date_published | 2018-04-09T00:00:00Z |
| source | MITRE |
| title | Trickbot’s New Reconnaissance Plugin |
Trickbot VNC module July 2021
Ionut Illascu. (2021, July 14). Trickbot updates its VNC module for high-value targets. Retrieved September 10, 2021.
Internal MISP references
UUID 0484ddd0-5402-4300-99d4-4504591dddc0 which can be used as unique global reference for Trickbot VNC module July 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-10T00:00:00Z |
| date_published | 2021-07-14T00:00:00Z |
| source | MITRE |
| title | Trickbot updates its VNC module for high-value targets |
Fidelis TrickBot Oct 2016
Reaves, J. (2016, October 15). TrickBot: We Missed you, Dyre. Retrieved August 2, 2018.
Internal MISP references
UUID 839c02d1-58ec-4e25-a981-0276dbb1acc8 which can be used as unique global reference for Fidelis TrickBot Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-02T00:00:00Z |
| date_published | 2016-10-15T00:00:00Z |
| source | MITRE |
| title | TrickBot: We Missed you, Dyre |
Bromium Ursnif Mar 2017
Holland, A. (2019, March 7). Tricks and COMfoolery: How Ursnif Evades Detection. Retrieved June 10, 2019.
Internal MISP references
UUID 04028685-b2e0-4faf-8c9d-36d1b07f09fc which can be used as unique global reference for Bromium Ursnif Mar 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-10T00:00:00Z |
| date_published | 2019-03-07T00:00:00Z |
| source | MITRE |
| title | Tricks and COMfoolery: How Ursnif Evades Detection |
IBM TrickBot Nov 2016
Keshet, L. (2016, November 09). Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations. Retrieved August 2, 2018.
Internal MISP references
UUID 092aec63-aea0-4bc9-9c05-add89b4233ff which can be used as unique global reference for IBM TrickBot Nov 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-02T00:00:00Z |
| date_published | 2016-11-09T00:00:00Z |
| source | MITRE |
| title | Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations |
TrendMictro Phishing
Babon, P. (2020, September 3). Tricky 'Forms' of Phishing. Retrieved October 20, 2020.
Internal MISP references
UUID 621f1c52-5f34-4293-a507-b58c4084a19b which can be used as unique global reference for TrendMictro Phishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| date_published | 2020-09-03T00:00:00Z |
| source | MITRE |
| title | Tricky 'Forms' of Phishing |
Trimarc Detecting Password Spraying
Metcalf, S. (2018, May 6). Trimarc Research: Detecting Password Spraying with Security Event Auditing. Retrieved January 16, 2019.
Internal MISP references
UUID aadbd0a8-00f2-404b-8d02-6d36292726da which can be used as unique global reference for Trimarc Detecting Password Spraying in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-01-16T00:00:00Z |
| date_published | 2018-05-06T00:00:00Z |
| source | MITRE |
| title | Trimarc Research: Detecting Password Spraying with Security Event Auditing |
Dragos TRISIS
Dragos. (2017, December 13). TRISIS Malware Analysis of Safety System Targeted Malware. Retrieved January 6, 2021.
Internal MISP references
UUID 7659f7bc-2059-4a4d-a12c-17ccd99b737a which can be used as unique global reference for Dragos TRISIS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-06T00:00:00Z |
| date_published | 2017-12-13T00:00:00Z |
| source | MITRE |
| title | TRISIS Malware Analysis of Safety System Targeted Malware |
FireEye TRITON 2019
Miller, S, et al. (2019, April 10). TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping. Retrieved April 16, 2019.
Internal MISP references
UUID 49c97b85-ca22-400a-9dc4-6290cc117f04 which can be used as unique global reference for FireEye TRITON 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2019-04-10T00:00:00Z |
| source | MITRE |
| title | TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping |
FireEye TEMP.Veles JSON April 2019
Miller, S., et al. (2019, April 10). TRITON Appendix C. Retrieved April 29, 2019.
Internal MISP references
UUID 491783dc-7a6b-42a6-b923-c4439117e7e4 which can be used as unique global reference for FireEye TEMP.Veles JSON April 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-29T00:00:00Z |
| date_published | 2019-04-10T00:00:00Z |
| source | MITRE |
| title | TRITON Appendix C |
FireEye TEMP.Veles 2018
FireEye Intelligence . (2018, October 23). TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers. Retrieved April 16, 2019.
Internal MISP references
UUID e41151fa-ea11-43ca-9689-c65aae63a8d2 which can be used as unique global reference for FireEye TEMP.Veles 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| date_published | 2018-10-23T00:00:00Z |
| source | MITRE |
| title | TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers |
Palo Alto MoonWind March 2017
Miller-Osborn, J. and Grunzweig, J.. (2017, March 30). Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations. Retrieved March 30, 2017.
Internal MISP references
UUID 4f3d7a08-2cf5-49ed-8bcd-6df180f3d194 which can be used as unique global reference for Palo Alto MoonWind March 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-30T00:00:00Z |
| date_published | 2017-03-30T00:00:00Z |
| source | MITRE |
| title | Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations |
CyberESI GTALK
CyberESI. (2011). TROJAN.GTALK. Retrieved June 29, 2015.
Internal MISP references
UUID 7952f365-1284-4461-8bc3-d8e20e38e1ba which can be used as unique global reference for CyberESI GTALK in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-06-29T00:00:00Z |
| date_published | 2011-01-01T00:00:00Z |
| source | MITRE |
| title | TROJAN.GTALK |
Symantec Hydraq Jan 2010
Lelli, A. (2010, January 11). Trojan.Hydraq. Retrieved February 20, 2018.
Internal MISP references
UUID 2f99e508-6d0c-4590-8156-cdcadeef8ed9 which can be used as unique global reference for Symantec Hydraq Jan 2010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-20T00:00:00Z |
| date_published | 2010-01-11T00:00:00Z |
| source | MITRE |
| title | Trojan.Hydraq |
Symantec Security Center Trojan.Kwampirs
Moench, B. and Aboud, E. (2016, August 23). Trojan.Kwampirs. Retrieved May 10, 2018.
Internal MISP references
UUID d6fb6b97-042c-4a66-a2ba-31c13f96a144 which can be used as unique global reference for Symantec Security Center Trojan.Kwampirs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-10T00:00:00Z |
| date_published | 2016-08-23T00:00:00Z |
| source | MITRE |
| title | Trojan.Kwampirs |
Symantec Naid June 2012
Neville, A. (2012, June 15). Trojan.Naid. Retrieved February 22, 2018.
Internal MISP references
UUID dc3c16b3-e06b-4b56-b6bd-b98a0b39df3b which can be used as unique global reference for Symantec Naid June 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-22T00:00:00Z |
| date_published | 2012-06-15T00:00:00Z |
| source | MITRE |
| title | Trojan.Naid |
Symantec Pasam May 2012
Mullaney, C. & Honda, H. (2012, May 4). Trojan.Pasam. Retrieved February 22, 2018.
Internal MISP references
UUID c8135017-43c5-4bde-946e-141684c29b7a which can be used as unique global reference for Symantec Pasam May 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-22T00:00:00Z |
| date_published | 2012-05-04T00:00:00Z |
| source | MITRE |
| title | Trojan.Pasam |
Microsoft TrojanSpy:Win32/Ursnif.gen!I Sept 2017
Microsoft. (2017, September 15). TrojanSpy:Win32/Ursnif.gen!I. Retrieved December 18, 2017.
Internal MISP references
UUID 2b0c16e3-9ea0-455e-ae01-18d9b388fea6 which can be used as unique global reference for Microsoft TrojanSpy:Win32/Ursnif.gen!I Sept 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2017-09-15T00:00:00Z |
| source | MITRE |
| title | TrojanSpy:Win32/Ursnif.gen!I |
Symantec Ushedix June 2008
Symantec. (2008, June 28). Trojan.Ushedix. Retrieved December 18, 2017.
Internal MISP references
UUID 9df2b407-df20-403b-ba1b-a681b9c74c7e which can be used as unique global reference for Symantec Ushedix June 2008 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2008-06-28T00:00:00Z |
| source | MITRE |
| title | Trojan.Ushedix |
Symantec Volgmer Aug 2014
Yagi, J. (2014, August 24). Trojan.Volgmer. Retrieved July 16, 2018.
Internal MISP references
UUID 8f5ba106-267a-4f9e-9498-04e27f509c5e which can be used as unique global reference for Symantec Volgmer Aug 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-16T00:00:00Z |
| date_published | 2014-08-24T00:00:00Z |
| source | MITRE |
| title | Trojan.Volgmer |
FSecure Lokibot November 2019
Kazem, M. (2019, November 25). Trojan:W32/Lokibot. Retrieved May 15, 2020.
Internal MISP references
UUID e4ed8915-8f1e-47a0-ad99-075c66fa9cd3 which can be used as unique global reference for FSecure Lokibot November 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-15T00:00:00Z |
| date_published | 2019-11-25T00:00:00Z |
| source | MITRE |
| title | Trojan:W32/Lokibot |
Microsoft Totbrick Oct 2017
Pornasdoro, A. (2017, October 12). Trojan:Win32/Totbrick. Retrieved September 14, 2018.
Internal MISP references
UUID 3abe861b-0e3b-458a-98cf-38450058b4a5 which can be used as unique global reference for Microsoft Totbrick Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-14T00:00:00Z |
| date_published | 2017-10-12T00:00:00Z |
| source | MITRE |
| title | Trojan:Win32/Totbrick |
Ciubotariu 2014
Ciubotariu, M. (2014, January 23). Trojan.Zeroaccess.C Hidden in NTFS EA. Retrieved December 2, 2014.
Internal MISP references
UUID 8a4583fe-cf73-47ba-a4ea-3e5ef1eb51b6 which can be used as unique global reference for Ciubotariu 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-02T00:00:00Z |
| date_published | 2014-01-23T00:00:00Z |
| source | MITRE |
| title | Trojan.Zeroaccess.C Hidden in NTFS EA |
TrendMicro TROJ-FAKEAV OCT 2012
Sioting, S. (2012, October 8). TROJ_FAKEAV.GZD. Retrieved August 8, 2018.
Internal MISP references
UUID 5d9e974f-07f8-48e4-96b6-632ecb31465d which can be used as unique global reference for TrendMicro TROJ-FAKEAV OCT 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-08T00:00:00Z |
| date_published | 2012-10-08T00:00:00Z |
| source | MITRE |
| title | TROJ_FAKEAV.GZD |
troj_zegost
Trend Micro. (2012, October 9). TROJ_ZEGOST. Retrieved September 2, 2021.
Internal MISP references
UUID c3790ad6-704a-4076-8729-61b5df9d7983 which can be used as unique global reference for troj_zegost in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-02T00:00:00Z |
| date_published | 2012-10-09T00:00:00Z |
| source | MITRE |
| title | TROJ_ZEGOST |
TrendMicro Tropic Trooper May 2020
Chen, J.. (2020, May 12). Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments. Retrieved May 20, 2020.
Internal MISP references
UUID 4fbc1df0-f174-4461-817d-0baf6e947ba1 which can be used as unique global reference for TrendMicro Tropic Trooper May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-20T00:00:00Z |
| date_published | 2020-05-12T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments |
TrendMicro Tropic Trooper Mar 2018
Horejsi, J., et al. (2018, March 14). Tropic Trooper’s New Strategy. Retrieved November 9, 2018.
Internal MISP references
UUID 5d69d122-13bc-45c4-95ab-68283a21b699 which can be used as unique global reference for TrendMicro Tropic Trooper Mar 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-09T00:00:00Z |
| date_published | 2018-03-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Tropic Trooper’s New Strategy |
Unit 42 Tropic Trooper Nov 2016
Ray, V. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved November 9, 2018.
Internal MISP references
UUID cad84e3d-9506-44f8-bdd9-d090e6ce9b06 which can be used as unique global reference for Unit 42 Tropic Trooper Nov 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-09T00:00:00Z |
| date_published | 2016-11-22T00:00:00Z |
| source | MITRE |
| title | Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy |
paloalto Tropic Trooper 2016
Ray, V., et al. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved December 18, 2020.
Internal MISP references
UUID 47524b17-1acd-44b1-8de5-168369fa9455 which can be used as unique global reference for paloalto Tropic Trooper 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2016-11-22T00:00:00Z |
| source | MITRE |
| title | Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy |
GitHub truffleHog
Dylan Ayrey. (2016, December 31). truffleHog. Retrieved October 19, 2020.
Internal MISP references
UUID 324a563f-55ee-49e9-9fc7-2b8e35f36875 which can be used as unique global reference for GitHub truffleHog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| date_published | 2016-12-31T00:00:00Z |
| source | MITRE |
| title | truffleHog |
TCG Trusted Platform Module
Trusted Computing Group. (2008, April 29). Trusted Platform Module (TPM) Summary. Retrieved June 8, 2016.
Internal MISP references
UUID 51a2a2fd-7828-449d-aab5-dbcf5d37f020 which can be used as unique global reference for TCG Trusted Platform Module in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-08T00:00:00Z |
| date_published | 2008-04-29T00:00:00Z |
| source | MITRE |
| title | Trusted Platform Module (TPM) Summary |
Microsoft Trusts
Microsoft. (2009, October 7). Trust Technologies. Retrieved February 14, 2019.
Internal MISP references
UUID e6bfc6a8-9eea-4c65-9c2b-04749da72a92 which can be used as unique global reference for Microsoft Trusts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-14T00:00:00Z |
| date_published | 2009-10-07T00:00:00Z |
| source | MITRE |
| title | Trust Technologies |
SSHjack Blackhat
Adam Boileau. (2005, August 5). Trust Transience: Post Intrusion SSH Hijacking. Retrieved December 19, 2017.
Internal MISP references
UUID 64f94126-de4c-4204-8409-d26804f32cff which can be used as unique global reference for SSHjack Blackhat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-19T00:00:00Z |
| date_published | 2005-08-05T00:00:00Z |
| source | MITRE |
| title | Trust Transience: Post Intrusion SSH Hijacking |
Trend Micro Totbrick Oct 2016
Antazo, F. (2016, October 31). TSPY_TRICKLOAD.N. Retrieved September 14, 2018.
Internal MISP references
UUID d6419764-f203-4089-8b38-860c442238e7 which can be used as unique global reference for Trend Micro Totbrick Oct 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-14T00:00:00Z |
| date_published | 2016-10-31T00:00:00Z |
| source | MITRE |
| title | TSPY_TRICKLOAD.N |
Ttdinject.exe - LOLBAS Project
LOLBAS. (2020, May 12). Ttdinject.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 3146c9c9-9836-4ce5-afe6-ef8f7b4a7b9d which can be used as unique global reference for Ttdinject.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-05-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Ttdinject.exe |
ttint_rat
Tu, L. Ma, Y. Ye, G. (2020, October 1). Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities. Retrieved October 28, 2021.
Internal MISP references
UUID f3e60cae-3225-4800-bc15-cb46ff715061 which can be used as unique global reference for ttint_rat in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-28T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities |
Tttracer.exe - LOLBAS Project
LOLBAS. (2019, November 5). Tttracer.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 7c88a77e-034e-4847-8bd7-1be3a684a158 which can be used as unique global reference for Tttracer.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-11-05T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Tttracer.exe |
Invincea XTunnel
Belcher, P.. (2016, July 28). Tunnel of Gov: DNC Hack and the Russian XTunnel. Retrieved August 3, 2016.
Internal MISP references
UUID 43773784-92b8-4722-806c-4b1fc4278bb0 which can be used as unique global reference for Invincea XTunnel in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-07-28T00:00:00Z |
| source | MITRE |
| title | Tunnel of Gov: DNC Hack and the Russian XTunnel |
ThreatGeek Derusbi Converge
Fidelis Threat Research Team. (2016, May 2). Turbo Twist: Two 64-bit Derusbi Strains Converge. Retrieved August 16, 2018.
Internal MISP references
UUID a386b614-a808-42cf-be23-658f71b31560 which can be used as unique global reference for ThreatGeek Derusbi Converge in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-16T00:00:00Z |
| date_published | 2016-05-02T00:00:00Z |
| source | MITRE |
| title | Turbo Twist: Two 64-bit Derusbi Strains Converge |
Mandiant Suspected Turla Campaign February 2023
Hawley, S. et al. (2023, February 2). Turla: A Galaxy of Opportunity. Retrieved May 15, 2023.
Internal MISP references
UUID d8f43a52-a59e-5567-8259-821b1b6bde43 which can be used as unique global reference for Mandiant Suspected Turla Campaign February 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-15T00:00:00Z |
| date_published | 2023-02-02T00:00:00Z |
| source | MITRE |
| title | Turla: A Galaxy of Opportunity |
ESET Crutch December 2020
Faou, M. (2020, December 2). Turla Crutch: Keeping the “back door” open. Retrieved December 4, 2020.
Internal MISP references
UUID 8b2f40f5-7dca-4edf-8314-a8f5bc4831b8 which can be used as unique global reference for ESET Crutch December 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-04T00:00:00Z |
| date_published | 2020-12-02T00:00:00Z |
| source | MITRE |
| title | Turla Crutch: Keeping the “back door” open |
ESET LightNeuron May 2019
Faou, M. (2019, May). Turla LightNeuron: One email away from remote code execution. Retrieved June 24, 2019.
Internal MISP references
UUID 679aa333-572c-44ba-b94a-606f168d1ed2 which can be used as unique global reference for ESET LightNeuron May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-24T00:00:00Z |
| date_published | 2019-05-01T00:00:00Z |
| source | MITRE |
| title | Turla LightNeuron: One email away from remote code execution |
ESET Turla Mosquito May 2018
ESET Research. (2018, May 22). Turla Mosquito: A shift towards more generic tools. Retrieved July 3, 2018.
Internal MISP references
UUID d683b8a2-7f90-4ae3-b763-c25fd701dbf6 which can be used as unique global reference for ESET Turla Mosquito May 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2018-05-22T00:00:00Z |
| source | MITRE |
| title | Turla Mosquito: A shift towards more generic tools |
ESET Turla August 2018
ESET. (2018, August). Turla Outlook Backdoor: Analysis of an unusual Turla backdoor. Retrieved March 11, 2019.
Internal MISP references
UUID e725fb9d-65b9-4e3f-9930-13c2c74b7fa4 which can be used as unique global reference for ESET Turla August 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-11T00:00:00Z |
| date_published | 2018-08-01T00:00:00Z |
| source | MITRE |
| title | Turla Outlook Backdoor: Analysis of an unusual Turla backdoor |
Accenture HyperStack October 2020
Accenture. (2020, October). Turla uses HyperStack, Carbon, and Kazuar to compromise government entity. Retrieved December 2, 2020.
Internal MISP references
UUID 680f2a0b-f69d-48bd-93ed-20ee2f79e3f7 which can be used as unique global reference for Accenture HyperStack October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-02T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | Turla uses HyperStack, Carbon, and Kazuar to compromise government entity |
Gmail Delegation
Google. (n.d.). Turn Gmail delegation on or off. Retrieved April 1, 2022.
Internal MISP references
UUID dfd28a01-56ba-4c0c-9742-d8b1db49df06 which can be used as unique global reference for Gmail Delegation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| source | MITRE |
| title | Turn Gmail delegation on or off |
Google Cloud Privilege Escalation
Chris Moberly. (2020, February 12). Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments. Retrieved April 1, 2022.
Internal MISP references
UUID 3dc4b69c-8cae-4489-8df2-5f55419fb3b1 which can be used as unique global reference for Google Cloud Privilege Escalation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2020-02-12T00:00:00Z |
| source | MITRE |
| title | Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments |
SSH in Windows
Microsoft. (2020, May 19). Tutorial: SSH in Windows Terminal. Retrieved July 26, 2021.
Internal MISP references
UUID 3006af23-b802-400f-841d-7eea7d748d28 which can be used as unique global reference for SSH in Windows in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-07-26T00:00:00Z |
| date_published | 2020-05-19T00:00:00Z |
| source | MITRE |
| title | Tutorial: SSH in Windows Terminal |
Microsoft NEODYMIUM Dec 2016
Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.
Internal MISP references
UUID 87c9f8e4-f8d1-4f19-86ca-6fd18a33890b which can be used as unique global reference for Microsoft NEODYMIUM Dec 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-27T00:00:00Z |
| date_published | 2016-12-14T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe |
Twitter Richard WMIC
Ackroyd, R. (2023, March 24). Twitter. Retrieved March 24, 2023.
Internal MISP references
UUID 7d701a8e-6816-5112-ac16-b36e71d7c5db which can be used as unique global reference for Twitter Richard WMIC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-24T00:00:00Z |
| date_published | 2023-03-24T00:00:00Z |
| source | MITRE |
| title |
Twitter Nick Carr APT10
Carr, N.. (2017, April 6). Retrieved June 29, 2017.
Internal MISP references
UUID 0f133f2c-3b02-4b3b-a960-ef6a7862cf8f which can be used as unique global reference for Twitter Nick Carr APT10 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-06-29T00:00:00Z |
| source | MITRE |
| title | Twitter Nick Carr APT10 |
Crowdstrike KRYPTONITE PANDA August 2018
Adam Kozy. (2018, August 30). Two Birds, One Stone Panda. Retrieved August 24, 2021.
Internal MISP references
UUID 42fe94f5-bc4c-4b0b-9c35-0bc32cbc5d79 which can be used as unique global reference for Crowdstrike KRYPTONITE PANDA August 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-24T00:00:00Z |
| date_published | 2018-08-30T00:00:00Z |
| source | MITRE |
| title | Two Birds, One Stone Panda |
Two New Monero Malware Attacks Target Windows and Android Users
Douglas Bonderud. (2018, September 17). Two New Monero Malware Attacks Target Windows and Android Users. Retrieved June 5, 2023.
Internal MISP references
UUID a797397b-2af7-58b9-b66a-5ded260659f0 which can be used as unique global reference for Two New Monero Malware Attacks Target Windows and Android Users in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-05T00:00:00Z |
| date_published | 2018-09-17T00:00:00Z |
| source | MITRE |
| title | Two New Monero Malware Attacks Target Windows and Android Users |
Trend Micro Pawn Storm April 2017
Hacquebord, F.. (2017, April 25). Two Years of Pawn Storm: Examining an Increasingly Relevant Threat. Retrieved May 3, 2017.
Internal MISP references
UUID d92f22a7-7753-47da-a850-00c073b5fd27 which can be used as unique global reference for Trend Micro Pawn Storm April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-03T00:00:00Z |
| date_published | 2017-04-25T00:00:00Z |
| source | MITRE |
| title | Two Years of Pawn Storm: Examining an Increasingly Relevant Threat |
Almond COR_PROFILER Apr 2019
Almond. (2019, April 30). UAC bypass via elevated .NET applications. Retrieved June 24, 2020.
Internal MISP references
UUID a49c5870-2a48-4cd7-8b4e-e80c5414f565 which can be used as unique global reference for Almond COR_PROFILER Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-24T00:00:00Z |
| date_published | 2019-04-30T00:00:00Z |
| source | MITRE |
| title | UAC bypass via elevated .NET applications |
Github UACMe
UACME Project. (2016, June 16). UACMe. Retrieved July 26, 2016.
Internal MISP references
UUID 7006d59d-3b61-4030-a680-5dac52133722 which can be used as unique global reference for Github UACMe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-26T00:00:00Z |
| date_published | 2016-06-16T00:00:00Z |
| source | MITRE |
| title | UACMe |
ZScaler SEO
Wang, J. (2018, October 17). Ubiquitous SEO Poisoning URLs. Retrieved September 30, 2022.
Internal MISP references
UUID f117cfa5-1bad-43ae-9eaa-3b9123061f93 which can be used as unique global reference for ZScaler SEO in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-30T00:00:00Z |
| date_published | 2018-10-17T00:00:00Z |
| source | MITRE |
| title | Ubiquitous SEO Poisoning URLs |
PaloAlto UBoatRAT Nov 2017
Hayashi, K. (2017, November 28). UBoatRAT Navigates East Asia. Retrieved January 12, 2018.
Internal MISP references
UUID 235a1129-2f35-4861-90b8-1f761d89b0f9 which can be used as unique global reference for PaloAlto UBoatRAT Nov 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-12T00:00:00Z |
| date_published | 2017-11-28T00:00:00Z |
| source | MITRE |
| title | UBoatRAT Navigates East Asia |
UK NSCS Russia SolarWinds April 2021
UK NCSC. (2021, April 15). UK and US call out Russia for SolarWinds compromise. Retrieved April 16, 2021.
Internal MISP references
UUID f49e6780-8caa-4c3c-8d68-47a2cc4319a1 which can be used as unique global reference for UK NSCS Russia SolarWinds April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-16T00:00:00Z |
| date_published | 2021-04-15T00:00:00Z |
| source | MITRE |
| title | UK and US call out Russia for SolarWinds compromise |
UK Gov Malign RIS Activity April 2021
UK Gov. (2021, April 15). UK and US expose global campaign of malign activity by Russian intelligence services . Retrieved April 16, 2021.
Internal MISP references
UUID 7fe5a605-c33e-4d3d-b787-2d1f649bee53 which can be used as unique global reference for UK Gov Malign RIS Activity April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-16T00:00:00Z |
| date_published | 2021-04-15T00:00:00Z |
| source | MITRE |
| title | UK and US expose global campaign of malign activity by Russian intelligence services |
UK Gov UK Exposes Russia SolarWinds April 2021
UK Gov. (2021, April 15). UK exposes Russian involvement in SolarWinds cyber compromise . Retrieved April 16, 2021.
Internal MISP references
UUID ffbd83d7-9d4f-42b9-adc0-eb144045aef2 which can be used as unique global reference for UK Gov UK Exposes Russia SolarWinds April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-16T00:00:00Z |
| date_published | 2021-04-15T00:00:00Z |
| source | MITRE |
| title | UK exposes Russian involvement in SolarWinds cyber compromise |
UK NCSC Olympic Attacks October 2020
UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.
Internal MISP references
UUID 93053f1b-917c-4573-ba20-99fcaa16a2dd which can be used as unique global reference for UK NCSC Olympic Attacks October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-30T00:00:00Z |
| date_published | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | UK exposes series of Russian cyber attacks against Olympic and Paralympic Games |
Cisco Ukraine Wipers January 2022
Biasini, N. et al.. (2022, January 21). Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation. Retrieved March 14, 2022.
Internal MISP references
UUID db17cc3d-9cd3-4faa-9de9-3b8fbec909c3 which can be used as unique global reference for Cisco Ukraine Wipers January 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-14T00:00:00Z |
| date_published | 2022-01-21T00:00:00Z |
| source | MITRE |
| title | Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation |
Symantec Ukraine Wipers February 2022
Symantec Threat Hunter Team. (2022, February 24). Ukraine: Disk-wiping Attacks Precede Russian Invasion. Retrieved March 25, 2022.
Internal MISP references
UUID 3ed4cd00-3387-4b80-bda8-0a190dc6353c which can be used as unique global reference for Symantec Ukraine Wipers February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-02-24T00:00:00Z |
| source | MITRE |
| title | Ukraine: Disk-wiping Attacks Precede Russian Invasion |
Bleepingcomputer Gamardeon FSB November 2021
Toulas, B. (2018, November 4). Ukraine links members of Gamaredon hacker group to Russian FSB. Retrieved April 15, 2022.
Internal MISP references
UUID c565b025-df74-40a9-9535-b630ca06f777 which can be used as unique global reference for Bleepingcomputer Gamardeon FSB November 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-15T00:00:00Z |
| date_published | 2018-11-04T00:00:00Z |
| source | MITRE |
| title | Ukraine links members of Gamaredon hacker group to Russian FSB |
Qualys Hermetic Wiper March 2022
Dani, M. (2022, March 1). Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware. Retrieved March 25, 2022.
Internal MISP references
UUID 2b25969b-2f0b-4204-9277-596e80c4e626 which can be used as unique global reference for Qualys Hermetic Wiper March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-25T00:00:00Z |
| date_published | 2022-03-01T00:00:00Z |
| source | MITRE |
| title | Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware |
GitHub Ultimate AppLocker Bypass List
Moe, O. (2018, March 1). Ultimate AppLocker Bypass List. Retrieved April 10, 2018.
Internal MISP references
UUID a2fa7fb8-ddba-44cf-878f-448fb2aa6149 which can be used as unique global reference for GitHub Ultimate AppLocker Bypass List in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-10T00:00:00Z |
| date_published | 2018-03-01T00:00:00Z |
| source | MITRE |
| title | Ultimate AppLocker Bypass List |
UCF STIG Symbolic Links
UCF. (n.d.). Unauthorized accounts must not have the Create symbolic links user right.. Retrieved December 18, 2017.
Internal MISP references
UUID 93716db0-6f88-425c-af00-ed2e941214d3 which can be used as unique global reference for UCF STIG Symbolic Links in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| source | MITRE |
| title | Unauthorized accounts must not have the Create symbolic links user right. |
FireEye FiveHands April 2021
McLellan, T. and Moore, J. et al. (2021, April 29). UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat. Retrieved June 2, 2021.
Internal MISP references
UUID 832aeb46-b248-43e8-9157-a2f56bcd1806 which can be used as unique global reference for FireEye FiveHands April 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-02T00:00:00Z |
| date_published | 2021-04-29T00:00:00Z |
| source | MITRE |
| title | UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat |
Mandiant APT29 Eye Spy Email Nov 22
Mandiant. (2022, May 2). UNC3524: Eye Spy on Your Email. Retrieved August 17, 2023.
Internal MISP references
UUID 452ca091-42b1-5bef-8a01-921c1f46bbee which can be used as unique global reference for Mandiant APT29 Eye Spy Email Nov 22 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-17T00:00:00Z |
| date_published | 2022-05-02T00:00:00Z |
| source | MITRE |
| title | UNC3524: Eye Spy on Your Email |
Trend Micro DRBControl February 2020
Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.
Internal MISP references
UUID 4dfbf26d-023b-41dd-82c8-12fe18cb10e6 which can be used as unique global reference for Trend Micro DRBControl February 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-12T00:00:00Z |
| date_published | 2020-02-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Uncovering DRBControl |
Checkpoint MosesStaff Nov 2021
Checkpoint Research. (2021, November 15). Uncovering MosesStaff techniques: Ideology over Money. Retrieved August 11, 2022.
Internal MISP references
UUID d6da2849-cff0-408a-9f09-81a33fc88a56 which can be used as unique global reference for Checkpoint MosesStaff Nov 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-11T00:00:00Z |
| date_published | 2021-11-15T00:00:00Z |
| source | MITRE |
| title | Uncovering MosesStaff techniques: Ideology over Money |
bencane blog bashrc
Benjamin Cane. (2013, September 16). Understanding a little more about /etc/profile and /etc/bashrc. Retrieved February 25, 2021.
Internal MISP references
UUID 503a4cd6-5cfe-4cce-b363-0cf3c8bc9feb which can be used as unique global reference for bencane blog bashrc in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-25T00:00:00Z |
| date_published | 2013-09-16T00:00:00Z |
| source | MITRE |
| title | Understanding a little more about /etc/profile and /etc/bashrc |
Juniper DAI 2020
Juniper. (2020, September 23). Understanding and Using Dynamic ARP Inspection (DAI). Retrieved October 15, 2020.
Internal MISP references
UUID f63b099d-a316-42a1-b1ce-17f11d0f3d2e which can be used as unique global reference for Juniper DAI 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-15T00:00:00Z |
| date_published | 2020-09-23T00:00:00Z |
| source | MITRE |
| title | Understanding and Using Dynamic ARP Inspection (DAI) |
Google Cloud IAM Policies
Google Cloud. (2022, March 31). Understanding policies. Retrieved April 1, 2022.
Internal MISP references
UUID b23a0df2-923d-4a5d-a40c-3ae218a0be94 which can be used as unique global reference for Google Cloud IAM Policies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2022-03-31T00:00:00Z |
| source | MITRE |
| title | Understanding policies |
Juniper Traffic Mirroring
Juniper. (n.d.). Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches. Retrieved October 19, 2020.
Internal MISP references
UUID a6f62986-0b62-4316-b762-021f1bb14903 which can be used as unique global reference for Juniper Traffic Mirroring in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-19T00:00:00Z |
| source | MITRE |
| title | Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches |
U.S. CISA Understanding LockBit June 2023
Cybersecurity and Infrastructure Security Agency. (2023, June 14). Understanding Ransomware Threat Actors: LockBit. Retrieved June 30, 2023.
Internal MISP references
UUID 9c03b801-2ebe-4c7b-aa29-1b7a3625964a which can be used as unique global reference for U.S. CISA Understanding LockBit June 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-30T00:00:00Z |
| date_published | 2023-06-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Understanding Ransomware Threat Actors: LockBit |
Auth0 Understanding Refresh Tokens
Auth0 Inc.. (n.d.). Understanding Refresh Tokens. Retrieved December 16, 2021.
Internal MISP references
UUID 84eb3d8a-f6b1-4bb5-9411-2c8da29b5946 which can be used as unique global reference for Auth0 Understanding Refresh Tokens in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-16T00:00:00Z |
| source | MITRE |
| title | Understanding Refresh Tokens |
baeldung Linux proc map 2022
baeldung. (2022, April 8). Understanding the Linux /proc/id/maps File. Retrieved March 31, 2023.
Internal MISP references
UUID b70d04e4-c5f9-5cb2-b896-9bd64e97369e which can be used as unique global reference for baeldung Linux proc map 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-31T00:00:00Z |
| date_published | 2022-04-08T00:00:00Z |
| source | MITRE |
| title | Understanding the Linux /proc/id/maps File |
Talos Phobos November 17 2023
Guilherme Venere. (2023, November 17). Understanding the Phobos affiliate structure and activity. Retrieved March 7, 2024.
Internal MISP references
UUID c049d198-efd0-40e2-a675-cf099b8211b3 which can be used as unique global reference for Talos Phobos November 17 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-03-07T00:00:00Z |
| date_published | 2023-11-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Understanding the Phobos affiliate structure and activity |
Mandiant APT44 April 17 2024
Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom. (2024, April 17). Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm. Retrieved April 17, 2024.
Internal MISP references
UUID a64f689e-2bb4-4253-86cd-545e7f633a7e which can be used as unique global reference for Mandiant APT44 April 17 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-04-17T00:00:00Z |
| date_published | 2024-04-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm |
FireEye KEGTAP SINGLEMALT October 2020
Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020.
Internal MISP references
UUID 59162ffd-cb95-4757-bb1e-0c2a4ad5c083 which can be used as unique global reference for FireEye KEGTAP SINGLEMALT October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-28T00:00:00Z |
| date_published | 2020-10-28T00:00:00Z |
| source | MITRE |
| title | Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser |
Wikipedia UEFI
Wikipedia. (2017, July 10). Unified Extensible Firmware Interface. Retrieved July 11, 2017.
Internal MISP references
UUID 681c6a57-76db-410b-82d6-4e614bcdb6e0 which can be used as unique global reference for Wikipedia UEFI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-11T00:00:00Z |
| date_published | 2017-07-10T00:00:00Z |
| source | MITRE |
| title | Unified Extensible Firmware Interface |
New DragonOK
Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.
Internal MISP references
UUID 82c1ed0d-a41d-4212-a3ae-a1d661bede2d which can be used as unique global reference for New DragonOK in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-11-04T00:00:00Z |
| date_published | 2015-04-01T00:00:00Z |
| source | MITRE |
| title | Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets |
Unit 42 Playbook Dec 2017
Unit 42. (2017, December 15). Unit 42 Playbook Viewer. Retrieved December 20, 2017.
Internal MISP references
UUID 9923f9ff-a7b8-4058-8213-3c83c54c10a6 which can be used as unique global reference for Unit 42 Playbook Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-12-15T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Unit 42 Playbook Viewer |
Unit 42 SeaDuke 2015
Grunzweig, J.. (2015, July 14). Unit 42 Technical Analysis: Seaduke. Retrieved August 3, 2016.
Internal MISP references
UUID 735d38da-9214-4141-86af-11eefa5c4d04 which can be used as unique global reference for Unit 42 SeaDuke 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2015-07-14T00:00:00Z |
| source | MITRE |
| title | Unit 42 Technical Analysis: Seaduke |
3OHA double-fork 2022
Juan Tapiador. (2022, April 11). UNIX daemonization and the double fork. Retrieved September 29, 2023.
Internal MISP references
UUID 521b79fe-bb7b-52fd-a899-b73e254027a5 which can be used as unique global reference for 3OHA double-fork 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-29T00:00:00Z |
| date_published | 2022-04-11T00:00:00Z |
| source | MITRE |
| title | UNIX daemonization and the double fork |
Flashpoint Anonymous Sudan Timeline
Flashpoint. (2023, June 20). Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations. Retrieved October 10, 2023.
Internal MISP references
UUID 2e7060d2-f7bc-457e-a2e6-12897d503ea6 which can be used as unique global reference for Flashpoint Anonymous Sudan Timeline in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-10T00:00:00Z |
| date_published | 2023-06-20T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations |
AADInternals Azure AD On-Prem to Cloud
Dr. Nestori Syynimaa. (2020, July 13). Unnoticed sidekick: Getting access to cloud as an on-prem admin. Retrieved September 28, 2022.
Internal MISP references
UUID 7a6a7ecd-b9c7-4371-9924-34733597556c which can be used as unique global reference for AADInternals Azure AD On-Prem to Cloud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-09-28T00:00:00Z |
| date_published | 2020-07-13T00:00:00Z |
| source | MITRE |
| title | Unnoticed sidekick: Getting access to cloud as an on-prem admin |
Adsecurity Mimikatz Guide
Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.
Internal MISP references
UUID b251ed65-a145-4053-9dc2-bf0dad83d76c which can be used as unique global reference for Adsecurity Mimikatz Guide in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-23T00:00:00Z |
| date_published | 2015-11-13T00:00:00Z |
| source | MITRE |
| title | Unofficial Guide to Mimikatz & Command Reference |
Kaspersky Lamberts Toolkit April 2017
GREAT. (2017, April 11). Unraveling the Lamberts Toolkit. Retrieved March 21, 2022.
Internal MISP references
UUID 2be23bfb-c6fb-455e-ae88-2ae910ccef60 which can be used as unique global reference for Kaspersky Lamberts Toolkit April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-21T00:00:00Z |
| date_published | 2017-04-11T00:00:00Z |
| source | MITRE |
| title | Unraveling the Lamberts Toolkit |
CrowdStrike Grim Spider May 2019
John, E. and Carvey, H. (2019, May 30). Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER. Retrieved May 12, 2020.
Internal MISP references
UUID 103f2b78-81ed-4096-a67a-dedaffd67e9b which can be used as unique global reference for CrowdStrike Grim Spider May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-12T00:00:00Z |
| date_published | 2019-05-30T00:00:00Z |
| source | MITRE |
| title | Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER |
Unregmp2.exe - LOLBAS Project
LOLBAS. (2021, December 6). Unregmp2.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 9ad11187-bf91-4205-98c7-c7b981e4ab6f which can be used as unique global reference for Unregmp2.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-12-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Unregmp2.exe |
TrendMicro Patchwork Dec 2017
Lunghi, D., et al. (2017, December). Untangling the Patchwork Cyberespionage Group. Retrieved July 10, 2018.
Internal MISP references
UUID 15465b26-99e1-4956-8c81-cda3388169b8 which can be used as unique global reference for TrendMicro Patchwork Dec 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-10T00:00:00Z |
| date_published | 2017-12-01T00:00:00Z |
| source | MITRE |
| title | Untangling the Patchwork Cyberespionage Group |
Kaspersky Careto
Kaspersky Labs. (2014, February 11). Unveiling “Careto” - The Masked APT. Retrieved July 5, 2017.
Internal MISP references
UUID 547f1a4a-7e4a-461d-8c19-f4775cd60ac0 which can be used as unique global reference for Kaspersky Careto in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-05T00:00:00Z |
| date_published | 2014-02-11T00:00:00Z |
| source | MITRE |
| title | Unveiling “Careto” - The Masked APT |
Cymmetria Patchwork
Cymmetria. (2016). Unveiling Patchwork - The Copy-Paste APT. Retrieved August 3, 2016.
Internal MISP references
UUID d4e43b2c-a858-4285-984f-f59db5c657bd which can be used as unique global reference for Cymmetria Patchwork in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-03T00:00:00Z |
| date_published | 2016-01-01T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Unveiling Patchwork - The Copy-Paste APT |
Rapid7G20Espionage
Rapid7. (2013, August 26). Upcoming G20 Summit Fuels Espionage Operations. Retrieved March 6, 2017.
Internal MISP references
UUID 2235ff2a-07b8-4198-b91d-e50739e274f4 which can be used as unique global reference for Rapid7G20Espionage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-06T00:00:00Z |
| date_published | 2013-08-26T00:00:00Z |
| source | MITRE |
| title | Upcoming G20 Summit Fuels Espionage Operations |
Unit 42 BackConfig May 2020
Hinchliffe, A. and Falcone, R. (2020, May 11). Updated BackConfig Malware Targeting Government and Military Organizations in South Asia. Retrieved June 17, 2020.
Internal MISP references
UUID f26629db-c641-4b6b-abbf-b55b9cc91cf1 which can be used as unique global reference for Unit 42 BackConfig May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-17T00:00:00Z |
| date_published | 2020-05-11T00:00:00Z |
| source | MITRE |
| title | Updated BackConfig Malware Targeting Government and Military Organizations in South Asia |
Secureworks Karagany July 2019
Secureworks. (2019, July 24). Updated Karagany Malware Targets Energy Sector. Retrieved August 12, 2020.
Internal MISP references
UUID 61c05edf-24aa-4399-8cdf-01d27f6595a1 which can be used as unique global reference for Secureworks Karagany July 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-12T00:00:00Z |
| date_published | 2019-07-24T00:00:00Z |
| source | MITRE |
| title | Updated Karagany Malware Targets Energy Sector |
Update.exe - LOLBAS Project
LOLBAS. (2019, June 26). Update.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 2c85d5e5-2cb2-4af7-8c33-8aaac3360706 which can be used as unique global reference for Update.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-06-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Update.exe |
Microsoft - Update or Repair Federated domain
Microsoft. (2020, September 14). Update or repair the settings of a federated domain in Office 365, Azure, or Intune. Retrieved December 30, 2020.
Internal MISP references
UUID 1db3856e-d581-42e6-8038-44b0a2a2b435 which can be used as unique global reference for Microsoft - Update or Repair Federated domain in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-30T00:00:00Z |
| date_published | 2020-09-14T00:00:00Z |
| source | MITRE |
| title | Update or repair the settings of a federated domain in Office 365, Azure, or Intune |
Trendmicro Evolving ThiefQuest 2020
Gabrielle Joyce Mabutas, Luis Magisa, Steven Du. (2020, July 17). Updates on Quickly-Evolving ThiefQuest macOS Malware. Retrieved April 26, 2021.
Internal MISP references
UUID 880c1b9e-55a1-404c-9754-1fc2ee30a72b which can be used as unique global reference for Trendmicro Evolving ThiefQuest 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-26T00:00:00Z |
| date_published | 2020-07-17T00:00:00Z |
| source | MITRE |
| title | Updates on Quickly-Evolving ThiefQuest macOS Malware |
AWS Update Trail
AWS. (n.d.). update-trail. Retrieved August 4, 2023.
Internal MISP references
UUID a94e1e4a-2963-5563-a8a6-ab9f64a86476 which can be used as unique global reference for AWS Update Trail in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| source | MITRE |
| title | update-trail |
Unit 42 Pirpi July 2015
Falcone, R., Wartell, R.. (2015, July 27). UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved April 23, 2019.
Internal MISP references
UUID 42d35b93-2866-46d8-b8ff-675df05db9db which can be used as unique global reference for Unit 42 Pirpi July 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2015-07-27T00:00:00Z |
| source | MITRE |
| title | UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload |
PaperCut MF/NG vulnerability bulletin
PaperCut. (2023, March 8). URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut. Retrieved August 3, 2023.
Internal MISP references
UUID d6e71b45-fc91-40f4-8201-2186994ae42a which can be used as unique global reference for PaperCut MF/NG vulnerability bulletin in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-03T00:00:00Z |
| date_published | 2023-03-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | URGENT MF/NG vulnerability bulletin (March 2023) |
Url.dll - LOLBAS Project
LOLBAS. (2018, May 25). Url.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 0c88fb72-6be5-4a01-af1c-553650779253 which can be used as unique global reference for Url.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Url.dll |
NJCCIC Ursnif Sept 2016
NJCCIC. (2016, September 27). Ursnif. Retrieved June 4, 2019.
Internal MISP references
UUID d57a2efe-8c98-491e-aecd-e051241a1779 which can be used as unique global reference for NJCCIC Ursnif Sept 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-04T00:00:00Z |
| date_published | 2016-09-27T00:00:00Z |
| source | MITRE |
| title | Ursnif |
TrendMicro Ursnif Mar 2015
Caragay, R. (2015, March 26). URSNIF: The Multifaceted Malware. Retrieved June 5, 2019.
Internal MISP references
UUID d02287df-9d93-4cbe-8e59-8f4ef3debc65 which can be used as unique global reference for TrendMicro Ursnif Mar 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-06-05T00:00:00Z |
| date_published | 2015-03-26T00:00:00Z |
| source | MITRE |
| title | URSNIF: The Multifaceted Malware |
US Coast Guard Killnet August 17 2022
US Coast Guard Cyber Command. (2022, August 17). US Coast Guard Cyber Command Maritime Cyber Alert 03-22. Retrieved October 9, 2023.
Internal MISP references
UUID 2d2a6f76-9531-4b35-b247-ae5da8663a92 which can be used as unique global reference for US Coast Guard Killnet August 17 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-10-09T00:00:00Z |
| date_published | 2022-08-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | US Coast Guard Cyber Command Maritime Cyber Alert 03-22 |
USCYBERCOM SLOTHFULMEDIA October 2020
USCYBERCOM. (2020, October 1). USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA. Retrieved November 16, 2020.
Internal MISP references
UUID 600de668-f128-4368-8667-24ed9a9db47a which can be used as unique global reference for USCYBERCOM SLOTHFULMEDIA October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-16T00:00:00Z |
| date_published | 2020-10-01T00:00:00Z |
| source | MITRE |
| title | USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA |
win10_asr
Microsoft. (2021, July 2). Use attack surface reduction rules to prevent malware infection. Retrieved June 24, 2021.
Internal MISP references
UUID 4499df4a-53c2-4f17-ac90-b99272f5f522 which can be used as unique global reference for win10_asr in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-24T00:00:00Z |
| date_published | 2021-07-02T00:00:00Z |
| source | MITRE |
| title | Use attack surface reduction rules to prevent malware infection |
Azure AD Conditional Access Exclusions
Microsoft. (2022, August 26). Use Azure AD access reviews to manage users excluded from Conditional Access policies. Retrieved August 30, 2022.
Internal MISP references
UUID 8cfb45ec-b660-4a3a-9175-af4ea01ef473 which can be used as unique global reference for Azure AD Conditional Access Exclusions in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-30T00:00:00Z |
| date_published | 2022-08-26T00:00:00Z |
| source | MITRE |
| title | Use Azure AD access reviews to manage users excluded from Conditional Access policies |
Docker Bind Mounts
Docker. (n.d.). Use Bind Mounts. Retrieved March 30, 2021.
Internal MISP references
UUID b298b3d1-30c1-4894-b1de-be11812cde6b which can be used as unique global reference for Docker Bind Mounts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| source | MITRE |
| title | Use Bind Mounts |
Chrome Roaming Profiles
Chrome Enterprise and Education Help. (n.d.). Use Chrome Browser with Roaming User Profiles. Retrieved March 28, 2023.
Internal MISP references
UUID cf0bb77d-c7f7-515b-9217-ba9120cdddec which can be used as unique global reference for Chrome Roaming Profiles in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-28T00:00:00Z |
| source | MITRE |
| title | Use Chrome Browser with Roaming User Profiles |
Ars Technica GRU indictment Jul 2018
Gallagher, S. (2018, July 27). How they did it (and will likely try again): GRU hackers vs. US elections. Retrieved September 13, 2018.
Internal MISP references
UUID a1192cb3-4536-4900-93c7-a127ca06c690 which can be used as unique global reference for Ars Technica GRU indictment Jul 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-13T00:00:00Z |
| source | MITRE |
| title | US elections |
Remote Management MDM macOS
Apple. (n.d.). Use MDM to enable Remote Management in macOS. Retrieved September 23, 2021.
Internal MISP references
UUID e5f59848-7014-487d-9bae-bed81af1b72b which can be used as unique global reference for Remote Management MDM macOS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| source | MITRE |
| title | Use MDM to enable Remote Management in macOS |
Securelist Denis April 2017
Shulmin, A., Yunakovsky, S. (2017, April 28). Use of DNS Tunneling for C&C Communications. Retrieved November 5, 2018.
Internal MISP references
UUID 07855a81-1b72-4361-917e-a413b0124eca which can be used as unique global reference for Securelist Denis April 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-05T00:00:00Z |
| date_published | 2017-04-28T00:00:00Z |
| source | MITRE |
| title | Use of DNS Tunneling for C&C Communications |
Microsoft UAC
Microsoft. (n.d.). User Account Control. Retrieved January 18, 2018.
Internal MISP references
UUID 2eb2fb2f-0b43-4c8c-a69f-3f76a8fd90f3 which can be used as unique global reference for Microsoft UAC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-18T00:00:00Z |
| source | MITRE |
| title | User Account Control |
TechNet Inside UAC
Russinovich, M. (2009, July). User Account Control: Inside Windows 7 User Account Control. Retrieved July 26, 2016.
Internal MISP references
UUID dea47af6-677a-4625-8664-adf0e6839c9f which can be used as unique global reference for TechNet Inside UAC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-26T00:00:00Z |
| date_published | 2009-07-01T00:00:00Z |
| source | MITRE |
| title | User Account Control: Inside Windows 7 User Account Control |
User Approved Kernel Extension Pike’s
Pikeralpha. (2017, August 29). User Approved Kernel Extension Loading…. Retrieved September 23, 2021.
Internal MISP references
UUID 7700928b-2d27-470c-a2d9-e5c5f9a43af3 which can be used as unique global reference for User Approved Kernel Extension Pike’s in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2017-08-29T00:00:00Z |
| source | MITRE |
| title | User Approved Kernel Extension Loading… |
Adlice Software IAT Hooks Oct 2014
Tigzy. (2014, October 15). Userland Rootkits: Part 1, IAT hooks. Retrieved December 12, 2017.
Internal MISP references
UUID 9a0e7054-9239-43cd-8e5f-aac8b665be72 which can be used as unique global reference for Adlice Software IAT Hooks Oct 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2014-10-15T00:00:00Z |
| source | MITRE |
| title | Userland Rootkits: Part 1, IAT hooks |
cisco_username_cmd
Cisco. (2023, March 6). username - Cisco IOS Security Command Reference: Commands S to Z. Retrieved July 13, 2022.
Internal MISP references
UUID 8e7b99d7-ad94-5802-a1ee-6334842e7e0b which can be used as unique global reference for cisco_username_cmd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-07-13T00:00:00Z |
| date_published | 2023-03-06T00:00:00Z |
| source | MITRE |
| title | username - Cisco IOS Security Command Reference: Commands S to Z |
Jamf User Password Policies
Holland, J. (2016, January 25). User password policies on non AD machines. Retrieved April 5, 2018.
Internal MISP references
UUID aa3846fd-a307-4be5-a487-9aa2688d5816 which can be used as unique global reference for Jamf User Password Policies in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-05T00:00:00Z |
| date_published | 2016-01-25T00:00:00Z |
| source | MITRE |
| title | User password policies on non AD machines |
MacOS Email Rules
Apple. (n.d.). Use rules to manage emails you receive in Mail on Mac. Retrieved June 14, 2021.
Internal MISP references
UUID f83283aa-3aaf-4ebd-8503-0d84c2c627c4 which can be used as unique global reference for MacOS Email Rules in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-14T00:00:00Z |
| source | MITRE |
| title | Use rules to manage emails you receive in Mail on Mac |
Kickstart Apple Remote Desktop commands
Apple. (n.d.). Use the kickstart command-line utility in Apple Remote Desktop. Retrieved September 23, 2021.
Internal MISP references
UUID f26542dd-aa61-4d2a-a05a-8f9674b49f82 which can be used as unique global reference for Kickstart Apple Remote Desktop commands in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| source | MITRE |
| title | Use the kickstart command-line utility in Apple Remote Desktop |
Microsoft Windows Event Forwarding FEB 2018
Hardy, T. & Hall, J. (2018, February 15). Use Windows Event Forwarding to help with intrusion detection. Retrieved August 7, 2018.
Internal MISP references
UUID 4e7c36b9-415f-41f1-980e-251d92994eb4 which can be used as unique global reference for Microsoft Windows Event Forwarding FEB 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-07T00:00:00Z |
| date_published | 2018-02-15T00:00:00Z |
| source | MITRE |
| title | Use Windows Event Forwarding to help with intrusion detection |
Apple ZShell
Apple. (2020, January 28). Use zsh as the default shell on your Mac. Retrieved June 12, 2020.
Internal MISP references
UUID 5374ad8e-96a2-4d19-b2cf-28232fa97b52 which can be used as unique global reference for Apple ZShell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-12T00:00:00Z |
| date_published | 2020-01-28T00:00:00Z |
| source | MITRE |
| title | Use zsh as the default shell on your Mac |
Kuberentes ABAC
Kuberenets. (n.d.). Using ABAC Authorization. Retrieved July 14, 2023.
Internal MISP references
UUID 7f960599-a3d6-53bb-91ff-f0e6117a30ed which can be used as unique global reference for Kuberentes ABAC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-14T00:00:00Z |
| source | MITRE |
| title | Using ABAC Authorization |
Cisco Umbrella DGA Brute Force
Kasza, A. (2015, February 18). Using Algorithms to Brute Force Algorithms. Retrieved February 18, 2019.
Internal MISP references
UUID d0eacad8-a6ff-4282-8fbc-d7984ad03b56 which can be used as unique global reference for Cisco Umbrella DGA Brute Force in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-18T00:00:00Z |
| date_published | 2015-02-18T00:00:00Z |
| source | MITRE |
| title | Using Algorithms to Brute Force Algorithms |
Exploit Monday Mitigate Device Guard Bypases
Graeber, M. (2016, September 8). Using Device Guard to Mitigate Against Device Guard Bypasses. Retrieved September 13, 2016.
Internal MISP references
UUID 8130e5e1-376f-4945-957a-aaf8684b361b which can be used as unique global reference for Exploit Monday Mitigate Device Guard Bypases in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-09-13T00:00:00Z |
| date_published | 2016-09-08T00:00:00Z |
| source | MITRE |
| title | Using Device Guard to Mitigate Against Device Guard Bypasses |
Microsoft DsAddSidHistory
Microsoft. (n.d.). Using DsAddSidHistory. Retrieved November 30, 2017.
Internal MISP references
UUID 11c44e1e-28d8-4d45-8539-6586466a5b3c which can be used as unique global reference for Microsoft DsAddSidHistory in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| source | MITRE |
| title | Using DsAddSidHistory |
Microsoft 365 Defender Solorigate
Microsoft 365 Defender Team. (2020, December 28). Using Microsoft 365 Defender to protect against Solorigate. Retrieved January 7, 2021.
Internal MISP references
UUID 449cf112-535b-44af-9001-55123b342779 which can be used as unique global reference for Microsoft 365 Defender Solorigate in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-07T00:00:00Z |
| date_published | 2020-12-28T00:00:00Z |
| source | MITRE |
| title | Using Microsoft 365 Defender to protect against Solorigate |
TechNet Netsh
Microsoft. (n.d.). Using Netsh. Retrieved February 13, 2017.
Internal MISP references
UUID 58112a3a-06bd-4a46-8a09-4dba5f42a04f which can be used as unique global reference for TechNet Netsh in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-13T00:00:00Z |
| source | MITRE |
| title | Using Netsh |
Demaske Netsh Persistence
Demaske, M. (2016, September 23). USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST. Retrieved April 8, 2017.
Internal MISP references
UUID 663b3fd6-0dd6-45c8-afba-dc0ea6d331b5 which can be used as unique global reference for Demaske Netsh Persistence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-04-08T00:00:00Z |
| date_published | 2016-09-23T00:00:00Z |
| source | MITRE |
| title | USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST |
CrowdStrike Outlook Forms
Parisi, T., et al. (2017, July). Using Outlook Forms for Lateral Movement and Persistence. Retrieved February 5, 2019.
Internal MISP references
UUID ad412d39-c0c5-4119-9193-0ba1309edb3f which can be used as unique global reference for CrowdStrike Outlook Forms in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-05T00:00:00Z |
| date_published | 2017-07-01T00:00:00Z |
| source | MITRE |
| title | Using Outlook Forms for Lateral Movement and Persistence |
Red Hat PAM
Red Hat. (n.d.). CHAPTER 2. USING PLUGGABLE AUTHENTICATION MODULES (PAM). Retrieved June 25, 2020.
Internal MISP references
UUID 3dc88605-64c8-495a-9e3b-e5686fd2eb03 which can be used as unique global reference for Red Hat PAM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-25T00:00:00Z |
| source | MITRE |
| title | USING PLUGGABLE AUTHENTICATION MODULES (PAM) |
Varonis Power Automate Data Exfiltration
Eric Saraga. (2022, February 2). Using Power Automate for Covert Data Exfiltration in Microsoft 365. Retrieved May 27, 2022.
Internal MISP references
UUID 16436468-1daf-433d-bb3b-f842119594b4 which can be used as unique global reference for Varonis Power Automate Data Exfiltration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-27T00:00:00Z |
| date_published | 2022-02-02T00:00:00Z |
| source | MITRE |
| title | Using Power Automate for Covert Data Exfiltration in Microsoft 365 |
Microsoft Disable NTLM Nov 2012
Microsoft. (2012, November 29). Using security policies to restrict NTLM traffic. Retrieved December 4, 2017.
Internal MISP references
UUID 5861ed76-fedd-4ff9-8242-308c7206e4cb which can be used as unique global reference for Microsoft Disable NTLM Nov 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-04T00:00:00Z |
| date_published | 2012-11-29T00:00:00Z |
| source | MITRE |
| title | Using security policies to restrict NTLM traffic |
Microsoft SMB Packet Signing
Microsoft. (2008, September 10). Using SMB Packet Signing. Retrieved February 7, 2019.
Internal MISP references
UUID 32a30a3f-3ed1-4def-86b1-f40bbffa1cc5 which can be used as unique global reference for Microsoft SMB Packet Signing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-07T00:00:00Z |
| date_published | 2008-09-10T00:00:00Z |
| source | MITRE |
| title | Using SMB Packet Signing |
TechNet Applocker vs SRP
Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.
Internal MISP references
UUID 84e1c53f-e858-4106-9c14-1b536d5b56f9 which can be used as unique global reference for TechNet Applocker vs SRP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-07T00:00:00Z |
| date_published | 2012-06-27T00:00:00Z |
| source | MITRE |
| title | Using Software Restriction Policies and AppLocker Policies |
Microsoft Using Software Restriction
Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.
Internal MISP references
UUID 774e6598-0926-4adb-890f-00824de07ae0 which can be used as unique global reference for Microsoft Using Software Restriction in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-07T00:00:00Z |
| date_published | 2012-06-27T00:00:00Z |
| source | MITRE |
| title | Using Software Restriction Policies and AppLocker Policies |
OSX Keychain Schaumann
Jan Schaumann. (2015, November 5). Using the OS X Keychain to store and retrieve passwords. Retrieved March 31, 2022.
Internal MISP references
UUID d0ac448a-7299-4ddc-8730-be72fb840ccb which can be used as unique global reference for OSX Keychain Schaumann in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-31T00:00:00Z |
| date_published | 2015-11-05T00:00:00Z |
| source | MITRE |
| title | Using the OS X Keychain to store and retrieve passwords |
USNYAG IranianBotnet March 2016
Preet Bharara, US Attorney. (2016, March 24). Retrieved April 23, 2019.
Internal MISP references
UUID 69ee73c1-359f-4584-a6e7-75119d24bbf5 which can be used as unique global reference for USNYAG IranianBotnet March 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| source | MITRE |
| title | USNYAG IranianBotnet March 2016 |
UtilityFunctions.ps1 - LOLBAS Project
LOLBAS. (2021, September 26). UtilityFunctions.ps1. Retrieved December 4, 2023.
Internal MISP references
UUID 8f15755b-2e32-420e-8463-497e3f8d8cfd which can be used as unique global reference for UtilityFunctions.ps1 - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | UtilityFunctions.ps1 |
Kernel.org Restrict Kernel Module
Vander Stoep, J. (2016, April 5). [v3] selinux: restrict kernel module loadinglogin register. Retrieved April 9, 2018.
Internal MISP references
UUID a7c3fc64-9b79-4324-8177-0061208d018c which can be used as unique global reference for Kernel.org Restrict Kernel Module in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2016-04-05T00:00:00Z |
| source | MITRE |
| title | [v3] selinux: restrict kernel module loadinglogin register |
SentinelOne Valak June 2020
Reaves, J. and Platt, J. (2020, June). Valak Malware and the Connection to Gozi Loader ConfCrew. Retrieved August 31, 2020.
Internal MISP references
UUID 92b8ff34-05ef-4139-a6bd-56eb8af9d5e9 which can be used as unique global reference for SentinelOne Valak June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-31T00:00:00Z |
| date_published | 2020-06-01T00:00:00Z |
| source | MITRE |
| title | Valak Malware and the Connection to Gozi Loader ConfCrew |
Cybereason Valak May 2020
Salem, E. et al. (2020, May 28). VALAK: MORE THAN MEETS THE EYE . Retrieved June 19, 2020.
Internal MISP references
UUID 235d1cf1-2413-4620-96cf-083d348410c2 which can be used as unique global reference for Cybereason Valak May 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-19T00:00:00Z |
| date_published | 2020-05-28T00:00:00Z |
| source | MITRE |
| title | VALAK: MORE THAN MEETS THE EYE |
Walmart Roberts Oct 2018
Sayre, K., Ogden, H., Roberts, C. (2018, October 10). VBA Stomping — Advanced Maldoc Techniques. Retrieved September 17, 2020.
Internal MISP references
UUID d1c88a57-85f4-4a35-a7fa-35e8c7fcd943 which can be used as unique global reference for Walmart Roberts Oct 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-17T00:00:00Z |
| date_published | 2018-10-10T00:00:00Z |
| source | MITRE |
| title | VBA Stomping — Advanced Maldoc Techniques |
vbc.exe - LOLBAS Project
LOLBAS. (2020, February 27). vbc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 25eb4048-ee6d-44ca-a70b-37605028bd3c which can be used as unique global reference for vbc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-02-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | vbc.exe |
Veil_Ref
Veil Framework. (n.d.). Retrieved December 4, 2014.
Internal MISP references
UUID 722755a8-305f-4e37-8278-afb360836bec which can be used as unique global reference for Veil_Ref in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-04T00:00:00Z |
| source | MITRE |
| title | Veil_Ref |
LOLBAS Verclsid
LOLBAS. (n.d.). Verclsid.exe. Retrieved August 10, 2020.
Internal MISP references
UUID 63ac9e95-aad8-4735-9e63-f45d8c499030 which can be used as unique global reference for LOLBAS Verclsid in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-10T00:00:00Z |
| source | MITRE |
| title | Verclsid.exe |
WinOSBite verclsid.exe
verclsid-exe. (2019, December 17). verclsid.exe File Information - What is it & How to Block . Retrieved August 10, 2020.
Internal MISP references
UUID 5d5fa25b-64a9-4fdb-87c5-1a69a7d2f874 which can be used as unique global reference for WinOSBite verclsid.exe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-10T00:00:00Z |
| date_published | 2019-12-17T00:00:00Z |
| source | MITRE |
| title | verclsid.exe File Information - What is it & How to Block |
Unit 42 VERMIN Jan 2018
Lancaster, T., Cortes, J. (2018, January 29). VERMIN: Quasar RAT and Custom Malware Used In Ukraine. Retrieved July 5, 2018.
Internal MISP references
UUID 0d6db249-9368-495e-9f1f-c7f10041f5ff which can be used as unique global reference for Unit 42 VERMIN Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-05T00:00:00Z |
| date_published | 2018-01-29T00:00:00Z |
| source | MITRE |
| title | VERMIN: Quasar RAT and Custom Malware Used In Ukraine |
Unit 42 Vice Society December 6 2022
JR Gumarin. (2022, December 6). Vice Society: Profiling a Persistent Threat to the Education Sector. Retrieved November 14, 2023.
Internal MISP references
UUID 6abf7387-0857-4938-b36e-1374a66d4ed8 which can be used as unique global reference for Unit 42 Vice Society December 6 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-14T00:00:00Z |
| date_published | 2022-12-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Vice Society: Profiling a Persistent Threat to the Education Sector |
Minerva Labs Vidar Stealer Evasion
Minerva Labs. (2021, September 23). Vidar Stealer Evasion Arsenal. Retrieved November 16, 2023.
Internal MISP references
UUID ce9714d3-7f7c-4068-bcc8-0f0eeaf0dc0b which can be used as unique global reference for Minerva Labs Vidar Stealer Evasion in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-16T00:00:00Z |
| date_published | 2021-09-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Vidar Stealer Evasion Arsenal |
Amnesty Intl. Ocean Lotus February 2021
Amnesty International. (2021, February 24). Vietnamese activists targeted by notorious hacking group. Retrieved March 1, 2021.
Internal MISP references
UUID a54a2f68-8406-43ab-8758-07edd49dfb83 which can be used as unique global reference for Amnesty Intl. Ocean Lotus February 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-01T00:00:00Z |
| date_published | 2021-02-24T00:00:00Z |
| source | MITRE |
| title | Vietnamese activists targeted by notorious hacking group |
FireEye APT32 April 2020
Henderson, S., et al. (2020, April 22). Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage. Retrieved April 28, 2020.
Internal MISP references
UUID 347ad5a1-d0b1-4f2b-9abd-eff96d05987d which can be used as unique global reference for FireEye APT32 April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-28T00:00:00Z |
| date_published | 2020-04-22T00:00:00Z |
| source | MITRE |
| title | Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage |
Slack Help Center Access Logs
Slack Help Center. (n.d.). View Access Logs for your workspace. Retrieved April 10, 2023.
Internal MISP references
UUID b179d0d4-e115-59f1-86a7-7dcfc253e16f which can be used as unique global reference for Slack Help Center Access Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-04-10T00:00:00Z |
| source | MITRE |
| title | View Access Logs for your workspace |
Azure Activity Logs
Microsoft. (n.d.). View Azure activity logs. Retrieved June 17, 2020.
Internal MISP references
UUID 19b55c10-f4fd-49c2-b267-0d3d8e9acdd7 which can be used as unique global reference for Azure Activity Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-17T00:00:00Z |
| source | MITRE |
| title | View Azure activity logs |
DOJ GRU Indictment Jul 2018
Mueller, R. (2018, July 13). Indictment - United States of America vs. VIKTOR BORISOVICH NETYKSHO, et al. Retrieved September 13, 2018.
Internal MISP references
UUID d65f371b-19d0-49de-b92b-94a2bea1d988 which can be used as unique global reference for DOJ GRU Indictment Jul 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-09-13T00:00:00Z |
| source | MITRE |
| title | VIKTOR BORISOVICH NETYKSHO, et al |
MalwareTech VFS Nov 2014
Hutchins, M. (2014, November 28). Virtual File Systems for Beginners. Retrieved June 22, 2020.
Internal MISP references
UUID c06af73d-5ed0-46a0-a5a9-161035075884 which can be used as unique global reference for MalwareTech VFS Nov 2014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-22T00:00:00Z |
| date_published | 2014-11-28T00:00:00Z |
| source | MITRE |
| title | Virtual File Systems for Beginners |
Ars Technica Pwn2Own 2017 VM Escape
Goodin, D. (2017, March 17). Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated. Retrieved March 12, 2018.
Internal MISP references
UUID e75f2d0f-f63e-48c7-a0c3-8f00f371624e which can be used as unique global reference for Ars Technica Pwn2Own 2017 VM Escape in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-12T00:00:00Z |
| date_published | 2017-03-17T00:00:00Z |
| source | MITRE |
| title | Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated |
Google VM
Google. (n.d.). Virtual machine instances. Retrieved October 13, 2021.
Internal MISP references
UUID 2b7ec610-5654-4c94-b5df-9cf5670eec33 which can be used as unique global reference for Google VM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | Virtual machine instances |
Microsoft Virutal Machine API
Microsoft. (2019, March 1). Virtual Machines - Get. Retrieved October 8, 2019.
Internal MISP references
UUID f565c237-07c5-4e9e-9879-513627517109 which can be used as unique global reference for Microsoft Virutal Machine API in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2019-03-01T00:00:00Z |
| source | MITRE |
| title | Virtual Machines - Get |
Azure Update Virtual Machines
Microsoft. (n.d.). Virtual Machines - Update. Retrieved April 1, 2022.
Internal MISP references
UUID 299f231f-70d1-4c1a-818f-8a01cf65382c which can be used as unique global reference for Azure Update Virtual Machines in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| source | MITRE |
| title | Virtual Machines - Update |
Azure Virtual Network TAP
Microsoft. (2022, February 9). Virtual network TAP. Retrieved March 17, 2022.
Internal MISP references
UUID 3f106d7e-f101-4adb-bbd1-d8c04a347f85 which can be used as unique global reference for Azure Virtual Network TAP in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-17T00:00:00Z |
| date_published | 2022-02-09T00:00:00Z |
| source | MITRE |
| title | Virtual network TAP |
Google VPC Overview
Google. (2019, September 23). Virtual Private Cloud (VPC) network overview. Retrieved October 6, 2019.
Internal MISP references
UUID 9ebe53cf-657f-475d-85e4-9e30f4af1e7d which can be used as unique global reference for Google VPC Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| date_published | 2019-09-23T00:00:00Z |
| source | MITRE |
| title | Virtual Private Cloud (VPC) network overview |
Volexity Virtual Private Keylogging
Adair, S. (2015, October 7). Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence. Retrieved March 20, 2017.
Internal MISP references
UUID b299f8e7-01da-4d59-9657-ef93cf284cc0 which can be used as unique global reference for Volexity Virtual Private Keylogging in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-03-20T00:00:00Z |
| date_published | 2015-10-07T00:00:00Z |
| source | MITRE |
| title | Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence |
VirusTotal Behavior def.exe
VirusTotal. (2023, July 11). VirusTotal Behavior def.exe. Retrieved July 11, 2023.
Internal MISP references
UUID 3502c98d-b61d-42fa-b23e-7128a4042c03 which can be used as unique global reference for VirusTotal Behavior def.exe in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-11T00:00:00Z |
| date_published | 2023-07-11T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | VirusTotal Behavior def.exe |
VirusTotal FAQ
VirusTotal. (n.d.). VirusTotal FAQ. Retrieved May 23, 2019.
Internal MISP references
UUID 5cd965f6-c4af-40aa-8f08-620cf5f1242a which can be used as unique global reference for VirusTotal FAQ in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-23T00:00:00Z |
| source | MITRE |
| title | VirusTotal FAQ |
Visa RawPOS March 2015
Visa. (2015, March). Visa Security Alert: "RawPOS" Malware Targeting Lodging Merchants. Retrieved October 6, 2017.
Internal MISP references
UUID a2371f44-0a88-4d68-bbe7-7e79f13f78c2 which can be used as unique global reference for Visa RawPOS March 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-10-06T00:00:00Z |
| date_published | 2015-03-01T00:00:00Z |
| source | MITRE |
| title | Visa Security Alert: "RawPOS" Malware Targeting Lodging Merchants |
ESET Recon Snake Nest
Boutin, J. and Faou, M. (2018). Visiting the snake nest. Retrieved May 7, 2019.
Internal MISP references
UUID b69d7c73-40c2-4cb2-b9ad-088ef61e2f7f which can be used as unique global reference for ESET Recon Snake Nest in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-07T00:00:00Z |
| date_published | 2018-01-01T00:00:00Z |
| source | MITRE |
| title | Visiting the snake nest |
VB Microsoft
Microsoft. (n.d.). Visual Basic documentation. Retrieved June 23, 2020.
Internal MISP references
UUID b23a1a5d-48dd-4346-bf8d-390624214081 which can be used as unique global reference for VB Microsoft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| source | MITRE |
| title | Visual Basic documentation |
Wikipedia VBA
Wikipedia. (n.d.). Visual Basic for Applications. Retrieved August 13, 2020.
Internal MISP references
UUID 70818420-c3ec-46c3-9e97-d8f989f2e3db which can be used as unique global reference for Wikipedia VBA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-08-13T00:00:00Z |
| source | MITRE |
| title | Visual Basic for Applications |
VB .NET Mar 2020
.NET Team. (2020, March 11). Visual Basic support planned for .NET 5.0. Retrieved June 23, 2020.
Internal MISP references
UUID da6d1b56-8e59-4125-b318-48a40a1c8e94 which can be used as unique global reference for VB .NET Mar 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| date_published | 2020-03-11T00:00:00Z |
| source | MITRE |
| title | Visual Basic support planned for .NET 5.0 |
VisualUiaVerifyNative.exe - LOLBAS Project
LOLBAS. (2021, September 26). VisualUiaVerifyNative.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b17be296-15ad-468f-8157-8cb4093b2e97 which can be used as unique global reference for VisualUiaVerifyNative.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | VisualUiaVerifyNative.exe |
Carbon Black HotCroissant April 2020
Knight, S.. (2020, April 16). VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus. Retrieved May 1, 2020.
Internal MISP references
UUID 43bcb35b-56e1-47a8-9c74-f7543a25b2a6 which can be used as unique global reference for Carbon Black HotCroissant April 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-01T00:00:00Z |
| date_published | 2020-04-16T00:00:00Z |
| source | MITRE |
| title | VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus |
Offensive Security VNC Authentication Check
Offensive Security. (n.d.). VNC Authentication. Retrieved October 6, 2021.
Internal MISP references
UUID 90a5ab3c-c2a8-4b02-9bd7-628672907737 which can be used as unique global reference for Offensive Security VNC Authentication Check in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-06T00:00:00Z |
| source | MITRE |
| title | VNC Authentication |
CheckPoint Volatile Cedar March 2015
Threat Intelligence and Research. (2015, March 30). VOLATILE CEDAR. Retrieved February 8, 2021.
Internal MISP references
UUID a26344a2-63ca-422e-8cf9-0cf22a5bee72 which can be used as unique global reference for CheckPoint Volatile Cedar March 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-08T00:00:00Z |
| date_published | 2015-03-30T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | VOLATILE CEDAR |
Microsoft Volt Typhoon May 2023
Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Retrieved July 27, 2023.
Internal MISP references
UUID 8b74f0b7-9719-598c-b3ee-61d734393e6f which can be used as unique global reference for Microsoft Volt Typhoon May 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-27T00:00:00Z |
| date_published | 2023-05-24T00:00:00Z |
| source | MITRE |
| title | Volt Typhoon targets US critical infrastructure with living-off-the-land techniques |
VSDiagnostics.exe - LOLBAS Project
LOLBAS. (2023, July 12). VSDiagnostics.exe. Retrieved December 4, 2023.
Internal MISP references
UUID b4658fc0-af16-45b1-8403-a9676760a36a which can be used as unique global reference for VSDiagnostics.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-07-12T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | VSDiagnostics.exe |
Vshadow.exe - LOLBAS Project
LOLBAS. (2023, September 6). Vshadow.exe. Retrieved December 4, 2023.
Internal MISP references
UUID ae3b1e26-d7d7-4049-b4a7-80cd2b149b7c which can be used as unique global reference for Vshadow.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-09-06T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Vshadow.exe |
VSIISExeLauncher.exe - LOLBAS Project
LOLBAS. (2021, September 24). VSIISExeLauncher.exe. Retrieved December 4, 2023.
Internal MISP references
UUID e2fda344-77b8-4650-a7da-1e422db6d3a1 which can be used as unique global reference for VSIISExeLauncher.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-24T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | VSIISExeLauncher.exe |
vsjitdebugger.exe - LOLBAS Project
LOLBAS. (2018, May 25). vsjitdebugger.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 94a880fa-70b0-46c3-997e-b22dc9180134 which can be used as unique global reference for vsjitdebugger.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | vsjitdebugger.exe |
vsls-agent.exe - LOLBAS Project
LOLBAS. (2022, November 1). vsls-agent.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 325eab54-bcdd-4a12-ab41-aaf06a0405e9 which can be used as unique global reference for vsls-agent.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-11-01T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | vsls-agent.exe |
vstest.console.exe - LOLBAS Project
LOLBAS. (2023, September 8). vstest.console.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 70c168a0-9ddf-408d-ba29-885c0c5c936a which can be used as unique global reference for vstest.console.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2023-09-08T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | vstest.console.exe |
Kanthak Sentinel
Kanthak, S. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.
Internal MISP references
UUID 94f99326-1512-47ca-8c99-9b382e4d0261 which can be used as unique global reference for Kanthak Sentinel in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-03T00:00:00Z |
| date_published | 2016-07-20T00:00:00Z |
| source | MITRE |
| title | Vulnerability and Exploit Detector |
Vulnerability and Exploit Detector
Kanthak, S.. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.
Internal MISP references
UUID d63d6e14-8fe7-4893-a42f-3752eaec8770 which can be used as unique global reference for Vulnerability and Exploit Detector in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-03T00:00:00Z |
| date_published | 2016-07-20T00:00:00Z |
| source | MITRE |
| title | Vulnerability and Exploit Detector |
Technet MS14-068
Microsoft. (2014, November 18). Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780). Retrieved December 23, 2015.
Internal MISP references
UUID db78c095-b7b2-4422-8473-49d4a1129b76 which can be used as unique global reference for Technet MS14-068 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-23T00:00:00Z |
| date_published | 2014-11-18T00:00:00Z |
| source | MITRE |
| title | Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) |
vxunderground debug
vxunderground. (2021, June 30). VX-API. Retrieved April 1, 2022.
Internal MISP references
UUID 8c7fe2a2-64a1-4680-a4e6-f6eefe00407a which can be used as unique global reference for vxunderground debug in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-01T00:00:00Z |
| date_published | 2021-06-30T00:00:00Z |
| source | MITRE |
| title | VX-API |
Symantec W32.Duqu
Symantec Security Response. (2011, November). W32.Duqu: The precursor to the next Stuxnet. Retrieved September 17, 2015.
Internal MISP references
UUID 8660411a-6b9c-46c2-8f5f-049ec60c7d40 which can be used as unique global reference for Symantec W32.Duqu in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-09-17T00:00:00Z |
| date_published | 2011-11-01T00:00:00Z |
| source | MITRE |
| title | W32.Duqu: The precursor to the next Stuxnet |
Symantec W.32 Stuxnet Dossier
Nicolas Falliere, Liam O. Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier. Retrieved December 7, 2020.
Internal MISP references
UUID ef65ab18-fd84-4098-8805-df0268fc3a38 which can be used as unique global reference for Symantec W.32 Stuxnet Dossier in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-07T00:00:00Z |
| date_published | 2011-02-01T00:00:00Z |
| source | MITRE |
| title | W32.Stuxnet Dossier |
w32.tidserv.g
Symantec. (2009, March 22). W32.Tidserv.G. Retrieved January 14, 2022.
Internal MISP references
UUID 9d4ac51b-d870-43e8-bc6f-d7159343b00c which can be used as unique global reference for w32.tidserv.g in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-14T00:00:00Z |
| date_published | 2009-03-22T00:00:00Z |
| source | MITRE |
| title | W32.Tidserv.G |
Github W32Time Oct 2017
Lundgren, S. (2017, October 28). w32time. Retrieved March 26, 2018.
Internal MISP references
UUID a248fd87-c3c1-4de7-a9af-0436a10f71aa which can be used as unique global reference for Github W32Time Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-26T00:00:00Z |
| date_published | 2017-10-28T00:00:00Z |
| source | MITRE |
| title | w32time |
Symantec Chernobyl W95.CIH
Yamamura, M. (2002, April 25). W95.CIH. Retrieved April 12, 2019.
Internal MISP references
UUID a35cab17-634d-4a7a-a42c-4a4280e8785d which can be used as unique global reference for Symantec Chernobyl W95.CIH in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-12T00:00:00Z |
| date_published | 2002-04-25T00:00:00Z |
| source | MITRE |
| title | W95.CIH |
Wab.exe - LOLBAS Project
LOLBAS. (2018, May 25). Wab.exe. Retrieved December 4, 2023.
Internal MISP references
UUID c432556e-c7f9-4e36-af7e-d7bea6f51e95 which can be used as unique global reference for Wab.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Wab.exe |
GitLab WakeOnLAN
Perry, David. (2020, August 11). WakeOnLAN (WOL). Retrieved February 17, 2021.
Internal MISP references
UUID 120e3b14-f08b-40e0-9d20-4ddda6b8cc06 which can be used as unique global reference for GitLab WakeOnLAN in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-17T00:00:00Z |
| date_published | 2020-08-11T00:00:00Z |
| source | MITRE |
| title | WakeOnLAN (WOL) |
FireEye WannaCry 2017
Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.
Internal MISP references
UUID 34b15fe1-c550-4150-87bc-ac9662547247 which can be used as unique global reference for FireEye WannaCry 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-15T00:00:00Z |
| date_published | 2017-05-23T00:00:00Z |
| source | MITRE |
| title | WannaCry Malware Profile |
BfV North Korea February 17 2024
Bundesamt fur Verfassungsschutz. (2024, February 17). Warning of North Korean cyber threats targeting the Defense Sector. Retrieved February 26, 2024.
Internal MISP references
UUID cc76be15-6d9d-40b2-b7f3-196bb0a7106a which can be used as unique global reference for BfV North Korea February 17 2024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2024-02-26T00:00:00Z |
| date_published | 2024-02-17T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Warning of North Korean cyber threats targeting the Defense Sector |
Trend Micro War of Crypto Miners
Oliveira, A., Fiser, D. (2020, September 10). War of Linux Cryptocurrency Miners: A Battle for Resources. Retrieved April 6, 2021.
Internal MISP references
UUID 1ba47efe-35f8-4d52-95c7-65cdc829c8e5 which can be used as unique global reference for Trend Micro War of Crypto Miners in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-06T00:00:00Z |
| date_published | 2020-09-10T00:00:00Z |
| source | MITRE |
| title | War of Linux Cryptocurrency Miners: A Battle for Resources |
Check Point Warzone Feb 2020
Harakhavik, Y. (2020, February 3). Warzone: Behind the enemy lines. Retrieved December 17, 2021.
Internal MISP references
UUID c214c36e-2bc7-4b98-a74e-529aae99f9cf which can be used as unique global reference for Check Point Warzone Feb 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-17T00:00:00Z |
| date_published | 2020-02-03T00:00:00Z |
| source | MITRE |
| title | Warzone: Behind the enemy lines |
Uptycs Warzone UAC Bypass November 2020
Mohanta, A. (2020, November 25). Warzone RAT comes with UAC bypass technique. Retrieved April 7, 2022.
Internal MISP references
UUID 1324b314-a4d9-43e7-81d6-70b6917fe527 which can be used as unique global reference for Uptycs Warzone UAC Bypass November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-07T00:00:00Z |
| date_published | 2020-11-25T00:00:00Z |
| source | MITRE |
| title | Warzone RAT comes with UAC bypass technique |
Dragos WASSONITE
Dragos. (n.d.). WASSONITE. Retrieved January 20, 2021.
Internal MISP references
UUID 39e6ab06-9f9f-4292-9034-b2f56064164d which can be used as unique global reference for Dragos WASSONITE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-01-20T00:00:00Z |
| source | MITRE |
| title | WASSONITE |
NCC Group WastedLocker June 2020
Antenucci, S., Pantazopoulos, N., Sandee, M. (2020, June 23). WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group. Retrieved September 14, 2021.
Internal MISP references
UUID 1520f2e5-2689-428f-9ee4-05e153a52381 which can be used as unique global reference for NCC Group WastedLocker June 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2020-06-23T00:00:00Z |
| source | MITRE |
| title | WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group |
Sentinel Labs WastedLocker July 2020
Walter, J.. (2020, July 23). WastedLocker Ransomware: Abusing ADS and NTFS File Attributes. Retrieved September 14, 2021.
Internal MISP references
UUID 5ed4eb07-cc90-46bc-8527-0bb59e1eefe1 which can be used as unique global reference for Sentinel Labs WastedLocker July 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| date_published | 2020-07-23T00:00:00Z |
| source | MITRE |
| title | WastedLocker Ransomware: Abusing ADS and NTFS File Attributes |
Intezer Doki July 20
Fishbein, N., Kajiloti, M.. (2020, July 28). Watch Your Containers: Doki Infecting Docker Servers in the Cloud. Retrieved March 30, 2021.
Internal MISP references
UUID 688b2582-6602-44e1-aaac-3a4b8e168b04 which can be used as unique global reference for Intezer Doki July 20 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| date_published | 2020-07-28T00:00:00Z |
| source | MITRE |
| title | Watch Your Containers: Doki Infecting Docker Servers in the Cloud |
Trend Micro Waterbear December 2019
Su, V. et al. (2019, December 11). Waterbear Returns, Uses API Hooking to Evade Security. Retrieved February 22, 2021.
Internal MISP references
UUID bf320133-3823-4232-b7d2-d07da9bbccc2 which can be used as unique global reference for Trend Micro Waterbear December 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2019-12-11T00:00:00Z |
| source | MITRE |
| title | Waterbear Returns, Uses API Hooking to Evade Security |
Symantec Waterbug Jun 2019
Symantec DeepSight Adversary Intelligence Team. (2019, June 20). Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments. Retrieved July 8, 2019.
Internal MISP references
UUID ddd5c2c9-7126-4b89-b415-dc651a2ccc0e which can be used as unique global reference for Symantec Waterbug Jun 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-08T00:00:00Z |
| date_published | 2019-06-20T00:00:00Z |
| source | MITRE |
| title | Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments |
ESET DazzleSpy Jan 2022
M.Léveillé, M., Cherepanov, A.. (2022, January 25). Watering hole deploys new macOS malware, DazzleSpy, in Asia. Retrieved May 6, 2022.
Internal MISP references
UUID 212012ac-9084-490f-8dd2-5cc9ac6e6de1 which can be used as unique global reference for ESET DazzleSpy Jan 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-06T00:00:00Z |
| date_published | 2022-01-25T00:00:00Z |
| source | MITRE |
| title | Watering hole deploys new macOS malware, DazzleSpy, in Asia |
win_wbadmin_delete_catalog
Microsoft. (2017, October 16). wbadmin delete catalog. Retrieved September 20, 2021.
Internal MISP references
UUID 6adfba35-3bf1-4915-813e-40c4a843ae34 which can be used as unique global reference for win_wbadmin_delete_catalog in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | wbadmin delete catalog |
SecureWorks WannaCry Analysis
Counter Threat Unit Research Team. (2017, May 18). WCry Ransomware Analysis. Retrieved March 26, 2019.
Internal MISP references
UUID 522b2a19-1d15-48f8-8801-c64d3abd945a which can be used as unique global reference for SecureWorks WannaCry Analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-03-26T00:00:00Z |
| date_published | 2017-05-18T00:00:00Z |
| source | MITRE |
| title | WCry Ransomware Analysis |
Aleks Weapons Nov 2015
Nick Aleks. (2015, November 7). Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers. Retrieved March 30, 2018.
Internal MISP references
UUID fd22c941-b0dc-4420-b363-2f5777981041 which can be used as unique global reference for Aleks Weapons Nov 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-30T00:00:00Z |
| date_published | 2015-11-07T00:00:00Z |
| source | MITRE |
| title | Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers |
NIST Web Bug
NIST Information Technology Laboratory. (n.d.). web bug. Retrieved March 22, 2023.
Internal MISP references
UUID b4362602-faf0-5b28-a147-b3153da1903f which can be used as unique global reference for NIST Web Bug in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-22T00:00:00Z |
| source | MITRE |
| title | web bug |
Didier Stevens WebDAV Traffic
Stevens, D. (2017, November 13). WebDAV Traffic To Malicious Sites. Retrieved December 21, 2017.
Internal MISP references
UUID b521efe2-5c1c-48c5-a2a9-95da2367f537 which can be used as unique global reference for Didier Stevens WebDAV Traffic in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2017-11-13T00:00:00Z |
| source | MITRE |
| title | WebDAV Traffic To Malicious Sites |
Checkmarx Webhooks
Jossef Harush Kadouri. (2022, March 7). Webhook Party — Malicious packages caught exfiltrating data via legit webhook services. Retrieved July 20, 2023.
Internal MISP references
UUID f68f1151-839e-5ae7-bab1-aa2b4c0d11ec which can be used as unique global reference for Checkmarx Webhooks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-20T00:00:00Z |
| date_published | 2022-03-07T00:00:00Z |
| source | MITRE |
| title | Webhook Party — Malicious packages caught exfiltrating data via legit webhook services |
Push Security SaaS Attacks Repository Webhooks
Push Security. (2023, July 31). Webhooks. Retrieved August 4, 2023.
Internal MISP references
UUID 519693e2-71c9-55d2-98fd-be451837582a which can be used as unique global reference for Push Security SaaS Attacks Repository Webhooks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-04T00:00:00Z |
| date_published | 2023-07-31T00:00:00Z |
| source | MITRE |
| title | Webhooks |
acunetix Server Secuirty
Acunetix. (n.d.). Web Server Security and Database Server Security. Retrieved July 26, 2018.
Internal MISP references
UUID cedbdeb8-6669-4c5c-a8aa-d37576aaa1ba which can be used as unique global reference for acunetix Server Secuirty in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-26T00:00:00Z |
| source | MITRE |
| title | Web Server Security and Database Server Security |
Microsoft Well Known SIDs Jun 2017
Microsoft. (2017, June 23). Well-known security identifiers in Windows operating systems. Retrieved November 30, 2017.
Internal MISP references
UUID 14b344ed-bde6-4755-b59a-595edb23a210 which can be used as unique global reference for Microsoft Well Known SIDs Jun 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-30T00:00:00Z |
| date_published | 2017-06-23T00:00:00Z |
| source | MITRE |
| title | Well-known security identifiers in Windows operating systems |
PWC WellMess C2 August 2020
PWC. (2020, August 17). WellMess malware: analysis of its Command and Control (C2) server. Retrieved September 29, 2020.
Internal MISP references
UUID 3afca6f1-680a-46ae-8cea-10b6b870d5e7 which can be used as unique global reference for PWC WellMess C2 August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-09-29T00:00:00Z |
| date_published | 2020-08-17T00:00:00Z |
| source | MITRE |
| title | WellMess malware: analysis of its Command and Control (C2) server |
Cofense Astaroth Sept 2018
Doaty, J., Garrett, P.. (2018, September 10). We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan. Retrieved April 17, 2019.
Internal MISP references
UUID d316c581-646d-48e7-956e-34e2f957c67d which can be used as unique global reference for Cofense Astaroth Sept 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| date_published | 2018-09-10T00:00:00Z |
| source | MITRE |
| title | We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan |
Wevtutil Microsoft Documentation
Microsoft. (n.d.). wevtutil. Retrieved September 14, 2021.
Internal MISP references
UUID 25511dde-9e13-4e03-8ae4-2495e9f5eb5e which can be used as unique global reference for Wevtutil Microsoft Documentation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-14T00:00:00Z |
| source | MITRE |
| title | wevtutil |
Microsoft wevtutil Oct 2017
Plett, C. et al.. (2017, October 16). wevtutil. Retrieved July 2, 2018.
Internal MISP references
UUID 8896d802-96c6-4546-8a82-c1f7f2d71ea1 which can be used as unique global reference for Microsoft wevtutil Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-02T00:00:00Z |
| date_published | 2017-10-16T00:00:00Z |
| source | MITRE |
| title | wevtutil |
Wfc.exe - LOLBAS Project
LOLBAS. (2021, September 26). Wfc.exe. Retrieved December 4, 2023.
Internal MISP references
UUID a937012a-01c8-457c-8808-47c1753e8781 which can be used as unique global reference for Wfc.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-09-26T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Wfc.exe |
Crowdstrike Downgrade
Bart Lenaerts-Bergman. (2023, March 14). WHAT ARE DOWNGRADE ATTACKS?. Retrieved May 24, 2023.
Internal MISP references
UUID 47856c5f-6c4c-5b4c-bbc1-ccb6848d9b74 which can be used as unique global reference for Crowdstrike Downgrade in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-05-24T00:00:00Z |
| date_published | 2023-03-14T00:00:00Z |
| source | MITRE |
| title | WHAT ARE DOWNGRADE ATTACKS? |
Chrome Extensions Definition
Chrome. (n.d.). What are Extensions?. Retrieved November 16, 2017.
Internal MISP references
UUID fe00cee9-54d9-4775-86da-b7db73295bf7 which can be used as unique global reference for Chrome Extensions Definition in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-16T00:00:00Z |
| source | MITRE |
| title | What are Extensions? |
StackExchange Hooks Jul 2012
Stack Exchange - Security. (2012, July 31). What are the methods to find hooked functions and APIs?. Retrieved December 12, 2017.
Internal MISP references
UUID dfa76ff1-df9e-4cdf-aabe-476479cdcf13 which can be used as unique global reference for StackExchange Hooks Jul 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2012-07-31T00:00:00Z |
| source | MITRE |
| title | What are the methods to find hooked functions and APIs? |
macOS APT Activity Bradley
Jaron Bradley. (2021, November 14). What does APT Activity Look Like on macOS?. Retrieved January 19, 2022.
Internal MISP references
UUID 7ccda957-b38d-4c3f-a8f5-6cecdcb3f584 which can be used as unique global reference for macOS APT Activity Bradley in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-01-19T00:00:00Z |
| date_published | 2021-11-14T00:00:00Z |
| source | MITRE |
| title | What does APT Activity Look Like on macOS? |
okta
okta. (n.d.). What Happens If Your JWT Is Stolen?. Retrieved September 12, 2019.
Internal MISP references
UUID 61e2fb16-d04b-494c-8bea-fb34e81faa73 which can be used as unique global reference for okta in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| source | MITRE |
| title | What Happens If Your JWT Is Stolen? |
Norton Botnet
Norton. (n.d.). What is a botnet?. Retrieved October 4, 2020.
Internal MISP references
UUID f97427f1-ea16-4e92-a4a2-4d62a800df15 which can be used as unique global reference for Norton Botnet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-04T00:00:00Z |
| source | MITRE |
| title | What is a botnet? |
Microsoft DLL
Microsoft. (2023, April 28). What is a DLL. Retrieved September 7, 2023.
Internal MISP references
UUID f0ae2788-537c-5644-ba1b-d06a612e73c1 which can be used as unique global reference for Microsoft DLL in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-07T00:00:00Z |
| date_published | 2023-04-28T00:00:00Z |
| source | MITRE |
| title | What is a DLL |
Cloudflare DNSamplficationDoS
Cloudflare. (n.d.). What is a DNS amplification attack?. Retrieved April 23, 2019.
Internal MISP references
UUID 734cb2bb-462a-4bdc-9774-6883f99379b9 which can be used as unique global reference for Cloudflare DNSamplficationDoS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| source | MITRE |
| title | What is a DNS amplification attack? |
Amazon AWS VPC Guide
Amazon. (n.d.). What Is Amazon VPC?. Retrieved October 6, 2019.
Internal MISP references
UUID 7972332d-fbe9-4f14-9511-4298f65f2a86 which can be used as unique global reference for Amazon AWS VPC Guide in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| source | MITRE |
| title | What Is Amazon VPC? |
Cloudflare HTTPflood
Cloudflare. (n.d.). What is an HTTP flood DDoS attack?. Retrieved April 22, 2019.
Internal MISP references
UUID 1a5934a4-35ce-4f7c-be9c-c1faf4ee0838 which can be used as unique global reference for Cloudflare HTTPflood in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| source | MITRE |
| title | What is an HTTP flood DDoS attack? |
Cloudflare NTPamplifciationDoS
Cloudflare. (n.d.). What is a NTP amplificaiton attack?. Retrieved April 23, 2019.
Internal MISP references
UUID 09ce093a-d378-4915-a35f-bf18a278d873 which can be used as unique global reference for Cloudflare NTPamplifciationDoS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| source | MITRE |
| title | What is a NTP amplificaiton attack? |
Microsoft Primary Refresh Token
Microsoft. (2022, September 9). What is a Primary Refresh Token?. Retrieved February 21, 2023.
Internal MISP references
UUID d23bf6dc-979b-5f34-86a7-637979a5f20e which can be used as unique global reference for Microsoft Primary Refresh Token in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-21T00:00:00Z |
| date_published | 2022-09-09T00:00:00Z |
| source | MITRE |
| title | What is a Primary Refresh Token? |
Comparitech Replay Attack
Justin Schamotta. (2022, October 28). What is a replay attack?. Retrieved September 27, 2023.
Internal MISP references
UUID a9f0b569-8f18-579f-bf98-f4f9b93e5524 which can be used as unique global reference for Comparitech Replay Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-27T00:00:00Z |
| date_published | 2022-10-28T00:00:00Z |
| source | MITRE |
| title | What is a replay attack? |
Corero SYN-ACKflood
Corero. (n.d.). What is a SYN-ACK Flood Attack?. Retrieved April 22, 2019.
Internal MISP references
UUID ec41de8a-c673-41bf-b713-4a647b135532 which can be used as unique global reference for Corero SYN-ACKflood in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| source | MITRE |
| title | What is a SYN-ACK Flood Attack? |
Cloudflare SynFlood
Cloudflare. (n.d.). What is a SYN flood attack?. Retrieved April 22, 2019.
Internal MISP references
UUID e292c4fe-ae77-4393-b666-fb6290cb4aa8 which can be used as unique global reference for Cloudflare SynFlood in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| source | MITRE |
| title | What is a SYN flood attack? |
Amazon VM
Microsoft. (n.d.). What is a virtual machine (VM)?. Retrieved October 13, 2021.
Internal MISP references
UUID 9afbd6a5-1c31-4727-8f36-04d4d8e65660 which can be used as unique global reference for Amazon VM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| source | MITRE |
| title | What is a virtual machine (VM)? |
RedHat Webhooks
RedHat. (2022, June 1). What is a webhook?. Retrieved July 20, 2023.
Internal MISP references
UUID 37321591-40fd-537e-ba74-71042bc5064e which can be used as unique global reference for RedHat Webhooks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-20T00:00:00Z |
| date_published | 2022-06-01T00:00:00Z |
| source | MITRE |
| title | What is a webhook? |
AWS System Manager
AWS. (2023, June 2). What is AWS System Manager?. Retrieved June 2, 2023.
Internal MISP references
UUID a7813928-4351-54c5-a64e-61bd4689e93b which can be used as unique global reference for AWS System Manager in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-02T00:00:00Z |
| date_published | 2023-06-02T00:00:00Z |
| source | MITRE |
| title | What is AWS System Manager? |
Microsoft Azure Virtual Network Overview
Annamalai, N., Casey, C., Almeida, M., et. al.. (2019, June 18). What is Azure Virtual Network?. Retrieved October 6, 2019.
Internal MISP references
UUID bf7f2e7a-f5ae-4b6e-8c90-fd41a92c4615 which can be used as unique global reference for Microsoft Azure Virtual Network Overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-06T00:00:00Z |
| date_published | 2019-06-18T00:00:00Z |
| source | MITRE |
| title | What is Azure Virtual Network? |
CrowdStrike-BEC
Bart Lenaerts-Bergmans. (2023, March 10). What is Business Email Compromise?. Retrieved August 8, 2023.
Internal MISP references
UUID 7e674a8d-e79f-5cb0-8ad2-a7678e647c6f which can be used as unique global reference for CrowdStrike-BEC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-08-08T00:00:00Z |
| date_published | 2023-03-10T00:00:00Z |
| source | MITRE |
| title | What is Business Email Compromise? |
PAN DNS Tunneling
Palo Alto Networks. (n.d.). What Is DNS Tunneling?. Retrieved March 15, 2020.
Internal MISP references
UUID efe1c443-475b-45fc-8d33-5bf3bdf941c5 which can be used as unique global reference for PAN DNS Tunneling in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-15T00:00:00Z |
| source | MITRE |
| title | What Is DNS Tunneling? |
Proofpoint-spoof
Proofpoint. (n.d.). What Is Email Spoofing?. Retrieved February 24, 2023.
Internal MISP references
UUID fe9f7542-bbf0-5e34-b3a9-8596cc5aa754 which can be used as unique global reference for Proofpoint-spoof in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-24T00:00:00Z |
| source | MITRE |
| title | What Is Email Spoofing? |
magnusviri emond Apr 2016
Reynolds, James. (2016, April 7). What is emond?. Retrieved September 10, 2019.
Internal MISP references
UUID 373f64a5-a30f-4b6e-b352-d0c6f8b65fdb which can be used as unique global reference for magnusviri emond Apr 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-10T00:00:00Z |
| date_published | 2016-04-07T00:00:00Z |
| source | MITRE |
| title | What is emond? |
Microsoft - Azure AD Federation
Microsoft. (2018, November 28). What is federation with Azure AD?. Retrieved December 30, 2020.
Internal MISP references
UUID fedb345f-b5a7-40cd-98c7-6b14bab95ed9 which can be used as unique global reference for Microsoft - Azure AD Federation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-30T00:00:00Z |
| date_published | 2018-11-28T00:00:00Z |
| source | MITRE |
| title | What is federation with Azure AD? |
grsecurity official
grsecurity. (2017, December 12). What is grsecurity?. Retrieved December 20, 2017.
Internal MISP references
UUID f87c0c95-65bd-4b57-9b7d-1b7936f03c2a which can be used as unique global reference for grsecurity official in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| date_published | 2017-12-12T00:00:00Z |
| source | MITRE |
| title | What is grsecurity? |
VDSO Aug 2005
Petersson, J. (2005, August 14). What is linux-gate.so.1?. Retrieved June 16, 2020.
Internal MISP references
UUID ae70f799-ebb6-4ffe-898e-945cb754c1cb which can be used as unique global reference for VDSO Aug 2005 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-16T00:00:00Z |
| date_published | 2005-08-14T00:00:00Z |
| source | MITRE |
| title | What is linux-gate.so.1? |
what_is_mmc
Microsoft. (2020, September 27). What is Microsoft Management Console?. Retrieved October 5, 2021.
Internal MISP references
UUID 57e130ab-f981-423e-bafe-51d0d0e1abdf which can be used as unique global reference for what_is_mmc in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-05T00:00:00Z |
| date_published | 2020-09-27T00:00:00Z |
| source | MITRE |
| title | What is Microsoft Management Console? |
Microsoft NET
Microsoft. (n.d.). What is .NET Framework?. Retrieved March 15, 2020.
Internal MISP references
UUID b4727044-51bb-43b3-afdb-515bb4bb0f7e which can be used as unique global reference for Microsoft NET in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-15T00:00:00Z |
| source | MITRE |
| title | What is .NET Framework? |
Pastebin EchoSec
Ciarniello, A. (2019, September 24). What is Pastebin and Why Do Hackers Love It?. Retrieved April 11, 2023.
Internal MISP references
UUID 3fc422e5-9a1d-5ac4-8e65-1df13d8a688e which can be used as unique global reference for Pastebin EchoSec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-04-11T00:00:00Z |
| date_published | 2019-09-24T00:00:00Z |
| source | MITRE |
| title | What is Pastebin and Why Do Hackers Love It? |
Microsoft Protected View
Microsoft. (n.d.). What is Protected View?. Retrieved November 22, 2017.
Internal MISP references
UUID 5261895f-367f-4c5d-b4df-7ff44bbbe28e which can be used as unique global reference for Microsoft Protected View in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-11-22T00:00:00Z |
| source | MITRE |
| title | What is Protected View? |
TechNet RPC
Microsoft. (2003, March 28). What Is RPC?. Retrieved June 12, 2016.
Internal MISP references
UUID 7eaa0fa8-953a-482e-8f6b-02607e928525 which can be used as unique global reference for TechNet RPC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-12T00:00:00Z |
| date_published | 2003-03-28T00:00:00Z |
| source | MITRE |
| title | What Is RPC? |
IOKit Fundamentals
Apple. (2014, April 9). What Is the I/O Kit?. Retrieved September 24, 2021.
Internal MISP references
UUID ac90279f-becd-4a96-a08e-8c4c26dba3c0 which can be used as unique global reference for IOKit Fundamentals in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-24T00:00:00Z |
| date_published | 2014-04-09T00:00:00Z |
| source | MITRE |
| title | What Is the I/O Kit? |
Baeldung LD_PRELOAD
baeldung. (2020, August 9). What Is the LD_PRELOAD Trick?. Retrieved March 24, 2021.
Internal MISP references
UUID 6fd6ea96-1cf4-4169-8069-4f29dbc9f217 which can be used as unique global reference for Baeldung LD_PRELOAD in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-24T00:00:00Z |
| date_published | 2020-08-09T00:00:00Z |
| source | MITRE |
| title | What Is the LD_PRELOAD Trick? |
Microsoft VBScript
Microsoft. (2011, April 19). What Is VBScript?. Retrieved March 28, 2020.
Internal MISP references
UUID 5ea8d8c7-8039-4210-967a-a4dcd566bf95 which can be used as unique global reference for Microsoft VBScript in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-28T00:00:00Z |
| date_published | 2011-04-19T00:00:00Z |
| source | MITRE |
| title | What Is VBScript? |
VEC
CloudFlare. (n.d.). What is vendor email compromise (VEC)?. Retrieved September 12, 2023.
Internal MISP references
UUID 4fd7c9f7-4731-524a-b332-9cb7f2c025ae which can be used as unique global reference for VEC in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-12T00:00:00Z |
| source | MITRE |
| title | What is vendor email compromise (VEC)? |
Proofpoint Vishing
Proofpoint. (n.d.). What Is Vishing?. Retrieved September 8, 2023.
Internal MISP references
UUID 7a200d34-b4f3-5036-8582-23872ef27eb1 which can be used as unique global reference for Proofpoint Vishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| source | MITRE |
| title | What Is Vishing? |
taxonomy_downgrade_att_tls
Alashwali, E. S., Rasmussen, K. (2019, January 26). What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS. Retrieved December 7, 2021.
Internal MISP references
UUID 4459076e-7c79-4855-9091-5aabd274f586 which can be used as unique global reference for taxonomy_downgrade_att_tls in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-12-07T00:00:00Z |
| date_published | 2019-01-26T00:00:00Z |
| source | MITRE |
| title | What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS |
FireEye fxsst June 2011
Harbour, N. (2011, June 3). What the fxsst?. Retrieved November 17, 2020.
Internal MISP references
UUID 06f8f5b2-2ebe-4210-84b6-f86e911a7118 which can be used as unique global reference for FireEye fxsst June 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-17T00:00:00Z |
| date_published | 2011-06-03T00:00:00Z |
| source | MITRE |
| title | What the fxsst? |
Krebs Capital One August 2019
Krebs, B.. (2019, August 19). What We Can Learn from the Capital One Hack. Retrieved March 25, 2020.
Internal MISP references
UUID 7d917231-735c-40d8-806d-7fee60d2f996 which can be used as unique global reference for Krebs Capital One August 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-03-25T00:00:00Z |
| date_published | 2019-08-19T00:00:00Z |
| source | MITRE |
| title | What We Can Learn from the Capital One Hack |
Symantec ADS May 2009
Pravs. (2009, May 25). What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that?. Retrieved March 21, 2018.
Internal MISP references
UUID e2970bef-439d-435d-92e7-8c58abbd270c which can be used as unique global reference for Symantec ADS May 2009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-21T00:00:00Z |
| date_published | 2009-05-25T00:00:00Z |
| source | MITRE |
| title | What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that? |
BH Manul Aug 2016
Galperin, E., Et al.. (2016, August 4). When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists. Retrieved May 23, 2018.
Internal MISP references
UUID 1debebac-6578-433f-b8c3-d17e704ee501 which can be used as unique global reference for BH Manul Aug 2016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-23T00:00:00Z |
| date_published | 2016-08-04T00:00:00Z |
| source | MITRE |
| title | When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists |
Dragos Heroku Watering Hole
Kent Backman. (2021, May 18). When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar. Retrieved August 18, 2022.
Internal MISP references
UUID 8768909c-f511-4067-9a97-6f7dee24f276 which can be used as unique global reference for Dragos Heroku Watering Hole in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-18T00:00:00Z |
| date_published | 2021-05-18T00:00:00Z |
| source | MITRE |
| title | When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar |
SpectorOps Bifrost Kerberos macOS 2019
Cody Thomas. (2019, November 14). When Kirbi walks the Bifrost. Retrieved October 6, 2021.
Internal MISP references
UUID 58ecb4e9-25fc-487b-9fed-25c781cc531b which can be used as unique global reference for SpectorOps Bifrost Kerberos macOS 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-06T00:00:00Z |
| date_published | 2019-11-14T00:00:00Z |
| source | MITRE |
| title | When Kirbi walks the Bifrost |
Palo Alto Brute Ratel July 2022
Harbison, M. and Renals, P. (2022, July 5). When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors. Retrieved February 1, 2023.
Internal MISP references
UUID a9ab0444-386b-5baf-84e1-0e6df4a21296 which can be used as unique global reference for Palo Alto Brute Ratel July 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-01T00:00:00Z |
| date_published | 2022-07-05T00:00:00Z |
| source | MITRE |
| title | When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors |
Trend Micro When Phishing Starts from the Inside 2017
Chris Taylor. (2017, October 5). When Phishing Starts from the Inside. Retrieved October 8, 2019.
Internal MISP references
UUID dbdc2009-a468-439b-bd96-e6153b3fb8a1 which can be used as unique global reference for Trend Micro When Phishing Starts from the Inside 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-08T00:00:00Z |
| date_published | 2017-10-05T00:00:00Z |
| source | MITRE |
| title | When Phishing Starts from the Inside |
Booz Allen Hamilton
Booz Allen Hamilton. (n.d.). When The Lights Went Out. Retrieved October 22, 2019
Internal MISP references
UUID 7f0acd33-602e-5f07-a1ae-a87e3c8f2eb5 which can be used as unique global reference for Booz Allen Hamilton in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-10-22T00:00:00Z |
| source | MITRE |
| title | When The Lights Went Out |
Microsoft Where to use TxF
Microsoft. (n.d.). When to Use Transactional NTFS. Retrieved December 20, 2017.
Internal MISP references
UUID f315072c-67cb-4166-aa18-8e92e00ef7e8 which can be used as unique global reference for Microsoft Where to use TxF in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| source | MITRE |
| title | When to Use Transactional NTFS |
Brining MimiKatz to Unix
Tim Wadhwa-Brown. (2018, November). Where 2 worlds collide Bringing Mimikatz et al to UNIX. Retrieved October 13, 2021.
Internal MISP references
UUID 5ad06565-6694-4c42-81c9-880d66f6d07f which can be used as unique global reference for Brining MimiKatz to Unix in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-13T00:00:00Z |
| date_published | 2018-11-01T00:00:00Z |
| source | MITRE |
| title | Where 2 worlds collide Bringing Mimikatz et al to UNIX |
Dell Lateral Movement
Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.
Internal MISP references
UUID fcc9b52a-751f-4985-8c32-7aaf411706ad which can be used as unique global reference for Dell Lateral Movement in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-25T00:00:00Z |
| date_published | 2014-09-02T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems |
Secureworks - AT.exe Scheduled Task
Carvey, H.. (2014, September). Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems. Retrieved November 27, 2019.
Internal MISP references
UUID cd197a24-3671-427f-8ee6-da001ec985c8 which can be used as unique global reference for Secureworks - AT.exe Scheduled Task in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-27T00:00:00Z |
| date_published | 2014-09-01T00:00:00Z |
| source | MITRE |
| title | Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems |
Cybereason WhisperGate February 2022
Cybereason Nocturnus. (2022, February 15). Cybereason vs. WhisperGate and HermeticWiper. Retrieved March 10, 2022.
Internal MISP references
UUID 464d9cac-04c7-4e57-a5d6-604fba90a982 which can be used as unique global reference for Cybereason WhisperGate February 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-10T00:00:00Z |
| source | MITRE |
| title | WhisperGate and HermeticWiper |
RecordedFuture WhisperGate Jan 2022
Insikt Group. (2020, January 28). WhisperGate Malware Corrupts Computers in Ukraine. Retrieved March 31, 2023.
Internal MISP references
UUID 4610e4db-a75b-5fdd-826d-15099d131585 which can be used as unique global reference for RecordedFuture WhisperGate Jan 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-03-31T00:00:00Z |
| date_published | 2020-01-28T00:00:00Z |
| source | MITRE |
| title | WhisperGate Malware Corrupts Computers in Ukraine |
Symantec Whitefly March 2019
Symantec. (2019, March 6). Whitefly: Espionage Group has Singapore in Its Sights. Retrieved May 26, 2020.
Internal MISP references
UUID d0e48356-36d9-4b4c-b621-e3c4404378d2 which can be used as unique global reference for Symantec Whitefly March 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-05-26T00:00:00Z |
| date_published | 2019-03-06T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Whitefly: Espionage Group has Singapore in Its Sights |
Accenture Lyceum Targets November 2021
Accenture. (2021, November 9). Who are latest targets of cyber group Lyceum?. Retrieved June 16, 2022.
Internal MISP references
UUID 127836ce-e459-405d-a75c-32fd5f0ab198 which can be used as unique global reference for Accenture Lyceum Targets November 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-16T00:00:00Z |
| date_published | 2021-11-09T00:00:00Z |
| source | MITRE |
| title | Who are latest targets of cyber group Lyceum? |
Krebs-Anna
Brian Krebs. (2017, January 18). Who is Anna-Senpai, the Mirai Worm Author?. Retrieved May 15, 2017.
Internal MISP references
UUID 028b7582-be46-4642-9e36-b781cac66340 which can be used as unique global reference for Krebs-Anna in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-05-15T00:00:00Z |
| date_published | 2017-01-18T00:00:00Z |
| source | MITRE |
| title | Who is Anna-Senpai, the Mirai Worm Author? |
CrowdStrike Ember Bear Profile March 2022
CrowdStrike. (2022, March 30). Who is EMBER BEAR?. Retrieved June 9, 2022.
Internal MISP references
UUID 0639c340-b495-4d91-8418-3069f3fe0df1 which can be used as unique global reference for CrowdStrike Ember Bear Profile March 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-09T00:00:00Z |
| date_published | 2022-03-30T00:00:00Z |
| source | MITRE |
| title | Who is EMBER BEAR? |
WHOIS
NTT America. (n.d.). Whois Lookup. Retrieved October 20, 2020.
Internal MISP references
UUID fa6cba30-66e9-4a6b-85e8-a8c3773a3efe which can be used as unique global reference for WHOIS in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-10-20T00:00:00Z |
| source | MITRE |
| title | Whois Lookup |
Meyers Numbered Panda
Meyers, A. (2013, March 29). Whois Numbered Panda. Retrieved January 14, 2016.
Internal MISP references
UUID 988dfcfc-0c16-4129-9523-a77539291951 which can be used as unique global reference for Meyers Numbered Panda in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-01-14T00:00:00Z |
| date_published | 2013-03-29T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Whois Numbered Panda |
CrowdStrike PIONEER KITTEN August 2020
Orleans, A. (2020, August 31). Who Is PIONEER KITTEN?. Retrieved December 21, 2020.
Internal MISP references
UUID 4fce29cc-ddab-4b96-b295-83c282a87564 which can be used as unique global reference for CrowdStrike PIONEER KITTEN August 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-21T00:00:00Z |
| date_published | 2020-08-31T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Who Is PIONEER KITTEN? |
SECURELIST Bright Star 2015
Baumgartner, K., Guerrero-Saade, J. (2015, March 4). Who’s Really Spreading through the Bright Star?. Retrieved December 18, 2020.
Internal MISP references
UUID 59cba16f-91ed-458c-91c9-5b02c03678f5 which can be used as unique global reference for SECURELIST Bright Star 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2015-03-04T00:00:00Z |
| source | MITRE |
| title | Who’s Really Spreading through the Bright Star? |
Trend Micro Privileged Container
Fiser, D., Oliveira, A.. (2019, December 20). Why a Privileged Container in Docker is a Bad Idea. Retrieved March 30, 2021.
Internal MISP references
UUID 92ac290c-4863-4774-b334-848ed72e3627 which can be used as unique global reference for Trend Micro Privileged Container in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-03-30T00:00:00Z |
| date_published | 2019-12-20T00:00:00Z |
| source | MITRE |
| title | Why a Privileged Container in Docker is a Bad Idea |
Mandiant UNC3944 September 14 2023
Mandiant Intelligence. (2023, September 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety. Retrieved November 16, 2023.
Internal MISP references
UUID 7420d79f-c6a3-4932-9c2e-c9cc36e2ca35 which can be used as unique global reference for Mandiant UNC3944 September 14 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-11-16T00:00:00Z |
| date_published | 2023-09-14T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety |
Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019
Auth0. (n.d.). Why You Should Always Use Access Tokens to Secure APIs. Retrieved September 12, 2019.
Internal MISP references
UUID 8ec52402-7e54-463d-8906-f373e5855018 which can be used as unique global reference for Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-12T00:00:00Z |
| source | MITRE |
| title | Why You Should Always Use Access Tokens to Secure APIs |
Securelist Digital Certificates
Ladikov, A. (2015, January 29). Why You Shouldn’t Completely Trust Files Signed with Digital Certificates. Retrieved March 31, 2016.
Internal MISP references
UUID 3568163b-24b8-42fd-b111-b9d83c34cc4f which can be used as unique global reference for Securelist Digital Certificates in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-31T00:00:00Z |
| date_published | 2015-01-29T00:00:00Z |
| source | MITRE |
| title | Why You Shouldn’t Completely Trust Files Signed with Digital Certificates |
Crowdstrike DNS Hijack 2019
Matt Dahl. (2019, January 25). Widespread DNS Hijacking Activity Targets Multiple Sectors. Retrieved February 14, 2022.
Internal MISP references
UUID 969ad6de-9415-464d-ba52-2e61e1814a92 which can be used as unique global reference for Crowdstrike DNS Hijack 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-14T00:00:00Z |
| date_published | 2019-01-25T00:00:00Z |
| source | MITRE |
| title | Widespread DNS Hijacking Activity Targets Multiple Sectors |
Wi-Fi Password of All Connected Networks in Windows/Linux
Geeks for Geeks. (n.d.). Wi-Fi Password of All Connected Networks in Windows/Linux. Retrieved September 8, 2023.
Internal MISP references
UUID 7005f62f-0239-56c7-964b-64384e17b8da which can be used as unique global reference for Wi-Fi Password of All Connected Networks in Windows/Linux in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-09-08T00:00:00Z |
| source | MITRE |
| title | Wi-Fi Password of All Connected Networks in Windows/Linux |
Wikipedia Exe Compression
Executable compression. (n.d.). Retrieved December 4, 2014.
Internal MISP references
UUID 13ac05f8-f2a9-4243-8039-aff9ee1d5fc6 which can be used as unique global reference for Wikipedia Exe Compression in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-04T00:00:00Z |
| source | MITRE |
| title | Wikipedia Exe Compression |
ESET Carberp March 2012
Matrosov, A., Rodionov, E., Volkov, D., Harley, D. (2012, March 2). Win32/Carberp When You’re in a Black Hole, Stop Digging. Retrieved July 15, 2020.
Internal MISP references
UUID 806eadfc-f473-4f2b-b03b-8a1f1c0a2d96 which can be used as unique global reference for ESET Carberp March 2012 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-07-15T00:00:00Z |
| date_published | 2012-03-02T00:00:00Z |
| source | MITRE |
| title | Win32/Carberp When You’re in a Black Hole, Stop Digging |
ESET Industroyer
Anton Cherepanov. (2017, June 12). Win32/Industroyer: A new threat for industrial controls systems. Retrieved December 18, 2020.
Internal MISP references
UUID 9197f712-3c53-4746-9722-30e248511611 which can be used as unique global reference for ESET Industroyer in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-18T00:00:00Z |
| date_published | 2017-06-12T00:00:00Z |
| source | MITRE |
| title | Win32/Industroyer: A new threat for industrial controls systems |
Microsoft Kasidet
Manuel, J. and Plantado, R.. (2015, August 9). Win32/Kasidet. Retrieved March 24, 2016.
Internal MISP references
UUID 7c34c189-6581-4a56-aead-871400839d1a which can be used as unique global reference for Microsoft Kasidet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-24T00:00:00Z |
| date_published | 2015-08-09T00:00:00Z |
| source | MITRE |
| title | Win32/Kasidet |
ESET Ebury Oct 2017
Vachon, F. (2017, October 30). Windigo Still not Windigone: An Ebury Update . Retrieved February 10, 2021.
Internal MISP references
UUID 5257a8ed-1cc8-42f8-86a7-8c0fd0e553a7 which can be used as unique global reference for ESET Ebury Oct 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-10T00:00:00Z |
| date_published | 2017-10-30T00:00:00Z |
| source | MITRE |
| title | Windigo Still not Windigone: An Ebury Update |
Microsoft AMSI June 2015
Microsoft. (2015, June 9). Windows 10 to offer application developers new malware defenses. Retrieved February 12, 2018.
Internal MISP references
UUID d3724d08-f89b-4fb9-a0ea-3a6f929e0b6a which can be used as unique global reference for Microsoft AMSI June 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-02-12T00:00:00Z |
| date_published | 2015-06-09T00:00:00Z |
| source | MITRE |
| title | Windows 10 to offer application developers new malware defenses |
Davidson Windows
Davidson, L. (n.d.). Windows 7 UAC whitelist. Retrieved November 12, 2014.
Internal MISP references
UUID 49af01f2-06c5-4b21-9882-901ad828ee28 which can be used as unique global reference for Davidson Windows in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| source | MITRE |
| title | Windows 7 UAC whitelist |
IRED API Hashing
spotheplanet. (n.d.). Windows API Hashing in Malware. Retrieved August 22, 2022.
Internal MISP references
UUID 1b8b87d5-1b70-401b-8850-d8afd3b22356 which can be used as unique global reference for IRED API Hashing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-08-22T00:00:00Z |
| source | MITRE |
| title | Windows API Hashing in Malware |
TrendMicro WindowsAppMac
Trend Micro. (2019, February 11). Windows App Runs on Mac, Downloads Info Stealer and Adware. Retrieved April 25, 2019.
Internal MISP references
UUID dc673650-1a37-4af1-aa03-8f57a064156b which can be used as unique global reference for TrendMicro WindowsAppMac in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-25T00:00:00Z |
| date_published | 2019-02-11T00:00:00Z |
| source | MITRE |
| title | Windows App Runs on Mac, Downloads Info Stealer and Adware |
Windows Commands JPCERT
Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.
Internal MISP references
UUID 9d935f7f-bc2a-4d09-a51a-82074ffd7d77 which can be used as unique global reference for Windows Commands JPCERT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-02-02T00:00:00Z |
| date_published | 2016-01-26T00:00:00Z |
| source | MITRE |
| title | Windows Commands Abused by Attackers |
Amplia WCE
Amplia Security. (n.d.). Windows Credentials Editor (WCE) F.A.Q.. Retrieved December 17, 2015.
Internal MISP references
UUID 790ea33a-7a64-488e-ab90-d82e021e0c06 which can be used as unique global reference for Amplia WCE in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-12-17T00:00:00Z |
| source | MITRE |
| title | Windows Credentials Editor (WCE) F.A.Q. |
Microsoft Windows Defender Application Control
Gorzelany, A., Hall, J., Poggemeyer, L.. (2019, January 7). Windows Defender Application Control. Retrieved July 16, 2019.
Internal MISP references
UUID 678ef307-d203-4b65-bed4-b844ada7ab83 which can be used as unique global reference for Microsoft Windows Defender Application Control in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-16T00:00:00Z |
| date_published | 2019-01-07T00:00:00Z |
| source | MITRE |
| title | Windows Defender Application Control |
Microsoft Operation Wilysupply
Florio, E.. (2017, May 4). Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack. Retrieved February 14, 2019.
Internal MISP references
UUID 567ce633-a061-460b-84af-01dfe3d818c7 which can be used as unique global reference for Microsoft Operation Wilysupply in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-02-14T00:00:00Z |
| date_published | 2017-05-04T00:00:00Z |
| source | MITRE |
| title | Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack |
PassLib mscache
Eli Collins. (2016, November 25). Windows' Domain Cached Credentials v2. Retrieved February 21, 2020.
Internal MISP references
UUID ce40e997-d04b-49a6-8838-13205c54243a which can be used as unique global reference for PassLib mscache in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| date_published | 2016-11-25T00:00:00Z |
| source | MITRE |
| title | Windows' Domain Cached Credentials v2 |
ProjectZero File Write EoP Apr 2018
Forshaw, J. (2018, April 18). Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege. Retrieved May 3, 2018.
Internal MISP references
UUID 2c49288b-438d-487a-8e6e-f9d9eda73e2f which can be used as unique global reference for ProjectZero File Write EoP Apr 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-05-03T00:00:00Z |
| date_published | 2018-04-18T00:00:00Z |
| source | MITRE |
| title | Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege |
DBAPPSecurity BITTER zero-day Feb 2021
JinQuan, MaDongZe, TuXiaoYi, and LiHao. (2021, February 10). Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack. Retrieved June 1, 2022.
Internal MISP references
UUID fb98df9a-303d-4658-93da-0dcbd7bf9b1e which can be used as unique global reference for DBAPPSecurity BITTER zero-day Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| date_published | 2021-02-10T00:00:00Z |
| source | MITRE |
| title | Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack |
EyeofRa Detecting Hooking June 2017
Eye of Ra. (2017, June 27). Windows Keylogger Part 2: Defense against user-land. Retrieved December 12, 2017.
Internal MISP references
UUID d2d2186c-040f-4045-b161-fc468aa09534 which can be used as unique global reference for EyeofRa Detecting Hooking June 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2017-06-27T00:00:00Z |
| source | MITRE |
| title | Windows Keylogger Part 2: Defense against user-land |
Passcape LSA Secrets
Passcape. (n.d.). Windows LSA secrets. Retrieved February 21, 2020.
Internal MISP references
UUID 64b0e13f-de5f-4964-bcfa-bb0f6206383a which can be used as unique global reference for Passcape LSA Secrets in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| source | MITRE |
| title | Windows LSA secrets |
Windows Malware Infecting Android
Lucian Constantin. (2014, January 23). Windows malware tries to infect Android devices connected to PCs. Retrieved May 25, 2022.
Internal MISP references
UUID 3733386a-14bd-44a6-8241-a10660ba25d9 which can be used as unique global reference for Windows Malware Infecting Android in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-05-25T00:00:00Z |
| date_published | 2014-01-23T00:00:00Z |
| source | MITRE |
| title | Windows malware tries to infect Android devices connected to PCs |
MSDN WMI
Microsoft. (n.d.). Windows Management Instrumentation. Retrieved April 27, 2016.
Internal MISP references
UUID 210ca539-71f6-4494-91ea-402a3e0e2a10 which can be used as unique global reference for MSDN WMI in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-27T00:00:00Z |
| source | MITRE |
| title | Windows Management Instrumentation |
FireEye WMI 2015
Ballenthin, W., et al. (2015). Windows Management Instrumentation (WMI) Offense, Defense, and Forensics. Retrieved March 30, 2016.
Internal MISP references
UUID 135ccd72-2714-4453-9c8f-f5fde31905ee which can be used as unique global reference for FireEye WMI 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-03-30T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | Windows Management Instrumentation (WMI) Offense, Defense, and Forensics |
win_msc_files_overview
Brinkmann, M.. (2017, June 10). Windows .msc files overview. Retrieved September 20, 2021.
Internal MISP references
UUID 81aa896a-3498-4c37-8882-2b77933b71a8 which can be used as unique global reference for win_msc_files_overview in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-20T00:00:00Z |
| date_published | 2017-06-10T00:00:00Z |
| source | MITRE |
| title | Windows .msc files overview |
Hill NT Shell
Hill, T. (n.d.). Windows NT Command Shell. Retrieved December 5, 2014.
Internal MISP references
UUID 0e5dfc7e-c908-49b4-a54f-7dcecf332ee8 which can be used as unique global reference for Hill NT Shell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| source | MITRE |
| title | Windows NT Command Shell |
passcape Windows Vault
Passcape. (n.d.). Windows Password Recovery - Vault Explorer and Decoder. Retrieved November 24, 2020.
Internal MISP references
UUID a8a56a64-8e73-4331-9961-b1f9b6cbb348 which can be used as unique global reference for passcape Windows Vault in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-24T00:00:00Z |
| source | MITRE |
| title | Windows Password Recovery - Vault Explorer and Decoder |
Malware Archaeology PowerShell Cheat Sheet
Malware Archaeology. (2016, June). WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later. Retrieved June 24, 2016.
Internal MISP references
UUID d7da4285-aeed-42dc-8f55-facbe6daf317 which can be used as unique global reference for Malware Archaeology PowerShell Cheat Sheet in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-06-24T00:00:00Z |
| date_published | 2016-06-01T00:00:00Z |
| source | MITRE |
| title | WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later |
TechNet PowerShell
Microsoft. (n.d.). Windows PowerShell Scripting. Retrieved April 28, 2016.
Internal MISP references
UUID 20ec94d1-4a5c-43f5-bb65-f3ea965d2b6e which can be used as unique global reference for TechNet PowerShell in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-04-28T00:00:00Z |
| source | MITRE |
| title | Windows PowerShell Scripting |
Windows Privilege Escalation Guide
absolomb. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.
Internal MISP references
UUID 185154f2-5f2e-48bf-b609-991e9d6a037b which can be used as unique global reference for Windows Privilege Escalation Guide in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-10T00:00:00Z |
| date_published | 2018-01-26T00:00:00Z |
| source | MITRE |
| title | Windows Privilege Escalation Guide |
SploitSpren Windows Priv Jan 2018
McFarland, R. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.
Internal MISP references
UUID c52945dc-eb20-4e69-8f8e-a262f33c244c which can be used as unique global reference for SploitSpren Windows Priv Jan 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-10T00:00:00Z |
| date_published | 2018-01-26T00:00:00Z |
| source | MITRE |
| title | Windows Privilege Escalation Guide |
SecurityBoulevard Unquoted Services APR 2018
HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.
Internal MISP references
UUID 939c05ae-bb21-4ed2-8fa3-a729f717ee3a which can be used as unique global reference for SecurityBoulevard Unquoted Services APR 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-10T00:00:00Z |
| date_published | 2018-04-23T00:00:00Z |
| source | MITRE |
| title | Windows Privilege Escalation – Unquoted Services |
Windows Unquoted Services
HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.
Internal MISP references
UUID 30681a0a-a49f-416a-b5bc-621c60f1130a which can be used as unique global reference for Windows Unquoted Services in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-08-10T00:00:00Z |
| date_published | 2018-04-23T00:00:00Z |
| source | MITRE |
| title | Windows Privilege Escalation – Unquoted Services |
Windows Process Injection KernelCallbackTable
odzhan. (2019, May 25). Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy. Retrieved February 4, 2022.
Internal MISP references
UUID 01a3fc64-ff07-48f7-b0d9-5728012761c7 which can be used as unique global reference for Windows Process Injection KernelCallbackTable in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-04T00:00:00Z |
| date_published | 2019-05-25T00:00:00Z |
| source | MITRE |
| title | Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy |
Modexp Windows Process Injection
odzhan. (2019, April 25). Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline. Retrieved November 15, 2021.
Internal MISP references
UUID 1bf45166-bfce-450e-87d1-b1e3b19fdb62 which can be used as unique global reference for Modexp Windows Process Injection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-11-15T00:00:00Z |
| date_published | 2019-04-25T00:00:00Z |
| source | MITRE |
| title | Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline |
Wikipedia Windows Registry
Wikipedia. (n.d.). Windows Registry. Retrieved February 2, 2015.
Internal MISP references
UUID 656f0ffd-33e0-40ef-bdf7-70758f855f18 which can be used as unique global reference for Wikipedia Windows Registry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-02-02T00:00:00Z |
| source | MITRE |
| title | Windows Registry |
Cylance Reg Persistence Sept 2013
Langendorf, S. (2013, September 24). Windows Registry Persistence, Part 2: The Run Keys and Search-Order. Retrieved April 11, 2018.
Internal MISP references
UUID 9e9c745f-19fd-4218-b8dc-85df804ecb70 which can be used as unique global reference for Cylance Reg Persistence Sept 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-11T00:00:00Z |
| date_published | 2013-09-24T00:00:00Z |
| source | MITRE |
| title | Windows Registry Persistence, Part 2: The Run Keys and Search-Order |
Microsoft WinRM
Microsoft. (n.d.). Windows Remote Management. Retrieved November 12, 2014.
Internal MISP references
UUID ddbe110c-88f1-4774-bcb9-cd18b6218fc4 which can be used as unique global reference for Microsoft WinRM in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-11-12T00:00:00Z |
| source | MITRE |
| title | Windows Remote Management |
Symantec Windows Rootkits
Symantec. (n.d.). Windows Rootkit Overview. Retrieved December 21, 2017.
Internal MISP references
UUID 5b8d9094-dabf-4c29-a95b-b90dbcf07382 which can be used as unique global reference for Symantec Windows Rootkits in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| source | MITRE |
| title | Windows Rootkit Overview |
insecure_reg_perms
Clément Labro. (2020, November 12). Windows RpcEptMapper Service Insecure Registry Permissions EoP. Retrieved August 25, 2021.
Internal MISP references
UUID d18717ae-7fe4-40f9-aff2-b35120d31dc8 which can be used as unique global reference for insecure_reg_perms in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-08-25T00:00:00Z |
| date_published | 2020-11-12T00:00:00Z |
| source | MITRE |
| title | Windows RpcEptMapper Service Insecure Registry Permissions EoP |
Microsoft Windows Scripts
Microsoft. (2017, January 18). Windows Script Interfaces. Retrieved June 23, 2020.
Internal MISP references
UUID 9e7cd4da-da18-4d20-809a-19abb4352807 which can be used as unique global reference for Microsoft Windows Scripts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-06-23T00:00:00Z |
| date_published | 2017-01-18T00:00:00Z |
| source | MITRE |
| title | Windows Script Interfaces |
Microsoft Security Event 4670
Franklin Smith, R. (n.d.). Windows Security Log Event ID 4670. Retrieved November 4, 2019.
Internal MISP references
UUID 23a50cd5-ac76-4dbe-8937-0fe8aec8cbf6 which can be used as unique global reference for Microsoft Security Event 4670 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-11-04T00:00:00Z |
| source | MITRE |
| title | Windows Security Log Event ID 4670 |
Windows Log Events
Franklin Smith. (n.d.). Windows Security Log Events. Retrieved February 21, 2020.
Internal MISP references
UUID 53464503-6e6f-45d8-a208-1820678deeac which can be used as unique global reference for Windows Log Events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-21T00:00:00Z |
| source | MITRE |
| title | Windows Security Log Events |
winser19_file_overwrite_bug_twitter
Naceri, A. (2021, November 7). Windows Server 2019 file overwrite bug. Retrieved April 7, 2022.
Internal MISP references
UUID 158d971e-2f96-5200-8a87-d3887de30ff0 which can be used as unique global reference for winser19_file_overwrite_bug_twitter in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-04-07T00:00:00Z |
| date_published | 2021-11-07T00:00:00Z |
| source | MITRE |
| title | Windows Server 2019 file overwrite bug |
Windows Server Containers Are Open
Daniel Prizmant. (2020, July 15). Windows Server Containers Are Open, and Here's How You Can Break Out. Retrieved October 1, 2021.
Internal MISP references
UUID 9a801256-5852-433e-95bd-768f9b70b9fe which can be used as unique global reference for Windows Server Containers Are Open in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-10-01T00:00:00Z |
| date_published | 2020-07-15T00:00:00Z |
| source | MITRE |
| title | Windows Server Containers Are Open, and Here's How You Can Break Out |
Sysinternals AppCertDlls Oct 2007
Microsoft. (2007, October 24). Windows Sysinternals - AppCertDlls. Retrieved December 18, 2017.
Internal MISP references
UUID 68e006df-9fb6-4890-9952-7bad38b16dee which can be used as unique global reference for Sysinternals AppCertDlls Oct 2007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-18T00:00:00Z |
| date_published | 2007-10-24T00:00:00Z |
| source | MITRE |
| title | Windows Sysinternals - AppCertDlls |
Russinovich Sysinternals
Russinovich, M. (2014, May 2). Windows Sysinternals PsExec v2.11. Retrieved May 13, 2015.
Internal MISP references
UUID 72d27aca-62c5-4e96-9977-c41951aaa888 which can be used as unique global reference for Russinovich Sysinternals in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-05-13T00:00:00Z |
| date_published | 2014-05-02T00:00:00Z |
| source | MITRE |
| title | Windows Sysinternals PsExec v2.11 |
Microsoft System Services Fundamentals
Microsoft. (2018, February 17). Windows System Services Fundamentals. Retrieved March 28, 2022.
Internal MISP references
UUID 25d54a16-59a0-497d-a4a5-021420da8f1c which can be used as unique global reference for Microsoft System Services Fundamentals in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-03-28T00:00:00Z |
| date_published | 2018-02-17T00:00:00Z |
| source | MITRE |
| title | Windows System Services Fundamentals |
Microsoft W32Time May 2017
Mathers, B. (2017, May 31). Windows Time Service Tools and Settings. Retrieved March 26, 2018.
Internal MISP references
UUID 9e3d8dec-745a-4744-b80c-d65897ebba3c which can be used as unique global reference for Microsoft W32Time May 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-26T00:00:00Z |
| date_published | 2017-05-31T00:00:00Z |
| source | MITRE |
| title | Windows Time Service Tools and Settings |
Technet Windows Time Service
Mathers, B. (2016, September 30). Windows Time Service Tools and Settings. Retrieved November 25, 2016.
Internal MISP references
UUID 0d908e07-abc1-40fc-b147-9b9fd483b262 which can be used as unique global reference for Technet Windows Time Service in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-11-25T00:00:00Z |
| date_published | 2016-09-30T00:00:00Z |
| source | MITRE |
| title | Windows Time Service Tools and Settings |
Microsoft W32Time Feb 2018
Microsoft. (2018, February 1). Windows Time Service (W32Time). Retrieved March 26, 2018.
Internal MISP references
UUID 991f7a9f-4317-42fa-bc9b-f533fe36b517 which can be used as unique global reference for Microsoft W32Time Feb 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-03-26T00:00:00Z |
| date_published | 2018-02-01T00:00:00Z |
| source | MITRE |
| title | Windows Time Service (W32Time) |
Microsoft CVE-2021-1732 Feb 2021
Microsoft. (2018, February 9). Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732. Retrieved June 1, 2022.
Internal MISP references
UUID 7bbf39dd-851d-42dd-8be2-87de83f3abc0 which can be used as unique global reference for Microsoft CVE-2021-1732 Feb 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-06-01T00:00:00Z |
| date_published | 2018-02-09T00:00:00Z |
| source | MITRE |
| title | Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732 |
win_xml_evt_log
Forensics Wiki. (2021, June 19). Windows XML Event Log (EVTX). Retrieved September 13, 2021.
Internal MISP references
UUID baeaad76-0acf-4921-9d6c-245649b32976 which can be used as unique global reference for win_xml_evt_log in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-13T00:00:00Z |
| date_published | 2021-06-19T00:00:00Z |
| source | MITRE |
| title | Windows XML Event Log (EVTX) |
Winexe Github Sept 2013
Skalkotos, N. (2013, September 20). WinExe. Retrieved January 22, 2018.
Internal MISP references
UUID 7003e2d4-83e5-4672-aaa9-53cc4bcb08b5 which can be used as unique global reference for Winexe Github Sept 2013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-22T00:00:00Z |
| date_published | 2013-09-20T00:00:00Z |
| source | MITRE |
| title | WinExe |
Microsoft WinExec
Microsoft. (n.d.). WinExec function. Retrieved December 5, 2014.
Internal MISP references
UUID 9e1ae9ae-bafc-460a-891e-e75df01c96c4 which can be used as unique global reference for Microsoft WinExec in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2014-12-05T00:00:00Z |
| source | MITRE |
| title | WinExec function |
winget.exe - LOLBAS Project
LOLBAS. (2022, January 3). winget.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 5ef334f3-fe6f-4cc1-b37d-d147180a8b8d which can be used as unique global reference for winget.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-01-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | winget.exe |
PreKageo Winhook Jul 2011
Prekas, G. (2011, July 11). Winhook. Retrieved December 12, 2017.
Internal MISP references
UUID 9461f70f-bb14-4e40-9136-97f93aa16f33 which can be used as unique global reference for PreKageo Winhook Jul 2011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-12T00:00:00Z |
| date_published | 2011-07-11T00:00:00Z |
| source | MITRE |
| title | Winhook |
Novetta Winnti April 2015
Novetta Threat Research Group. (2015, April 7). Winnti Analysis. Retrieved February 8, 2017.
Internal MISP references
UUID cbe8373b-f14b-4890-99fd-35ffd7090dea which can be used as unique global reference for Novetta Winnti April 2015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-02-08T00:00:00Z |
| date_published | 2015-04-07T00:00:00Z |
| source | MITRE |
| title | Winnti Analysis |
Chronicle Winnti for Linux May 2019
Chronicle Blog. (2019, May 15). Winnti: More than just Windows and Gates. Retrieved April 29, 2020.
Internal MISP references
UUID e815e47a-c924-4b03-91e5-d41f2bb74773 which can be used as unique global reference for Chronicle Winnti for Linux May 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-04-29T00:00:00Z |
| date_published | 2019-05-15T00:00:00Z |
| source | MITRE |
| title | Winnti: More than just Windows and Gates |
WinRAR Website
WinRAR. (n.d.). WinRAR download free and support: WinRAR. Retrieved December 18, 2023.
Internal MISP references
UUID ad620d61-108c-4bb0-a897-02764ea9a903 which can be used as unique global reference for WinRAR Website in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | WinRAR download free and support: WinRAR |
winrm.vbs - LOLBAS Project
LOLBAS. (2018, May 25). winrm.vbs. Retrieved December 4, 2023.
Internal MISP references
UUID 86107810-8a1d-4c13-80f0-c1624143d057 which can be used as unique global reference for winrm.vbs - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | winrm.vbs |
Microsoft WinVerifyTrust
Microsoft. (n.d.). WinVerifyTrust function. Retrieved January 31, 2018.
Internal MISP references
UUID cc14faff-c164-4135-ae36-ba68e1a50024 which can be used as unique global reference for Microsoft WinVerifyTrust in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-01-31T00:00:00Z |
| source | MITRE |
| title | WinVerifyTrust function |
Winword.exe - LOLBAS Project
LOLBAS. (2019, July 19). Winword.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6d75b154-a51d-4541-8353-22ee1d12ebed which can be used as unique global reference for Winword.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-07-19T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Winword.exe |
WinZip Homepage
Corel Corporation. (2020). WinZip. Retrieved February 20, 2020.
Internal MISP references
UUID dc047688-2ea3-415c-b516-06542048b049 which can be used as unique global reference for WinZip Homepage in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-20T00:00:00Z |
| date_published | 2020-01-01T00:00:00Z |
| source | MITRE |
| title | WinZip |
Dell Wiper
Dell SecureWorks. (2013, March 21). Wiper Malware Analysis Attacking Korean Financial Sector. Retrieved May 13, 2015.
Internal MISP references
UUID be6629ef-e7c6-411c-9bd2-34e59062cadd which can be used as unique global reference for Dell Wiper in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-05-13T00:00:00Z |
| date_published | 2013-03-21T00:00:00Z |
| source | MITRE |
| title | Wiper Malware Analysis Attacking Korean Financial Sector |
WireLurker
Claud Xiao. (n.d.). WireLurker: A New Era in iOS and OS X Malware. Retrieved July 10, 2017.
Internal MISP references
UUID fd33f71b-767d-4312-a8c9-5446939bb5ae which can be used as unique global reference for WireLurker in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-10T00:00:00Z |
| source | MITRE |
| title | WireLurker: A New Era in iOS and OS X Malware |
Lab52 WIRTE Apr 2019
S2 Grupo. (2019, April 2). WIRTE Group attacking the Middle East. Retrieved May 24, 2019.
Internal MISP references
UUID 884b675e-390c-4f6d-8cb7-5d97d84115e5 which can be used as unique global reference for Lab52 WIRTE Apr 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-24T00:00:00Z |
| date_published | 2019-04-02T00:00:00Z |
| source | MITRE |
| title | WIRTE Group attacking the Middle East |
Kaspersky WIRTE November 2021
Yamout, M. (2021, November 29). WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019. Retrieved February 1, 2022.
Internal MISP references
UUID 143b4694-024d-49a5-be3c-d9ceca7295b2 which can be used as unique global reference for Kaspersky WIRTE November 2021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-02-01T00:00:00Z |
| date_published | 2021-11-29T00:00:00Z |
| source | MITRE |
| title | WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019 |
Cofense RevengeRAT Feb 2019
Gannon, M. (2019, February 11). With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat. Retrieved May 1, 2019.
Internal MISP references
UUID 3abfc3eb-7f9d-49e5-8048-4118cde3122e which can be used as unique global reference for Cofense RevengeRAT Feb 2019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-05-01T00:00:00Z |
| date_published | 2019-02-11T00:00:00Z |
| source | MITRE |
| title | With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat |
CrowdStrike Wizard Spider October 2020
Podlosky, A., Hanel, A. et al. (2020, October 16). WIZARD SPIDER Update: Resilient, Reactive and Resolute. Retrieved June 15, 2021.
Internal MISP references
UUID 5c8d67ea-63bc-4765-b6f6-49fa5210abe6 which can be used as unique global reference for CrowdStrike Wizard Spider October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-06-15T00:00:00Z |
| date_published | 2020-10-16T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | WIZARD SPIDER Update: Resilient, Reactive and Resolute |
Wlrmdr.exe - LOLBAS Project
LOLBAS. (2022, February 16). Wlrmdr.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 43bebdc3-3072-4a3d-a0b7-0b23f1119136 which can be used as unique global reference for Wlrmdr.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-02-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Wlrmdr.exe |
Microsoft WMI Architecture
Microsoft. (2018, May 31). WMI Architecture. Retrieved September 29, 2021.
Internal MISP references
UUID 3778449c-e8b4-4ee5-914b-746053e8ca70 which can be used as unique global reference for Microsoft WMI Architecture in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | WMI Architecture |
LOLBAS Wmic
LOLBAS. (n.d.). Wmic.exe. Retrieved July 31, 2019.
Internal MISP references
UUID 497e73d4-9f27-4b30-ba09-f152ce866d0f which can be used as unique global reference for LOLBAS Wmic in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-07-31T00:00:00Z |
| source | MITRE |
| title | Wmic.exe |
Microsoft WMI System Classes
Microsoft. (2018, May 31). WMI System Classes. Retrieved September 29, 2021.
Internal MISP references
UUID 60a5c359-3523-4638-aee2-3e13e0077ba9 which can be used as unique global reference for Microsoft WMI System Classes in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-29T00:00:00Z |
| date_published | 2018-05-31T00:00:00Z |
| source | MITRE |
| title | WMI System Classes |
MalwareBytes WoodyRAT Aug 2022
MalwareBytes Threat Intelligence Team. (2022, August 3). Woody RAT: A new feature-rich malware spotted in the wild. Retrieved December 6, 2022.
Internal MISP references
UUID 5c2ecb15-14e9-5bd3-be5f-628fa4e98ee6 which can be used as unique global reference for MalwareBytes WoodyRAT Aug 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2022-12-06T00:00:00Z |
| date_published | 2022-08-03T00:00:00Z |
| source | MITRE |
| title | Woody RAT: A new feature-rich malware spotted in the wild |
WorkFolders.exe - LOLBAS Project
LOLBAS. (2021, August 16). WorkFolders.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 42cfa3eb-7a8c-482e-b8d8-78ae5c30b843 which can be used as unique global reference for WorkFolders.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2021-08-16T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | WorkFolders.exe |
Confluence Logs
Confluence Support. (2021, April 22). Working with Confluence Logs. Retrieved September 23, 2021.
Internal MISP references
UUID f715468d-7d72-4ca4-a828-9fc909ca4f37 which can be used as unique global reference for Confluence Logs in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-09-23T00:00:00Z |
| date_published | 2021-04-22T00:00:00Z |
| source | MITRE |
| title | Working with Confluence Logs |
AppInit Registry
Microsoft. (2006, October). Working with the AppInit_DLLs registry value. Retrieved July 15, 2015.
Internal MISP references
UUID dd3f98d9-0228-45a6-9e7b-1babf911a9ac which can be used as unique global reference for AppInit Registry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2015-07-15T00:00:00Z |
| date_published | 2006-10-01T00:00:00Z |
| source | MITRE |
| title | Working with the AppInit_DLLs registry value |
ESF_filemonitor
Patrick Wardle. (2019, September 17). Writing a File Monitor with Apple's Endpoint Security Framework. Retrieved December 17, 2020.
Internal MISP references
UUID 280ddf42-92d1-4850-9241-96c1ef9c0609 which can be used as unique global reference for ESF_filemonitor in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| date_published | 2019-09-17T00:00:00Z |
| source | MITRE |
| title | Writing a File Monitor with Apple's Endpoint Security Framework |
Writing Bad Malware for OSX
Patrick Wardle. (2015). Writing Bad @$$ Malware for OS X. Retrieved July 10, 2017.
Internal MISP references
UUID 5628ecd9-48da-4a50-94ba-4b70abe56089 which can be used as unique global reference for Writing Bad Malware for OSX in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-10T00:00:00Z |
| date_published | 2015-01-01T00:00:00Z |
| source | MITRE |
| title | Writing Bad @$$ Malware for OS X |
Wscript.exe - LOLBAS Project
LOLBAS. (2018, May 25). Wscript.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 6c536675-84dd-44c3-8771-70120b413db7 which can be used as unique global reference for Wscript.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Wscript.exe |
Enigma0x3 PubPrn Bypass
Nelson, M. (2017, August 3). WSH INJECTION: A CASE STUDY. Retrieved April 9, 2018.
Internal MISP references
UUID 8b12e87b-3836-4c79-877b-0a2761b34533 which can be used as unique global reference for Enigma0x3 PubPrn Bypass in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-04-09T00:00:00Z |
| date_published | 2017-08-03T00:00:00Z |
| source | MITRE |
| title | WSH INJECTION: A CASE STUDY |
Wsl.exe - LOLBAS Project
LOLBAS. (2019, June 27). Wsl.exe. Retrieved December 4, 2023.
Internal MISP references
UUID c147902a-e8e4-449f-8106-9e268d5367d8 which can be used as unique global reference for Wsl.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-06-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Wsl.exe |
Wsreset.exe - LOLBAS Project
LOLBAS. (2019, March 18). Wsreset.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 24b73a27-f2ec-4cfa-a9df-59d4d4c1dd89 which can be used as unique global reference for Wsreset.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2019-03-18T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Wsreset.exe |
wt.exe - LOLBAS Project
LOLBAS. (2022, July 27). wt.exe. Retrieved December 4, 2023.
Internal MISP references
UUID bbdd85b0-fdbb-4bd2-b962-a915c23c83c2 which can be used as unique global reference for wt.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2022-07-27T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | wt.exe |
wuauclt.exe - LOLBAS Project
LOLBAS. (2020, September 23). wuauclt.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 09229ea3-ffd8-4d97-9728-f8c683ef6f26 which can be used as unique global reference for wuauclt.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2020-09-23T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | wuauclt.exe |
XAgentOSX
Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.
Internal MISP references
UUID b4fd246d-9bd1-4bed-a9cb-92233c5c45c4 which can be used as unique global reference for XAgentOSX in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-12T00:00:00Z |
| date_published | 2017-02-14T00:00:00Z |
| source | MITRE |
| title | XAgentOSX: Sofacy's Xagent macOS Tool |
XAgentOSX 2017
Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.
Internal MISP references
UUID 2dc7a8f1-ccee-46f0-a995-268694f11b02 which can be used as unique global reference for XAgentOSX 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-07-12T00:00:00Z |
| date_published | 2017-02-14T00:00:00Z |
| source | MITRE |
| title | XAgentOSX: Sofacy's Xagent macOS Tool |
Unit42 Xbash Sept 2018
Xiao, C. (2018, September 17). Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows. Retrieved November 14, 2018.
Internal MISP references
UUID 21b890f7-82db-4840-a05e-2155b8ddce8c which can be used as unique global reference for Unit42 Xbash Sept 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-14T00:00:00Z |
| date_published | 2018-09-17T00:00:00Z |
| source | MITRE |
| title | Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows |
xCmd
Rayaprolu, A.. (2011, April 12). xCmd an Alternative to PsExec. Retrieved August 10, 2016.
Internal MISP references
UUID 430fc6ef-33c5-4cd8-b785-358e4aae5230 which can be used as unique global reference for xCmd in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-08-10T00:00:00Z |
| date_published | 2011-04-12T00:00:00Z |
| source | MITRE |
| title | xCmd an Alternative to PsExec |
xcopy Microsoft
Microsoft. (2023, February 3). xcopy Microsoft. Retrieved July 11, 2023.
Internal MISP references
UUID 05e01751-ebb4-4b09-be89-4e405ab7e7e4 which can be used as unique global reference for xcopy Microsoft in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-07-11T00:00:00Z |
| date_published | 2023-02-03T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | xcopy Microsoft |
Dragos Xenotime 2018
Dragos, Inc.. (n.d.). Xenotime. Retrieved April 16, 2019.
Internal MISP references
UUID b20fe65f-df43-4a59-af3f-43afafba15ab which can be used as unique global reference for Dragos Xenotime 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-16T00:00:00Z |
| source | MITRE |
| title | Xenotime |
gist Arch package compromise 10JUL2018
Catalin Cimpanu. (2018, July 10). ~x file downloaded in public Arch package compromise. Retrieved April 23, 2019.
Internal MISP references
UUID b2900049-444a-4fe5-af1f-b9cd2cd9491c which can be used as unique global reference for gist Arch package compromise 10JUL2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-23T00:00:00Z |
| date_published | 2018-07-10T00:00:00Z |
| source | MITRE |
| title | ~x file downloaded in public Arch package compromise |
Trend Micro Exposed Docker Server
Remillano II, A., et al. (2020, June 20). XORDDoS, Kaiji Variants Target Exposed Docker Servers. Retrieved April 5, 2021.
Internal MISP references
UUID 05c8909c-749c-4153-9a05-173d5d7a80a9 which can be used as unique global reference for Trend Micro Exposed Docker Server in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-05T00:00:00Z |
| date_published | 2020-06-20T00:00:00Z |
| source | MITRE |
| title | XORDDoS, Kaiji Variants Target Exposed Docker Servers |
Microsoft xp_cmdshell 2017
Microsoft. (2017, March 15). xp_cmdshell (Transact-SQL). Retrieved September 9, 2019.
Internal MISP references
UUID 1945b8b2-de29-4f7a-8957-cc96fbad3b11 which can be used as unique global reference for Microsoft xp_cmdshell 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-09-09T00:00:00Z |
| date_published | 2017-03-15T00:00:00Z |
| source | MITRE |
| title | xp_cmdshell (Transact-SQL) |
Microsoft XSLT Script Mar 2017
Wenzel, M. et al. (2017, March 30). XSLT Stylesheet Scripting Using
Internal MISP references
UUID 7ff47640-2a98-4a55-939a-ab6c8c8d2d09 which can be used as unique global reference for Microsoft XSLT Script Mar 2017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-07-03T00:00:00Z |
| date_published | 2017-03-30T00:00:00Z |
| source | MITRE |
| title | XSLT Stylesheet Scripting Using |
Xwizard.exe - LOLBAS Project
LOLBAS. (2018, May 25). Xwizard.exe. Retrieved December 4, 2023.
Internal MISP references
UUID 573df5d1-83e7-4437-bdad-604f093b3cfd which can be used as unique global reference for Xwizard.exe - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Xwizard.exe |
Linux kernel Yama
Linux Kernel Archives. (n.d.). Yama Documentation - ptrace_scope. Retrieved December 20, 2017.
Internal MISP references
UUID 615d7744-327e-4f14-bce0-a16c352e7486 which can be used as unique global reference for Linux kernel Yama in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-20T00:00:00Z |
| source | MITRE |
| title | Yama Documentation - ptrace_scope |
Mandiant APT29 Microsoft 365 2022
Douglas Bienstock. (2022, August 18). You Can’t Audit Me: APT29 Continues Targeting Microsoft 365. Retrieved February 23, 2023.
Internal MISP references
UUID e141408e-d22b-58e4-884f-0cbff25444da which can be used as unique global reference for Mandiant APT29 Microsoft 365 2022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-02-23T00:00:00Z |
| date_published | 2022-08-18T00:00:00Z |
| source | MITRE |
| title | You Can’t Audit Me: APT29 Continues Targeting Microsoft 365 |
BlackHat Mac OSX Rootkit
Pan, M., Tsai, S. (2014). You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet. Retrieved December 21, 2017.
Internal MISP references
UUID e01a6d46-5b38-42df-bd46-3995d38bb60e which can be used as unique global reference for BlackHat Mac OSX Rootkit in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2017-12-21T00:00:00Z |
| date_published | 2014-01-01T00:00:00Z |
| source | MITRE |
| title | You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet |
Malwarebytes DarkComet March 2018
Kujawa, A. (2018, March 27). You dirty RAT! Part 1: DarkComet. Retrieved November 6, 2018.
Internal MISP references
UUID 6a765a99-8d9f-4076-8741-6415a5ab918b which can be used as unique global reference for Malwarebytes DarkComet March 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2018-11-06T00:00:00Z |
| date_published | 2018-03-27T00:00:00Z |
| source | MITRE |
| title | You dirty RAT! Part 1: DarkComet |
FireEye Mail CDS 2018
Caban, D. and Hirani, M. (2018, October 3). You’ve Got Mail! Enterprise Email Compromise. Retrieved April 22, 2019.
Internal MISP references
UUID 0af1795c-9cdd-43fa-8184-73f33d9f5366 which can be used as unique global reference for FireEye Mail CDS 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2018-10-03T00:00:00Z |
| source | MITRE |
| title | You’ve Got Mail! Enterprise Email Compromise |
US District Court Indictment GRU Unit 74455 October 2020
Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.
Internal MISP references
UUID 77788d05-30ff-4308-82e6-d123a3c2fd80 which can be used as unique global reference for US District Court Indictment GRU Unit 74455 October 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-11-25T00:00:00Z |
| source | MITRE |
| title | Yuriy Sergeyevich Andrienko et al. |
Sophos ZeroAccess
Wyke, J. (2012, April). ZeroAccess. Retrieved July 18, 2016.
Internal MISP references
UUID 41b51767-62f1-45c2-98cb-47c44c975a58 which can be used as unique global reference for Sophos ZeroAccess in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2016-07-18T00:00:00Z |
| date_published | 2012-04-01T00:00:00Z |
| source | MITRE |
| title | ZeroAccess |
Mandiant MOVEit Transfer June 2 2023
Nader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew Mcwhirt, Dan Nutting, Kimberly Goody, Justin Moore, Joe Pisano, Zander Work, Peter Ukhanov, Juraj Sucik, Will Silverstone, Zach Schramm, Greg Blaum, Ollie Styles, Nicholas Bennett, Josh Murchie. (2023, June 2). Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft. Retrieved June 16, 2023.
Internal MISP references
UUID 232c7555-0483-4a57-88cb-71a990f7d683 which can be used as unique global reference for Mandiant MOVEit Transfer June 2 2023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-06-16T00:00:00Z |
| date_published | 2023-06-02T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft |
Kaspersky RTLO Cyber Crime
Firsh, A.. (2018, February 13). Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks. Retrieved April 22, 2019.
Internal MISP references
UUID 38fbd993-de98-49e9-8437-bc6a1493d6ed which can be used as unique global reference for Kaspersky RTLO Cyber Crime in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-22T00:00:00Z |
| date_published | 2018-02-13T00:00:00Z |
| source | MITRE |
| title | Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks |
DOJ APT10 Dec 2018
United States District Court Southern District of New York (USDC SDNY) . (2018, December 17). United States of America v. Zhu Hua and Zhang Shilong. Retrieved April 17, 2019.
Internal MISP references
UUID 3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2 which can be used as unique global reference for DOJ APT10 Dec 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2019-04-17T00:00:00Z |
| source | MITRE, Tidal Cyber |
| title | Zhu Hua and Zhang Shilong |
District Court of NY APT10 Indictment December 2018
US District Court Southern District of New York. (2018, December 17). United States v. Zhu Hua Indictment. Retrieved December 17, 2020.
Internal MISP references
UUID 79ccbc74-b9c4-4dc8-91ae-1d15c4db563b which can be used as unique global reference for District Court of NY APT10 Indictment December 2018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-12-17T00:00:00Z |
| source | MITRE |
| title | Zhu Hua Indictment |
Zipfldr.dll - LOLBAS Project
LOLBAS. (2018, May 25). Zipfldr.dll. Retrieved December 4, 2023.
Internal MISP references
UUID 3bee0640-ea48-4164-be57-ac565d8cbea7 which can be used as unique global reference for Zipfldr.dll - LOLBAS Project in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2023-12-04T00:00:00Z |
| date_published | 2018-05-25T00:00:00Z |
| owner | TidalCyberIan |
| source | Tidal Cyber |
| title | Zipfldr.dll |
Zlib Github
madler. (2017). zlib. Retrieved February 20, 2020.
Internal MISP references
UUID 982bcacc-afb2-4bbb-9197-f44d765b9e07 which can be used as unique global reference for Zlib Github in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2020-02-20T00:00:00Z |
| date_published | 2017-01-01T00:00:00Z |
| source | MITRE |
| title | zlib |
Microsoft Zone.Identifier 2020
Microsoft. (2020, August 31). Zone.Identifier Stream Name. Retrieved February 22, 2021.
Internal MISP references
UUID 2efbb7be-3ca1-444a-8584-7ceb08101e74 which can be used as unique global reference for Microsoft Zone.Identifier 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-02-22T00:00:00Z |
| date_published | 2020-08-31T00:00:00Z |
| source | MITRE |
| title | Zone.Identifier Stream Name |
Sysdig Kinsing November 2020
Huang, K. (2020, November 23). Zoom into Kinsing. Retrieved April 1, 2021.
Internal MISP references
UUID 4922dbb5-d3fd-4bf2-8af7-3b8889579c31 which can be used as unique global reference for Sysdig Kinsing November 2020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| date_accessed | 2021-04-01T00:00:00Z |
| date_published | 2020-11-23T00:00:00Z |
| source | MITRE |
| title | Zoom into Kinsing |